InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FINRA report finds 70 percent of broker-dealer communications potentially violate crypto-asset rule.
On January 23, FINRA published a report which found 70 percent of broker-dealer communications with retail customers showed potential violations of crypto-asset communications as part of a targeted exam. The potential violations fall under FINRA Rule 2210, which require that broker-dealer communications are fair, balanced, based in fact, and do not omit any material facts. With these rules in mind, FINRA reviewed more than 500 retail communications on crypto-assets made by broker-dealers consisting of podcasts, commercials, correspondences, and retail and institutional communications. FINRA’s exam uncovered numerous potential violations of Rule 2210, including the failure to clearly differentiate whether crypto-assets were offered by the member or by a third-party (especially on mobile apps); false statements that crypto-assets function like cash; comparisons of crypto-assets with other assets without providing a comparison of their features and risks; unclear and misleading explanations of how crypto-assets actually work; the failure to include key explanations of how crypto-assets are issued or held; misrepresenting the federal protections that apply to crypto-assets; and making misleading statements. Last, FINRA published a list of questions for broker-dealers to consider when reviewing and supervising their retail communications about crypto-assets.
FINRA report covers new topics including cryptoassets
On January 9, FINRA released a report on regulatory oversight titled “2024 FINRA Annual Regulatory Oversight Report.” The report integrates FINRA’s regulatory operations programs as a source of information for firms to strengthen their compliance standards. The report outlines new topics, including Crypto Asset Developments, OTC Quotations in Fixed Income Securities, Advertised Volume, and the Market Access Rule.
With respect to Crypto Asset Developments, the report focuses on surveillance themes and effective practices including best practices for due diligence. On the topic of OTC Quotations in Fixed Income Securities, the report highlights amendments to the rules governing publication of quotations by broker-dealers in a quotation medium. Further, with respect to Advertised Volume, FINRA highlights Rule 5210, which prohibits member firms from publishing transactions that are not believed to be a bona fide purchase or sale of a security.
The report notes that the SEC’s Market Access Rule prohibits firms that provide market access from “jeopardiz[ing] their own financial condition.” Findings include insufficient controls and failure to consider additional data. Effective practices include pre-trade fixed-income financial controls and soft blocks, among others. The report also covers several other topics including Cybersecurity, AML Fraud and Sanctions, Reg BI and Form CRS, and Consolidated Audit Trail.
SEC approves Bitcoin use in 11 exchange-traded products
On January 10, the SEC issued an order approving 11 exchange-traded products (ETPs) holding Bitcoin to be publicly traded. According to the order, the SEC found that the proposed ETPs are consistent with the Securities Exchange Act of 1934, specifically Section 6(b)(5), which requires that the rules prevent fraudulent and manipulative acts and practices and protect investors and the public interest. The SEC also found that the 11 proposed ETPs are consistent with Section 11A(a)(1)(C)(iii) which states that it is in the public interest to make the ETPs available to brokers, dealers, and investors. The order goes into further detail and outlines how the two subsections of the ‘34 Act are applied.
As previously covered on InfoBytes, the SEC originally denied a similar application from a company but had to reexamine that company’s application following the D.C. Court of Appeals overturning of the SEC’s initial rejection. The appellate court alleged the SEC “acted arbitrarily and capriciously by denying the listing of [the company]’s proposed bitcoin ET[F],” and members of Congress also urged the Chair of the SEC to approve Bitcoin’s use within ETPs in a September 2023 letter (covered in InfoBytes here).
Oregon amends money transmission law with respect to a required security device
On January 9, the State of Oregon enacted a new bill on money transmission licensing, specifically stating that “each license application shall be accompanied by a security device in the amount of $25,000.” A security device is defined by Oregon law as a surety bond or an irrevocable letter of credit. If an applicant engages in business at more than one location, the security device will increase by $5,000 per location, with a maximum of $150,000. The bill further states that in place of security devices, an applicant could deposit securities such as interest-bearing stocks, bonds, notes, etc., and be held under the same obligations as the security device. The bill concludes that the security device will remain in effect until its cancellation and remain in place no longer than five years following a licensee ceasing its money transmission operations in Oregon. In the event of the bankruptcy of the licensee, the security device will be held in trust for the benefit of purchasers and holders of the licensee’s outstanding payment instruments.
SEC charges DAO for unregistered sale of crypto smart yield bonds
On December 22, 2023, the SEC announced a settlement with a decentralized autonomous organization (DAO) and a second settlement with its founders. The SEC alleged that the DAO failed to register with the Commission for its offering and sale of structured crypto-asset securities. The SEC additionally charged the organization for operating certain pools as unregistered investment companies. According to the SEC, the organization compared its structured crypto-asset securities to asset-backed securities and marketed them to the public. Furthermore, investors could acquire “senior” or “junior” interest which could be pooled and used to generate returns. The orders state that the structured crypto-asset securities attracted significant investments, totaling over $509 million, with fees paid to the organization by investors based on investment size and chosen yield.
SEC awards more than $28 million to seven whistleblowers
On December 22, 2023, the SEC announced awards totaling more than $28 million to seven whistleblowers whose information and assistance led to a successful SEC enforcement action. According to the redacted order, five of the whistleblowers provided significant information early in the investigation, participated in voluntary interviews, provided supporting documents to SEC staff, and identified key witnesses. The SEC also added that the whistleblowers made several attempts to internally report their concerns to company management. Two whistleblowers provided significantly less information than the other five later into the investigation, but still qualified for a percentage of the monetary sanctions collected in the covered action. Creola Kelly, Chief of the SEC’s Office of the Whistleblower, stated that “[t]hese whistleblowers provided valuable information and substantial assistance that played a critical role in the SEC returning millions of dollars to harmed investors.”
One claimant’s whistleblower award application was denied because they did not communicate directly with the SEC staff responsible for the Covered Action Investigation and none of the information provided by the claimant was forwarded to the responsible staff. As such, the claimant did not provide original information that led to the successful enforcement action.
Payments to whistleblowers are made out of an investor protection fund, established by Congress, which is financed entirely through monetary sanctions paid to the SEC by securities law violators.
IOSCO publishes nine recommendations on decentralized finance
On December 19, 2023, the International Organization of Securities Commissions (IOSCO) published a report on decentralized finance to address market integrity and investor protection. The report includes nine policy recommendations for decentralized financial regulators to follow. Decentralized finance structures include financial products and arrangements that use a distributed ledger or blockchain technology. IOSCO’s policy recommendations on decentralized finance complement a similar report on crypto and digital asset markets, as written about on InfoBytes, here. The policy recommendations are as follows: (i) regulators should analyze decentralized finance products, services, and activities in its jurisdiction; (ii) regulators should identify the persons or entities that could be subject to its regulatory framework; (iii) regulators should use frameworks to regulate and address risks arising from decentralized finance consistent with IOSCO standards; (iv) regulators should require responsible persons to address conflicts of interest; (v) regulators should require responsible persons to address material risks, including operational and technological ones; (vi) regulators should require responsible persons to disclose information clearly to users and investors; (vii) regulators should apply comprehensive powers to decentralized financial services to detect and enforce violations under law; (viii) regulators should cooperate and share information with other regulators and authorities; and (ix) regulators should seek to understand how decentralized finance products are linked to the crypto-asset market as well as traditional finance markets. The final section of the report summarized the feedback garnered from 45 stakeholders on eight categories.
Crypto platform to pay $22 million to resolve NY AG suit
On December 13, the New York State Supreme Court entered a stipulation and consent order resolving a suit brought in March against a crypto platform for operating as an unregistered broker-dealer, among other things. As previously covered by InfoBytes, the suit was brought by New York State Attorney General Letitia James who noted this was one of the first times a regulator claimed in court that one of the largest cryptocurrencies available in the market qualified as a security.
As a result of the consent order, the platform is obligated to refund over $16.7 million worth of crypto in its control “by allowing users to withdraw those balances and transferring any remaining balances after ninety days to a third-party fund administrator,” to more than 150,000 investors in New York. In addition, the platform must pay an additional $5.3 million to the state. As part of the agreement, the platform is barred from trading securities and commodities in New York or from making its platform available to New York residents.
NYDFS settles with title insurance company for $1 million
On November 27, the NYDFS entered into a consent order with a title insurance company, which required the company to pay $1 million for failing to maintain and implement an effective cybersecurity policy and correct a cybersecurity vulnerability. The vulnerability allowed members of the public to access others’ nonpublic information, including driver’s license numbers, social security numbers, and tax and banking information. The consent order indicates the title insurance company discovered the vulnerability as early as 2018. The title insurance company’s failure to correct these changes violated Section 500.7 of the Cybersecurity Regulation.
In May 2019, a cybersecurity journalist published an article on the existence of a vulnerability in the title insurance company’s application, that led to a public exposure of 885 million documents, some found through search engine results. The journalist noted that “replacing the document ID in the web page URL… allow[ed] access to other non-related sessions without authentication.” Following the cybersecurity journalist’s article, and as required by Section 500.17(a) of the Cybersecurity Regulation, the title insurance company notified NYDFS of its vulnerability, at which point NYDFS investigated further. The title insurance company has been ordered to pay the penalty no later than ten days after the effective date.
DFPI orders desist and refrain against investment firm
On November 16, under California Corporations Code § 25532, the California Division of Financial Protection and Innovation (DFPI) issued a desist and refrain order against a securities investment platform for allegedly making false representations and material omissions to investors.
The DFPI alleges the investment platform sold securities in California on its website and the platform referred to them as “certificates.” The platform claimed that the certificates paid investors returns ranging from 2.5 percent to five percent in addition to guaranteed monthly returns. To solicit investors, the platform allegedly engaged in a multi-level marketing (MLM) structure that would have investors influence others to send money. DFPI alleged that the certificates were not qualified under the California Corporate Securities Law. DFPI also alleged that the platform omitted material information to investors, which included (i) falsely representing that the platform was partnered with a particular forex broker; (ii) representing that it was a licensed bank (while omitting that the “license” was granted by a “fictitious regulator”); (iii) using the terms “bank” and “banking” while omitting that it was not authorized to engage in the business of banking in California; (iv) misrepresenting profits and risk of loss; and (v) failing to disclose that its securities were not qualified in California.