On September 28, 2020, the U.S. Securities and Exchange Commission (the “SEC”) announced two settlements against public companies and individual charges against the former controller and chief accounting officer and the former chief financial officer of one of the companies. In its accompanying public announcement, the SEC advised that “The actions are the first arising from investigations generated by the Division of Enforcement’s EPS Initiative, which utilizes risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.” This initiative exemplifies the harnessing of “Big Data,” i.e., large data sets that may be analyzed computationally to reveal patterns, trends, and associations.
Recently, the U.S. Securities and Exchange Commission (the “SEC”) charged a dually registered firm and its Chief Compliance Officer (“CCO”) with multiple violations of the Investment Advisers Act of 1940 (“Advisers Act”). The charges included allegations against the CCO that she altered documents in an attempt to mislead SEC examination staff and failures to comply with enhanced policies and procedures adopted as a result of a prior examination by FINRA. The SEC charged the firm with willfully violating Section 206(4) of the Advisers Act and Rule 206(4)-7 thereunder, which require, in part, that registered investment advisors “[a]dopt and implement written policies and procedures reasonably designed to prevent violation” of the Advisers Act and its rules. The CCO was charged with willfully aiding and abetting the firm’s violations. The firm and the CCO were fined $1.7 million and $45,000, respectively, and the CCO was barred from the industry.
On September 10, 2020, the CFTC announced the issuance of new, public, guidance to its enforcement staff on evaluating the adequacy of corporate compliance programs. The new guidance provides enforcement staff a framework with which to assess participants’ compliance programs, and is intended to ensure consistency and transparency in such reviews.
The latest publication continues the Commission’s efforts to increase transparency in the enforcement process. In May, the CFTC formally issued guidance regarding Enforcement’s decisions to recommend the imposition of civil monetary penalties, and last year the Division issued its first public Enforcement Manual. More details on these previous issuances from the CFTC can be found here and here.
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors and broker dealers.
Credential stuffing is an automated cyber-attack on Internet-based user accounts and firm networks. Attackers obtain usernames and passwords from the dark web and then employ automated scripts utilizing the compromised information to attempt to log in and gain unauthorized access to other customer accounts and firm networks. Credential stuffing has proven to be a more effective way for hackers to gain access to accounts and firm systems than traditional brute force password attacks have been. If the credential stuffing attack is successful, attackers can gain access to and control over customer assets and confidential information.
A Spoofing Record Breaker
On August 19, 2020, the Commodity Futures Trading Commission (“CFTC”) issued three orders filing and settling charges against a bank with a provisionally registered swap dealer (the “Firm”) requiring the Firm to pay $127.4 million for spoofing and making false statements, as well as for swap dealer compliance and supervision violations.
Stepping away from the more serious task of covering the “Enforcement Highlights” of financial regulators, such as the U.S. Securities and Exchange Commission, and taking into account that we have not been able to go to the movies all summer, here, in no particular order, are five movies that touch on our industry and are definitely worth streaming to watch one more time:
While the U.S. Supreme Court’s decision in Liu v. SEC limited the SEC’s disgorgement power, it also left open certain complicated issues that are now subject to interpretation.1 As we previously summarized, in an 8–1 vote, the Court held that disgorgement is a permissible equitable remedy for securities fraud under § 78u(d)(5), provided the amount does not exceed a wrongdoer’s net profits and the money is returned to harmed investors.2
In a pair of settlements announced on July 28, 2020, the SEC charged VALIC Financial Advisors (the “Firm”) with two separate sets of violations that allowed the Firm to obtain millions of dollars in fees without providing adequate disclosures about their practices and without having adequate compliance policies and procedures to disclose or protect against conflicts of interest presented by these practices. In total, the Firm agreed to pay approximately $40 million to settle both administrative proceedings. The SEC’s cases arise out of its initiatives: