In Faegre Drinker’s “Enforcement Highlights” inaugural podcast, Jim Lundy moderates a panel with fellow SEC and Regulatory Enforcement partners Mike MacPhail and David Porteous, Capital Markets Team Co-Leader Beth Diffley, and Investment Management Group partner Jillian Bosmann to discuss the pandemic’s impact on the SEC’s Division of Enforcement and the potential impacts of the 2020 election on the SEC and its future.
On October 6, 2020, the Commodity Futures Trading Commission (“CFTC”) issued a release describing its record-breaking enforcement year. The release noted that in fiscal year 2020 (“FY2020”), the CFTC filed more enforcement actions than any other year in the history of the agency. CFTC Chairman Heath P. Tarbert stated “[w]e are tough on those who break the rules, and this historic year only further underscores this point.”
The most recent headlines emphasize the CFTC’s enthusiasm in pursuing spoofing-related actions. Of note, the CFTC ordered a registrant and affiliates associated with one of the largest bank holding companies to pay a record $920 million for spoofing and manipulation that spanned over eight years. This penalty comes as the largest monetary relief in the agency’s history. In September alone, the CFTC announced three other spoofing settlements with fines totaling nearly $1.8 million, and brought charges against a trading firm and two of their traders.
On September 17, 2020, the SEC announced the imposition of a cease-and-desist order against private equity firm Welsh, Carson, Anderson & Stowe (Welsh Carson), an SEC-registered investment manager, in connection with alleged violations of reporting obligations under Section 13(d) of the Securities Exchange Act of 1934 (Exchange Act). The SEC alleged that Welsh Carson had failed to timely amend a Schedule 13D report – commonly known as a beneficial ownership statement – after its investment position changed from an intent to acquire and restructure a company to an intent to liquidate its entire position in the company. In connection with the entry of the SEC’s cease-and-desist order, Welsh Carson agreed to pay a civil penalty of $100,000.
Recently, the U.S. Securities and Exchange Commission (the “SEC”) charged a dually registered firm and its Chief Compliance Officer (“CCO”) with multiple violations of the Investment Advisers Act of 1940 (“Advisers Act”). The charges included allegations against the CCO that she altered documents in an attempt to mislead SEC examination staff and failures to comply with enhanced policies and procedures adopted as a result of a prior examination by FINRA. The SEC charged the firm with willfully violating Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, which require, in part, that registered investment advisors “[a]dopt and implement written policies and procedures reasonably designed to prevent violation” of the Advisers Act and its rules. The CCO was charged with willfully aiding and abetting the firm’s violations. The firm and the CCO were fined $1.7 million and $45,000, respectively, and the CCO was barred from the industry.
On September 10, 2020, the CFTC announced the issuance of new, public, guidance to its enforcement staff on evaluating the adequacy of corporate compliance programs. The new guidance provides enforcement staff a framework with which to assess participants’ compliance programs, and is intended to ensure consistency and transparency in such reviews.
The latest publication continues the Commission’s efforts to increase transparency in the enforcement process. In May, the CFTC formally issued guidance regarding Enforcement’s decisions to recommend the imposition of civil monetary penalties, and last year the Division issued its first public Enforcement Manual. More details on these previous issuances from the CFTC can be found here and here.
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors and broker dealers.
Credential stuffing is an automated cyber-attack on Internet-based user accounts and firm networks. Attackers obtain usernames and passwords from the dark web and then employ automated scripts utilizing the compromised information to attempt to log in and gain unauthorized access to other customer accounts and firm networks. Credential stuffing has proven to be a more effective way for hackers to gain access to accounts and firm systems than traditional brute force password attacks have been. If the credential stuffing attack is successful, attackers can gain access to and control over customer assets and confidential information.
A Spoofing Record Breaker
On August 19, 2020, the Commodity Futures Trading Commission (“CFTC”) issued three orders filing and settling charges against a bank with a provisionally registered swap dealer (the “Firm”) requiring the Firm to pay $127.4 million for spoofing and making false statements, as well as for swap dealer compliance and supervision violations.
While the U.S. Supreme Court’s decision in Liu v. SEC limited the SEC’s disgorgement power, it also left open certain complicated issues that are now subject to interpretation.1 As we previously summarized, in an 8–1 vote, the Court held that disgorgement is a permissible equitable remedy for securities fraud under § 78u(d)(5), provided the amount does not exceed a wrongdoer’s net profits and the money is returned to harmed investors.2