InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
U.S., EU discuss financial regulatory developments
On February 19, the U.S. Treasury Department issued a joint statement on the U.S. – EU Financial Regulatory Forum held February 11-12 in Washington, D.C. U.S. participants included officials from the Federal Reserve Board, CFTC, FDIC, SEC, OCC, and Treasury. Forum topics focused on five key themes: “(1) supervision and regulation of cross-border activities, particularly in the areas of derivatives and central clearing; (2) the importance of monitoring market developments, both in relation to financial assets classes, like leveraged loans and collateralized loan obligations, and reference rates, like the London Interbank Offered Rate; (3) implementation of international standards in banking and insurance; (4) regulatory issues presented by fintech/digital finance; and (5) EU regulations related to sustainable finance.”
Among other topics, participants discussed U.S. banking developments concerning prudential requirements for foreign banks, including tailoring standards based on risk; proposed amendments to the Volcker Rule; EU data protection rules; cross-border supervision and data flow in financial services; the transition period following the U.K.’s departure from the EU; and European Commission priorities such as preventing and combating money laundering and the financing of terrorism. Participants acknowledged the importance of fostering continued dialogue between the U.S. and the EU noting that, “[r]egular communication on supervisory and regulatory issues of mutual concern should foster financial stability, supervisory cooperation, investor protection, market integrity, and a level playing field.”
SEC settles with blockchain company over unregistered ICO
On February 19, the SEC announced a settlement with a blockchain technology company resolving allegations that the company conducted an unregistered initial coin offering (ICO). According to the order, the company raised approximately $45 million from sales of its digital tokens to raise capital to develop a digital asset trade-testing platform and to build a cryptocurrency-related data marketplace. The SEC alleges that the company violated Section 5(a) and 5(c) of the Securities Act because the digital assets it sold were securities under federal securities laws, and the company did not have the required registration statement filed or in effect, nor did it qualify for an exemption to the registration requirements. The order, which the company consented to without admitting or denying the findings, imposes a $500,000 penalty and requires the company to register its tokens as securities, refund harmed investors through a claims process, and file timely reports with the SEC.
Broker-Dealer settles with SEC for improper handling of ADRs
On February 6, the SEC announced a settlement with a broker-dealer to resolve allegations concerning the improper handling of pre-released American Depositary Receipts (ADRs), or “U.S. securities that represent foreign shares of a foreign company.” The SEC noted in its press release that ADRs can be pre-released without the deposit of foreign shares only if: (i) the broker-dealers receiving the ADRs have an agreement with a depository bank; and (ii) the broker-dealer or the broker-dealer’s customer owns the number of foreign shares that corresponds to the number of shares the ADR represents. According to the SEC’s Order Instituting Administrative Proceedings (order), the broker-dealer improperly borrowed pre-released ADRs from other brokers that it should have known did not own the foreign shares necessary to support the ADRs. The SEC also found that the broker-dealer failed to implement policies and procedures to reasonably detect whether its securities lending desk personnel were engaging in such transactions. The broker-dealer neither admitted nor denied the SEC’s allegations, but agreed to pay more than $326,000 in disgorgement, roughly $80,970 in prejudgment interest, and a $179,353 penalty. The SEC’s order acknowledged the broker-dealer’s cooperation in the investigation and that the broker-dealer had entered into tolling agreements.
SEC commissioner proposes cryptocurrency safe harbor
On February 6, SEC Commissioner Hester M. Pierce announced her proposal for a three-year safe harbor rule applicable to companies developing digital assets and networks. Pierce suggested that not only would the rule provide regulatory flexibility “that allows innovation to flourish,” but it would also protect investors by “requiring disclosures tailored to their needs” while still maintaining anti-fraud safeguards, allowing investors to participate in token networks of their choice. Proposed Securities Act Rule 195 would allow companies to sell or offer tokens without being subject to the Securities Act of 1933, and without the tokens being subject to the registration requirements of the Securities Act of 1934. In order to qualify for these exemptions, the proposed rule requires that a company developing a network must, among other things, (i) “intend for the network on which the token functions to reach network maturity…within three years of the date of the first token sale”; (ii) disclose key information on a freely accessible public website,” including applicable source code and descriptions of how to search and verify transactions on the network; (iii) offer and sell its tokens in order to allow access to or development of its network; (iv) make “good faith and reasonable efforts to create liquidity for users”; and (v) “file a notice of reliance” with the SEC’s EDGAR system within 15 days of the company’s first token sale made in reliance on the safe harbor. Pierce suggested that the three-year grace period for qualifying companies would allow time for the development of decentralized or functional networks, and, at the end of the three years, a successful network’s tokens would not be regulated as securities.
Agencies to modify Volcker Rule’s “covered funds” requirements
On January 30, the OCC, Federal Reserve Board, FDIC, SEC, and CFTC issued a notice of proposed rulemaking to modify and streamline the “covered funds” requirements under Section 13 of the Bank Holding Company Act, commonly known as the Volcker Rule (Rule). As previously covered by InfoBytes, last fall the regulators signed off on final revisions to the Rule to simplify and tailor its restrictions on a banking entity’s ability to engage in proprietary trading and own certain funds. Specifically, the proposed amendments would modify the restrictions for banking entities investing in, sponsoring, or having certain relationships with covered funds, including simplifying provisions related to foreign public funds, loan securitizations, and small business investment companies. The amendments would also, among other things, (i) limit the extraterritorial impact of the Rule on certain foreign funds offered by foreign banks to foreign investors; (ii) modify and propose several existing exclusions to allow banking entities to invest in or sponsor certain types of funds—subject to certain safeguards—such as credit funds, venture capital funds, family wealth management vehicles, and customer facilitation funds; and (iii) permit intraday extensions of credit, payment, clearing, and settlement transactions between a banking entity and covered funds the banking entity advises or sponsors, or with which the banking entity has certain other relationships. Comments will be accepted through April 1.
FDIC finalizes securitization safe harbor
On January 30, the FDIC adopted the Final Rule to Revise Securitization Safe Harbor Rule (rule) as recommended by FDIC staff in a memorandum dated January 23. In July, as previously covered by InfoBytes, the FDIC approved a proposal to remove the requirement that, for safe harbor treatment, “the documents governing a securitization issuance require compliance with Regulation AB” of the SEC Regulation AB, “in circumstances where Regulation AB is not, by its terms, applicable to that transaction.” The proposal suggested that “it is no longer clear that compliance with the public disclosure requirements of Regulation AB in a private placement or in an issuance not otherwise required to be registered is needed to achieve the policy objective of preventing a buildup of opaque and potentially risky securitizations such as occurred during the pre-crisis years, particularly where the imposition of such a requirement may serve to restrict overall liquidity.” The final rule—which is unchanged from the proposal—eliminates the “significant disclosure requirements” to no longer mandate that private placements of securitization obligations provide Regulation AB disclosures. With the adoption of the final rule, only those transactions that are subject to Regulation AB are required to make the disclosures. The rule is expected to increase the securitization of residential mortgages and will become effective 30-60 days after it is published in the Federal Register.
SEC reports cybersecurity and resiliency observations
On January 27, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of a report entitled Cybersecurity and Resiliency Observations, compiled from an assessment of prior examinations. The report provides best practices for regulated entities to increase readiness and awareness related to cybersecurity. Echoing themes from the OCIE’s risk-based exam priorities, previously covered by InfoBytes here, the report also emphasizes risk management. Some of the highlights of the report include:
- Governance and Risk Management. OCIE lists senior level engagement as an important factor in an effective cybersecurity program. Also important is a thorough program risk assessment as well as the application of policies and procedures based on the assessment. Additionally, the cybersecurity program should continuously evolve, and provide for constant testing and monitoring.
- Access Rights and Controls. OCIE emphasizes the need for controls to limit access to certain data only to authorized users. Organizations should set out policies and procedures to monitor for unauthorized users, require periodic password changes for users, and review systems for changes that are not approved.
- Data Loss Prevention. Many firms protect sensitive data by using vulnerability scanning as well as perimeter security to monitor network traffic. Firms may utilize technology that can monitor for and detect network threats and insider threats. Also, encrypting data as it moves into and out of the network, and segmenting data for use only by authorized systems are key data loss prevention measures.
- Mobile Security. Firms that use mobile devices and applications may require enhanced security policies including the use of multi-factor authentication, limiting firm information that can be extracted from devices, and enabling the firm to remotely clear content when devices are lost or stolen. Training is also an important practice.
- Incidence Response and Resiliency. Effective risk-based incident response plans developed by firms focus on detection and corrective actions. The plans include business continuity as well as regular testing and reassessment of the plan.
- Vendor Management. OCIE promotes proper due diligence of vendors as well as effective management of vendors including monitoring and testing to ensure security requirements are continually met.
- Training and Awareness. OCIE notes that many firms incorporate effective policies and procedures into training, periodically re-evaluate training programs, and ensure employee participation.
SEC suit alleges fraudulent ICO
On January 21, the SEC announced that it filed suit in the U.S. District Court for the Eastern District of New York against a blockchain company and the company’s founder (defendants) for allegedly “conducting a fraudulent and unregistered initial coin offering (ICO).” The SEC alleges, among other things, that from 2017 until 2018, the defendants raised $600,000 from nearly 200 investors through promoting an ICO of digital asset securities called “OPP Tokens,” using material misrepresentations to create the false impression that the defendants’ platform was creating notable growth in the company. The defendants marketed the tokens by making misstatements to potential investors, greatly exaggerating the numbers of providers that were “willing to do business on, and contribute content to, [defendants’] blockchain-based platform.” The complaint also alleges that in marketing the ICO, the defendants provided a catalog of small businesses eligible to use the defendants’ platform that numbered in the millions, in order to create the false impression that the platform had a huge base of users. In reality, the catalog was not compiled by the defendants, but was simply acquired from a vendor. Additionally, the SEC alleges that the defendants provided numerous customer reviews in its promotions to create the impression that the platform had many users creating content, which were actually reviews stolen from a third-party website. The SEC charges that in addition to the above allegations, the defendants misrepresented that they had filed an SEC registration statement for the ICO. The SEC seeks injunctive relief, disgorgement of profits, civil money penalties, and a permanent bar preventing the founder from serving as officer or director of any public company.
Two whistleblowers earn SEC awards totaling $322,000
On January 22, the SEC announced that it had awarded a total of $322,000 to two whistleblowers in two separate enforcement actions. According to the SEC’s press release, the whistleblowers “played a crucial role in helping the Commission protect Main Street investors,” and “assisted the SEC in returning money to harmed investors.” One whistleblower provided information that reportedly helped the agency “shut down an ongoing fraudulent scheme that was preying on retail investors,” and was awarded $277,000 (see award order here). The other whistleblower, a harmed investor, assisted the agency to “shut down a fraudulent scheme targeting retail investors.” The whistleblower was awarded $45,000 (see award order here). Since 2012, the SEC whistleblower program has awarded roughly $387 million to 72 whistleblowers.
SEC files Supreme Court brief in favor of disgorgement
On January 15, the SEC filed a brief in a pending U.S. Supreme Court action, Liu v. SEC. The question presented to the Court asks whether the SEC, in a civil enforcement action in federal court, is authorized to seek disgorgement of money acquired through fraud. The petitioners were ordered by a California federal court to disgorge the money that they collected from investors for a cancer treatment center that was never built. The SEC charged the petitioners with funneling much of the investor money into their own personal accounts and sending the rest of the funds to marketing companies in China, in violation of the Securities Act’s prohibitions against using omissions or false statements to secure money when selling or offering securities. The district court granted the SEC’s motion for summary judgment, and ordered the petitioners to pay a civil penalty in addition to the $26.7 million the court ordered them to repay to the investors. The petitioners appealed to the Supreme Court and in November, the Court granted certiorari.
The petitioners argued that Congress has never authorized the SEC to seek disgorgement in civil suits for securities fraud. They point to the court’s 2017 decision in Kokesh v. SEC, in which the Court reversed the ruling of the U.S. Court of Appeals for the Tenth Circuit when it unanimously held that disgorgement is a penalty and not an equitable remedy. Under 28 U.S.C. § 2462, this makes disgorgement subject to the same five year statute of limitations as are civil fines, penalties and forfeitures (see previous InfoBytes coverage here). The petitioners also suggested that the SEC has enforcement remedies other than disgorgement, such as injunctive relief and civil money penalties, so loss of disgorgement authority will not hinder the agency’s enforcement efforts.
According to the SEC’s brief, historically, courts have used disgorgement to prevent unjust enrichment as an equitable remedy for depriving a defendant of ill-gotten gains. More recently, five statutes enacted by Congress since 1988 “show that Congress was aware of, relied on, and ratified the preexisting view that disgorgement was a permissible remedy in civil actions brought by the [SEC] to enforce the federal securities laws.” The agency notes that the Court has recognized disgorgement as both an equitable remedy and a penalty, suggesting, however, that “the punitive features of disgorgement do not remove it from the scope of [the Exchange Act’s] Section 21(d)(5).” Regarding the petitioner’s reliance on Kokesh, the brief explains that “the consequence of the Court’s decision was not to preclude or even to place special restrictions on SEC claims for disgorgement, but simply to ensure that such claims—like virtually all claims for retrospective monetary relief—must be brought within a period of time defined by statute.”
In addition to the brief submitted by the SEC, several amicus briefs have been filed in support of the SEC, including a brief from several members of Congress, and a brief from the attorneys general of 23 states and the District of Columbia.