InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC, CFTC join other regulators in approving Volcker Rule revisions
On September 18, the SEC announced the approval of final revisions to the Volker Rule (the Rule) to simplify and tailor compliance with Section 13 of the Bank Holding Company Act’s restrictions on a bank’s ability to engage in proprietary trading and own certain funds. As previously covered by InfoBytes, the final revisions were approved by the OCC and FDIC at the end of August, and the Federal Reserve Board is expected to adopt the changes in the near future. In approving the revisions, Chairman Jay Clayton stated that the SEC collaborated with the other federal regulatory agencies to ensure the changes would “effectively implement statutory mandates without imposing undue burdens on participants in our markets, including imposing unnecessary costs or reducing access to capital and liquidity.” Chairman Clayton emphasized that the revisions draw on the agencies’ “collective experience in implementing the rule and overseeing compliance in our complex marketplace over a number of years.”
Earlier, on September 16, the CFTC announced a 3-2 vote to approve the final revisions. Commissioner Tarbert stated that the final revisions would provide banking entities and their affiliates with “greater clarity and certainty about what activities are permitted under” the Rule as well as reduce compliance burdens. In voting against the approval, Commissioner Behnam issued a dissenting statement expressing, among other things, concerns about “narrowing the scope of financial instruments subject to the [] Rule,” which would limit the Rule’s scope “so significantly that it no longer will provide meaningful constraints on speculative proprietary trading by banks.” Commissioner Berkovitz also dissented, arguing that the revisions “will render enforcement of the [R]ule difficult if not impossible by leaving implementation of significant requirements to the discretion of the banking entities, creating presumptions of compliance that would be nearly impossible to overcome, and eliminating numerous reporting requirements.” Commissioner Berkovitz also criticized the rulemaking process that led to the final revisions, arguing that a number of the changes were not adequately discussed in the notice of proposed rulemaking process, including amendments to the “accounting prong” and the rebuttable presumption of proprietary trading.
SEC settles cryptocurrency fraud case for $10.1 million
On August 29, the SEC announced it had settled with a cryptocurrency company and its two founders to resolve allegations that the company defrauded investors and operated an unregistered exchange. The SEC’s complaint alleges that the defendants raised more than $13 million from investors through the sale of digital tokens without registering the offerings with the SEC. According to the complaint, the defendants misrepresented that purchasers of digital tokens would receive stock in the company, as well as obtain access to a global marketplace attracting millions of consumers, despite the fact that the latter did not exist. This led to investors allegedly losing more than two-thirds of their investments in the company, the SEC claims. The company also allegedly operated an illegal, unregistered national security exchange offering trading in a single security. The SEC’s press release states that, while the defendants neither admit nor deny the allegations, the company will pay disgorgement, prejudgment interest, and a civil penalty of approximately $8.4 million, while the two founders will each pay more than $850,000.
SEC awards $1.8 million to whistleblower
On August 29, the SEC announced that it had awarded more than $1.8 million to a whistleblower who provided “critically important” information and assistance to a “programmatically significant enforcement action.” The SEC’s order noted that without the whistleblower’s tip, the violations would have been difficult to identify because the misconduct happened abroad. The order does not provide any additional details regarding the whistleblower or the company involved in the enforcement action. Since the program’s inception in 2012, the SEC has awarded approximately $387 million to 66 whistleblowers.
Cybersecurity company settles FCPA claims for $11.7 million
On August 29, a cybersecurity company agreed to pay over $11.7 million to settle SEC claims that certain subsidiaries operating in Russia and China violated the books and records and internal accounting controls provisions of the FCPA. The alleged misconduct included certain sales employees at the Russian subsidiary who misrepresented “the need for increased discounts to meet competition,” and—instead of passing the incremental discounts on to end-user customers—created “common funds” in off-book accounts that were diverted toward “excessive” travel and entertainment involving foreign officials, which the employees allegedly claimed served business purposes. According to the SEC, the company failed to (i) properly record the expenses; or (ii) implement or maintain an effective internal accounting system to prevent the violations from occurring. During approximately the same time period, sales employees at the Chinese subsidiary also paid for domestic trips and entertainment for foreign officials while allegedly understating the amount of entertainment involved and falsifying trip agendas to the company’s legal department to obtain approval.
In entering into the administrative order, the SEC considered the company’s cooperation and compliance efforts. Without admitting or denying wrongdoing, the company agreed to pay a $6.5 million civil money penalty and more than $5.2 million in disgorgement and interest.
German bank to pay $16.2 million for allegedly concealing corrupt hiring practices
On August 22, a German-based bank entered into an administrative order with the SEC agreeing to pay $16.2 million to settle the SEC’s claims that it allegedly concealed corrupt hiring practices. According to the SEC, the bank allegedly violated U.S. laws—including the internal controls and books and records provisions of the FCPA—by offering jobs to relatives of Chinese and Russian government officials in an attempt to secure business or other benefits. Employees then created false books and records that concealed the practices and circumvented internal controls in place to prevent the activities. The SEC stated that the bank’s failure to properly enforce its written global anti-corruption policy allowed the bank to provide jobs in China and Russia from at least 2006 to 2014 based on how much business the candidate’s connections could bring to the bank.
In entering into the administrative order, the SEC considered the company’s cooperation efforts and compliance efforts. Without admitting or denying wrongdoing, the bank agreed to pay a $3 million civil money penalty and more than $13.1 million in disgorgement and interest.
Brokers to pay $4.5 million to settle ADR mishandling claims
On August 16, the SEC announced a settlement with two brokers to resolve allegations concerning the improper handling of pre-released American Depositary Receipts (ADRs), or “U.S. securities that represent shares of a foreign companies.” According to the SEC, both brokers improperly “obtained pre-released ADRs when they should have known that the pre-release transactions were not backed by foreign shares.” The SEC asserted the brokers improperly obtained the pre-released ADRs from other broker-dealers—with one of the brokers also obtaining the pre-released ADRs from depository banks—which “resulted in an inflated total number of foreign issuer’s tradeable securities and short selling and dividend arbitrage.” The SEC further alleged the brokers violated the Securities Act of 1933 and failed to reasonably supervise their securities lending desk personnel. While neither broker admitted nor denied the SEC’s findings, the orders require them to pay, combined, more than $4.5 million in disgorgement, prejudgment interest, and penalties. The orders acknowledge the brokers’ cooperation in the investigation.
SEC obtains court order halting token offering
On August 12, the SEC announced it obtained a court order halting an alleged fraud involving the sale of digital securities which raised $14.8 million in 2017 and 2018. In addition, the court approved an emergency asset freeze to preserve at least $8 million of the funds raised, the SEC said in its press release. According to the complaint filed the same day in the U.S. District Court for the Eastern District of New York, an individual and two entities he controlled allegedly violated the registration, antifraud, and manipulative trading provisions of the federal securities laws, by, among other things, knowingly (i) marketing and selling securities tokens by creating false investor demand through the use of material misrepresentations and omissions; and (ii) misleading investors by claiming to have product ready to generate revenue even when no such product existed. Additionally, the SEC alleged that the individual defendant engaged in manipulative trading on an unregistered digital asset platform, and transferred a “significant amount” of dissipated assets from investors into his personal account. Among other things, the SEC seeks permanent injunctions, disgorgement of profits associated with the fraudulent activity, plus interest and penalties, a ban from offering digital securities, and an officer-and-director bar against the individual defendant.
SEC awards $500,000 to overseas whistleblower
On July 23, the SEC announced a $500,000 award to an overseas whistleblower whose “expeditious reporting” on an important witness assisted the Commission in bringing a successful enforcement action. The SEC’s order noted that the whistleblower’s tip was the first information that the Commission received on the charged misconduct, and that without the information—which was substantiated by other witnesses—the violations would have been difficult to identify and prove partly because the misconduct happened abroad. The order does not provide any additional details regarding the whistleblower or the company involved in the enforcement action. Since the program’s inception in 2012, the SEC has awarded approximately $385 million to 65 whistleblowers.
FTC and DOJ announce $5 billion privacy settlement with social media company; SEC settles for $100 million
On July 24, the FTC and the DOJ officially announced (see here and here) that the world’s largest social media company will pay a $5 billion penalty to settle allegations that it mishandled its users’ personal information. As previously covered by InfoBytes, it was reported on July 12 that the FTC approved the penalty, in a 3-2 vote. This is the largest privacy penalty ever levied by the agency, almost “20 times greater than the largest privacy or data security penalty ever imposed worldwide,” and one of the largest ever assessed by the U.S. government for any violation. According to the complaint, filed the same day as the settlement, the company allegedly used deceptive disclosures and settings to undermine users’ privacy preferences in violation of a 2012 privacy settlement with the FTC, which allowed the company to share users’ data with third-party apps that were downloaded by users’ “friends.” Moreover, the complaint alleges that many users were unaware the company was sharing the information, and therefore did not take the steps needed to opt-out of the sharing. Relatedly, the FTC also announced a separate action against a British consulting and data analytics firm for allegedly using deceptive tactics to “harvest personal information from millions of [the social media company’s] users.”
In addition to the monetary penalty, the 20-year settlement order overhauls the company’s privacy program. Specifically, the order, among other things, (i) establishes an independent privacy committee of the company’s board of directors; (ii) requires the company to designate privacy program compliance officers who can only be removed by the board’s privacy committee; (iii) requires an independent third-party assessor to perform biennial assessments of the company’s privacy program; (iv) requires the company to conduct a specific privacy review of every new or modified product, service, or practice before it is implemented; and (v) mandates that the company report any incidents in which data of 500 or more users have been compromised to the FTC.
In dissenting statements, Commissioner Chopra and Commissioner Slaughter asserted that the settlement, while historic, does not contain terms that would effectively deter the company from engaging in future violations. Commissioner Slaughter argues, among other things, that the civil penalty is insufficient and believes the order should have contained “meaningful limitations on how [the company] collects, uses, and shares data.” Similarly, Commissioner Chopra argues that the order imposes no meaningful changes to the company’s structure or financial incentives, and the immunity provided to the company’s officers and directors is unwarranted.
On the same day, the SEC announced that the company also agreed to pay $100 million to settle allegations that it mislead investors about the risks it faced related to the misuse of its consumer data. The SEC’s complaint alleges that in 2015, the company was aware of the British consulting and data analytics firm’s misuse of its consumer data but did not correct its disclosures for more than two years. Additionally, the SEC alleges the company failed to have policies and procedures in place during that time that would assess the results of internal investigations for the purposes of making accurate disclosures in public filings. The company neither admitted nor denied the allegations.
Hungarian subsidiary of multinational technology company settles FCPA claims
On July 22, the DOJ announced an $8.7 million settlement with the Hungarian subsidiary of an American multinational technology company to resolve allegations of bid-rigging and bribery in violation of the FCPA. The SEC simultaneously announced a related resolution with the parent technology company over the operations of subsidiaries in four countries, with the parent company paying an additional $16.5 million.
According to the DOJ announcement, between 2013 and 2015, executives and employees of the Hungarian subsidiary falsely represented to the parent company that discounts were necessary to finalize deals with resellers to sell company licenses to government customers; however, the savings were allegedly used for “corrupt purposes” in violation of the FCPA. The subsidiary entered into a non-prosecution agreement with DOJ, which noted that while the subsidiary did not voluntarily self-disclose the misconduct, it received credit for the company’s “substantial cooperation with the Department’s investigation and for taking extensive remedial measures.” Specifically, the subsidiary terminated four licensing partners and the company implemented an enhanced compliance system and internal controls to address corruption risks.