The Newest SEC OCIE Risk Alert: Cloud Storage Is Great, If Your Cloud Is Secure!

By Paul Ferrillo on Posted in Brokers, Client Alert, Cloud Data Storage, OCIE, Risk Management, SEC, Securities and Exchange Commission

On May 23, 2019, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert on the importance of storing customer and data in a cloud environment in a secure fashion. Titled “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features,” the risk alert addresses proper cloud storage practices, and in particular, what potential problems the registered investment adviser and broker-dealer community should be on guard for to avoid or control. OCIE hinted at some of the problems in its opening paragraph: “Although the majority of these network storage solutions offered encryption, password protection, and other security features designed to prevent unauthorized access, examiners observed that firms did not always use the available security features. Weak or misconfigured security settings on a network storage device could result in unauthorized access to information stored on the device.”

Click here for the full GT Alert.

Florida Creates Blockchain Task Force to Study Benefits of Blockchain Technology

By Carl A. Fornaris, John B. Hutton III and Marina Olman-Pal on Posted in Blockchain, Blockchain Technology Task Force

On May 23, 2019, Florida Gov. Ron DeSantis signed SB 1024 (Florida Blockchain Bill) into law to establish the Florida Blockchain Task Force (Blockchain Task Force) within the Florida Department of Financial Services. The Blockchain Task Force will study if and how Florida’s state, county, and municipal governments can benefit from a transition to blockchain-based systems for recordkeeping, data security, financial transactions, and service delivery, and identify ways blockchain technology can be used to improve government interaction with businesses and the public.

The Florida legislation recognizes that blockchain and distributed ledger technology allow the secure recording of transactions and that blockchain can facilitate more efficient government service delivery, including facilitating safe paperless transactions and recordkeeping protected from cyberattacks and data destruction. With the passing of the Florida Blockchain Bill, Florida has joined a growing list of states – including New York, New Jersey, Illinois and Wyoming — that have formed task forces to study the potential benefits of blockchain.

To read the full GT Alert, click here.

*Special thanks to Alexander M. Capelli˘ for his assistance with this Alert.
˘Not admitted to practice law.

FinCEN Issues Guidance on Application of Regulations to Certain Business Models Involving Convertible Virtual Currencies

By Carl A. Fornaris, Obiamaka P. Madubuko, William Mack, Marina Olman-Pal, Jonathan R. Cyprys and Richard Abeeku Mills-Robertson on Posted in Client Alert, Compliance, convertible virtual currency, cryptocurrency, Financial Crimes Enforcement Network, Financial Regulation, GT Alert, white collar

On May 9, 2019, the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (FinCEN) issued “interpretive guidance” addressing how FinCEN’s money services business (MSB) regulations apply to a variety of business models that use convertible virtual currency (CVC) (2019 FinCEN Guidance). This is the first significant guidance FinCEN has issued regarding the regulatory treatment of virtual currency under the Bank Secrecy Act (BSA) of 1970, as amended, and FinCEN’s implementing regulations thereunder, since its landmark 2013 virtual currency guidance. In that 2013 guidance, FinCEN grouped persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies as “users,” “administrators,” or “exchangers,” and concluded (i) a “user” of virtual currency is not an MSB under FinCEN’s regulations and therefore not subject to MSB registration, reporting, and recordkeeping regulations, but (ii) an “administrator” or “exchanger” is an MSB under FinCEN’s regulations, specifically, a money transmitter, unless a limitation to or exemption from the definition of MSB applies to the person.

Although the virtual currency space has evolved significantly over the last six years, the 30 pages of interpretive guidance essentially affirms the core of the 2013 FinCEN Guidance, incorporates the conclusions of several FinCEN letter rulings and other interpretations released by FinCEN since the 2013 guidance, and analyzes over a dozen business models that use CVCs in their day-to-day activities to assess whether each business model triggers FinCEN MSB regulation.

Concurrent with the issuance of the CVC interpretive guidance, FinCEN published an Advisory on Illicit Activity Involving Convertible Virtual Currency to assist financial institutions in identifying and reporting suspicious activity concerning how criminals and other bad actors exploit convertible CVCs for money laundering, sanctions evasion, and other illicit financing purposes, particularly involving darknet marketplaces, peer-to-peer (P2P) exchangers, foreign-located MSBs, and CVC kiosks/ATMs.

Click here to read the full GT Alert for a comprehensive analysis of the 2019 FinCEN Guidance.

SEC Approves Final Regulation Best Interest, Form CRS

By William Mack and Dale Rose Goldstein on Posted in Brokers, Financial Regulation, GT Alert, Regulatory Compliance, SEC, Securities and Exchange Commission

On June 5, 2019, the Securities and Exchange Commission (SEC) voted 3-1 to adopt a series of proposals intended to “substantially enhance” the standards of conduct for financial professionals.

First and foremost, the SEC adopted Regulation Best Interest (Reg BI), a new rule establishing an updated standard of conduct for broker-dealers and associated persons of broker-dealers when making a recommendation of any securities transaction or investment strategy involving securities to a retail customer. The standard of conduct – which is higher than the current suitability requirement, but falls short of a fiduciary standard – is “to act in the best interest of the retail customer at the time a recommendation is made without placing the financial or other interest of the broker-dealer or natural person who is an associated person making the recommendation ahead of the interest of the retail customer.” Notably, the SEC does not define “best interest,” an omission criticized by SEC member Robert Jackson Jr., the lone dissenter from approval of the rule package because he has supported adoption of a stricter standard.

The commissioners also adopted Form CRS, which are new rules requiring registered investment advisers and registered broker-dealers to provide a brief relationship summary to retail investors.

Click here to read the full GT Alert.

Summer Is Coming – Are You Prepared for the SEC OCIE Cybersecurity Sweep?

By Paul Ferrillo on Posted in Brokers, Client Alert, Cybersecurity, GT Alert, investment advisor, OCIE, Regulatory Compliance, Risk Management, SEC, Securities and Exchange Commission

In March 2019 the SEC’s Office of Compliance, Inspections and Examinations (OCIE) announced it would soon commence its annual “Cybersecurity Sweep” of registered investment advisers and broker-dealers. The reality of daily breaches and hacks combined with the watchful eye of the SEC and other regulatory and enforcement bodies means registrants should recommit to dedicating the necessary resources to protect their customers from cyber threats.

The SEC has provided some ideas as to the areas of emphasis for the Cyber Sweep in its 2019 Examination Priorities document. OCIE will focus on, among other things, “proper configuration of network storage devices, information security governance generally, and policies and procedures related to retail trading information security. Specific to investment advisers, OCIE will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, and continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.”

Click here for the full GT Alert, where we discuss OCIE’s likely points of focus in its upcoming cyber sweep.

OCIE Provides Registered Advisers and Broker-Dealers Guidance on Data Protection Compliance Obligations Under Reg S-P and Safeguards Rule

By Paul Ferrillo on Posted in Client Alert, Compliance, Cybersecurity, GT Alert, OCIE, SEC, Securities and Exchange Commission

On April 16, 2019, the Securities and Exchange Commission’s Office of Compliance, Inspections and Examinations (SEC OCIE) issued a helpful Risk Alert relating to the privacy Regulation S-P (Reg S-P) and “Safeguards Rule” policies and procedures of registered investment advisers and broker dealers. The Risk Alert gives registered investment advisers and broker-dealers fair notice of various points of emphasis the SEC OCIE considers important from an examination perspective and those points that could surface post-breach when the SEC OCIE’s antennae are well-tuned towards finding fault with the registrant’s data protection practices.

After recounting the basics of Reg S-P’s privacy requirements and the requirements of the Safeguards Rule, the SEC OCIE lists what it calls “examples” of the “most common deficiencies or weaknesses identified by OCIE staff in connection with the Safeguards Rule.”

Click here for the full GT Alert.

SEC Proposes Changes to the Financial Statement Requirements Relating to Acquisitions and Dispositions of Businesses

By Jason K. Zachary on Posted in SEC, Securities and Exchange Commission

On May 3, 2019, the Securities and Exchange Commission (SEC) proposed amendments to the financial disclosure requirements in Rule 3-05 (Acquired Company Financial Information), Rule 3-14 (Real Estate Operations), and Article 11 (Pro Forma Financial Information) of Regulation S-X for financial statements of businesses acquired or to be acquired and for business dispositions. The SEC also proposed new Rule 6-11 of Regulation S-X and amendments to Form N-14 for financial reporting of acquisitions involving investment companies, as well as additional changes related to oil and gas producing activities and real estate operations, and conforming changes for smaller reporting companies, which are not discussed in this GT Alert. The proposed changes are a continuation of the SEC’s ongoing, comprehensive evaluation as part of its Disclosure Effectiveness Initiative.

The proposed changes are intended to (1) improve the financial information about acquired and disposed businesses; (2) facilitate more timely access to capital; and (3) reduce the complexity and cost to prepare the disclosure.

Overview of Current Financial Statement Requirements

When an issuer acquires a “business”, other than a real estate operation, Rule 3-05 of Regulation S-X generally requires an issuer to provide separate audited annual and unaudited interim pre-acquisition financial statements of the acquired business if it is significant to the issuer. The financial statements of the acquired business are generally the same as those as if the acquired business were a registrant, except that the number of years of audited financial statements is determined by the level of significance. Recognizing that certain acquisitions have a greater impact on the issuer than others, the SEC addresses the reporting requirements for businesses acquired or to be acquired based on the “significant subsidiary” definition in Rule 1-02(w) of Regulation S-X using a sliding scale approach.

Significance of an acquired business is evaluated under Rule 3-05 based upon three criteria (which in turn are derived from Rule 1-02(w)):

  • the amount of the issuer’s investment in the acquired business compared to the issuer’s total assets (Investment Test);
  • the issuer’s share of the total assets of the acquired business compared to the issuer’s total assets (Asset Test); and
  • the issuer’s share of pre-tax income from continuing operations of the acquired business compared to the issuer’s pre-tax income from continuing operations (Income Test);

in each case, based upon a comparison between the issuer and acquired business’s most recent annual financial statements.

Click here for the full GT Alert, which examines the current significance criteria for acquisitions and summarizes the proposed changes.

Proposed Amendment to Japanese Crypto Asset Laws

By Koichiro Ohashi, Makoto Koinuma, Yukari Sakamoto and Sayaka Uno on Posted in Blockchain, Blockchain Technology Task Force, cryptocurrency, Financial Regulation, Virtual Currency

A bill to amend the Japanese laws regulating cryptocurrency exchange businesses or financial instruments transactions, including the Act on Settlement of Funds (Settlement Act) and the Financial Instruments and Exchange Act (FIEA), was submitted to the Diet on March 15, 2019. The bill proposes to call cryptocurrencies “Crypto Assets” (CA) rather than “Virtual Currencies” (VC) and intends to introduce additional regulations to ensure user protection, regulate derivatives trades on cryptocurrencies, and establish a more transparent regulatory framework on cryptocurrencies.

In response to increasing international demand for robust Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) compliance measures, Japan’s registration regime for virtual currencies exchange businesses (VC Exchange Business) was implemented by amendment of the Settlement Act in April 2017. The regulators examined each applicant’s internal control and compliance systems, including customer intake process and trade monitoring, financial strength, and measures for safe custody of customer assets, including the safe management of trading system, measures against cyberattacks or segregation of customers’ assets, etc., before granting registration as a VC Exchange Business operator (VC Exchanger).

However, in 2018, a couple of Japanese VC Exchangers, Coincheck (during the application review process) and Tech Bureau/Zaif (after formal registration was completed), suffered hacks and lost their users’ and their own cryptocurrencies valued at approximately 58 billion yen ($518 million) and 7 billion yen ($63 million), respectively. Although user number had increased and the business of VC Exchangers had expanded rapidly, internal control and compliance systems were inadequate to conduct the VC Exchange Business with sufficient protection for user interests/assets.

Furthermore, cryptocurrencies became a tool of speculation for individual traders with margin trading of highly leveraged cryptocurrencies. Although new types of transactions with cryptocurrencies, such as margin trading, initial coin offerings, or security token offerings, were developed and growing, they remained unregulated, with rules and regulations applicable to these new transactions unclear.

Given the above challenges, the bill was submitted to enhance user protection and articulate applicable rules and regulations by streamlining the regulatory framework on cryptocurrencies.

Click here for the full GT Alert, which examines the major amendments and newly employed provisions of the Settlement Act and the FIEA.

When Can Futures Commission Merchants and Broker-Dealers Be Deemed Banks?

By Jeffry M. Henderson, Robert B. Christie and Douglas E. Arend on Posted in banking, Banks, Brokers, Client Alert, Financial Services Litigation, GT Alert, investment advisor, Litigation

On March 21, 2019, in Whitaker v. Wedbush Securities, an Illinois appellate court for the first time addressed the liability of a futures commission merchant (FCM) or broker-dealer (BD) under Section 4A-105 of the Uniform Commercial Code (UCC).

By way of background, a customer of an FCM dually registered as a BD ostensibly requested a series of wire transfers from his commodity trading accounts. Unbeknownst to the FCM, in reality a third-party hacker had breached the customer’s computer system and thereafter interposed himself as the customer in connection with the request for the wire transfers. The FCM honored the requests and transferred the money to what the FCM thought was the customer’s account, but was really the fraudster’s bank account. When the customer discovered the fraud, he sued the FCM under Article 4A of the UCC, alleging that (notwithstanding the fact that the FCM was not a bank, savings and loan, or trust company) it was “deemed to be in the business of banking” by virtue of its involvement in connection with the handling of the requested wire transfers. The trial court held the FCM was not engaged in the business of banking and therefore not subject to Article 4A.

The core issue on appeal focused on what constitutes being “engaged in the business of banking” under Article 4A, and whether the FCM was engaged in the business of banking.

What did the appellate court find? Click here to read the full GT Alert.

Illinois Supreme Court Rules Annuities Are Not Securities Under Illinois Securities Act

By Beth A. Black, Steve M. Malina and Michael T. Baier on Posted in annuity, Client Alert, Financial Services Litigation, GT Alert, Insurance, insurance producer, investment advisor, Securities

On March 21, 2019, in Van Dyke v. Jesse White, the Illinois Supreme Court issued a long-awaited opinion relating to Illinois Securities Department authority to regulate annuities under the Illinois Securities Law of 1953 (Act).

By way of background, in 2011, the Illinois Securities Department audited Richard Lee Van Dyke following complaints from the adult children of one of his deceased clients. Van Dyke was registered with the Securities Department as an investment advisor and licensed by the Illinois Department of Insurance as an insurance producer. The auditors reviewed Van Dyke’s insurance files, as opposed to his investment files, and subsequently alleged that he had defrauded 21 clients. Specifically, the Securities Department claimed Van Dyke liquidated the clients’ indexed annuities and replaced them with other annuities, from which Van Dyke purportedly earned $312,278 in commissions while his clients paid $263,822 in surrender charges, penalties, and other fees.

The Securities Department initiated administrative proceedings alleging Van Dyke violated Section 130.853 of its administrative regulations, which prohibits investment advisors from effectuating “any transactions of purchase or sale that are excessive in size or frequency or unsuitable.” The Securities Department also charged Van Dyke with violating four administrative sections that expressly implicate transactions involving “securities,” and one that makes it unlawful, generally, to employ any device, scheme, or artifice to defraud any client while acting as an investment advisor. Van Dyke moved to dismiss, arguing the Securities Department had no jurisdiction over him because the Act expressly excludes annuities from the definition of a security and because he was not acting as an investment advisor at the time of the transactions.

Following an administrative hearing with the Securities Department, the secretary of state issued a final order finding Van Dyke committed fraud by offering unsuitable annuities. The secretary revoked Van Dyke’s investment advisory registration, permanently prohibited him from selling securities in Illinois, and fined him $300,000 plus costs of the investigation. The circuit court affirmed the administrative order, and Van Dyke appealed.

The appellate court agreed but held that Van Dyke was nevertheless acting as an investment advisor and thus subject to the Securities Department’s jurisdiction under Section 12(J). At the same time, the appellate court found the Securities Department did not prove Van Dyke violated Section 12(J) in the sale of replacement annuities or perpetrated a fraud on his clients. Accordingly, it reversed the secretary of state’s final order.

The secretary of state appealed to the Illinois Supreme Court, arguing the sale of indexed annuities falls under the definition of a security under the Act, and that it put forth sufficient evidence Van Dyke committed violations of the Act. Van Dyke sought cross-relief, maintaining section 12(J) of the Act did not apply because he was acting as an insurance producer, not an investment advisor.

Click here for the full GT Alert on the Illinois Supreme Court’s analysis and holding that annuities do not fall under the Securities Department’s jurisdiction.

LexBlog