Summer Is Coming – Are You Prepared for the SEC OCIE Cybersecurity Sweep?

Posted in Brokers, Client Alert, Cybersecurity, GT Alert, investment advisor, OCIE, Regulatory Compliance, Risk Management, SEC, Securities and Exchange Commission

In March 2019 the SEC’s Office of Compliance, Inspections and Examinations (OCIE) announced it would soon commence its annual “Cybersecurity Sweep” of registered investment advisers and broker-dealers. The reality of daily breaches and hacks combined with the watchful eye of the SEC and other regulatory and enforcement bodies means registrants should recommit to dedicating the necessary resources to protect their customers from cyber threats.

The SEC has provided some ideas as to the areas of emphasis for the Cyber Sweep in its 2019 Examination Priorities document. OCIE will focus on, among other things, “proper configuration of network storage devices, information security governance generally, and policies and procedures related to retail trading information security. Specific to investment advisers, OCIE will emphasize cybersecurity practices at investment advisers with multiple branch offices, including those that have recently merged with other investment advisers, and continue to focus on, among other areas, governance and risk assessment, access rights and controls, data loss prevention, vendor management, training, and incident response.”

Click here for the full GT Alert, where we discuss OCIE’s likely points of focus in its upcoming cyber sweep.

OCIE Provides Registered Advisers and Broker-Dealers Guidance on Data Protection Compliance Obligations Under Reg S-P and Safeguards Rule

Posted in Client Alert, Compliance, Cybersecurity, GT Alert, OCIE, SEC, Securities and Exchange Commission

On April 16, 2019, the Securities and Exchange Commission’s Office of Compliance, Inspections and Examinations (SEC OCIE) issued a helpful Risk Alert relating to the privacy Regulation S-P (Reg S-P) and “Safeguards Rule” policies and procedures of registered investment advisers and broker dealers. The Risk Alert gives registered investment advisers and broker-dealers fair notice of various points of emphasis the SEC OCIE considers important from an examination perspective and those points that could surface post-breach when the SEC OCIE’s antennae are well-tuned towards finding fault with the registrant’s data protection practices.

After recounting the basics of Reg S-P’s privacy requirements and the requirements of the Safeguards Rule, the SEC OCIE lists what it calls “examples” of the “most common deficiencies or weaknesses identified by OCIE staff in connection with the Safeguards Rule.”

Click here for the full GT Alert.

SEC Proposes Changes to the Financial Statement Requirements Relating to Acquisitions and Dispositions of Businesses

Posted in SEC, Securities and Exchange Commission

On May 3, 2019, the Securities and Exchange Commission (SEC) proposed amendments to the financial disclosure requirements in Rule 3-05 (Acquired Company Financial Information), Rule 3-14 (Real Estate Operations), and Article 11 (Pro Forma Financial Information) of Regulation S-X for financial statements of businesses acquired or to be acquired and for business dispositions. The SEC also proposed new Rule 6-11 of Regulation S-X and amendments to Form N-14 for financial reporting of acquisitions involving investment companies, as well as additional changes related to oil and gas producing activities and real estate operations, and conforming changes for smaller reporting companies, which are not discussed in this GT Alert. The proposed changes are a continuation of the SEC’s ongoing, comprehensive evaluation as part of its Disclosure Effectiveness Initiative.

The proposed changes are intended to (1) improve the financial information about acquired and disposed businesses; (2) facilitate more timely access to capital; and (3) reduce the complexity and cost to prepare the disclosure.

Overview of Current Financial Statement Requirements

When an issuer acquires a “business”, other than a real estate operation, Rule 3-05 of Regulation S-X generally requires an issuer to provide separate audited annual and unaudited interim pre-acquisition financial statements of the acquired business if it is significant to the issuer. The financial statements of the acquired business are generally the same as those as if the acquired business were a registrant, except that the number of years of audited financial statements is determined by the level of significance. Recognizing that certain acquisitions have a greater impact on the issuer than others, the SEC addresses the reporting requirements for businesses acquired or to be acquired based on the “significant subsidiary” definition in Rule 1-02(w) of Regulation S-X using a sliding scale approach.

Significance of an acquired business is evaluated under Rule 3-05 based upon three criteria (which in turn are derived from Rule 1-02(w)):

  • the amount of the issuer’s investment in the acquired business compared to the issuer’s total assets (Investment Test);
  • the issuer’s share of the total assets of the acquired business compared to the issuer’s total assets (Asset Test); and
  • the issuer’s share of pre-tax income from continuing operations of the acquired business compared to the issuer’s pre-tax income from continuing operations (Income Test);

in each case, based upon a comparison between the issuer and acquired business’s most recent annual financial statements.

Click here for the full GT Alert, which examines the current significance criteria for acquisitions and summarizes the proposed changes.

Proposed Amendment to Japanese Crypto Asset Laws

Posted in Blockchain, Blockchain Technology Task Force, cryptocurrency, Financial Regulation, Virtual Currency

A bill to amend the Japanese laws regulating cryptocurrency exchange businesses or financial instruments transactions, including the Act on Settlement of Funds (Settlement Act) and the Financial Instruments and Exchange Act (FIEA), was submitted to the Diet on March 15, 2019. The bill proposes to call cryptocurrencies “Crypto Assets” (CA) rather than “Virtual Currencies” (VC) and intends to introduce additional regulations to ensure user protection, regulate derivatives trades on cryptocurrencies, and establish a more transparent regulatory framework on cryptocurrencies.

In response to increasing international demand for robust Anti-Money Laundering and Combating Financing of Terrorism (AML/CFT) compliance measures, Japan’s registration regime for virtual currencies exchange businesses (VC Exchange Business) was implemented by amendment of the Settlement Act in April 2017. The regulators examined each applicant’s internal control and compliance systems, including customer intake process and trade monitoring, financial strength, and measures for safe custody of customer assets, including the safe management of trading system, measures against cyberattacks or segregation of customers’ assets, etc., before granting registration as a VC Exchange Business operator (VC Exchanger).

However, in 2018, a couple of Japanese VC Exchangers, Coincheck (during the application review process) and Tech Bureau/Zaif (after formal registration was completed), suffered hacks and lost their users’ and their own cryptocurrencies valued at approximately 58 billion yen ($518 million) and 7 billion yen ($63 million), respectively. Although user number had increased and the business of VC Exchangers had expanded rapidly, internal control and compliance systems were inadequate to conduct the VC Exchange Business with sufficient protection for user interests/assets.

Furthermore, cryptocurrencies became a tool of speculation for individual traders with margin trading of highly leveraged cryptocurrencies. Although new types of transactions with cryptocurrencies, such as margin trading, initial coin offerings, or security token offerings, were developed and growing, they remained unregulated, with rules and regulations applicable to these new transactions unclear.

Given the above challenges, the bill was submitted to enhance user protection and articulate applicable rules and regulations by streamlining the regulatory framework on cryptocurrencies.

Click here for the full GT Alert, which examines the major amendments and newly employed provisions of the Settlement Act and the FIEA.

When Can Futures Commission Merchants and Broker-Dealers Be Deemed Banks?

Posted in banking, Banks, Brokers, Client Alert, Financial Services Litigation, GT Alert, investment advisor, Litigation

On March 21, 2019, in Whitaker v. Wedbush Securities, an Illinois appellate court for the first time addressed the liability of a futures commission merchant (FCM) or broker-dealer (BD) under Section 4A-105 of the Uniform Commercial Code (UCC).

By way of background, a customer of an FCM dually registered as a BD ostensibly requested a series of wire transfers from his commodity trading accounts. Unbeknownst to the FCM, in reality a third-party hacker had breached the customer’s computer system and thereafter interposed himself as the customer in connection with the request for the wire transfers. The FCM honored the requests and transferred the money to what the FCM thought was the customer’s account, but was really the fraudster’s bank account. When the customer discovered the fraud, he sued the FCM under Article 4A of the UCC, alleging that (notwithstanding the fact that the FCM was not a bank, savings and loan, or trust company) it was “deemed to be in the business of banking” by virtue of its involvement in connection with the handling of the requested wire transfers. The trial court held the FCM was not engaged in the business of banking and therefore not subject to Article 4A.

The core issue on appeal focused on what constitutes being “engaged in the business of banking” under Article 4A, and whether the FCM was engaged in the business of banking.

What did the appellate court find? Click here to read the full GT Alert.

Illinois Supreme Court Rules Annuities Are Not Securities Under Illinois Securities Act

Posted in annuity, Client Alert, Financial Services Litigation, GT Alert, Insurance, insurance producer, investment advisor, Securities

On March 21, 2019, in Van Dyke v. Jesse White, the Illinois Supreme Court issued a long-awaited opinion relating to Illinois Securities Department authority to regulate annuities under the Illinois Securities Law of 1953 (Act).

By way of background, in 2011, the Illinois Securities Department audited Richard Lee Van Dyke following complaints from the adult children of one of his deceased clients. Van Dyke was registered with the Securities Department as an investment advisor and licensed by the Illinois Department of Insurance as an insurance producer. The auditors reviewed Van Dyke’s insurance files, as opposed to his investment files, and subsequently alleged that he had defrauded 21 clients. Specifically, the Securities Department claimed Van Dyke liquidated the clients’ indexed annuities and replaced them with other annuities, from which Van Dyke purportedly earned $312,278 in commissions while his clients paid $263,822 in surrender charges, penalties, and other fees.

The Securities Department initiated administrative proceedings alleging Van Dyke violated Section 130.853 of its administrative regulations, which prohibits investment advisors from effectuating “any transactions of purchase or sale that are excessive in size or frequency or unsuitable.” The Securities Department also charged Van Dyke with violating four administrative sections that expressly implicate transactions involving “securities,” and one that makes it unlawful, generally, to employ any device, scheme, or artifice to defraud any client while acting as an investment advisor. Van Dyke moved to dismiss, arguing the Securities Department had no jurisdiction over him because the Act expressly excludes annuities from the definition of a security and because he was not acting as an investment advisor at the time of the transactions.

Following an administrative hearing with the Securities Department, the secretary of state issued a final order finding Van Dyke committed fraud by offering unsuitable annuities. The secretary revoked Van Dyke’s investment advisory registration, permanently prohibited him from selling securities in Illinois, and fined him $300,000 plus costs of the investigation. The circuit court affirmed the administrative order, and Van Dyke appealed.

The appellate court agreed but held that Van Dyke was nevertheless acting as an investment advisor and thus subject to the Securities Department’s jurisdiction under Section 12(J). At the same time, the appellate court found the Securities Department did not prove Van Dyke violated Section 12(J) in the sale of replacement annuities or perpetrated a fraud on his clients. Accordingly, it reversed the secretary of state’s final order.

The secretary of state appealed to the Illinois Supreme Court, arguing the sale of indexed annuities falls under the definition of a security under the Act, and that it put forth sufficient evidence Van Dyke committed violations of the Act. Van Dyke sought cross-relief, maintaining section 12(J) of the Act did not apply because he was acting as an insurance producer, not an investment advisor.

Click here for the full GT Alert on the Illinois Supreme Court’s analysis and holding that annuities do not fall under the Securities Department’s jurisdiction.

SEC Guidance on Exhibit Redactions For Immaterial, Competitively Harmful Information

Posted in Client Alert, Compliance, Corporate Governance, SEC, Securities and Exchange Commission

On April 1, 2019, the SEC provided additional guidance relating to its new rules that permit companies to file redacted material contracts without applying for confidential treatment of the redacted information provided the redacted information (i) is not material and (ii) would be competitively harmful if publicly disclosed. The new rules became effective upon their publication in the Federal Register on April 2, 2019.

Primarily located in Regulation S-K Item 601(b), the new rules require companies to identify where information has been omitted from a filed exhibit. Specifically, companies must:

  • mark the exhibit index to indicate that portions of the exhibit or exhibits have been omitted;
  • include a prominent statement on the first page of the redacted exhibit that certain identified information has been excluded from the exhibit because it is both (i) not material and (ii) would be competitively harmful if publicly disclosed; and
  • indicate with brackets where the information has been omitted from the filed version of the exhibit.

To facilitate consistency across the SEC’s exhibit requirements, the new rules also apply to certain exhibitrelated requirements in specified disclosure forms for which Item 601(b)(10) does not apply, including Form 8-K, Form 20-F (to maintain a consistent approach for domestic and foreign companies) and forms used by investment companies such as Form N-1A and Form N-2.

Click here to read the full GT Alert on the SEC guidance covering compliance reviews, the redacted exhibit review process, Securities Act registration statements, Exchange Act filings, confidentiality of supplemental materials, and transition issues and questions.

UK Review of the Bribery Act 2010 – Committee Concludes New Guidance Needed

Posted in anti-bribery, Client Alert, Government, GT Alert, United Kingdom, white collar

In 2018 the House of Lords announced it would set up an ad hoc Select Committee to conduct a post-legislative review of the Bribery Act 2010. Greenberg Traurig Shareholder Anne-Marie Ottaway was appointed Specialist Advisor to the Committee, which on 14 March 2019 published the report of its findings. The review confirms that the Bribery Act 2010 is “an exemplary piece of legislation” which sets the global benchmark for anti-bribery and anti-corruption legislation.

The Bribery Act was passed, with much fanfare, in 2010 and came into force on 1 July 2011. The Act simplified previous anti-corruption legislation dating back to 1889 and 1906 and introduced for the first time a specific corporate offence of failure to prevent bribery.

Under the Act, the Ministry of Justice (MOJ) was required to publish guidance for businesses on the adequate procedures they would need to implement to have a defence to the failure to prevent offence. The Act applies to UK companies and foreign companies conducting business or part of a business in the UK. It pertains to conduct in both domestic and foreign jurisdictions and applies to bribery in both the public and private sectors.

Following the Act’s introduction, there was much concern about the impact it would have on the ability of UK businesses to conduct business abroad; this concern was a key focus of the Committee’s review, which covered the following:

  • Length of investigations
  • Police resources and training
  • Lack of cooperation and coordination
  • Revisions to the MOJ Guidance
  • Facilitation payments
  • The importance of a risk assessment
  • Corporate criminal liability
  • The adequate v reasonable debate
  • Deferred Prosecution Agreements (DPAs)
  • DPAs not a substitute for prosecuting culpable individuals
  • Scotland

Click here for the full GT Alert on the Select Committee’s findings.

CFTC and NFA Commodities Regulatory Update

Posted in CFTC, Client Alert, Commodities, Financial Regulation, GT Alert, Regulatory Compliance

Departing from its historical practice but following the approach taken by the SEC and FINRA, the Commodity Futures Trading Commission (CFTC) on Feb. 12, 2019, announced its first release of examination priorities for each of its regulatory divisions. In making the announcement, CFTC Chairman J. Christopher Giancarlo indicated the release is part of CFTC’s “initiative to improve the relationship between the Agency and the entities it regulates, while promoting a culture of compliance at our registrants.”

The Release is divided into three main areas:

  1. Division of Market Oversight (DMO)
  2. Division of Swap Dealer & Intermediary Oversight (DSIO)
  3. Division of Clearing and Risk (DCR)

In another regulatory first, the National Futures Association (NFA) issued a notice to members requiring adoption and implementation of certain internal controls by registered commodity pool operators (CPOs).

Click here to read the full GT Alert.

Blockchain & Cryptocurrency Newsletter – Winter 2019

Posted in Blockchain, Blockchain Technology Task Force, Cybersecurity, Tax

2018 was a year of transformation for the blockchain industry. While the market continued to see technological advancements in smart contracts, platform functionality, scalability and security, regulators took a firmer rein in pursuing those seeking to exploit the uninitiated or those engaged in outright fraud. In this issue of Greenberg Traurig’s Blockchain & Cryptocurrency Newsletter, we discuss some of the key enforcement actions and proceedings during 2018 that have shaped the regulatory environment in the United States and the continuing uncertainty over the classification of digital assets as securities.

In this issue:

1. Disrupting the Disruptors: 2018 – The Year in Review

2. Noteworthy Federal Securities Cases During 2018

  • Securities and Exchange Commission v. Blockvest, LLC et al.: SEC’s Request for Preliminary Injunction Denied
  • In the Matter of TokenLot, LLC et al.: SEC Order Against Unregistered Broker-Dealer
  • In the Matter of Crypto Asset Management, LP: SEC Order Against Unregistered Hedge Fund
  • In re Tomahawk Exploration: SEC Deems Token Airdrop as Sale of Securities

3. 2018 State Regulatory Overview

  • NASAA’s Operation Cryptosweep
  • Initial Coin Offering (ICO) Enforcement Actions by States

4. Traps for the Unwary: Federal Income Tax

5. FinCEN Update

Click here to read the full GT Newsletter.

LexBlog