Schiff Hardin LLP August 2009

Learn more about the Product Regulatory Team at Schiff Hardin.

Attorneys In This Practice

Susan M. Carlson
Daniel J. Deeb
Nathan A. Engel
Nicole Finitzo
Jeremy Hojnicki
Michael J. Huft
Charlene Q. Kalebic
Katherine J. Levy
Kathryn McCollough Long
Henry Lee Mann
William E. Meyer Jr.
Joshua R. More
Mary Ann Mullin
Randolph M. Perkins
Gabriel M. Rodriguez
Richard L. Verkler
Sarah D. Youngblood

Schiff Hardin Offices

One Atlantic Center,
Suite 2300
1201 West Peachtree
Atlanta, GA 30309

225 Franklin Street,
Suite 2600 
Boston, MA 02110 

233 S Wacker Drive
Suite 6600
Chicago, IL 60606

One Westminster Place
Suite 200
Lake Forest, IL 60045

900 Third Avenue
New York, NY 10022

One Market, Spear Tower
32nd Floor
San Francisco, CA 94105

1666 K Street, NW
Suite 300
Washington, DC 20006

- - - - - - - - -

Join our mailing list.

Forward this newsletter to a friend or colleague.

- - - - - - - - -

Schiff Hardin Product Regulatory Team Newsletter

In this newsletter:
- FTC Red Flag Rule Requires Many Businesses To Adopt Written Identity Theft Prevention Programs
- Recent Amendments Lower Bar for False Claims Actions Against Government Contractors
- Taiwanese-Origin Goods Compliant for Purposes of Trade Agreements Act Requirements
- $9.44 Million Civil Penalty Assessed Against DHL for Export Control Violations

FTC Red Flag Rule Requires Many Businesses To Adopt Written Identity Theft Prevention Programs

On November 9, 2007, the Federal Trade Commission ("FTC") and several agencies that regulate banks, credit unions and other financial institutions issued final regulations (collectively referred to as the "Red Flag Rule"). By requiring "financial institutions" and "creditors" that maintain "covered accounts" to adopt and implement a written Identity Theft Prevention Program ("Program"), the Red Flag Rule aims to help detect, mitigate and prevent identity theft in connection with any "covered account." In its response to comments received after the rule was proposed, the FTC estimated that over 10 million entities would be subject to these regulations. The agencies were required to promulgate the Red Flag Rule under the FACT Act signed by President Bush on December 4, 2003. Although the initial compliance deadline was November 1, 2008, that deadline has been extended most recently to November 1, 2009.

Requirements of Identity Theft Prevention Program

The Program must be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities. The Red Flag Rule requires the Program to include reasonable policies and procedures to address the following matters:

  • Identification of relevant "Red Flags" (i.e., warning signs) that indicate an increased risk of identity theft with respect to covered accounts;
  • Detection of Red Flags that have been selected for inclusion in the Program;
  • Responses to any detected Red Flags to prevent and mitigate identity theft; and
  • Periodic updates to reflect changes in identity theft risks and in business models and services.
A supplement to the Red Flag Rule includes a list of common Red Flags. See Supplement A to Appendix A to 15 C.F.R. Part 681. This list of Red Flags is also available in a brochure published by the FTC, available at http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus23.pdf. Programs must also require appropriate staff training for effective implementation and oversight by the board, an appropriate board committee or a designated member of senior management. The Red Flag Rule requires approval of a Program by a business' board of directors or an appropriate committee of the board.

Definitions

"Financial institutions" and "creditors" with "covered accounts" are subject to the requirements of the Red Flag Rule. Accordingly, it must be determined whether the business is a "financial institution" or a "creditor," and whether the business has any "covered accounts."

The term "financial institutions" includes state banks, national banks, state or federal savings and loan associations, mutual savings banks, state or federal credit unions, and any other person or entity that, directly or indirectly, holds accounts or deposits on which an individual consumer is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers and similar transactions for the purposes of making payments or transfers to third persons.

"Creditor" means any business that regularly extends, renews or continues credit, or any person who regularly arranges for the extension, renewal or continuation of credit. This term also includes the assignee of an original creditor if the assignee participates in the decision to extend, renew or continue credit. The regulation and FTC guidance indicate that the definition of "creditor" includes banks, finance companies, automobile dealers, mortgage brokers, utility and telecommunication companies, hospitals, health care providers, lawyers and other businesses in which accounts are billed after services are rendered or goods are provided.

"Covered account" means (i) an account offered or maintained primarily for personal, family or household purposes to permit multiple payments or transactions, and (ii) any other account offered or maintained by a creditor or financial institution for which there is a reasonable foreseeable risk to customers or to the financial institution (or other creditor) from identity theft.

Recent Amendments Lower Bar for False Claims Actions Against Government Contractors

On May 22, 2009, President Obama signed The Fraud Enforcement and Recovery Act of 2009 ("FERA"). FERA significantly amends the Federal Civil False Claims Act, which is one of the government's main tools used to police and penalize wrongdoing in government contracting. Among other things, the Civil False Claims Act allows whistleblowers to keep up to 25 percent of any recovery against a contractor.

The paragraphs below describe significant changes made by FERA to toughen the Civil False Claims Act.

  • The Civil False Claims Act no longer requires that false claims be made directly to the government to be actionable. False claims liability may now attach "whenever a person knowingly makes a false claim to obtain money or property, any part of which is provided by the Government without regard to whether the wrongdoer deals directly with the federal Government, with an agent acting on the Government's behalf, or with a third party contractor, grantee or other recipient of such money or property."
  • Liability under the Civil False Claims Act is now possible if false records and statements are supplied even in the absence of any intent of getting false claims paid.
  • The Civil False Claims Act now expressly applies to a knowing failure to report or return any overpayments received by a government contractor or subcontractor.
  • FERA increases spending on enforcement by authorizing $155 million a year for the hiring of more fraud prosecutors and investigators by the Justice Department for fiscal years 2010 and 2011. This includes $65 million a year for the FBI to add 190 additional special agents and more than 200 professional staff and forensic analysts to rebuild the FBI's "white collar" investigation program.

Taiwanese-Origin Goods Compliant for Purposes of Trade Agreements Act Requirements

On July 15, 2009, Taiwan became the 41st signatory to the World Trade Organization Agreement on Government Procurement. By signing this Agreement, Taiwan is required to adhere to a specified level of transparency in government contracting and to refrain from discriminating against products from the other signatory countries for purposes of certain government contracts. The U.S. Civilian Agency Acquisition Council and the U.S. Defense Acquisition Regulations Council (the "Councils") have as of August 11, 2009 jointly promulgated an interim rule amending the Federal Acquisition Regulations to add Taiwan to the list of designated countries for purposes of federal acquisition rules implementing the Agreement on Government Procurement. The Councils are accepting written comments regarding the interim rule until October 13, 2009. The result of this interim rule is that for most U.S. government contracts exceeding specified dollar values, Taiwanese products will be treated no differently from domestic products.

$9.44 Million Civil Penalty Assessed Against DHL for Export Control Violations

DWPN Holdings (USA), Inc. — formerly known as DHL Express (USA), Inc. and DHL Holdings (USA), Inc. — was charged with numerous violations of United States export control laws by the Office of Foreign Assets Control ("OFAC") of the U.S. Treasury Department and the Bureau of Industry and Security ("BIS") of the U.S. Department of Commerce. In a settlement agreement approved on August 6, 2009, DWPN agreed to pay a penalty of $9.44 million and submit to annual audits of its export control compliance by an independent examiner through 2011.

The publicly available settlement agreement indicates that although DWPN neither admits nor denies the allegations, the agencies had reason to believe that DWPN had committed the following export control violations:

  • More than 41,000 violations of the Reporting, Procedures and Penalties Regulations maintained by OFAC;
  • 372 violations of the Iranian Transactions Regulations maintained by OFAC (which prohibit unlicensed shipments of merchandise to Iran and unlicensed imports from Iran to the United States);
  • 90 violations of the record keeping requirements of the Export Administration Regulations("EAR") (for failing to retain air waybills relating to shipments from the United States to Syria);
  • Eight violations of the Sudan Sanctions Regulations administered by OFAC (for unlicensed shipments of merchandise to Sudan); and
  • Eight violations of the Export Administration Regulations in connection with eight shipments of merchandise from the United States to Syria.
According to the settlement agreement, DHL did not voluntarily disclose these violations to OFAC or the BIS. Had these matters been voluntarily disclosed, DHL may have received a lighter penalty. This matter highlights to exporters, shippers and freight forwarders the vital importance of fulfilling the recordkeeping requirements of the export control laws with respect to all export shipments. OFAC's Reporting, Procedures and Penalties Regulations require that every person engaged in a transaction subject to the OFAC requirements keep a full and accurate record of the transaction for at least five years after the date of the transaction. The recordkeeping requirements imposed by BIS similarly require all U.S. persons participating in an export or other transaction subject to the EAR to retain all prescribed records relating to the transaction for five years from the latest of the date of (i) the export, (ii) any known reexport, transshipment or other diversion of the item, or (iii) any other termination of the matter.

ABOUT SCHIFF HARDIN LLP

Schiff Hardin's multidisciplinary product regulatory team has extensive expertise in the domestic and international regulation of consumer and industrial products.  We counsel clients on the requirements affecting all stages of a product's life cycle, including design, manufacturing, packaging, importing, exporting, distribution, sale, transportation, disposal and recycling.

For more information, please feel free to contact us.

 

© 2009 Schiff Hardin LLP

This publication has been prepared for the general information of clients and friends of the firm.
It is not intended to provide legal advice with respect to any specific matter.
Under rules applicable to the professional conduct of attorneys in various jurisdictions,
it may be considered advertising material.

For more information visit our Web site at www.schiffhardin.com.

Click here to manage your subscriptions.

Click here to unsubscribe from this list.