Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • Ransomware Attack Has Global Impact, Bipartisan Legislation Introduced to Counter Hacking

    Privacy, Cyber Risk & Data Security

    On May 12, a cyberattack spread around the world, affecting more than 230,000 computers in roughly 150 countries, according to a statement issued by the American Bankers Association. The ransomware, known as “WannaCry,” was used to exploit a vulnerability that affects computers running Microsoft Windows (see Department of Homeland Security Alert). Users of infected computers received a message that their files had been encrypted and that they must pay a ransom in bitcoin in order to decrypt their files. However, as conveyed in a press release issued by the Financial Services - Information Sharing and Analysis Center (FS-ISAC), it appears that the majority of the attacks seem to be targeting and impacting non-financial sector entities globally. FS-ISAC “believes the current attacks utilize known vulnerabilities for which there are available software patches,” but that firms and service providers need to implement the patches. Agencies continue to monitor what may be the first in a series of attacks.

    SEC Office of Compliance and Examinations (OCIE) and FBI Issue Responses. The OCIE released a statement cautioning registrants to be vigilant in mitigating risk, and noted a recent OCIE study that determined a substantial number of registrants did not conduct periodic risk assessments, penetration tests, or vulnerability scans, while a smaller number had not updated critical security patches. The OCIE also provided links to guidance on cybersecurity risk management. Likewise, the FBI issued a bulletin providing guidance on additional protection measures following the attack.

    Bipartisan Legislation Introduced. On May 17, bipartisan legislation was introduced in the House and Senate to add transparency and accountability to the federal government process for retaining or disclosing vulnerabilities in technology products, services, applications, and systems. The bill, Protecting our Ability To Counter Hacking (PATCH) Act, follows the apparently leaked NSA hacking tool which opened the door to the global “WannaCry” ransomware attack. It is sponsored by Senators Brian Schatz (D-Haw.),  Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.), and Representatives Ted Lieu (D-Cal.) and Blake Farenthold (R-Tex.). As described in a release issued by Sen. Schatz’s office, the proposed legislation would make the Vulnerabilities Equities Process (VEP) more permanent, while altering its structure. It would also make the Department of Homeland Security the chair of the interagency board overseeing the VEP. Under the bill, the NSA and other security agencies would still be a permanent part of the board, while other agencies and the White House's National Security Council could attend meetings if the board deems it necessary. The established board would also produce a report for Congress on the policies it establishes regarding the disclosure of vulnerabilities no later than 180 days after the enactment of the Act. An unclassified version of the report will be publically available as well. “Striking the balance between U.S. national security and general cybersecurity is critical, but it's not easy,” Sen. Schatz noted. “This bill strikes that balance. Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”

    Coalition for Cybersecurity Policy and Law. The legislation has already received support. The Coalition issued the following statement in support of the proposed bill: “We support the goals of the PATCH Act and we look forward to working with Chairman Johnson, Senators Schatz and Gardner, and Reps. Lieu and Farenthold as it moves forward in both chambers. The events of the past week clearly demonstrate the real-world consequences of exploited vulnerabilities. Governments have a critical role in getting vulnerability information to organizations capable of acting to protect security in a timely manner upon discovery.”

    Privacy/Cyber Risk & Data Security ABA SEC Congress

    Share page with AddThis
  • SEC Reaches Settlement to Resolve Overcharge Claims

    Securities

    On May 10, the SEC announced a settlement of more than $97 million with a dually-registered investment adviser and broker-dealer (the Firm) over three sets of alleged violations of the Investment Advisers Act of 1940, the Securities Act of 1933, and the Securities Exchange Act of 1934. The first violation claims that two of the Firm’s advisory programs charged fees to more than 2,000 clients for due diligence and monitoring services of certain third-party investment managers and investment strategies that were, in fact, not being performed. Second, the Firm recommended “more expensive mutual fund share classes when less expensive share classes were available,” thereby collecting excess sales charges or fees of approximately $110,000 from 63 brokerage clients. Finally, 22,138 accounts paid excess fees due to Firm miscalculations and billing errors. In total, from September 2010 through December 2015, the Firm overcharged certain clients nearly $50 million in fees. Neither admitting nor denying the SEC’s findings, the Firm agreed to create a Fair Fund to refund advisory fees to harmed clients. Specifically, the Fair Fund will consist of almost $50 million in disgorgement, close to $14 million in interest, and a $30 million civil money penalty. Under the terms of the settlement, the Firm is also required to pay an additional $3.5 million in remediation to harmed advisory clients who had underperforming (and unmonitored) investments despite paying for third-party managers and investment strategies.

    Securities SEC Enforcement Investment Adviser

    Share page with AddThis
  • SEC Issues Investor Bulletin on “SAFE” Crowdfunding Security Offering

    Securities

    On May 9, the SEC’s Office of Investor Education and Advocacy released an Investor Bulletin addressing crowdfunding risks associated with Simple Agreements for Future Equity (SAFE) securities. Regulation Crowdfunding, adopted by the SEC in November 2015 and effective as of May 16, 2016, “permits individuals to invest in securities-based crowdfunding transactions subject to certain thresholds, limits the amount of money an issuer can raise under the crowdfunding exemption, requires issuers to disclose certain information about their offers, and creates a regulatory framework for the intermediaries that facilitate the crowdfunding transactions,” among other things. According to an updated investor bulletin from the SEC, the rule allows individual investors to participate in securities-based crowdfunding offerings through funding portals that are registered with the SEC and members of FINRA. To assist issuers, the SEC published Regulation Crowdfunding: A Small Entity Compliance Guide for Issuers, which outlines investor limits, restrictions, and exemptions.

    SAFE securities. Unlike common stock, SAFE purchasers do not receive a current equity stake in a company. Rather, a SAFE offering is an agreement to provide a future equity stake based on the investment amount only if a particular triggering event occurs. Because of this, the SEC cautioned that investors should pay particular attention to the terms of a given SAFE offering, since there is no guarantee that the necessary triggering event will occur. Furthermore, the SEC warned investors to review other SAFE provisions such as conversion terms, repurchase rights, dissolution rights, and voting rights. The SEC noted that SAFEs were developed to give “sophisticated venture capital investors” the opportunity to invest in “hot” startups in need of capital while avoiding some of the more labored negotiations associated with equity offerings. Moreover, since SAFEs are not standardized, the SEC stressed the importance of investors having a detailed understanding of the terms of these types of offerings.

    Securities SEC Crowdfunding

    Share page with AddThis
  • Reports: American Multinational Retailing Corporation Nearing Resolution of Bribery Probe

    Financial Crimes

    Bloomberg reports that an American multinational retailing corporation is nearing a resolution of a five-year old joint inquiry by the DOJ and SEC. Citing an unnamed source familiar with the matter, Bloomberg reports that the company is preparing to pay $300 million to settle allegations that company employees paid bribes in Mexico, China, and India. The same source reported that the resolution will also include at least one guilty plea by a subsidiary of the company, a non-prosecution agreement for the parent company, and a monitorship.

    In March of 2015, a federal district court in Arkansas dismissed with prejudice a consolidated shareholder derivative suit accusing the company's board of directors of concealing Mexican bribery claims from investors. The lawsuit was filed after a 2012 article by the New York Times reported that top officials at the company’s Mexican subsidiary oversaw millions of dollars in bribes in connection with the company’s expansion in Mexico. See previous Scorecard coverage here. The same article is believed to have touched off the DOJ’s and SEC’s inquiry. If true, a $300 million resolution would not be near the top end of FCPA resolutions.

    Financial Crimes DOJ SEC Bribery

    Share page with AddThis
  • Former Guinean Mining Minister Convicted on Bribery and Money Laundering Charges

    Financial Crimes

    A former Guinean mining minister was found guilty earlier this week on bribery and money laundering charges following a seven-day jury trial in Manhattan federal court. He was charged with receiving and laundering $8.5 million in bribes allegedly for securing mining rights for two Chinese companies. 

    The conviction came one day after the former minister took the stand in his own defense and admitted to lying to banks about his status as a government official, as well as failing to report the payments on his IRS tax return.

    The conviction also follows other notable enforcement actions involving the mining industry in the Republic of Guinea. Earlier this year, the SEC charged former asset management executives with bribing government officials across Africa to secure mining deals, including in Guinea.

    Financial Crimes SEC Bribery Anti-Money Laundering

    Share page with AddThis
  • Two Telecom Executives Pay FCPA Penalties

    Financial Crimes

    Two former executives of a Hungarian telecommunications company recently agreed to settle their FCPA claims with the SEC and pay related penalties, along with five-year bars against serving as an officer or director of any SEC-registered public company. The company’s former CEO agreed to pay a $250,000 penalty, while its former Chief Strategy Officer agreed to pay a $150,000 penalty. The settlements are still subject to court approval.

    The SEC’s case against these individuals was heading to trial this month prior to this week’s settlement. The SEC’s complaint alleged that these individuals used sham contracts to funnel millions of dollars in bribes to foreign officials in Macedonia and Montenegro to win contracts and, importantly, block out competitors including U.S.-traded telecoms. This action was related to similar claims previously brought against the company and its majority owner, who settled civil and criminal FCPA charges in December 2011 for $95 million. In February 2017, another former executive settled FCPA charges, agreeing to pay a $60,000 penalty without admitting or denying the charges.

    These settlements underscore the FCPA’s broad territorial and jurisdictional reach, which can encompass transactions that facially do not even involve U.S. companies. As the SEC’s Stephanie Avakian noted, these individuals were ultimately charged because they “spearhead[ed] secret agreements with a prime minister and others to block out telecom competitors,” and “[the SEC] persevered in order to hold these overseas executives culpable for corrupting a company that traded in the U.S. market”.

    Financial Crimes SEC FCPA

    Share page with AddThis
  • SEC Announces Investigation Concerning Alleged $6.7 Million Michigan Real Estate Scheme

    Securities

    On March 30, the SEC announced charges against a Michigan pastor, his company, and business associate (Defendants) for allegedly cheating church members, retirees, and laid-off autoworkers out of approximately $6.7 million by convincing them to invest in a “successful” real estate scheme. The complaint alleges the pastor presented the investment opportunity at churches nationwide and through media outlets using “faith-based rhetoric” and guaranteed high returns. The Defendants—who were never registered to sell investments—raised the money from more than 80 investors who were told their money would be kept in qualified IRAs and could be rolled over tax-free. However, investors stopped receiving agreed-upon interest payments, and to date, Defendants owe more than 40 Michigan-based investors $2 million in past due promissory notes and also allegedly have obligations to investors outside the State of Michigan. The complaint claims violations of the Securities Act of 1933 and the Securities Exchange Act of 1934, and seeks disgorgement of ill-gotten gains plus interest, penalties, and permanent injunctions.

    Securities Mortgage Fraud SEC Enforcement

    Share page with AddThis
  • SEC’S FCPA Chief to Leave Agency Later in April

    Financial Crimes

    On April 4, the SEC announced that FCPA Unit Chief Kara Brockmeyer will leave the agency later this month. Ms. Brockmeyer joined the SEC in 2000 and has led the FCPA Unit since September 2011. Under her supervision of the unit, the SEC brought 72 FCPA enforcement actions resulting in judgments and orders totaling more than $2 billion in disgorgement, prejudgment interest, and penalties.

    Financial Crimes SEC FCPA

    Share page with AddThis
  • SEC Denies Application for Bitcoin ETF Due to Lack of Regulation, Potential for Manipulation

    Agency Rule-Making & Guidance

    On March 10, 2017, the SEC issued an Order disapproving of a proposed rule change by the BATS BZX Exchange (“the Proposal”), which proposed to list and trade “commodity-based trust shares” issued by the Winklevoss Bitcoin Trust. The Proposal, if approved, would have established a bitcoin exchange-traded fund (“ETF”) that market participants could invest in through the BATS BZX Exchange platform. Specifically, in rejecting the Proposal, the Commission emphasized the lack of regulation in the bitcoin market, noting both (i) that the BATS BZX Exchange platform “would currently be unable to enter into, the type of surveillance-sharing agreement that helps address concerns about the potential for fraudulent or manipulative acts and practices in the market for the Shares”; and (ii) that bitcoin regulation, at present, would leave a bitcoin ETF more susceptible to manipulation than an ETF comprised of other commodities, such as gold and silver. Ultimately, the Commission concluded that, “[a]bsent the ability to detect and deter manipulation of the Shares—through surveillance sharing with significant, regulated markets related to the underlying asset—the [Commission] does not believe that a national securities exchange can meet its” regulatory obligations.

    Comments submitted in response to the original BATS BZX Exchange proposed rule change can be accessed here.

    Securities Fintech Digital Commerce bitcoin SEC Agency Rulemaking & Guidance

    Share page with AddThis
  • Proposed FINRA Rule Would Streamline Securities Competency Exams for Industry Professionals

    Securities

    On March 8, the Financial Industry Regulatory Authority (“FINRA”) filed a proposed rule with the SEC to streamline its competency exams for professionals entering or re-entering the securities industry. Currently, only individuals associated with FINRA-regulated firms are eligible to take the qualification exam. The proposed rule would allow individuals with no prior securities industry experience to take FINRA’s Securities Industry Essentials exam, an “important first step to entering the industry,” which would serve to “provide enhanced flexibility and efficiency in [the] qualifications programs, while maintaining important standards and investor protections.” While these individuals would also be required to pass a more specialized knowledge exam—and must be associated with, and sponsored by, a firm—the proposed change would potentially expand the pool of qualified candidates for positions. Further, under this proposal, individuals who transfer to a financial services affiliate of a FINRA-regulated firm may qualify for a waiver that allows their credentials to be reinstated without re-taking their qualification exams, should they return to the industry within a seven-year period and meet the requirements of the waiver program. Currently, a registered individual who transfers for two or more years must re-take an exam to be re-qualified. The proposed rule is under review with the SEC.

    Securities FINRA SEC

    Share page with AddThis

Pages