Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • GAO calls for enhanced oversight of blockchain, alternative data

    Fintech

    On August 8, the U.S. Government Accountability Office (GAO) released letters sent to the OCC, SEC, FDIC and the Fed to provide an update on GAO’s “priority open recommendations” for each regulator. Priority open recommendations refer to suggestions from GAO to bank regulators that have the potential for cost savings, elimination of mismanagement, fraud, and abuse, or addressing high-risk or duplication issues. GAO suggested that all four agencies follow its recommendation to coordinate oversight of blockchain technology. GAO referenced recent “volatility, bankruptcies, and instances of fraud in the crypto asset markets” and underscored the dangers to consumers and investors without safeguards. GAO suggests regulators jointly establish a formal coordination method to promptly identify and address risks tied to blockchain.

    For the three banking regulators in particular—the OCC, FDIC, and Fed—GAO noted that in 2011 it recommended that the three banking regulators implement noncapital triggers for early regulatory intervention tied to risky banking practices, but that such triggers had not yet been implemented. GAO also suggested that banking regulators and the “communicate the appropriate use of alternative data in the underwriting process with banks that engage in third-party relationships with fintech lenders.”

    GAO’s letter to the Fed restated GAO’s 2016 recommendation that the Fed design “a process to communicate information about the uncertainty surrounding post-stress capital ratio estimates” and “articulate tolerance levels for key risks identified through sensitivity testing and for the degree of uncertainty in the projected capital ratios.” GAO also recommended that the Fed revisit its “prompt corrective action framework” by “adopting noncapital triggers that would require early and forceful regulatory actions tied to unsafe banking practices.”

    Fintech Blockchain Examination Congress CFPB Risk Management OCC SEC FDIC Federal Reserve GAO

  • SEC charges companies, founder for operating an unregistered exchange

    Securities

    On July 31, the SEC filed a complaint in the U.S. District Court for the Eastern District of New York against three cryptocurrency trading platforms and their founder for allegedly conducting unregistered offerings of crypto asset securities that raised more than $1 billion in crypto assets from investors. The SEC also claimed that the founder and one of the platforms fraudulently misappropriated at least $12 million of offering proceeds to purchase luxury goods including sports cars, watches, and diamonds.

    According to the SEC’s complaint, as early as 2018 the defendants began marketing what they claimed to be the first high-yield “blockchain certificate of deposit,” and promoting tokens as an investment designed to make people “rich.” It is further alleged that from at least December 2019 through November 2020, the defendants offered and sold tokens in an unregistered offering and collected more than 2.3 million cryptocurrency units through “recycling” transactions that enabled the defendants to surreptitiously gain control of more tokens.

    The complaint seeks injunctive relief, disgorgement of ill-gotten gains plus prejudgment interest, penalties, and other equitable relief.

    Securities Digital Assets SEC Enforcement Cryptocurrency

  • ETF, founder to pay SEC $4.4M for misleading trustees

    Securities

    On August 1, the SEC settled for $4.4 million with an investment adviser and entities he founded (collectively, the “respondents”) on charges that they breached both their duty of care and duty of loyalty to their client, an exchange traded fund (ETF), in violation of the Investment Advisers Act and the Investment Company Act. As alleged in the settlement, the respondents needed funds to settle a substantial private litigation judgment, and to secure the funds to do so, committed to keep the client’s security lending business with the company providing the financing to the respondents. However, there were better offers on better terms from other securities lenders that could have provided millions more in revenue to the client, and the respondents did not disclose this information to their client or to the client’s independent trustees. In addition to the civil penalties, without admitting or denying the findings, respondents agreed to various non-monetary penalties, including cease-and-desist orders, an associational bar for the investment adviser and censures for the respondent entities.

    Securities Courts SEC Enforcement Digital Assets Cryptocurrency

  • SEC proposes rules for addressing conflicts of interest raised by predictive data analytics

    Agency Rule-Making & Guidance

    On July 26, the SEC issued proposed rules under the Securities Exchange Act of 1924 and the Investment Advisors Act of 1940 to address certain conflicts of interest associated with the use of predictive data analytics, including artificial intelligence (AI) and similar technologies, “that optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes.” The SEC explained that broker-dealers and investment advisors (collectively, “firms”) are increasingly using AI to improve efficiency and returns but cautioned that, due to the scalability of these technologies and the potential for firms to quickly reach a large audience, any resulting conflicts of interest could result in harm to investors that is more pronounced and on a broader scale than previously possible.

    Based on existing legal standards, the proposed rules generally would require a firm to identify and eliminate, or neutralize, the effects of conflicts of interest that result in the firm’s (or associated persons) interests being placed ahead of investors’ interests. Firms, however, would be permitted to employ tools that they believe would address such risks and that are specific to the particular technology being used. Firms that use covered technology for investor interactions would also be required to have written policies and procedures in place to ensure compliance with the proposed rules, the SEC said. These policies and procedures must include a process for evaluating the use of covered technology in investor interactions and addressing any conflicts of interest that may arise. Firms must also maintain books and records related to these requirements. Comments on the proposed rules are due 60 days after publication in the Federal Register.

    Agency Rule-Making & Guidance Federal Issues Securities SEC Third-Party Risk Management Artificial Intelligence Securities Exchange Act Investment Advisers Act

  • SEC adopts breach-reporting rules, establishes requirements for cybersecurity risk management

    Agency Rule-Making & Guidance

    On July 26, a divided SEC adopted a final rule outlining disclosure requirements for publicly traded companies in the event of a material cybersecurity incident. The final rule (proposed last year and covered by InfoBytes here) also requires companies to periodically disclose their cybersecurity risk management processes and establishes requirements for how cybersecurity disclosures must be presented. The final rule requires that material cybersecurity incidents be disclosed within four days from the time a company determines the incident was material (a disclosure may be delayed should the U.S. attorney general notify the SEC in writing that immediate disclosure poses a substantial risk to national security or public safety). Companies must also identify material aspects of the incident’s nature, scope, and timing, as well as its impact or reasonably likely impact on the company, and are required to describe their board’s and management’s oversight of risks from cybersecurity threats and previous cybersecurity incidents. These disclosures will be required in a company’s annual report. The final rule will also mandate foreign private issuers to provide comparable disclosures on forms related to material cybersecurity incidents and risk management, strategy, and governance.

    The final rule is effective 30 days following publication of the adopting release in the Federal Register. The SEC noted that incident-specific disclosures will be required in Forms 8-K and 6-K beginning either 90 days after the final rule’s publication in the Federal Register or on December 18, whichever is later, though smaller reporting companies are provided an extra 180 days before they must begin providing such disclosures. Annual disclosures on cyber risk management, strategy, and governance will be required in Form 10-K and Form 20-F reports starting with annual reports for fiscal years ending on or after December 15. In terms of structured data requirements, all companies must tag disclosures in the required format beginning one year after initial compliance with the related disclosure requirement.

    SEC Chair Gary Gensler commented that, in response to public comments received on the proposed rule, the final rule “streamlines required disclosures for both periodic and incident reporting” and requires companies “to disclose only an incident’s material impacts, nature, scope, and timing, whereas the proposal would have required additional details, not explicitly limited by materiality.”

    In voting against the final rule, Commissioner Hester M. Pierce raised concerns that the final rule’s compliance timelines are overly aggressive even for large companies and that the short incident disclosure period could potentially mislead otherwise uninformed investors and “lead to disclosures that are ‘tentative and unclear, resulting in false positives and mispricing in the market.’” The final rule allows a company to update its incident disclosure with new information in subsequent reports that was unavailable at first and could impact investors who may suffer a loss due to the mispricing of the company’s securities following the initial reporting, Pierce said. She also criticized the risk to national security or public safety exemption as being overly narrow. Commissioner Mark Uyeda also opposed the adoption, writing that “[n]o other Form 8-K event requires such broad forward-looking disclosure that needs to be constantly assessed for a potential amendment.” Uyeda also questioned whether “[p]remature public disclosure of a cybersecurity incident at one company could result in uncertainty of vulnerabilities at other companies, especially if it involves a commonly used technology provider, [thus] resulting in widespread panic in the market and financial contagion.”

    Agency Rule-Making & Guidance Federal Issues Securities Privacy, Cyber Risk & Data Security SEC Data Breach Risk Management

  • EU-U.S. release statement on Joint Financial Regulatory Forum

    Federal Issues

    On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”

    Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.

    Federal Issues Bank Regulatory Financial Crimes Digital Assets Of Interest to Non-US Persons EU Department of Treasury Federal Reserve CFTC FDIC SEC OCC Anti-Money Laundering Combating the Financing of Terrorism

  • Agencies charge crypto platform and former executives

    Federal Issues

    On July 13, the FTC announced a proposed settlement to resolve allegations that a crypto platform engaged in unfair and deceptive acts or practices in violation of the FTC Act. The FTC also alleges that the defendants violated the Gramm-Leach-Bliley Act by acquiring customer information from a financial institution regarding someone else by providing false or misleading statements. The New Jersey-based crypto company offers various cryptocurrency products and services to customers, such as interest-bearing accounts, personal loans backed by cryptocurrency deposits, and a cryptocurrency exchange. On the heels of its bankruptcy filing in July 2022, the FTC lodged a complaint in federal court alleging that three former executives falsely promised that deposits would be “safer” than bank deposits and always available for withdrawal, and that the platform posed “no risk” or “minimal risk.”

    The proposed stipulated order imposes a $4.72 million judgment against the corporate defendants, which is suspended based on their financial condition. The order also bans the corporate defendants from, among other things, “advertising, marketing, promoting, offering, or distributing, or assisting in the advertising, marketing, promoting, offering, or distributing of any product or service that can be used to deposit, exchange, invest, or withdraw assets, whether directly or through an intermediary.” 

    Other agencies also took action against the company and its former CEO on the same day, including the SEC, which alleges the company sold unregistered crypto asset securities in one of its program offerings. The SEC’s complaint further alleges the company made false and misleading statements and engaged in market manipulation. Additionally, the DOJ unsealed an indictment charging the former CEO and the company’s former chief revenue officer with conspiracy, securities fraud, market manipulation, and wire fraud for illicitly manipulating the price of the company’s token. Additionally, the CFTC filed a civil complaint charging the company and former CEO with fraud and material misrepresentations in connection with the operation of the company’s digital asset-based finance platform. The CFTC alleges the company operated as an unregistered commodity pool operator (CPO), and its former CEO operated as an unregistered associated person of a CPO. The complaint also accuses the former CEO of violating the Commodity Exchange Act and CFTC regulations, among other things. According to the press release, the company agreed to resolve the complaint, while the former CEO is continuing litigation.

    Federal Issues Digital Assets Securities Fintech Cryptocurrency FTC FTC Act Gramm-Leach-Bliley Enforcement Consumer Protection Deceptive SEC CFTC DOJ

  • SEC awards whistleblower $9 million

    Securities

    On July 12, the SEC announced a whistleblower award totaling approximately $9 million to a claimant who provided information and assistance that led to a successful enforcement action. According to the redacted order, the claimant “repeatedly raised concerns internally” and “provided highly significant and detailed information that alerted enforcement staff to the underlying conduct, prompting the opening of the investigation.” The claimant then “provided critical and ongoing assistance throughout the investigation, including meeting with [e]nforcement staff multiple times.” As a result of that information and assistance, “millions of dollars have been returned to harmed investors.”

    Securities SEC Enforcement Whistleblower Investigations

  • District Court orders crypto platform and its CEO to disgorge and pay penalty in SEC case

    Courts

    On July 5, the U.S. District Court for the Southern District of New York ordered a crypto platform and its CEO to each pay a civil money penalty of $141,410, as well as to jointly pay disgorgement in the same amount, in a case brought by the SEC. The SEC filed a complaint in February 2021 alleging that the defendants violated the registration provisions of the Securities Act of 1933 in connection with their offer and sale of digital asset securities. According to the SEC, the defendants sold digital asset securities to hundreds of investors, including investors based in the United States, but failed to file a registration statement for the offering. The complaint further charged the defendants with denying prospective investors the material information required for such an offering to the public. The SEC alleged that the defendants raised at least $141,410 through their offering.

    Neither defendant responded to the complaint, and the court accordingly entered an order of default against the defendants, permanently enjoining the defendants from violating the registration provisions of the Securities Act. The court also referred the case to a magistrate judge to make a recommendation regarding disgorgement and penalties. The magistrate judge concluded—and the court agreed—that there were sufficient facts supporting the SEC’s allegations against the defendants and that disgorgement and civil monetary penalties were appropriate remedies. In addition to the civil monetary penalty of $141,410 per defendant, the court held the defendants jointly and severally liable for disgorgement of $141,410 plus pre-judgment interest.

    Courts Securities Digital Assets Fintech Cryptocurrency SEC Securities Act

  • Waters asks Treasury, SEC to comment on crypto framework

    Federal Issues

    On June 23, Representative Maxine Waters solicited viewpoints, analysis, and recommendations in letters sent to the Department of Treasury and the SEC regarding a recently introduced discussion draft of cryptocurrency framework. In her letters, Waters requested insight on how the proposed legislation would impact the federal regulators’ ability to conduct oversight, among other things. Waters specifically asked the SEC for recommended amendments to existing law, outside of the bill, to further protect investors in the digital assets space. In her letter to the Treasury, she asked for insight on how the bill would address or conflict with its policy recommendations, and if the bill or specific provisions of it are needed. Waters requested that both regulators provide a written response by June 30 and be prepared to brief the House Financial Services Committee.

    Introduced on June 2, the discussion draft to which Waters referred would impact the jurisdiction of the CFTC over digital commodities and the SEC’s authority over digital assets. Committee Chairman Patrick McHenry is a co-author of the discussion draft and also the primary sponsor of newly proposed bills regarding financial statement requirements of emerging growth companies that if passed, will indirectly impact regulators’ oversight in the crypto space. HR 2608 would limit the financial information an emerging growth company would be required to submit to the SEC, among other things. Specifically, “an emerging growth company is not required to present a financial statement for any period prior to the earliest audited period of the emerging growth company in connection with its initial public offering, such as a statement for an acquired company.” Additionally, HR 2610 would amend the Securities Exchange Act of 1934, so emerging growth companies would only need to submit the last 2 years of their profit and loss statements (previously 3 years). Among other things, the bill allows an issuer of securities to submit a draft registration statement to the SEC for confidential review prior to a public filing. Both bills have passed the House. 

    Federal Issues Digital Assets Fintech Federal Legislation CFTC Cryptocurrency Department of Treasury SEC U.S. House

Pages

Upcoming Events