On Thursday, November 20th, President Obama announced his plans for taking Executive Action on Immigration to address several chronic problems facing employers, legal immigrants and undocumented workers in the United States. Although implementing regulations will take several months to be completed, we have been able to learn through White House briefings and position papers that this Executive Action will include:
-A revision of enforcement priorities to assure that government resources are focused primarily on the removal and deportation of suspected terrorists, felons, gang members, other criminals and repeat immigration offenders. Part of this plan is the replacement of the Secure Communities program with a new partnership with State and Local law enforcement called the Priority Enforcement Program.
-Relief from quota and administrative delays for Legal Immigrants and Foreign Investors to assure that these individuals are not kept waiting for long periods before achieving Legal Permanent Residence. The primary beneficiaries of this relief will be professionals in the health and IT fields as well as foreign entrepreneurs and investors. It will be achieved by re-allocating unused immigrant visas, changing the permitted filing time of Immigrant Applications and expanding the use of the concept of immigration parole.
-Regulatory relief to put an end to unnecessarily narrow interpretations of the Immigration and Nationality Act thereby permitting US corporations and multinational organizations to have access to first rate foreign talent in fields where there are shortages of appropriately skilled US workers.
-Deferred Action, a traditional form of temporary relief for persons faced with various forms of hardship, is to be expanded to include two sets of individuals: 1) Undocumented parents of US Citizens or Legal Permanent Residents who have lived continuously in the US since January 1, 2010 and can prove that they are law abiding tax payers; and 2) Deferred Action for Childhood Arrivals (“DACA”), will be expanded to remove an age cap and an eligibility deadline which created unanticipated hardship.
We will follow the development of all of these proposals as details regarding timing; documentation and procedure are made clear and keep you advised of any news. If you have any questions regarding this Executive Action, please contact our Immigration Law team, Aida Diaz-Silveira and Jim Stillwaggon.
Alvarez Arrieta & Diaz-Silveira LLP is a leading South Florida boutique law firm focused on providing sophisticated corporate, real estate, immigration and transactional services and business advice to leading companies, entrepreneurs, family offices and others investing and conducting business domestically and abroad. Alvarez Arrieta & Diaz-Silveira LLP is located at 1001 Brickell Bay Drive, Suite 2100, in the heart of Miami’s Brickell Financial Corridor. If you have any questions regarding this Executive Action, please contact our Immigration Law team: Aida Diaz-Silveira and Jim Stillwaggon at 305-740-1940.
The U.S. government has made it clear over the last decade that if you try to bribe a foreign official for a business purpose, you’re going to face criminal and civil penalties. But how do you know if you’re dealing with a foreign official?
Under recently issued and groundbreaking federal appellate court guidance on the Foreign Corrupt Practices Act (FCPA) issued in connection with a Miami-based company, anyone doing business abroad must formally analyze several specific factors to stay a step ahead of potential significant penalties.
If transacting abroad, you need to incorporate the guidance provided by the United States Court of Appeals for the Eleventh Circuit in its Esquenazi opinion discussed below into your compliance and due diligence efforts, along with making sure that other longstanding guidance, some of which we also draw upon here, including the 2012 U.S. Resource Guide to the FCPA, is adhered to. An overview follows of the FCPA’s scope and best practices to follow. We hope this serves as the springboard to plan properly with counsel.
While our focus here is sharpened on instrumentalities under the FCPA’s anti-bribery provisions, the law also requires reporting and accounting by issuers of securities. Even if a payment does not violate anti- bribery provisions, it can be prosecuted under the reporting and accounting provisions if inaccurately recorded or resulting from an internal controls deficiency. Also, as other nations increasingly bolster their own commercial and political bribery regulations, special consideration is accordingly required.
Put simply, the FCPA prohibits publicly traded U.S. companies, companies incorporated in the U.S. and their respective officers, directors, employees, stockholders and agents from paying, offering, or promising something of value to officials of foreign governments to obtain or retain business. FCPA prohibitions also affect non-U.S. companies and persons, as any contact with the U.S. in furtherance of a corrupt scheme creates U.S. jurisdiction.
The FCPA defines a “foreign official” to include “any officer or employee of a foreign government or any department, agency, or instrumentality thereof.” What constitutes an “instrumentality” of a foreign government remains undefined by the statute.
The U.S. Department of Justice (DOJ), which prosecutes alleged violations along with the U.S. Securities and Exchange Commission (SEC), has long argued for a broad interpretation of “instrumentality” including partially or fully state-owned or state-operated entities. In addition to seeking FCPA remedies, including conspiracy, prosecutors have also tacked on additional charges such as tax evasion, Interstate
Travel in Racketeering, money laundering and mail and wire fraud. The government generally negotiates criminal and civil penalties under deferred and no-prosecution agreements that tend to include increased self-reporting requirements. FCPA-inspired civil actions then typically ensue, including derivative, securities fraud and employment law suits, tort and contract law claims and claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act.
The Eleventh Circuit Court of Appeals, in United States v. Esquenazi, recently upheld lower court convictions based on the DOJ’s broad understanding of government instrumentalities as foreign officials. The case centers on alleged bribes paid by Joel Esquenazi and Carlos Rodriguez, officers of Terra Telecommunications, to employees of a Haitian telecom company. They were convicted of one count each of conspiracy to violate the FCPA, wire fraud and conspiracy to commit money laundering, seven FCPA counts and twelve counts of money laundering. Esquenazi was sentenced to fifteen years in prison, the longest FCPA-related sentence ever, and Rodriguez received seven years. Barring any potential future review by the full appellate court (only a three-judge panel ruled) or the U.S. Supreme Court (it was formally petitioned), the guidance outlined below governs.
The court refused to categorically narrow the definition of a government instrumentality. It found that, in enacting the FCPA, Congress intended to cast a wide net over foreign bribery. In amending the FCPA in 2008, it intended to align it with the Organization for Economic Cooperation and Development Anti- Bribery Convention, which contains a broad understanding of government instrumentalities.
The court refused to limit government instrumentalities to those entities that perform traditional or core governmental functions. As such, it found that even providing a commercial service can render an entity an instrumentality. On the other hand, the court refused to adopt a definition of instrumentality that would have categorically covered every state-controlled entity that merely provides any service.
Foreign banks, investment funds, utilities, universities and hospitals can be considered instrumentalities. Providing employees of these entities with anything of value, such as extravagant gifts or meals, excessive entertainment, or travel with no apparent business purpose, can run afoul of the FCPA.
Esquenazi establishes a two-part, government control-and-function test, for determining if an “instrumentality” is involved that would potentially trigger FCPA liability. First, an entity must be controlled by the government of a foreign country. Second, the entity must perform a function the controlling government treats as its own.
The court then lists non-exhaustive factors for determining such governmental control and function. The factors are not specifically weighted but rather considered altogether in what is tantamount to a “totality of the circumstances” analysis, with no single dispositive factor.
For the first part of the test, “control” factors include: (i) the foreign government’s formal designation of the entity; (ii) the government’s majority interest in the entity; (iii) the government’s ability to hire and fire entity principals; (iv) the government’s direct receipt of substantial entity profits; (v) the
government’s subsidization if the entity fails to break even; and (vi) how long these control factors have
Then, for the second part of the test, “function” factors include: (i) the entity’s monopoly power over its function and its servicing the public-at-large; (ii) the foreign government’s subsidization of the entity’s service-related costs; (iii) whether the entity provides services to the public at large in the foreign country; and (iv) the foreign country’s (public and government) general perception that the entity performs a governmental function.
Regulators consider the effectiveness of a compliance program when deciding whether to pursue and how to settle an enforcement action. For instance, a more effective program begets more favorable nonmonetary terms, like avoiding an independent compliance monitor or self-reporting requirements.
The ideal program, overseen by senior-level executives, includes the following components:
• a compliance department with direct reporting lines to your Directors;
• periodic compliance training on company policies, applicable laws, practical advice and case studies for foreign-based personnel;
• regular monitoring and auditing of particular transactions, employees and business units;
• extensive due diligence for all new business partners;
• annual employee certifications on adherence to the company’s code of conduct within a framework including incentives, disciplinary actions and confidential reporting and internal investigation systems; and
• a regular review and update of the compliance program based on employee surveys and reporting mechanisms.
At the very least, focus on three basic standards: (i) tailor compliance to the specific business and to its associated risks in a way that evolves as the business and the relevant markets change; (ii) apply the program in good faith; and (iii) encourage ethical conduct and a commitment to legal compliance by helping prevent, detect, remediate and report misconduct.
Consider technological solutions to compliance issues, including web-based approval tools for spending on items such as gifts and hospitality. Also, create “help desks” for personnel to obtain guidance on how to proceed with a compliance question. Pool your compliance resources towards higher-risk transactions.
Your legal, accounting and compliance departments should conduct due diligence on third parties (e.g., customers and business partners) based on the Esquenazi government control-and-function factors to ensure that any instrumentality covered by the FCPA is identified and treated with the required care. The DOJ and the SEC expect pre- and post-acquisition due diligence to uncover potential corruption and to voluntarily disclose any corrupt payments discovered immediately following a merger or acquisition.
Three principles should guide due diligence and be addressed as quickly as practicable. First, understand the qualifications and associations of a third party, including its reputation and relationships with foreign officials. Second, evaluate the business rationale for retaining it by reviewing your contract’s specification of payment terms corresponding to the market, industry and service provided. This includes evaluating documentation proving it is actually performing the work for which it is being paid. Third, monitor the business post-retention by updating its due diligence, exercising contractual audit rights, providing periodic training and requiring annual compliance certifications.
You should review sales and financial data, customer contracts and third party and distributor agreements. Speak with a third party’s general counsel, sales vice president and internal audit head about corruption risks, compliance efforts and any other related issues going back at least ten years.
An entity’s status as an “instrumentality” may trigger additional rounds of due diligence, enhanced representations and warranties in contracts and more attention from compliance officers. Require heightened levels of due diligence for any foreign entity that appears to have state ownership or ties. Finally, in mergers and acquisitions, buyers should increase the number of seller counterparties that they subject to due diligence while analyzing the Esquenazi factors in the vetting of third-party contractors.
Directors- please consider yourselves legally on notice. News headlines rife with the latest corporate hacking abound. From TJX Companies, Target, Sears and Snapchat, to Home Depot, Community Health Systems, JPMorgan and Miami-based Total Bank, every board of directors must adapt to a changing cyber world to protect their companies. The U.S. SEC Commissioner stated recently that boards must increase their role regarding cyber security, from upping technical know-how within the board to following up with proper notification and disclosure of breaches.
What follows is a brief overview of legal standards and best practices, regardless of the size or assumed risk profile of any given company and board. While this overview is not intended as legal advice and is provided for informational purposes only, we hope our identification of issues here will highlight the wisdom of conversing early on with counsel.
The goal is to prevent, mitigate, and promptly manage costs in the aftermath of a cyber breach. These costs include increases in existing customer turnover and challenges to new client acquisition activity and decreases in positive reputation and goodwill. They also include securities fraud class actions and shareholder derivative actions based on harm to the corporation through, for example, significantly decreased stock prices.
Recent lawsuits nationwide are focused on directors’ conduct before, during, and after a cyber security breach. These generally allege that directors failed to implement or update security policies and that they even increased damages by failing to timely disclose (or ensuring that management timely discloses) data breaches in SEC-related public filings.
These suits specifically implicate breaches of fiduciary duties, such as the duties of loyalty, oversight, and care, as well as waste of corporate assets, gross mismanagement, abuse of control, and unjust enrichment. Disclosure liability is also at stake and involves a company’s public statements about cyber security protection measures, its risk level for a breach, and the magnitude of a breach upon occurrence.
State and federal regulators are also increasingly investigating breaches. The Federal Trade Commission, for instance, will look into unfair practices for a company’s failure to adopt appropriate cyber security measures. The FTC will also investigate deceptive trade practices for a company’s failures to properly communicate if and how its practices deviate from its policies. The Food and Drug Administration is looking into cyber threats to medical devices. And there is an uptick in ongoing regulation and negotiations with the U.S. Department of Justice, State Attorneys General, and state consumer protection agencies.
Directors should strongly consider adopting the following best practices to protect the business and legal interests of their boards and companies.
Restructure the board
A director or a committee should focus on cyber risk management. It should be separate from the audit committee and report directly to the full board. Boards should recruit directors with IT governance and cyber security risk experience. Mandatory cyber-risk education is recommended for directors. As part of its Critical Infrastructure Cyber Community Voluntary Program, the U.S. Department of Homeland Security has identified some resources that may assist boards in implementing a director cyber-risk education program.
Consider appointing a chief information officer (CIO), chief information security officer (CISO) and/or chief privacy officer (CPO), and regularly meet with them to review expectations and plans. These officers should head a department centered on information privacy and security that includes employees solely responsible for cyber security.
Also consider appointing a committee responsible for privacy and security. Its members can include the above officers, plus senior management from various departments. The committee should meet regularly and afterward report directly to the board. The board should also require a cross-organizational team of senior executives to meet regularly on privacy/security issues.
If an outside vendor is brought in, the contract with the vendor must address key issues, including security requirements, warranties, applicable security standards certifications (such as PCI), audit rights, service levels, backup systems, data-destruction policies and breach notification. But even if the company can protect its data without outside experts, the board periodically should engage independent outside consultants to audit the company’s cyber security practices and report their findings directly to the board. The board then should review any differences between the recommendations of outside consultants and company officers.
Review budgets and processes
The board should direct adequate funds towards cyber security. It should also regularly review the company’s incident response programs. Internally, it should establish chain of command for stopping intrusion, securing networks, and implementing prioritized recovery. Externally, it should establish policies regarding breach notifications to governmental authorities, markets, and customers. The board should further evaluate the process and diligence involved in selecting the company’s cyber vendors and the adequacy of employee training on these issues.
While standards vary by industry, the primary guidance source on widely-accepted best practices and standards is the National Institute of Standards and Technology (NIST) framework standards for cyber security. Regulators take into account the level of compliance with these. Secondary guidance sources include the International Organization for Standardization and the National Association of Corporate Directors, in conjunction with AIG and the Internet Security
Alliance. Standards should further be cross-checked with those of the IT Governance Institute and Information Systems Audit and Control Association (ISACA).
Specific measures can and should be instituted, such as requiring that a major software vulnerability be fixed within ten days of its identification. If not timely fixed, the company must explain any delay to senior managers and eventually to the board.
The board should ensure that the company has written security standards and practices as well as written breach-response protocols. The appropriate officers or committee, under the board’s
supervision, should periodically review and update these.
Oversee reporting systems
Actively monitor corporate performance by ensuring the company keeps sufficient reporting systems to keep the board informed of company risks and business performance. The board should oversee internal investigations, document due diligence, identify the laws of each state in which a breach’s effects are felt and/or impact such state’s residents (such as the Florida Information Protection Act of 2014), reconcile any interstate conflicts of law, and ascertain the proper timing and form to comply with notification requirements.
Company statements, reports, disclosures, and other required SEC filings should cover past breaches, both material and executed as well as immaterial and attempted. Courts consider a failure to disclose cyber incidents a material omission per recent SEC disclosure guidance.
Review your company’s insurance policies to determine the level of existing coverage for cyber attacks. Like other types of insurance, cyber insurance coverage varies in important ways. Typical coverage options include Directors and Officers (D&O), Comprehensive General Liability, and Cyber Insurance Policies.
Assess the company’s cyber security risk profile and valuate potential losses to ensure adequate insurance coverage. Internal costs to cover include business interruption costs, legal expenses, loss of digital assets, and response costs. External costs to cover include third-party damages, credit-monitoring, and customer notification.
Buy or pre-negotiate D &O liability policies to cover damages for claims against directors and officers that may arise from privacy breaches before any cyber attack occurs. The board should consider supplemental insurance specifically for privacy-related liability. Consider counteracting a privacy exclusion by adding qualifying language that covers, for instance, oversight liability or securities claims.
Finally, check the company’s formation documents and insurance policies to ensure maximum protection of directors and officers against personal exposure. Consideration should be given to appropriate drafting of provisions in the company’s governing documents releasing directors and officers from privacy liability and indemnifying them for losses arising from such liability. In certain cases, exculpatory provisions in a company’s corporate charter document or bylaws (to the extent permitted by applicable law) may preclude the bringing of particular types of claims against directors and officers altogether. Lastly, indemnity agreements can provide for advancement of defense costs during litigation and cover any settlements or monetary judgments when the case ends.
James M. Stillwaggon expands firm’s immigration practice, and Luis M. Artime brings general counsel and compliance experience to corporate practice
Miami, Fla., June 05, 2014 – Alvarez Arrieta & Diaz-Silveira, LLP, a prominent South Florida boutique transactional law firm, has announced the addition of two new attorneys, James M. Stillwaggon and Luis M. Artime to continue growing the firm through their significant practice area knowledge and industry experience.
“As a founder of Alvarez Arrieta & Diaz-Silveira, I knew that our long-term success was linked to our client-first approach and our ability to provide world-class legal counsel,” said Pedro (Tony) Alvarez. “Mr. Stillwaggon’s years of immigration practice leadership, and Mr. Artime’s perspective as general counsel for some of America’s most successful companies will be invaluable to our clients. We are thrilled to have them on our team.”
Prior to joining Alvarez Arrieta & Diaz-Silveira, James M. Stillwaggon spent nearly 30 years leading the New York corporate immigration practice for a U.S.-based global law firm. He regularly advised banks, corporations, institutions and high-net-worth individuals on a variety of issues regarding visas, immigration and citizenship. In addition, he has represented individuals in challenging contested removal proceedings.
Mr. Stillwaggon has served as a trustee of the Maternity and Early Childhood Foundation and as a member of the City Bar’s Council on Children. He was appointed to the American Bar Association’s Presidential Working Group on the Unmet Legal Needs of Children, the American Immigration Lawyers Association and is a faculty member at the Center for International Humanitarian Cooperation at Fordham University. At his prior firm, Mr. Stillwaggon led the domestic and international pro bono efforts of the firm.
Mr. Stillwaggon graduated from Villanova University in 1967 and received his J.D. from St. John’s University School of Law in 1974.
Stillwaggon stated, “As a Miami-based firm, Alvarez Arrieta & Diaz-Silveira is uniquely positioned to address the needs of multi-national corporations and individuals. I share their business philosophy and commitment to the community, and I look forward to serving the immigration needs of clients while growing the practice.”
Luis M. Artime has been practicing corporate transactional law for more than 30 years. His experience includes structuring and negotiating complex business transactions, mergers and acquisitions, venture and growth capital investments, commercial contracts, and real estate matters. He was the founding Miami partner for what is now the largest law firm in Florida, where he practiced for more than 19 years. His clients included investors, bankers, entrepreneurs, realestate developers and members of the health care industry.
From there, Mr. Artime transitioned to a decade of in-house legal work, most notably as Senior Associate General Counsel supporting Wal-Mart’s International operations. While there, he was promoted to lead the legal team responsible for supporting all of Wal-Mart’s U.S. stores’ operations. Before joining Wal-Mart, Mr. Artime was the Vice-President and General Counsel for BellSouth International, Inc. BellSouth International was a major wireless telephony operator in Latin America and Israel. Mr. Artime’s experience as corporate counsel included an extensive
In addition, he served as the Senior Vice-President and General Counsel of AHI Healthcare Systems, Inc., where he assisted the healthcare management company with its Initial Public Offering. Most recently, Mr. Artime was Global General Counsel and Chief Compliance Officer for Brightstar Corp., a global wireless telecommunication distribution and solutions company.
Mr. Artime graduated from Fordham University in 1973 and received his J.D. from the University of Pennsylvania Law School in 1976. Artime stated, “As a former general counsel, I understand the corporate legal environment, and know that working with the right advisers can make huge difference in forwarding business growth while also protecting company interests. Today’s complex business environment requires that corporate clients invest significant time and resources to ensure compliance. I look forward to strengthening this practice at Alvarez Arrieta & Diaz-Silveira.”
Wind power project the largest in Central American and Caribbean Region
Miami, Fla., May 6, 2014 – Alvarez Arrieta & Diaz-Silveira LLP (AADSLAW), a South Florida based corporate and transactional boutique law firm, has assisted its client, InterEnergy Holdings, a holding company that owns and operates power generation and distribution assets in Latin America and the Caribbean, in its investment in what is expected to be the largest wind power project in the Central American and Caribbean regions.
InterEnergy agreed with Unión Eólica Panameña S.A. to invest in a wind power project located in Penonme, Panama. With 215MW of total aggregate capacity and a total project investment of US $427 million, the project is expected to eliminate more than 400,000 tons of CO2 emissions and save nearly 900,000 barrels of oil per year when completed.
“This project’s interface risk was particularly complex because it involved negotiations with three contractors, as opposed to a single engineering, procurement and construction provider,” stated founding Partner Pedro “Tony” Alvarez. “This transaction demonstrates our firm’s strength in the renewable energy sector, and I commend the knowledgeable counsel provided by my colleagues.“
In addition to assisting InterEnergy execute its agreement with Unión Eólica Panameña S.A., the firm assisted InterEnergy’s negotiations with Goldwind USA on the turbine supply agreement for the project; with Instalaciones y Servicios Codepa, S.A. on the balance of plant agreement for the project and with Tree Logistics on the turbine equipment transportation and logistics agreement. Further to advising its client on the investment and project development matters, the firm also assisted InterEnergy in connection with a related $100 million bridge credit facility to partially finance the project. Banco Espirito Santo de Investimento, SA acted as mandated lead arranger and book runner for the credit facility. Construction for the project, which has already commenced, is expected to be completed in April 2015.
The Alvarez Arrieta & Diaz Silveira team included Partners Pedro Alvarez, Aracely Alicea and Lauren Hunt, assisted by Associates Colleen Grady and Brian Canida. Attorney Sandra Warren consulted with the firm on the equipment supply agreement with Goldwind USA.