Scherzer Blog

OFAC getting more common in contract terms and background checks

Do you know what OFAC is about? OFAC is the acronym of the U.S. Department of Treasury’s Office of Foreign Assets Control, and its function is to administer and enforce sanctions against countries or individuals (like terrorists or narcotics traffickers) with actions ranging from trade restrictions to the blocking of assets.

For U.S. companies, the agency’s enforcement applies to banks, insurers, and others in the financial industry that may be involved in covered dealings, which include engaging in transactions prohibited by Congress such as trade with an embargoed country or with a specially designated national (SDN).

Violations of regulations, which extend to all U.S. citizens, can result in substantial fines and penalties. Criminal penalties can reach up to $20 million and imprisonment up to 30 years; civil fees can range from up to $65,000 to $1,075,000 per violation, depending on the activity at issue.

OFAC has significantly stepped up its enforcement efforts that have resulted in sizable settlement agreements with U.S. entities, and thus companies increasingly are incorporating sanctions compliance language based on OFAC regulations into contracts and agreements, as well as including OFAC checks in their employment-purpose background screening or in connection with business transaction due diligence.

Contract terms requiring a party to affirm that it is not the subject of any OFAC sanctions status, that no OFAC investigations are in process, or that it does not engage in transactions with countries like Iran or North Korea, are becoming standard. Some deals also include a provision attesting that a company is not owned by an individual on the list of SDNs, that the company is not based or located in an embargoed country, or to assure that the monies used to make an investment or purchase were not provided by a sanctioned country or individual. Of course, it is also important to conduct background checks to confirm these representations at the start of the contract and at reasonable intervals thereafter.

The use of compliance language does not insulate a company from OFAC liability. While such a provision may create a contract-based remedy to recover monetary damages based on a fine or settlement with the agency, the clause cannot eliminate liability. Like any other governmental regulator, OFAC is not bound by private contract and can take action even with such terms in place.

Learn more about OFAC.

|Educational Series|

Happy Holidays from Scherzer International

Scherzer International wishes you a Happy Holiday Season and continued success in 2015! We sincerely appreciate your business and the referrals so many of you have made to SI.

|SI Information|

Class action charges LinkedIn with violations of FCRA

According to a new putative class action filed in California federal court, social networking site LinkedIn runs afoul of the Fair Credit Reporting Act (FCRA).

The plaintiffs claim that LinkedIn’s reference search functionality allows prospective employers, among others, to obtain reports on job applicants with profiles on the site. LinkedIn’s dissemination of “Reference Reports” – that are created based on a user’s profile and connections to form a list of former supervisors and co-workers as possible references – are available for users who pay a monthly or annual subscription fee.

“LinkedIn has created a marketplace in consumer employment information, where it sells employment information, that may or may not be accurate, and that is has obtained in part from unwitting members, and without complying with the FCRA,” according to the complaint, which noted the site has more than 300 million members and one million jobs listed.

The Reference Reports bring LinkedIn within the purview of the FCRA, and yet the company fails to comply with a host of statutory requirements, according to the complaint.

Specifically, the complaint alleges that the site violates Section 1581(b) by furnishing consumer reports for employment purposes without obtaining the certifications required by the statute or a summary of the consumer’s rights and also does not maintain any of the procedures required by Section 1681e(a) to limit the furnishing of consumer reports to the limited purposes of the statute. In addition, Section 1681e(b) mandates that all consumer reporting agencies follow reasonable procedures to assure the maximum possible accuracy of consumer report information, Section 1681e(d) requires that a user notice be provided to individuals when a report is provided about them, and Section 1681b states that reports can only be provided after an inquiry to ensure the report is used for a “permissible purpose.” None of these statutory requirements were met by LinkedIn, the suit alleges.

“[A]ny potential employer can anonymously dig into the employment history of any LinkedIn member, and make hiring and firing decisions based upon the information they gather, without the knowledge of the member, and without any safeguards in place as to the accuracy of the information that the potential employer has obtained,” Sweet and the other plaintiffs claim. “Such secrecy in dealing in consumer information directly contradicts the express purposes of the FCRA.”

The main plaintiff alleges that she located a job opening on the site and submitted her resume through LinkedIn. She received a notification from the site that the general manager of the employer had viewed her profile and she was offered the job after an interview. The general manager declined the plaintiff’s offer to provide a list of references but later called back to rescind the offer, telling her that he had checked some of her references and changed his mind.

The plaintiffs seek to certify a nationwide class of LinkedIn users who had a Reference Report run on them as well as a subclass of users who applied for employment via the site and had a Report generated by a potential employer. As for remedies, the putative class requests actual, statutory, and punitive damages, as well as attorney’s fees and costs.

To read the complaint in Sweet v. LinkedIn Corporation, click here.

|Employment Decisions, Lawsuit|

SEC considers background check rule proposed by FINRA

Financial institutions could face expanded obligations to conduct background screening of applicants for registration pursuant to a rule proposed by the Financial Industry Regulatory Authority (FINRA) to the Securities and Exchange Commission (SEC).

As currently drafted, the National Association of Securities Dealers (NASD) Rule 3010(e), the Responsibility of Member to Investigate Applicants for Registration, provides that a firm “must ascertain by investigation the good character, business reputation, qualifications and experience of an applicant before the firm applies to register that applicant with FINRA,” the regulator explained.

Seeking to “streamline and clarify members’ obligations relating to background investigation, which will, in turn, improve members’ compliance efforts,” FINRA proposed the addition of background checks to the Rule for the SEC’s consideration.

The change would mandate that firms verify the accuracy and completeness of the information in an applicant’s Form U4 (Uniform Application for Securities Industry Registration or Transfer) for first-time applicants as well as transfers. Written procedures for conducting the background check – including a public records search – must also be established.

While the rule is prospective, FINRA announced that it would take a look at currently registered representatives. The financial regulator intends to begin its efforts with a search of all publicly available criminal records for the roughly 630,000 registered individuals who have not been fingerprinted within the last five years; going forward, FINRA will periodically review public records “to ascertain the accuracy and completeness of the information available to investors, regulators and firms,” the agency said.

To read the Federal Register notice: click here.

|Fraud, Risk Management|

Background screening of independent contractors

The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?

The answer: it depends.

While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)

The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.

Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.

In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.

The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.

However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”

To read the Allison Letter, click here.

To read the Solomon Letter, click here.

|Employment Decisions|

California expands privacy protections for state residents

A perennial trendsetter with regard to data security and privacy, California has updated its state law with tweaks that expand the scope of the privacy protections for state residents.

A.B. 1710 made three changes to existing law that go into effect January 1, 2015: first, businesses that maintain “personal information” about California residents must “implement and maintain appropriate and reasonable security procedures and practices” to protect the data from “unauthorized access, destruction, use, modification, or disclosure.” Personal information is defined to include an individual’s first name or first initial and last name, Social Security number, driver’s license number, as well as medical and financial account information.

Second, if a person or business was “the source” of a data breach and offers to provide identity theft prevention and mitigation services to affected individuals, the business must offer the services at no cost for at least 12 months. Some controversy has swirled around this provision, with debate on whether the language actually requires businesses to provide one year of free identity theft protection and mitigation services or if the law simply requires that if the services are offered, they last for 12 months and are provided gratis. Additional guidance may be forthcoming.

Finally, the new legislation prohibits a business from “selling, offering for sale, or advertising for sale” Social Security numbers. Limited exceptions were noted in the bill, including “if the release

[not necessarily a sale] of the Social Security number is incidental to a larger transaction and is necessary to identify the individual in order to accomplish a legitimate business purpose” or “for a purpose specifically authorized or specifically allowed by federal or state law.”

The law’s scope reaches well beyond the borders of California, as it applies to businesses that maintain any personal information about a state resident. Companies would be well advised to familiarize themselves with the new requirements.

To read AB 1710, click here.

|Legislation, Privacy|

Pennies add up to $18.7 million in allegedly illicit gains

A bit different from the billion dollar frauds that frequently made the headlines in the years past, a complaint filed on October 5, 2014 by the justice department in the federal district court in Manhattan accuses two former New York brokers of securities fraud and conspiracy for secretly adding a few pennies to the cost of securities trades they processed to generate $18.7 million in gains. The SEC also filed civil charges against the men, and added another broker as a defendant. The SEC’s complaint alleges that from at least 2005 through at least February 2009, the defendants perpetrated the scheme by falsifying execution prices and embedding hidden markups or markdowns on over 36,000 customer transactions. According to the SEC, the defendants charged small commissions—typically pennies or fractions of pennies per share; the scheme was devious and difficult to detect because they selectively engaged in it when the volatility in the market was sufficient to conceal the fraud. One of the defendants, who was in charge of entering the prices into the trading records and playing a critical role by controlling the flow of information, already pleaded guilty to securities fraud and conspiracy.

|Criminal Activity, Fraud|

New York City’s new bill would restrict using credit reports for employment decisions

Last month, the New York City Council’s Committee on Civil Rights held a hearing on a bill that would amend the city’s administrative code, prohibiting employers from using consumer credit reports for personnel decisions. Although the hearing ended without a disposition, it is expected that this bill will pass in some form in the near future. The Committee is holding a separate hearing in December on a bill that would prohibit employment discrimination based on an applicant’s or employee’s criminal history.

|Employment Decisions, Legislation|

Congress proposes bill that protects regulated employers’ background checks

While the Equal Employment Opportunity Commission (the “EEOC”) is continuing its challenge of employers’ use of criminal history and credit report information in personnel decisions, and new “ban-the-box” laws are rapidly gaining momentum, on September 9, 2014, Congress proposed legislation that protects certain regulated employers from EEOC, state agency and private actions when they strive to comply with the screening laws that are particular to their industries. The Certainty in Enforcement Act of 2014 would amend Section 703 of the Civil Rights Act of 1964 (42 U.S.C. 2000e-2), and cover employers that include those engaged in “health care, childcare, in-home services, policing, security, education, finance, employee benefits, and fiduciary duties.”

|Employment Decisions, Legislation|

SEC new rule: ABS issuers and underwriters must disclose any third-party due diligence report

On August 27, 2014, as mandated by the Dodd-Frank Act, the Securities & Exchange Commission (the “SEC”) adopted several new rules and amendments designed to improve the quality of credit ratings and increase the accountability of Nationally Recognized Statistical Rating Organizations (“NRSROs”). The new rules, which become effective nine months after their publication in the Federal Register, significantly affect services in connection with asset-backed securities (“ABS”). Among other provisions, included is a requirement for ABS issuers and underwriters to disclose the findings and conclusions of any third-party due diligence report they obtain. The rule applies to both registered and unregistered offerings. Additionally, providers of ABS due diligence services must submit a written certification (signed by an individual who is duly authorized to make such a certification) to any NRSRO that is producing a credit rating regarding the ABS, and disclose information about the due diligence performed, along with a summary of the findings and conclusions, and identification of any relevant NRSRO due diligence criteria that the third-party intended to meet in performing the due diligence.

|Dodd-Frank|

Previous 333435 Next