Is SEC “Regulation by Enforcement” for the Digital Asset Industry Next Up?

Cryptocurrencies are one of the fastest growing asset types worldwide. Cryptocurrencies, as an asset class, total over $1.5 trillion in market capitalization. With the rapid growth of this asset type, SEC Chair Gary Gensler shared his views for the SEC in this area. At a recent conference, Chair Gensler continued to broadly characterize most digital assets as “investment contracts,” placing cryptocurrencies within the scope of the SEC’s enforcement powers. During his remarks at the Aspen Security Forum on August 3, Chair Gensler stated, “many of these tokens are offered and sold as securities” because they meet the definition of an “investment contract.” As established by the U.S. Supreme Court under the “Howey Test”, investment contracts are defined as agreements in which a person invests money in a common enterprise, expecting profits based on the efforts of others. Investment vehicles that satisfy the “Howey Test” definition for investment contracts are securities that fall within the jurisdiction of the SEC.

Chair Gensler further stated that the cryptocurrency area currently “lacks the typical investor protection guardrails” and that he has asked Congress for additional authority to “prevent transactions, products and platforms from falling between regulatory cracks.” Chair Gensler’s views appear supported by the SEC’s Division of Enforcement having brought 75 enforcement actions over the last decade. However, others are not convinced that the SEC has clearly defined jurisdiction.

Continue reading “Is SEC “Regulation by Enforcement” for the Digital Asset Industry Next Up?”

Robinhood’s $70 Million FINRA Penalty: Growing Pains, Reliance on Technology and Push to Offer New Products

Robinhood, “an introducing broker-dealer that provides commission-free trading to retail customers through its website and mobile applications,” recently agreed to pay a record-setting amount of $70 million — consisting of a $57 million fine and more than $12.5 million in restitution to 2,832 customers — to resolve a myriad of FINRA rule violations dating back to 2016. While the lengthy Letter of Acceptance, Waiver, and Consent No. 2020066971201 (“AWC”) reads like a final exam in a corporate compliance and securities regulation course, there are two key takeaways that merit particular emphasis. First, an overreliance on technology without sufficient safeguards or personal verification can create substantial liability. Second, making claims about new, nontraditional products being offered directly to customers can be deceptive or misleading and in violation of FINRA Rules 3110 and 2010, if FINRA determines the communications lack sufficient disclosures.

Continue reading “Robinhood’s $70 Million FINRA Penalty: Growing Pains, Reliance on Technology and Push to Offer New Products”

Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks

Partners Peter Baldwin and Bob Mancuso published “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks.” This article in the New York Law Journal discusses how regulators have shifted their focus from data breach notifications to overall cybersecurity preparedness.

Continue reading “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks”

“Independence-Day” Malware and Managing the (Beach) Risks of Jaws

In the spirit of our previous Holiday film blogs, we present for your viewing pleasure (and background research) the following Independence Day films for your (re)viewing pleasure.  Both deserve renewed attention in light of:

  • The SEC’s recent Solar Winds-Cybersecurity-related events, regarding disclosure of material weaknesses or material cyber security risks related to the Solar Winds compromise;
  • The re-opening of offices and recent announcements of certain businesses explaining employees should be back in the office or else.

We offer the following Independence Day Weekend themed film streaming recommendations that relate to each of the above and therefore count as background research.

Continue reading ““Independence-Day” Malware and Managing the (Beach) Risks of Jaws”

SEC Chairman, Gary Gensler, Seeks to “Freshen Up” Restrictions on Executive Stock Trading Plans under Rule 10b5-1

Upcoming Changes to Rule 10b5-1:

The SEC is seeking to propose four key changes to executive stock trading plans under Rule 10b5-1 in October. Its Chairman, Gary Gensler, reported that the SEC is considering “freshen[ing] up Rule 10b5-1 after twenty years” to address insider trading concerns on June 7, 2021. Gensler’s comments come after a year of heightened insider trading reporting and the release of new research conducted by Stanford University and the Wharton School of the University of Pennsylvania finding that 10b5-1 plans have been used by executives to engage in “opportunistic, large-scale” sales of company stock. Gensler remarked the current plans under Rule 10b5-1 have led to a “real crack in our insider trading regime,” which he seeks to address in the upcoming months.

Continue reading “SEC Chairman, Gary Gensler, Seeks to “Freshen Up” Restrictions on Executive Stock Trading Plans under Rule 10b5-1”

SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach

As publicly reported late last week, the Securities and Exchange Commission’s Division of Enforcement (SEC) sent voluntary requests for information to a range of public companies and investment firms seeking voluntary disclosure of information related to last year’s SolarWinds cyberattack. Specifically, the SEC is seeking information related to whether the companies and firms were exposed to the SolarWinds cyberattack and any remedial measures the companies and firms implemented in response.

SolarWinds, an IT, network, and systems software developer, disclosed in a filing with the SEC in December 2020 that a cyberattack had infiltrated its Orion monitoring product, which could allow the attacker to compromise the server on which the Orion product runs. SolarWinds disclosed that it believed that nearly 18,000 Orion customers downloaded the product containing the vulnerability and that it had notified all 33,000 users of the product that a cyberattack had taken place. The SolarWinds cyberattack was unprecedented in its scope and sophistication—including compromising nine U.S. federal agencies—leading the United States and other governments to blame the attack on an outside nation state actor.

Continue reading “SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach”

NYC Bar Association Proposes a CCO Enforcement Framework

Responding to a “concern” from Chief Compliance Officers (CCOs) to the purported increase in enforcement actions holding compliance personnel personally liable, the New York City Bar Association recently released a framework of nonbinding factors it believes the SEC should consider when making CCO charging decisions.  The report, titled “Framework for Chief Compliance Officer Liability in the Financial Sector” (Framework), is available here.  According to the Framework, it claims that the risk of facing a career-ending enforcement action has deterred qualified individuals from assuming or remaining in the all-important CCO role.

Continue reading “NYC Bar Association Proposes a CCO Enforcement Framework”

Robinhood vs. Massachusetts’ Secretary of the Commonwealth: A Battle for the Ages over Massachusetts’ New Strict Fiduciary Duty Rule

Sandra D. Grannum, James G. Lundy and Heaven L. Chandler discuss Robinhood’s alleged violation of Massachusetts’ new fiduciary duty rule for broker-dealers on the Broker-Dealer Regulations and Insights blog. Massachusetts’ Secretary of Commonwealth, William Galvin, filed a regulatory complaint raising three different violations against Robinhood. The complaint attempts to ban the trading app for violating the State’s fiduciary duty rule which requires broker-dealers to act in the best interest of their clients. This new rule, passed in February 2020, was created in response to the Securities and Exchange Commission’s Regulation Best Interest (Reg BI). During this past year, due to COVID-19 and other meme-based investment activities on the application, Robinhood accumulated over 3 million new users in the first four months of 2020. Galvin’s concerns revolve around the 500,000 customers in Massachusetts, with accounts totaling over $1.6 billion.  For more information, please read the post on the Broker-Dealer blog.

We previously posted another discussion on the New York best interest fiduciary rule for insurance that was recently struck down. This has now also been posted to the Broker-Deal Blog.