Month: August 2019

On August 28, the South Korean Supreme Court, in a highly anticipated ruling, partially overturned the decision of the Seoul High Court in the bribery prosecution of Samsung Vice-Chairman Lee Jae-yong, and remanded the case for retrial.  The ruling means that Lee, who initially received a five-year prison sentence before having it modified to a two and a half-year suspended sentence, could face an even longer prison sentence after retrial.

Lee’s 2017 trial and conviction stemmed from a request that then-South Korean President Park Gyeun-hye had made of Lee to help the daughter of Park’s longstanding confidante of Choi Soon-Sil.   As the daughter was reportedly a competitive equestrian, Park, with funds that prosecutors said he embezzled from Samsung, gave her three horses worth an estimated $3 million and paid her fees at a dressage school in Germany.

Lee’s original conviction was based on his offering a total of $7 million in bribes to Park and Choi during Park’s tenure as President because he “sought government support to solidify his control over the company.”  On appeal, the Seoul High Court overturned some of Lee’s convictions and reduced the amount of Lee’s bribery to $3 million, which led to its reducing and suspending his sentence.

Supreme Court Chief Justice Kim Myeong-su, however, stated that the High Court’s ruling “was based on the premise that the horses defendants gave to Choi Seo-won [the daughter] were not to be considered bribes, misinterpreting the principle of law regarding bribery and mistakenly affecting the ruling.” Consequently, the Supreme Court concluded that the High Court had undervalued the amount of Lee’s bribes.

South Korean sentencing guidelines indicate that if Lee, on retrial, is found to have embezzled more than $4 million of corporate funds, he would receive a sentence between four and seven years’ imprisonment.  Under South Korean law, a court may not suspend a sentence of longer than three years.

Note: This decision has more than passing significance in South Korea, for two reasons.  First, the prospect that Lee could face resentencing and imprisonment is a cause for concern in the country’s business community, given the extent to which Samsung is deeply entrenched in the country’s economy and Lee’s role as de facto chief executive at Samsung.  Second, the Supreme Court’s decision establishes that South Korean bribery law applies not only to monetary bribes but to non-monetary things of value, such as the million-dollar horses.

On August 28, the U.S. Department of Justice announced that it had obtained nine indictments charging a total of 41 individuals “for their alleged involvement in a network of ‘pill mill’ clinics and pharmacies”  that resulted in the diversion of approximately 23 million oxycodone, hydrocodone, and carisoprodol pills. The 41 defendants, who were charged in the Southern and Eastern Districts of Texas and the District of Massachusetts, include medical doctors, nurses, clinic owners and managers, pharmacists, pharmacy owners and managers, and drug dealers and traffickers.

The indictments allege that participating doctors, medical professionals, and pharmacies knew the prescriptions for the opioid medications

had no legitimate medical purpose and were outside the usual course of professional practice.  In some cases, “crew leaders” and “runners” allegedly filled or had the individuals who posed as patients fill the illegal prescriptions at Houston-area pharmacies.  The owner and pharmacist in charge at one pill mill pharmacy allegedly dispensed the second highest amount of oxycodone 30mg pills of all pharmacies in the entire State of Texas in 2019, and the ninth highest amount in the nation.  One hundred percent of the oxycodone dispended by this pharmacy – every single oxycodone pill that left the premises – was in the highest available dosage strength of that drug.

In some instances, drug dealers and traffickers “allegedly diverted and distributed the controlled substances to the streets, with some pills trafficked from Houston to Boston.”

In addition to the indictments, the Department reported that in the Southern District of Texas, “350 law enforcement personnel executed a total of 36 search and seizure warrants in various locations (including 15 pharmacies, six “pill mill” clinics, and other offices and residences” that were aimed at disrupting opioid-diversion networks.  It also stated that the Drug Enforcement Administration (DEA) “issued nine immediate suspension orders (ISOs) to support related investigative efforts to interrupt an opioid drug diversion distribution chain.”

Note:  In the flurry of global publicity relating to the welter of civil litigation against opioid manufacturers and distributors, and the potential for hundreds of billions of dollars in civil damages and abatement costs, the role of U.S. federal law enforcement in combating the opioid crisis through the criminal process often receives little if any attention.  The Department has already shown this year – through its $225 million criminal and civil resolution with pharma company Insys Therapeutics, convictions of multiple Insys executives, and the indictment of pharma company Indivior — show that the Department has the resolve to prosecute opioid manufacturers when appropriate for their roles in fraudulently marketing opioids.  The indictments announced this week indicate that the Department is also prepared, as appropriate, to prosecute individuals and firms for their roles in later stages of opioid diversion, and to show the linkages between ostensibly “legitimate” health-care providers and pharmacies and criminal organizations in the diversion process.

(Full disclosure: The Fraud Section of the Department’s Criminal Division is credited with leading this series of enforcement actions, in conjunction with three U.S. Attorney’s Offices, the DEA, and other law enforcement agencies.  I was a Deputy Chief in the Fraud Section until 2015, but had no hand in the investigation of any of the cases mentioned here.)

On August 28, Bloomberg reported that on January 4, 2019, French investigative judges in Paris dismissed tax evasion and money-laundering-related charges against Judah Elmaleh, a former executive in HSBC Holdings’ Private Bank (Suisse).  A spokesman for the French financial prosecutor, the Parquet National Financier (PNF), stated that “after looking at all the evidence, the charges against Elmaleh were dropped.”

Since 2008, when they received documents stolen from the Swiss private bank by a former employee, French prosecutors had conducted an intensive investigation of the bank’s involvement in facilitating tax evasion. Thereafter, a variety of public reports linked Elmaleh to money laundering issues.  In 2012, Elmaleh, who had been on the private bank’s supervisory executive committee, reportedly left the bank “by mutual agreement,” “after his brothers were arrested in a high-profile international money laundering and drug-smuggling ring.”  In 2015, the Geneva Public Prosecutor’s Office referenced Elmaleh while announcing its imposition of a £28 million fine against HSBC for anti-money laundering “organisational deficiencies” in the HSBC Swiss private bank.

Eventually, in 2016, the PNF recommended that HSBC, as well as the private bank’s former Chief Executive Officer, Peter Braunwalder, and Elmaleh stand trial for enabling French clients to hide more than €1.6 billion from French tax authorities.  At the time of his charging, Elmaleh was alleged to have “approached French residents to encourage them to move funds to Switzerland and helped clients evade taxes.”

Subsequently, the PNF negotiated a €300 million penalty with HSBC and a guilty plea from Braunwalder “to illegally approaching French residents to encourage them to shift funds to Switzerland” in 2006 and 2007,” which resulted in hiding of assets worth at least $1.8 billion.  In Elmaleh’s case, however, the investigating judges reportedly concluded that there was no clear evidence of his involvement in 2006 and 2007, and noted “that Elmaleh’s testimony was useful in building the larger case” against HSBC.

Note: The dismissal of the charges against Elmaleh appears to be the final chapter of the PNF’s long-running HSBC investigation.  One curious footnote in that chapter is the failure to explain why the Elmaleh dismissal, as well as Braunwalder’s guilty plea and suspended sentence, occurred in January 2019 but were not publicly reported for the next seven months.  To improve transparency and public confidence in its handling of corporate criminal investigations, the PNF should work to make more timely public disclosures of individual defendants’ resolutions.

On August 21, the Swedish Data Protection Authority (Datainspektionen, or SDPA) announced that it had fined a high school in Skellefteå, Sweden 200 000 kronor (US$18,600) for violating the General Data Protection Regulation (GDPR) by using a facial-recognition system to record student attendance.  The SDPA stated that this is the first fine that it has levied for a GDPR violation.

The SDPA reported that the school, on a trial basis, had used facial recognition via camera “to test students’ attendance at their lessons.” (All translations unofficial)  After examining the school’s use of the system, which affected 22 students, it found that the facial-recognition camera surveillance of the students “in their everyday environment was an intrusion on their integrity and that their presence control can be done in other ways that are less violative of privacy than facial recognition.”

The high school board had sought to justify the use of the system for attendance control on the basis that the students had consented to that use.  The SDPA responded that the board could not use consent as a justification “because the students are in a position of dependence on the board.”  Accordingly, the SDPA concluded, in the words of SDPA Director General Lena Lindgren Schelin, that the Skellefteå high school board “violated several of the provisions of the Data Protection Regulation in a way” that prompted issuance of the SEK 200,000 penalty.

According to the European Data Protection Board, under Swedish law the fine for a GDPR violation could be as high as SEK 10 million.  In this case, the SDPA explained that the size of the penalty was influenced, among other things, by the fact that it involved a public authority and a use of the facial-recognition system “for a limited period.”

Note: This case is an important precedent for GDPR enforcement that compliance officers in companies and government agencies — including educational systems — need to bring to the attention of C-level officials in their organizations. Article 4(14) of the GDPR clearly defines “biometric data” in a manner that indicates that facial-recognition systems must be built and operated in a manner that complies with the GDPR.  The SDPA decision in this case is likely to be only the first of many decisions that will affect entities that install facial-recognition systems without considering the GDPR ramifications of doing so.

On August 26, the Irish Times reported that the Irish Department of Justice has concluded that the Criminal Justice (Corruption Practices) Act 2018, which extensively revised Irish criminal law on corruption offenses (including foreign bribery), is not in conformity with the Organization for Economic Co-Operation and Development (OECD) Anti-Bribery Convention.

The crux of the problem, according to the Times, is that the 2018 Law “includes a requirement that the offence be a crime both in Ireland and in the country where the bribery allegedly occurred, a requirement called ‘dual criminality’.”  In 2018, the Garda National Economic Crime Bureau sent a letter to the Department of Justice in which it called attention to the dual criminality problem.  In that letter, the Garda stated:

If Irish persons or companies are operating in a jurisdiction where anti-corruption legislation is weak or non-existent, then no offence occurs, which appears to go against the whole ethos of the OECD convention on foreign bribery and corruption. . . . It is our duty in the developed world to do everything in our power to ensure that our citizens and businesses are not engaged in bribery and corruption.

A spokesman for the Department of Justice noted that the text of the OECD Convention “is silent on the issue of dual criminality,” but acknowledged that the OECD Working Group on Bribery, of which Ireland is a member, “found that dual criminality requirements for the foreign bribery offence by their very nature compel the consideration of foreign law and its application to the facts of the case.”  Accordingly, those requirements are “inconsistent with article one of the convention, which requires an autonomous foreign bribery offence.”

Ireland is due for an OECD Working Group evaluation in October 2019.  On that point, the Department of Justice spokesman said that “Ireland will consider fully any recommendations that the working group makes from that evaluation.” An OECD spokeswoman reportedly stated that “it would be in a much better position to comment on the Irish law after the review.”

Note: The inclusion of the dual-criminality language in the Act apparently was not an oversight, but a decision by Irish Minister for Justice Charlie Flanagan “on the advice of the Attorney General that Ireland exercises extraterritorial jurisdiction on the basis that dual criminality is required.” Nonetheless, the Department now appears inclined to address that issue.

Although the Department of Justice spokesman referred to the Department considering recommendations by the OECD Working Group after its evaluation, the Department should prepare and present its own proposals for legislative change during that evaluation.  Being proactive with the Working Group can do no harm, and is likely to do Ireland some good.