Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • SEC Chairman Releases Statement Discussing Internal Cybersecurity Assessment, Announces EDGAR Vulnerability May Have Led to Illicit Gain

    Privacy, Cyber Risk & Data Security

    On September 20, the SEC released a statement issued by Chairman Jay Clayton regarding the Commission’s approach to cybersecurity and its impact on market participants. Topics discussed in the statement, which is part of the SEC’s ongoing assessment of its cybersecurity risk profile, include:

    • the collection and use of data by the SEC;
    • the management of, and responses to, internal cybersecurity risks;
    •  the integration and incorporation of cybersecurity considerations into the SEC’s supervision of regulated entities;
    • coordinated efforts with other regulations to identify and mitigate risk; and
    • oversight and enforcement efforts related to cybersecurity activities.

    The Chairman also discussed the SEC’s discovery in August that a 2016 security incident involving a software vulnerability within the Commission’s EDGAR system “may have provided the basis for illicit gain through trading” by providing access to nonpublic information. However, the SEC also stated its belief that “the intrusion did not result in the unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.” According to the SEC, the vulnerability was patched promptly after discovery, and the SEC commenced an internal investigation, which is ongoing.

    Chairman Clayton is scheduled to testify before the Senate Banking Committee on September 26 at a hearing titled, “Oversight of the U.S. Securities and Exchange Commission.”

    Privacy/Cyber Risk & Data Security SEC Senate Banking Committee EDGAR Data Breach

    Share page with AddThis
  • SEC Reaches Settlement with Investment Adviser for Allegedly Overcharging Clients

    Securities

    On September 14, the SEC announced a settlement in an administrative proceeding against a national bank’s investment adviser subsidiary that allegedly overcharged more than 4,500 clients a total of over $1.1 million for costlier mutual fund share classes that carried 12b-1 marketing and distribution fees when shares of the same mutual funds were available without such fees. The SEC alleged that, from at least December 2011 through approximately June 2015, the investment adviser breached its fiduciary duties, made inadequate disclosures regarding conflicts of interest between the investment adviser and its representatives (who ultimately shared in the gains from the 12b-1 fees as compensation), and did not update its compliance policies and procedures to require its investment adviser representatives to identify or evaluate available share classes. The order cites violations of the Investment Advisers Act of 1940, as well as Rule 206(4)-7. While the investment adviser has neither admitted nor denied the allegations, it has, among other things, agreed to pay a penalty of more than $1.1 million, will provide disgorgement plus interest on any 12b-1 fees that have not yet been refunded to customers, and has been censured.

    Securities SEC Investment Adviser Settlement Enforcement

    Share page with AddThis
  • Minnesota-Based Company Announces Closure of FCPA Investigations

    Financial Crimes

    On August 7, a Minnesota-based company announced in its Form 10-Q the closure of DOJ and SEC FCPA investigations related to gift, travel, entertainment, and other expenses incurred in connection with its Asia-Pacific operations. The company initially informed the DOJ and SEC about this matter in 2012 and thereafter provided the government periodic updates. According to the company’s 10-Q, the government’s investigations were closed “without further action taken by either [the SEC or DOJ].”

    Financial Crimes FCPA DOJ SEC

    Share page with AddThis
  • Ohio-Based Corporation Discloses FCPA Investigation in Quarterly Filing

    Financial Crimes

    On August 4, Ohio-based corporation disclosed in its 10-Q that the DOJ and SEC are conducting investigations concerning potential violations of the FCPA related to a subsidiary’s operations in Turkey. The company operates in more than 70 countries and develops and sells technology-enabled solutions, including data warehouse management and database technologies. 

    According to the 10-Q, the company “discovered certain questionable expenditures for travel, gifts and other expenses at one of its international subsidiaries” doing business in Turkey. The company stated that it promptly launched an internal investigation and, in February 2017, self-disclosed the investigation to the SEC and DOJ. According to its 10-Q, the company has periodically updated the government about its investigation and plans to “continue to cooperate fully.” The company also noted that it already has “taken remedial actions,” including terminations, and that the FCPA issues “involved specific individuals who are no longer with the Company.” 

    It appears that the company is making a case for full cooperation credit under the DOJ’s Pilot Program, which encourages companies to “voluntarily self-disclose FCPA-related misconduct, fully cooperate with the Fraud Section, and, where appropriate, remediate flaws in their controls and compliance programs.”

    Financial Crimes FCPA DOJ SEC

    Share page with AddThis
  • SEC Releases Risk Alert, IMF Issues White Paper on Cybersecurity Awareness

    Privacy, Cyber Risk & Data Security

    On August 7, the SEC’s Office of Compliance Inspections and Examinations issued a risk alert entitled “Observations from Cybersecurity Examinations,” which provides findings and observations concerning industry practices and legal and compliance issues related to cybersecurity preparedness. The SEC examined 75 SEC registered firms as part of its Cybersecurity 2 Initiative and noted an improvement overall in terms of (i) creating and implementing cybersecurity policies and procedures and response plans; (ii) conducting periodic risk assessments to identify threats and vulnerabilities; (iii) implementing measures to ensure regular system maintenance checks; (iv) maintaining processes for identifying cybersecurity roles and responsibilities; (v) receiving authority from customers and shareholders concerning fund transfer authority; and (vi) conducting vendor risk assessments or requiring risk management from vendors. However, the SEC identified areas in need of improvement, such as failure to tailor or enforce policies and procedures or conduct adequate system maintenance to safeguard customer information. Also included in the alert are examples of best practices and guidance for firms to follow when implementing cybersecurity-related policies and procedures.

    Separately, that same day the International Monetary Fund (IMF) released a working paper discussing cyber risk awareness and the policy measures, regulatory frameworks, and supervisory measures affecting financial institutions’ approaches to systemic cyber risk. The IMF paper, entitled “Cyber Risk, Market Failures, and Financial Stability,” presents an overview of recent cyberattacks on the financial services industry, and stresses that cyber risk management requires that risks identified as part of a threat identification process must be “actively managed” to “ensure that cybersecurity-related measures are appropriate for and commensurate with the underlying risk.” Risk avoidance, risk reduction, and risk transfer are options for effective management. The paper further notes that, as a result of a predominance of cyber risk assessment centering on individual institutions (which constructs a relatively narrow view), insufficient attention has been given to systemic cyber risk that occurs commonly when financial institutions are exposed to “access vulnerabilities, risk concentration, risk correlations, or contagion effects (including through reputational channels).” The paper states that a need exists for regulatory reform and effective policy change “to build resilience through investment in cyber security while giving institutions flexibility to address the risks in the way they see as optimal.” Suggestions for measures—including national and international coordination—to strengthen resilience to cyber risk are also provided.

    Privacy/Cyber Risk & Data Security SEC IMF Vendor Management

    Share page with AddThis
  • Three Companies Announce the Close of FCPA Investigations

    Financial Crimes

    During the week of July 24, 2017, three different companies announced the closure of DOJ and/or SEC FCPA investigations.

    In a Form 10-Q filed with the SEC on July 25, 2017, an American multinational technology company disclosed that the DOJ and SEC had each informed the company in June 2017 of the closure of their respective investigations into “alleged illegal activity by a former Poland employee in connection with sales to the Polish government.” The company initially informed the SEC in 2012 that the Polish Central Anti-Corruption Bureau was looking into the matter, and the DOJ followed up with its own investigation in April of 2013. The DOJ expanded the investigation from Poland to Argentina, Bangladesh, and Ukraine. The 2012 issues came on the heels of a 2011 settlement in which the company paid the SEC $10 million to settle separate FCPA allegations for alleged cash payments to Chinese and Korean officials.

    A South African alternative payment systems provider made a similar announcement on July 27, stating that the DOJ had written a letter to the company closing its investigation of alleged FCPA and disclosure violations. According to the announcement, the DOJ, along with the SEC and South African authorities, began looking into a 2012 contract award process involving a subsidiary of the company after an unsuccessful bidder for the same contract “refer[ed] unsubstantiated South African press articles to the DOJ.” The SEC was the first to bow out of the investigation, closing its inquiry through a letter in 2015, followed six months later by the South African government. The company is traded on NASDAQ’s Global Select Market, providing a jurisdictional hook into a case otherwise about payments made by a South African company in South Africa to South African citizens who were South African government employees. Our additional coverage of this matter can be viewed here.

    In a Form 10-Q filed on July 25, 2017, a mining company also announced the end of a DOJ investigation into alleged violations of the FCPA “relating to certain business activities of [the company] and its affiliates and contractors in countries outside the U.S.” According to the announcement, the Colorado company had already received a similar declination from the SEC earlier this year. Our additional coverage of this matter can be viewed here

    The DOJ simultaneously reportedly confirmed to the Wall Street Journal that the agency was still actively enforcing the FCPA. The Journal cited an anonymous source at the DOJ for assurances that “though there haven’t been any new corporate FCPA cases since mid-January, there is no letup in U.S. enforcement efforts.”

    Financial Crimes DOJ SEC FCPA

    Share page with AddThis
  • SEC Reaches Settlement with Broker-Dealer Over Alleged Sale of Unregistered Stocks and Failure to File SARs

    Securities

    On July 28, the SEC announced it had reached a settlement in an administrative proceeding against a broker-dealer firm for allegedly selling hundreds of millions of unregistered penny stock shares and failing to file Suspicious Activity Reports (SARs) for over $24.8 million in suspicious transactions with the Financial Crime Enforcement Network. Bank Secrecy Act regulations require a broker-dealer to file SARs if it “knows, suspects, or has reason to suspect that the transaction . . . involves funds derived from illegal activity or is intended . . . to hide or disguise funds” to evade anti-money laundering (AML) rules. A broker-deal must also file SARs if there is no apparent lawful purpose for the transaction or if the transaction is to facilitate criminal activity. According to the settlement, the firm’s actions violated the Securities Act and Exchange Act. In addition to being censured and agreeing pay a $200,000 penalty, the firm will no longer accept the deposit of stocks valued under $5.00 and will retain an independent consultant to assist with mandatory enhancements to the firm’s AML policies and procedures.

    Securities Financial Crimes SEC Anti-Money Laundering SARs Bank Secrecy Act FinCEN

    Share page with AddThis
  • International Oil Field Service Company Agrees to Settle FCPA Claim for $29 Million in Disgorgement and Penalties

    Financial Crimes

    An international oil field service company recently settled allegations that the company improperly steered business to the friend of an Angolan official in exchange for that official awarding various oil contracts to the company. In total, the company agreed to pay the SEC $29.2 million, comprising $14 million in disgorgement, $1.2 million in prejudgment interest, and a $14 million penalty. The company’s former vice president also agreed to pay the SEC a $75,000 penalty related to these violations and other accounting irregularities.  

    This is the most recent settlement in a series of FCPA enforcement actions focusing on the company’s procurement processes and operations in various countries. A former subsidiary of the company settled similar FCPA allegations in 2009 related to alleged bribes paid to Nigerian officials to procure contracts in that country.    

    This settlement also highlights the role of whistleblowers in driving FCPA and other enforcement actions. A whistleblower employed by the company first alerted the company to potential FCPA issues in 2010, which resulted in the launching of an investigation into the allegations.

    Financial Crimes FCPA SEC Disgorgement Bribery Whistleblower

    Share page with AddThis
  • SEC Issues Investigative Report: Federal Securities Laws Apply to Virtual Organizations

    Securities

    On July 25, the SEC issued an investigative report stating that federal securities laws apply to anyone who offers and sells securities in the U.S., regardless of the manner of distribution or whether dollars or virtual currencies are used to purchase the securities. The SEC’s Report of Investigation (Report) advises users to make sure they are compliant with federal securities laws when raising capital through Decentralized Autonomous Organizations (DAO) or other forms of distributed ledgers or blockchain technology. These offering are often referred to as “Initial Coin Offerings” (ICOs) or “Token Sales.”

    The Report originates from an Enforcement Division inquiry into whether the DAO—and affiliated entities—“violated federal securities laws with unregistered offers and sales of DAO Tokens in exchange for ‘Ether,’ a virtual currency.” According to the SEC, the DAO, which has been described as a “crowdfunding contract,” has not met any of the specific Regulation Crowdfunding exemption requirements issued earlier this year by the agency. These regulations were previously discussed in InfoBytes. In its Report, the SEC stated that the individuals involved in a 2016 virtual currency offering that was later hacked will not face charges, but will rather serve as a warning to the industry that people who offer and sell securities in the U.S. must follow the law. In light of this discussion, the SEC’s Office of Investor Education and Advocacy issued an Investor Bulletin to educate investors about the benefits and risks of ICOs, which promoters have begun to use to sell virtual currencies.

    “Investors need the essential facts behind any investment opportunity so they can make fully informed decisions, and today's Report confirms that sponsors of offerings conducted through the use of distributed ledger or blockchain technology must comply with the securities laws,” said William Hinman, SEC Director of the Division of Corporation Finance.

    Securities Fintech SEC Digital Commerce Virtual Currency Blockchain Coin Offerings

    Share page with AddThis
  • Regulators Coordinate Review of Volcker Rule Application to Foreign Funds

    Securities

    On July 21, five U.S. financial regulators announced that they would not take action against foreign banks for qualifying foreign excluded funds, subject to certain conditions, under the Volcker Rule for a period of one year as they review the treatment of these types of funds under current implementing regulations. The regulators, which include the Federal Reserve Board, FDIC, OCC, SEC, and Commodity Futures Trading Commission, issued a joint statement to address concerns raised as to whether certain foreign excluded funds may fall within the definition of “banking entity” under the Bank Holding Company Act and therefore be subject to the Volcker Rule.

    “A number of foreign banking entities, foreign government officials, and other market participants have expressed concern about the possible unintended consequences and extraterritorial impact of the Volcker Rule and implementing regulations for certain foreign funds,” according to the joint statement. The regulators noted that the review will allow time to consider the appropriate course of action to address these concerns, including whether congressional action may be necessary.

    In addition, the regulators stressed that the joint statement “does not otherwise modify the rules implementing section 619 [of the Dodd-Frank Act] and is limited to certain foreign excluded funds that may be subject to the Volcker Rule and implementing regulations due to their relationships with or investments by foreign banking entities.”

    Securities Prudential Regulators Compliance Bank Compliance Banking Volcker Rule Federal Reserve FDIC OCC SEC CFTC

    Share page with AddThis

Pages