On February 24, 2022, two of three founders of an off-shore cryptocurrency derivatives exchange, the Bitcoin Mercantile Exchange or “BitMEX,” pled guilty to violating the Bank Secrecy Act (BSA) by failing to maintain an anti-money laundering program. Pursuant to their respective plea agreements, defendants Arthur Hayes and Benjamin Delo each agreed to pay a $10 million criminal fine and face up to five years in prison. The defendants’ guilty pleas were entered approximately one month before they were scheduled to stand trial in the United States District Court for the Southern District of New York.
Hayes and Delo – along with two other BitMEX executives – were indicted in October 2020 for evading U.S. anti-money laundering rules. A Department of Justice (DOJ) press release announcing the charges detailed that BitMEX was required to register with the Commodity Futures Trading Commission (CFTC) and to establish an adequate anti-money laundering program because it solicited and serviced U.S. traders. Despite these obligations, BitMEX had only nominal programs in place to combat money laundering which, according to DOJ, were “toothless or easily overridden to serve BitMEX’s bottom line goal of obtaining revenue through the U.S. market without regard to U.S. regulation.”
Continue reading “Cryptocurrency Exchange Founders Plead Guilty to Bank Secrecy Act Violations”
Partners Peter Baldwin and Bob Mancuso published “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks.” This article in the New York Law Journal discusses how regulators have shifted their focus from data breach notifications to overall cybersecurity preparedness.
Continue reading “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks”
On January 8, 2021, Judge Richard Seeborg of the United States District Court for the Northern District of California issued an Order denying a motion to dismiss in S.E.C. v. NAC Foundation, LLC, et al. The U.S. Securities & Exchange Commission (SEC) had previously filed a civil complaint against blockchain development company NAC Foundation, LLC (NAC) and NAC’s CEO, Marcus Rowland, alleging that NAC’s and Rowland’s sale of “stand-in” digital tokens constituted a fraudulent and unregistered sale of digital securities. The Department of Justice (DOJ) brought a parallel criminal proceeding, alleging violations of federal wire fraud and money laundering statutes. DOJ also filed a separate criminal case against former high-profile lobbyist Jack Abramoff in connection with his role in the promotion of NAC’s digital assets.
Continue reading “U.S. District Judge Rejects Argument that Sale of “Stand-In” Tokens Was Not a Sale of Unregistered Securities”
Earlier this year, the U.S. Department of Justice (“DOJ”) released its highly anticipated Cryptocurrency Enforcement Framework (the “Framework”). The Framework was developed as part of the Attorney General’s Cyber-Digital Task Force, and contains three sections: (1) Threat Overview; (2) Law and Regulations; and (3) Ongoing Challenges and Future Strategies.
Continue reading “The U.S. Department of Justice Releases its Cryptocurrency Enforcement Framework”
On December 1, 2020, the U.S. Commodity Futures Trading Commission (“CFTC”) Division of Enforcement released its Annual Report, which details a “record-breaking” fiscal year 2020 (“FY 2020”), despite the challenges presented by the COVID-19 pandemic.
Notably, the CFTC filed a historic 113 enforcement actions—up from 69 filed in FY 2019, 83 filed in FY 2018, and an increase over the previous high of 102 filed in FY 2012. The chart below shows the breakdown of enforcement actions by category, and Appendix B of the Annual Report provides individual case citations.
Continue reading “CFTC Enforcement Division Reports Most Active Year to Date”
Weeks after touting its record-breaking enforcement haul, the Commodity Futures Trading Commission (“CFTC”) Enforcement Division issued a memorandum providing guidance for enforcement staff to use when recommending the recognition of cooperation, self-reporting and remediation during the enforcement process. The historic enforcement performance demonstrated that the CFTC can wield a large stick, but the latest guidance is aimed at recognizing efforts in resolving violations.
Continue reading “After a Year of Record-Breaking Enforcement Fines, the CFTC Provides Guidance on the Recognition of Cooperation”
On September 17, 2020, the SEC announced the imposition of a cease-and-desist order against private equity firm Welsh, Carson, Anderson & Stowe (Welsh Carson), an SEC-registered investment manager, in connection with alleged violations of reporting obligations under Section 13(d) of the Securities Exchange Act of 1934 (Exchange Act). The SEC alleged that Welsh Carson had failed to timely amend a Schedule 13D report – commonly known as a beneficial ownership statement – after its investment position changed from an intent to acquire and restructure a company to an intent to liquidate its entire position in the company. In connection with the entry of the SEC’s cease-and-desist order, Welsh Carson agreed to pay a civil penalty of $100,000.
Continue reading “SEC Settles Enforcement Action against Private Equity Firm for Beneficial Ownership Reporting Violations”
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors and broker dealers.
Credential stuffing is an automated cyber-attack on Internet-based user accounts and firm networks. Attackers obtain usernames and passwords from the dark web and then employ automated scripts utilizing the compromised information to attempt to log in and gain unauthorized access to other customer accounts and firm networks. Credential stuffing has proven to be a more effective way for hackers to gain access to accounts and firm systems than traditional brute force password attacks have been. If the credential stuffing attack is successful, attackers can gain access to and control over customer assets and confidential information.
Continue reading “SEC Issues New Risk Alert on “Credential Stuffing” Attacks”