Companies on Guard for New Legal Pitfalls; Cybercrime, Labor Rules, Financial Penalties Add to General Counsels’ Concerns

Companies on Guard for New Legal Pitfalls

Cybercrime, Labor Rules, Financial Penalties Add to General Counsels’ Concerns

JENNIFER SMITH

Jan. 5, 2014 8:17 p.m. ET

Top legal officers at many large companies are preparing for stepped-up scrutiny of their operations by both regulators and private litigants as they head into 2014. Among their concerns: staying up to speed on wage-and-hour rules and anticorruption laws, while guarding against possible data-security breaches.Meanwhile, lawyers with Wall Street banks and other firms are grappling with a host of new rules put in place after the 2008 fiscal meltdown. The Volcker rule, released late last year, sets new limits on the way banks trade securities, and it could cost them billions in revenue. Another rule expected out in 2014 would change capital and liquidity requirements for banks operating in the U.S.

All of this has corporate legal departments beefing up internal risk-and-compliance programs to head off potential violations.

“We’ve come off three years of an extraordinary amount of rule making,” said Simon Fish, general counsel for the Bank of Montreal, which has more than 12 million customers, two million of which are served through 620 branches in the U.S. “I think we are going into a period of ever more intense scrutiny from shareholders, from the investor community, from regulators and from our customers.”

Financial institutions should expect to face higher than typical levels of risk from litigation—and plan for stepped-up investigations and prosecutions, according to William J. Sweet, a partner at Skadden, Arps, Slate, Meagher & Flom LLP who heads the law firm’s financial institutions and regulation and enforcement group.

“Big penalties used to be $10 million, $20 million,” said Mr. Sweet. “That’s no longer the case.”

Last fall, J.P. Morgan Chase JPM +0.77% & Co. agreed to a record $13 billion settlement with the Justice Department and other agencies over soured mortgage securities.

While financial institutions contend with the aftermath of the financial crisis and new regulations intended to curb risky behavior, other industries have also come under the microscope.

Labor issues are on the minds of many U.S. employers, as the number of federal class actions over alleged wage-and-hour violations, such as failure to pay overtime, continues to rise. The Supreme Court is expected to rule this year on whether workers at U.S. SteelCorp. X -1.25% should be compensated for the time spent donning and shedding protective clothing, and for time spent getting from the locker room to their work stations.

More states are also boosting the minimum wage—this year it is set to rise in 14 states—and some have set their own obligations for when overtime should be paid, creating compliance challenges for companies that operate in multiple jurisdictions.

“There is a patchwork quilt of laws out there,” said Gerald Maatman, a labor and employment partner at Seyfarth Shaw LLP.

Companies also need to be mindful of stepped-up government enforcement actions in the labor arena, he said. Federal and state agencies continue to crack down on businesses for allegedly misclassifying some workers as independent contractors—a practice that labor advocates and regulators say can divert billions in taxes from state coffers.

Meanwhile, the recent theft of credit- and debit-card data from millions of Target Corp.TGT +0.49% customers highlighted the mounting threat from cybercrime.

“If you are a company with global operations and any kind of sensitive data, this is top of your list,” said Amar Sarwal, vice president and chief legal strategist for the Association of Corporate Counsel, a group that represents in-house lawyers.

One concern: the reputational hit if consumers lose trust in a particular institution or website after a major breach.

Multinational companies are also watching closely as the U.S. and the European Unionreview data-privacy guidelines at a time when revelations about surveillance by theNational Security Agency

have raised hackles abroad.

Because data-protection rules in the EU tend to be stricter than they are here, U.S. companies that hold the personal data of Europeans rely on the so-called Safe Harbor data-privacy agreement. The pact, which is reciprocal, protects participating U.S. companies from being sued in Europe under the EU’s data-protection directive and allows breaches to be dealt with here; it offers the same protection to EU companies that operate in the U.S. That agreement is undergoing review by the Commission, the EU’s executive arm.

Laura Stein, general counsel of Clorox Co. CLX +0.36% , said her legal team is focusing on privacy and consumer-data protection, with an eye to future trends: “both what is legally required today, and what will be required tomorrow globally.”

Companies have to contend with threats from inside, too, as federal bounties for whistleblowers grow. In October, the Securities and Exchange Commission announced the award of more than $14 million to an anonymous whistleblower—its highest bounty yet. The agency said that the person passed on information leading to the “substantial” recovery of investor funds, though it withheld many details, such as the identity of the perpetrators.

The SEC has issued awards in just a handful of cases since the whistleblower program’s inception in 2011 as a result of the Dodd-Frank act. But more are in the pipeline, George Canellos, the SEC’s outgoing co-chief of enforcement, told WSJ last year.

Whistleblower bounties create unwelcome incentives in the minds of many general counsels, who would prefer that workers report their concerns internally first. “Some may worry that employees are looking for a quick lottery ticket, says Steven J. Pearlman, a partner at law firm Proskauer Rose LLP.”