2024 Regulatory Update for Investment Advisers

In 2023, the Securities and Exchange Commission issued various proposed rules on regulatory changes that will affect SEC-registered investment advisers (RIAs). Since these rules are likely to be put into effect, RIAs should consider taking preliminary steps to start integrating the new requirements into their compliance policies and procedures.

1. Updates to the Custody Rule

The purpose of the custody rule, rule 206(4)-2 of the Investment Advisers Act of 1940 (Advisers Act), is to protect client funds and securities from potential loss and misappropriation by custodians. The SEC’s recommended updates to the custody rule would:

  • Expand the scope of the rule to not only include client funds and securities but all of a client’s assets over which an RIA has custody
  • Expand the definition of custody to include discretionary authority
  • Require RIAs to enter into written agreements with qualified custodians, including certain reasonable assurances regarding protections of client assets

2. Internet Adviser Exemption

The SEC also proposed to modernize rule 203A-2(e) of the Advisers Act, whose purpose is to permit internet investment advisers to register with the SEC even if such advisers do not meet the other statutory requirements for SEC registration. Under the proposed rule:

  • Advisers relying on this exemption would at all times be required to have an operational interactive website through which the adviser provides investment advisory services
  • The de minimis exception would be eliminated, hence requiring advisers relying on rule 203A-2(e) to provide advice to all of their clients exclusively through an operational interactive website

3. Conflicts of Interest Related to Predictive Data Analytics and Similar Technologies

The SEC proposes new rules under the Adviser’s Act to regulate RIAs’ use of technologies that optimize for, predict, guide, forecast or direct investment-related behaviors or outcomes. Specifically, the new rules aim to minimize the risk that RIAs could prioritize their own interest over the interests of their clients when designing or using such technology. The new rules would require RIAs:

  • To evaluate their use of such technologies and identify and eliminate, or neutralize the effect of, any potential conflicts of interest
  • To adopt written policies and procedures to prevent violations of the rule and maintain books and records relating to their compliance with the new rules

4. Cybersecurity Risk Management and Outsourcing to Third Parties

The SEC has yet to issue a final rule on the 2022 proposed new rule 206(4)-9 to the Adviser’s Act which would require RIAs to adequately address cybersecurity risks and incidents. Similarly, the SEC still has to issue the final language for new rule 206(4)-11 that would establish oversight obligations for RIAs that outsource certain functions to third parties. A summary of the proposed rules can be found here: 2023 Regulatory Update for Investment Advisers: Miller Canfield

Regulatory Update and Recent SEC Actions

REGULATORY UPDATES

Recent SEC Leadership Changes

On January 10, 2023, the Securities and Exchange Commission (the “SEC”) announced the appointment of Cristina Martin Firvida as director of the Office of the Investor Advocate, effective January 17, 2023. Ms. Martin Firvida was most recently the vice president of financial security and livable communities for government affairs at the American Association of Retired Persons (“AARP”). As the investor advocate, Ms. Martin Firvida will lead the office that assists retail investors in interactions with the SEC and with self-regulatory organizations (“SROs”), analyzing the impact on investors of proposed rules and regulations, identifying problems that investors have with financial service providers and investment products, and proposing legislative or regulatory changes to promote the interests of investors.

On January 11, 2023, the SEC announced that Paul Munter has been appointed as chief accountant. He has served as acting chief accountant since January 2021. In addition to continuing to lead the Office of the Chief Accountant (“OCA”), he will also assist the SEC in its oversight of the Financial Accounting Standards Board (“FASB”) and the Public Company Accounting Oversight Board (“PCAOB”). Mr. Munter joined the SEC in 2019 as deputy chief accountant in charge of OCA’s international work. Before joining the agency, Mr. Munter was a senior instructor of accounting at the University of Colorado Boulder. He had previously retired from KPMG, where he served as the lead technical partner for the U.S. firm’s international accounting and International Financial Reporting Standards (“IFRS”) activities and served on the firm’s panel responsible for establishing firm positions on the application of IFRS.

On January 13, 2023, the SEC announced that Renee Jones, director of the Division of Corporation Finance, departed the agency and was replaced by Erik Gerding, effective February 2, 2023. Mr. Gerding previously served as the Division’s deputy director. Mr. Gerding joined the SEC in October 2021 and led the Legal and Regulatory Policy in the Division of Corporation Finance. He has taught as professor of law and a Wolf-Nichol Fellow at the University of Colorado Law School, where he has focused in the areas of securities law, corporate law, and financial regulation. Mr. Gerding previously taught at the University of New Mexico School of Law. He also practiced in the New York and Washington, D.C., offices of Cleary Gottlieb Steen & Hamilton LLP, representing clients in the financial services and technology industries in an array of financial transactions and regulatory matters.

Boards File Comment Letters Asking SEC to Withdraw Swing Pricing Rule Proposal

Over thirty (30) fund boards have submitted comment letters to the SEC with respect to the controversial swing pricing rule proposal. Industry participants have noted that this level of direct board participation in the comment process for a rule proposal of this type is unprecedented in recent SEC history. Many of the letters call for a withdrawal of the rule proposal, with some arguing that millions of American investors will not get the best price for their trades. Many letters also stated that requiring swing pricing would burden fund complexes and harm mutual fund investors without solving the liquidity problems that the SEC aimed to resolve. A vast majority of the comment letters indicated that swing pricing is not needed and that current tools for managing liquidity worked well, even during the volatile 2020 markets.

The comment letters also noted that investors who hold fund shares through intermediaries may have to place their orders earlier as a result of the proposed hard close requirement, which would put them at a disadvantage over the investors who buy shares directly from a fund. Several commenters also expressed concern that the hard close could cause intermediaries to drop mutual funds from their offerings in favor of less-regulated investment vehicles, such as collective investment trusts (“CITs”). Some letters pointed out that one of the justifications the SEC raises for the new rule is the market volatility during the early part of the COVID-19 pandemic and its impact on fund liquidity risk management, yet the SEC then goes on to say that it did not have specific data about fund dilution during that period. Letters also alleged that the SEC did not provide an accurate cost benefit analysis, and noted that the SEC states in the rule proposal that it “cannot predict the number of investors that would choose to keep their investments in the mutual fund sector nor the number of investors that would exit mutual funds and instead invest in other fund structures such as ETFs, close-end funds, or CITs.”

SEC Proposes Rule to Prohibit Conflicts of Interest in Certain Securitizations

The SEC issued a proposed rule (the “proposed rule”) to prohibit material conflicts of interest in the sale of asset-backed securities (“ABS”). The proposed rule, Rule 192 under the Securities Act of 1933 (the “Securities Act”), was issued on January 25, 2023, to implement Section 27B of the Securities Act, a provision added by the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”). Specifically, the proposed rule would prohibit securitization participants from engaging in certain transactions that could incentivize a securitization participant to structure an ABS in a way that would put the securitization participant’s interests ahead of those of ABS investors. The SEC originally proposed a rule to implement Section 27B in September 2011. If adopted, the proposed rule would prohibit an underwriter, placement agent, initial purchaser, or sponsor of an ABS, including affiliates or subsidiaries of those entities, from engaging, directly or indirectly, in any transaction that would involve or result in any material conflict of interest between the securitization participant and an investor in such ABS. Under the proposed rule, such transactions would be considered “conflicted transactions” and include, for example, a short sale of the ABS or the purchase of a credit default swap or other credit derivative that entitles the securitization participant to receive payments upon the occurrence of specified credit events in respect of the ABS.

The prohibition on conflicted transactions would commence on the date on which a person has reached, or has taken substantial steps to reach, an agreement that such person will become a securitization participant with respect to an ABS, and it would end one year after the date of the first closing of the sale of the relevant ABS. The proposed rule would provide certain exceptions for risk-mitigating hedging activities, bona fide market-making activities, and certain commitments by a securitization participant to provide liquidity for the relevant ABS. The public comment period will remain open for 60 days following publication of the proposing release on the SEC’s website or 30 days following publication of the proposing release in the Federal Register, whichever period is longer.

Division of Examinations Publishes Risk Alert on Regulation Best Interest

On January 30, 2023, the Division of Examinations published a Risk Alert (the “Risk Alert”) to highlight observations from examinations related to Regulation Best Interest, which had a June 30, 2020, compliance date and to assist broker-dealers in reviewing and enhancing their compliance programs related to Regulation Best Interest. The Risk Alert discusses deficiencies noted during examinations conducted, as well as examples of weak practices that could result in deficiencies. Regulation Best Interest established a new, enhanced standard of conduct under the Securities Exchange Act of 1934 (the “Exchange Act”) for broker-dealers (“broker-dealers” or “firms”) and associated persons that are natural persons (“financial professionals”) of a broker-dealer when making recommendations of securities transactions or investment strategies involving securities (including account recommendations) to retail customers. Regulation Best Interest requires compliance with four component obligations: (1) providing certain prescribed disclosure, before or at the time of the recommendation, about the recommendation and the relationship between the retail customer and the broker-dealer (“Disclosure Obligation”); (2) exercising reasonable diligence, care, and skill in making the recommendation to, among other things, understand the potential risks, rewards, and costs associated with a recommendation, and having a reasonable basis to believe that the recommendation is in the best interest of a retail customer (“Care Obligation”); (3) establishing, maintaining, and enforcing written policies and procedures reasonably designed to identify and address conflicts of interest; and (4) establishing, maintaining, and enforcing written policies and procedures reasonably designed to achieve compliance with Regulation Best Interest. The Risk Alert set out specific examples of practices, policies, and procedures that were deficient in complying with requirements under the Regulation, including:

  • Policies and Procedures Relating to the Disclosure Obligation. Some broker-dealers did not have written policies and procedures reasonably designed to achieve compliance with the Disclosure Obligation. The SEC noted that examples of policies and procedures that may contain deficiencies or weaknesses include policies and procedures that did not specify when or how disclosures should be created or updated.
  • Policies and Procedures Relating to the Care Obligation. Examples of policies and procedures that may contain deficiencies or weaknesses include policies and procedures that directed financial professionals to consider reasonably available alternatives without providing any guidance as to how to do so; directed financial professionals to consider costs without providing any guidance as to how to do so; or created systems that allowed financial professionals to evaluate costs or reasonably available alternatives but did not mandate their use or, in some instances, could not determine whether or not financial professionals used the systems.
  • Conflict of Interest. The SEC observed a number of deficiencies related to the requirement that broker-dealers have written policies and procedures reasonably designed to address conflicts of interest associated with their recommendations to retail customers. For example: some broker-dealers did not have written policies and procedures reasonably designed to specify how conflicts are to be identified or addressed; some broker-dealers limited the identified conflicts to conflicts associated with prohibited activities (e.g., churning) or used high-level, generic language that did not identify the actual conflict (e.g., “we have conflicts related to compensation differences”) and did not reflect all conflicts of interest associated with the recommendations made by the firm or its financial professionals; and some broker-dealers inappropriately relied on disclosure to “mitigate” conflicts that appeared to create an incentive for the financial professional to place its interest ahead of the interest of the retail customer, and did not establish any mitigation measures.

SEC Releases Staff Guidance on Differential Advisory Fee Waivers

The staff of the Division of Investment Management (“Staff”) issued guidance (“Guidance”) on February 2, 2023, to mutual funds, their boards of directors/trustees (“Boards”), and their legal counsel about the implications under the Investment Company Act of 1940, as amended (the “Investment Company Act”), regarding fee waiver and expense reimbursement arrangements that result in different advisory fees being charged to different share classes of the same fund. The Guidance noted that Rule 18f-3 permits fee waivers and expense reimbursements provided that such arrangements do not result in cross-subsidization of fees among classes. The Staff stated that whether a differential advisory fee waiver presents a prohibited means of cross-subsidization between classes is a facts-and-circumstances determination that a mutual fund’s board, in consultation with the investment adviser and legal counsel, should consider making and documenting after considering all relevant factors.

For example, a fund’s Board may be able to conclude that a long-term waiver of an advisory fee for one class of shares, but not other classes of shares, does not provide a means for cross subsidization in contravention of Rule 18f-3 if the Board finds that (1) shareholders in the waived class pay fees to the adviser at the investing fund level in a funds-of-funds structure for advisory services, and (2) that such fees, when added to the advisory fees that are paid by the waived class, after giving effect to the waiver, are at least equal to the amount of advisory fees paid by the other classes, such that the waiver for the waived class is demonstrably not being subsidized by other classes. For a fund that already has such differential advisory fee waivers in place, the Staff said the fund’s board may wish to consider, specifically within the context of Rule 18f-3, whether: (i) such waivers present a means for cross-subsidization, (ii) the steps they are taking to monitor such waivers to guard against cross-subsidization are (and continue to be) effective, and/or (iii) alternative fee arrangements may be appropriate. Relatedly, the Staff suggested that a fund should consider the extent to which the Board’s consideration of these issues under Rule 18f-3 should be disclosed to its shareholders.

SEC Division of Examinations Announces 2023 Priorities

On February 7, 2023, the SEC’s Division of Examinations (the “Division”) announced its 2023 examination priorities. The Division publishes its examination priorities annually to provide insights into its risk-based approach, including the areas it believes present potential risks to investors and the integrity of the U.S. capital markets. The following are a selection of the Division’s 2023 priorities:

  • New Investment Adviser and Investment Company Rules:The Division will focus on the new Marketing Rule (Rule 206(4)-1 under the Investment Advisers Act of 1940, as amended (the “Advisers Act)) and whether registered investment advisers (“RIAs”) have adopted and implemented written policies and procedures that are reasonably designed to prevent violations by the advisers and their supervised persons of the new Marketing Rule and whether RIAs have complied with the substantive requirements.

    The Division will also focus on new rules applicable to investment companies (“funds”), including the Derivatives Rule (Rule 18f-4 under the Investment Company Act) and the Fair Valuation Rule (Investment Company Act Rule 2a-5). If a fund relies on the Derivatives Rule, the Division will, among other things: (1) assess whether registered investment companies, including mutual funds (other than money market funds), exchange-traded funds (“ETFs”) and closed-end funds, as well as business development companies (“BDCs”), have adopted and implemented policies and procedures reasonably designed to manage the funds’ derivatives risks and to prevent violations of the Derivatives Rule pursuant to Investment Company Act Rule 38a-1; and (2) review for compliance with Rule 18f-4, including the adoption and implementation of a derivatives risk management program, board oversight, and whether disclosures concerning the fund’s use of derivatives are incomplete, inaccurate, or potentially misleading.

    Under the new Fair Valuation Rule, the Division will, among other things: (1) assess funds’ and fund boards’ compliance with the new requirements for determining fair value, implementing board oversight duties, setting recordkeeping and reporting requirements, and permitting the funds’ board to designate valuation designees to perform fair value determinations; and (2) review whether adjustments have been made to valuation methodologies, compliance policies and procedures, governance practices, service provider oversight, and/or reporting and recordkeeping.

  • RIAs to Private Funds – Examinations will include a review of issues under the Advisers Act, including an adviser’s fiduciary duty, and will assess risks, focusing on compliance programs, fees and expenses, custody, the new Marketing Rule, conflicts of interest, and the use of alternative data. The Division will also review private fund advisers’ portfolio strategies, risk management, and investment recommendations and allocations, focusing on conflicts and disclosures around these areas. In addition, the Division will focus on RIAs to private funds with specific risk characteristics, including highly leveraged private funds and private funds managed side-by-side with BDCs.
  • Retail Investors and Working Families – Examinations will focus on how registrants are satisfying their obligations under Regulation Best Interest and the Advisers Act fiduciary standard to act in the best interests of retail investors and not to place their own interests ahead of the interests of retail investors.
  • Registered Investment Companies  ̶  The Division will review compliance programs and governance practices, disclosures to investors, and accuracy of reporting to the SEC of the registered investment companies, including ETFs and mutual funds. The Division will also focus on funds with specific characteristics, such as: (1) turnkey funds, to review their operations and assess effectiveness of their compliance programs; (2) mutual funds that converted to ETFs, to assess governance and disclosures associated with the conversion to an ETF; (3) non-transparent ETFs, to assess compliance with the conditions and other material terms of their exemptive relief; (4) loan-focused funds, such as leveraged loan funds and funds focused on collateralized loan obligations, for liquidity concerns and to review whether the funds have been significantly impacted by, and have adapted to, elevated interest rates; and (5) medium and small fund complexes that have experienced excessive staff attrition, to focus on whether such attrition has affected the funds’ controls and operations. The Division will also monitor the proliferation of volatility-linked and single-stock ETFs, and may review such funds’ disclosures, marketing, conflicts, and compliance with portfolio management disclosures, among other things. In addition, the Division will focus on adviser compensation, practices and processes for assessing and approving advisory and other fund fees, the effectiveness of derivatives risk management and liquidity risk management programs.
  • Environmental, Social, and Governance (“ESG”) – The Division will focus on ESG-related advisory services and fund offerings, including whether funds are operating in the manner set forth in their disclosures, whether ESG products are appropriately labeled, and whether recommendations of such products for retail investors are made in the investors’ best interests.
  • Information Security and Operational Resiliency – The Division will review broker-dealers’, RIAs’, and other registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets. Reviews of broker-dealers and RIAs will include a focus on the cybersecurity issues associated with the use of third-party vendors, including registrant visibility into the security and integrity of third-party products and services and whether there has been an unauthorized use of third-party providers.
  • Emerging Technologies and Crypto-Assets – The Division will conduct examinations of broker-dealers and RIAs that are using emerging financial technologies or employing new practices, including technological and on-line solutions to meet the demands of compliance and marketing and to service investor accounts. Examinations of registrants will focus on the offer, sale or recommendation of, or advice regarding trading in, crypto or crypto-related assets and include whether the firm (1) met and followed its standard of care when making recommendations, referrals, or providing investment advice; and (2) routinely reviewed, updated, and enhanced its compliance, disclosure, and risk management practices.

As in recent past years, the Division noted that it prioritizes RIAs and investment companies that have never been examined, including recently registered firms or investment companies, and those that have not been examined for a number of years.

“Our priorities reflect the changing landscape and associated risks in the securities market and are the product of a risk-based approach to examination selection that balances our resources across a diverse registrant base. We will emphasize compliance with new SEC rules applicable to investment advisers and investment companies as well as continue our focus on emerging issues and rules aimed at protecting retail investors,” said Division of Examinations’ Director Richard R. Best. “Our examination program continues moving forward and remains committed to furthering investor protection through high-quality examinations and staying abreast of the latest industry trends and emerging risks to investors and the markets.”

SEC Reopens Comment Period for Proposed Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds

The SEC reopened the comment period on proposed rules and amendments related to cybersecurity risk management and cybersecurity-related disclosure for registered investment advisers, registered investment companies, and BDCs that were proposed by the SEC on February 9, 2022. The initial comment period ended on April 11, 2022. Per the SEC’s March 15, 2023, announcement, the reopened comment period will allow interested persons additional time to analyze the issues and prepare comments in light of other regulatory developments, including whether there would be any effects of other SEC proposals related to cybersecurity risk management and disclosure that the SEC should consider. The comment period will remain open until 60 days after the date of publication of the reopening release in the Federal Register.

SEC Finalizes Rules to Reduce Broker-Dealer Settlement Cycle from (T+2) to (T+1)

The SEC adopted rule changes to shorten the standard settlement cycle for most broker-dealer transactions in securities from two business days after the trade date (“T+2”) to one (“T+1”). The SEC indicates that the final rules, adopted on February 15, 2023, are designed to reduce the credit, market, and liquidity risks in securities transactions faced by market participants. The final rules will: (i) require a broker-dealer to either enter into written agreements or establish, maintain, and enforce written policies and procedures reasonably designed to ensure the completion of allocations, confirmations, and affirmations as soon as technologically practicable and no later than the end of the trade date; (ii) require registered investment advisers to make and keep records of the allocations, confirmations, and affirmations for certain securities transactions; (iii) add a new requirement to facilitate straight-through processing, which applies to certain types of clearing agencies that provide central matching services; and (iv) require central matching service providers to establish, implement, maintain, and enforce new policies and procedures reasonably designed to facilitate straight-through processing and require them to submit an annual report to the SEC that describes and quantifies progress with respect to straight-through processing. The final rules will become effective 60 days after publication in the Federal Register. The compliance date for the final rules is May 28, 2024.

SEC Proposes Enhanced Custody Rule for Registered Investment Advisers

The SEC proposed rule changes to enhance protections of customer assets managed by registered investment advisers. If adopted, the changes would amend and redesignate rule 206(4)-2, the SEC’s current custody rule (the “custody rule”), as new rule 223-1 under the Advisers Act (the “proposed rule”) and amend certain related recordkeeping and reporting obligations. According to the SEC’s announcement on February 15, 2023, the SEC exercised its authority under the Dodd-Frank Act in broadening the application of the custody rule. The proposed rule would change the current rule’s scope in two important ways. First, it would expand the types of investments covered by the rule. The proposed rule would extend the rule’s coverage beyond client “funds and securities” to client “assets” so as to include additional investments held in a client’s account, e.g. digital assets, including crypto assets. Second, an adviser would be deemed to have “custody” of client assets whenever the adviser has discretionary authority to trade client assets.

The proposed rule would also require qualified custodians to provide certain standard custodial protections when maintaining an advisory client’s assets and additional protections for certain securities and physical assets that cannot be maintained by a qualified custodian. The proposed rule would also provide exceptions to the surprise examination requirement in instances in which the adviser’s sole reason for having custody is because it has discretionary authority or because the adviser is acting according to a standing letter of authorization. In addition, the proposed rule would expand the scope of who can satisfy the custody rule’s surprise examination requirement through financial statement audits. Finally, the proposed rule would update related recordkeeping requirements for advisers and amend Form ADV to align reporting obligations with the proposed rule and to improve the accuracy of custody-related data available to the SEC, its staff, and the public. The comment period on the proposal will remain open for 60 days following publication of the proposing release in the Federal Register.

“I support this proposal because, in using important authorities Congress granted us after the financial crisis, it would help ensure that advisers don’t inappropriately use, lose, or abuse investors’ assets,” said SEC Chair Gary Gensler. “In particular, Congress gave us authority to expand the advisers’ custody rule to apply to all assets, not just funds or securities. Further, investors would benefit from the proposal’s changes to enhance the protections that qualified custodians provide. Thus, through this expanded custody rule, investors working with advisers would receive the time-tested protections that they deserve for all of their assets, including crypto assets, consistent with what Congress envisioned.”

Republican Leaders Request Information from Gensler on Climate Disclosure Proposal

On February 22, 2023, the chairman of the House Financial Services Committee, Patrick McHenry (R-NC); the ranking member of the Senate Committee on Banking, Housing, and Urban Affairs, Tim Scott (R-SC); and the chairman of the Subcommittee on Oversight and Investigations, Bill Huizenga (R-MI), sent a letter to the SEC Chair Gary Gensler demanding records and other information related to the proposed climate disclosure rule, including responses to previous requests by numerous members of both the House and the Senate that Chair Gensler had failed to provide. The Republican leaders argued that the proposed rule exceeds the SEC’s mission, expertise, and authority and—if finalized in any form—will unnecessarily harm consumers, workers, and the U.S. economy. In addition, the Republican members of the House Appropriations subcommittee pushed to cut the agency’s budget and requested that the SEC expand its enforcement efforts, reduce the pace of its rulemaking, and refrain from regulation. According to the opening statement of Steve Womack (R-Ark.), chair of the Financial Services and General Government subcommittee, who opened the March 29, 2023, hearing, the SEC budget is too big, the agency costs too much to run, and it focuses too much on the implementation and enforcement of new regulations rather than on trying to encourage the flow of investment capital into markets.

“The blistering pace of the SEC rulemaking is a cause for concern,” Womack wrote, “especially when the SEC is wading into areas that are not within their expertise and constitutionally questionable, such as requiring public companies to report on greenhouse gas emissions while claiming private enterprises won’t be impacted.”

SEC Fee Rate Advisories

The SEC announced that, starting on February 27, 2023, the fee rates applicable to most securities transactions would be set at $8.00 per million dollars. Per the January 23, 2023, announcement, the then-current rate of $22.90 per million dollars would remain in effect on charge dates through February 26, 2023. The assessment on security futures transactions remained unchanged at $0.0042 for each round-turn transaction. Subsequently, on March 1, 2023, the SEC announced that a mid-year adjustment to the fee rate for fiscal year 2023 was not required. As a result, the fiscal 2023 fee rate will remain at $8.00 per million dollars until September 30, 2023, or 60 days after the enactment of a regular FY 2024 appropriation, whichever occurs later. Similarly, the SEC confirmed that the Section 31 assessment on round-turn transactions in security futures also would remain at $0.0042 per transaction.

SEC Proposes Changes to Reg S-P to Enhance Protection of Customer Information

The SEC proposed amendments to Regulation S-P (“Reg S-P”) that would, among other things, require broker-dealers, investment companies, registered investment advisers, and transfer agents (collectively, “covered institutions”) to provide notice to individuals affected by certain types of data breaches that may put them at risk of identity theft or other harm. Reg S-P currently requires broker-dealers, investment companies, and registered investment advisers to adopt written policies and procedures for the protection of customer records and information (the “safeguards rule”). Reg S-P also requires the proper disposal of consumer report information (the “disposal rule”). If adopted, the SEC’s proposal, which was announced on March 15, 2023, would (i) update current requirements to address the expanded use of technology and corresponding risks since the SEC originally adopted Reg S-P in 2000; (ii) require covered institutions to adopt written policies and procedures for an incident response program to address unauthorized access to or use of customer information; (iii) require, with certain limited exceptions, covered institutions to provide notice to individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization; (iv) require a covered institution to provide such notice as soon as practicable, but not later than 30 days after the covered institution becomes aware that an incident involving unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred; and (v) make a number of additional changes to Reg S-P, including:

(a) broadening and aligning the scope of the safeguards rule and disposal rule to cover “customer information,” a new defined term which would extend the protections of the safeguards and disposal rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information that a covered institution receives about customers of other financial institutions;

(b) extending the safeguards rule to transfer agents registered with the SEC or another appropriate regulatory agency, and expanding the existing scope of the disposal rule to include transfer agents registered with another appropriate regulatory agency rather than only those registered with the SEC; and

(c) conforming Reg S-P’s existing provisions regarding the delivery of an annual privacy notice with a statutory exception created by the U.S. Congress in 2015.

The public comment period for the proposed amendments will remain open until 60 days after the date of publication of the proposing release in the Federal Register.

SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets

The SEC proposed requirements (the “proposal”) for broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents (collectively, “Market Entities”) to address their cybersecurity risks. In its March 15, 2023, announcement of the proposal, the SEC noted that Market Entities increasingly rely on information systems to perform their functions and provide their services and that the interconnectedness of Market Entities increases the risk that a significant cybersecurity incident can simultaneously impact multiple Market Entities causing systemic harm to the U.S. securities markets.

Proposed new Rule 10 under the Exchange Act would require all Market Entities to (i) establish, maintain, and enforce written policies and procedures that are reasonably designed to address their cybersecurity risks, (ii) review and assess, at least annually, the design and effectiveness of their cybersecurity policies and procedures, including whether they reflect changes in cybersecurity risk over the time period covered by the review, and (iii) provide the SEC with immediate written electronic notice of a significant cybersecurity incident upon having a reasonable basis to conclude that the significant cybersecurity incident has occurred or is occurring. The proposal includes additional requirements for Market Entities other than certain types of small broker-dealers (collectively, “Covered Entities”), including the requirement that Covered Entities utilize a proposed new Form SCIR to (a) report and update information about any significant cybersecurity incident and (b) publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year. The public comment period for the proposal will remain open until 60 days after the date of publication of the proposing release in the Federal Register.

SEC Proposes to Expand and Update Regulation SCI

The SEC proposed amendments to expand and update Regulation Systems Compliance and Integrity (“Regulation SCI”). Regulation SCI requires certain U.S. securities markets entities (“SCI entities”) to take corrective action with respect to systems disruptions, systems compliance issues, and systems intrusions and to notify the SEC of such events. In the SEC’s March 15, 2023, announcement of the proposed amendments, the SEC explained that trading and technology have evolved since Regulation SCI’s adoption in 2014 and that the growth in electronic trading allows ever-increasing volumes of securities transactions in a broader range of asset classes at increasing speed by competing trading platforms, including those offered by broker-dealers that play multiple roles in the markets. The proposed amendments would expand the scope of SCI entities covered by Regulation SCI to include registered security-based swap data repositories, all clearing agencies that are exempt from registration, and certain large broker-dealers (in particular, those that exceed a total assets threshold or a transaction activity threshold in national market system stocks, exchange-listed options contracts, U.S. Treasury Securities, or Agency Securities).

The proposed amendments would require that an SCI entity’s policies and procedures include the maintenance of a written inventory and classification of all SCI systems and a program for life cycle management; a program to prevent unauthorized access to such systems and information therein; and a program to manage and oversee certain third-party providers, including cloud service providers, of covered systems. The proposed amendments would also expand the types of SCI events experienced by an SCI entity that would trigger immediate notification to the SEC, update the rule’s annual SCI review and business continuity and disaster recovery testing requirements, and update certain of the Regulation’s recordkeeping provisions. The public comment period for the proposed amendments will remain open until 60 days after the date of publication of the proposing release in the Federal Register.

The SEC Issues Frequently Asked Questions for Registration of Municipal Advisors

On March 20, 2023, the SEC updated its Registration of Municipal Advisors Frequently Asked Questions (“FAQs”) page which provides general interpretive staff guidance on various aspects of the SEC’s municipal advisor registration rules. The updated page provides answers to questions across several categories, including the following topics: (i) independent registered municipal advisor exemption; (ii) registered investment adviser exclusion; (iii) issuance of municipal securities/post-issuance advice; (iv) completion of Form MA, Form MA-I, and Form MA-NR; (v) withdrawal from municipal advisor registration; and (vi) investment strategies and proceeds of municipal securities.

SEC Issues Statement Regarding Risk Legend Used by Non-Transparent ETFs

Under the terms of the SEC’s exemptive relief granted to actively managed ETFs that do not provide daily portfolio transparency (“non-transparent ETFs”), each non-transparent ETF is required to include in its prospectus, fund website, and any marketing materials a risk legend  highlighting the differences between the non-transparent ETF and fully transparent actively managed ETFs, as well as certain costs and risks unique to non-transparent ETFs. Recognizing that the standardized risk legend required by the exemptive orders may be difficult to place in certain digital advertisements (e.g., banner advertisements) due to space limitations, the SEC issued new disclosure language on March 29, 2023, which may be used in digital advertisements by non-transparent ETFs in place of the standardized risk legend currently provided in the exemptive orders. Requirements relating to placement of the risk legend or new disclosure language in a prominent location remain as prescribed in the exemptive orders.


SEC ENFORCEMENT ACTIONS

SEC Charges Former Investment Adviser Managing Director and Co-Portfolio Manager with Undisclosed Conflict of Interest

The SEC charged a former managing director (the “defendant”) of a New York-based investment adviser (the “Adviser”), with failing to disclose a conflict of interest arising from his relationship with a film distribution company in which the fund he managed for the Adviser invested millions of dollars. The SEC’s order, issued on January 5, 2023, found that, from 2015 to 2019, a closed-end publicly traded fund (the “fund”), invested in Aviron Group, LLC subsidiaries by loaning the subsidiaries, which were in the business of funding advertising budgets of motion pictures, as much as $75 million. The defendant, a co-portfolio manager of the fund, had a significant role in recommending and overseeing the fund’s loans to the Aviron subsidiaries. At the same time, the defendant asked Aviron to help advance his daughter’s acting career. Aviron helped defendant’s daughter obtain a small role in a film produced in 2018. The defendant did not disclose to the fund’s board of trustees or the Adviser’s compliance and legal teams that he asked Aviron to help advance his daughter’s acting career or that Aviron helped his daughter obtain a film role. The defendant consented to the entry of the SEC’s order finding that he violated Section 206(2) of the Advisers Act. Without admitting or denying the SEC’s findings, the defendant agreed to a cease-and-desist order, a censure, and a $250,000 penalty.

SEC Charges Former SPAC CFO for Orchestrating Fraud Scheme

The SEC announced fraud charges against Cooper J. Morgenthau, the former CFO of African Gold Acquisition Corp. (“African Gold”), a special purpose acquisition company (“SPAC”), alleging that he stole more than $5 million from African Gold and from investors in two other SPACs that he incorporated. The SEC’s January 3, 2023, complaint alleged that from June 2021 through July 2022, Morgenthau embezzled money from African Gold and stole funds from another SPAC series to pay for his personal expenses and to trade in crypto assets and other securities; concealed unauthorized withdrawals by falsifying African Gold’s bank account statements; and raised money from the other SPAC’s investors based on misrepresentations. The SEC’s complaint alleged that Morgenthau violated antifraud provisions of the federal securities laws, lied to African Gold’s auditor and accountants in violation of the Exchange Act, knowingly falsified African Gold’s books and records, and filed false certifications with the SEC. Morgenthau consented to a judgment enjoining him from further federal securities laws violations and barring him from serving as an officer or director of a publicly traded company, with monetary remedies to be determined at a later date. In a parallel action, the U.S. Attorney’s Office for the Southern District of New York, on the same day the SEC issued its complaint, announced criminal charges against Morgenthau.

In a related matter, on February 22, 2023, the SEC announced that it settled charges against African Gold for internal controls, reporting, and recordkeeping violations. Per the SEC, it was due to these failures that Morgenthau was able to embezzle money from the company’s operating bank account as discussed in the above complaint. The SEC noted that African Gold made materially false filings with the SEC and maintained inaccurate books and records. According to the SEC’s order, African Gold’s only liquid asset was the money held in its operating bank account, and thus potential fraud by management posed one of the company’s most significant risks of material misstatements in its financial statements. The SEC’s order alleged that, despite this risk, African Gold gave Morgenthau control over nearly all aspects of its operating bank account and financial reporting process with little to no oversight. The SEC’s order found that African Gold violated Exchange Act provisions relating to internal controls, reporting, and recordkeeping. Without admitting or denying the SEC’s findings, African Gold agreed to a cease-and-desist order and to pay a $103,591 civil monetary penalty.

SEC Settles Charges Against Investment Adviser for Alleged Conflicts of Interest Arising Out of Revenue Sharing and Incentive Arrangements

The SEC issued an order instituting and settling administrative and cease-and-desist proceedings against Moors & Cabot, Inc. (“Moors & Cabot”), a registered investment adviser and broker-dealer. Per the January 19, 2023, order, between at least February 2017 and September 2021, Moors & Cabot failed to fully and fairly disclose material facts and conflicts of interest associated with certain revenue-sharing payments and financial incentives that Moors & Cabot received from two unaffiliated clearing brokers. According to the order, Moors & Cabot also failed to implement written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act in connection with the disclosure of revenue sharing, fee markups, financial incentives, and associated conflicts of interest, as well as disciplinary histories. Moors & Cabot is charged with willfully violating Sections 206(2) and 206(4) of the Advisers Act and Rule 206(4)-7 thereunder.

Company to Pay $5 Million for Misleading Disclosures About Its Valuation Methodologies for Fixed Income Securities

The SEC announced settled charges against a privately held financial, software, data and media company headquartered in New York (the “Company”) for misleading disclosures relating to its paid subscription service, which provides daily price valuations for fixed income securities to financial services entities. The SEC’s January 23, 2023, order found that from at least 2016 through October 2022, the Company failed to disclose to its subscription service customers that the valuations for certain fixed income securities could be based on a single data input, such as a broker quote, which did not adhere to methodologies it had previously disclosed. The order found that the Company was aware that its customers, including mutual funds, may utilize subscription service prices to determine fund asset valuations, including for valuing fund investments in government, supranational, agency, and corporate bonds, municipal bonds, and securitized products, and that subscription service prices, therefore, can have an impact on the price at which securities are offered or traded. The SEC’s order found that the Company violated section 17(a)(2) of the Securities Act. Without admitting or denying the findings, the Company agreed to cease and desist from future violations and to pay a $5 million penalty. The SEC’s order noted that the Company voluntarily engaged in remedial efforts to improve its subscription service line of business.

Twenty-five States File Lawsuit to Block DOL’s ESG Rule

Twenty-five states are suing the Biden Administration in an attempt to block the Department of Labor (“DOL”) rule that allows fiduciaries to consider ESG factors when choosing retirement investments (“DOL ESG Rule”). According to the lawsuit filed in Texas federal court on January 26, 2023, the attorneys general claim that the DOL ESG Rule violates Employment Retirement Income Security Act (“ERISA”), which requires that retirement plans invest solely for financial gain, and runs afoul of the Administrative Procedure Act (“APA”) as arbitrary and capricious because the DOL failed to assess either the harm it poses for plan participants and beneficiaries or the advantage of superseding the 2020 DOL rule effectively banning ESG considerations in plan investment selections. Among the twenty-five states are Alabama, Alaska, Arkansas, Florida, Georgia, Indiana, Idaho, and Iowa. In addition to the states, listed plaintiffs include two energy companies, an energy industry trade group, and an individual participant in an unnamed workplace plan.

The claimants argue that the DOL is deviating from prior policy because its 2020 DOL rule still required that financial factors take precedence. It is argued in the complaint that the DOL justified the 2022 rule by noting that it would cure a “chill” or “confusion” allegedly caused by the 2020 rule. Per the claimants, the DOL never identified who was confused, what the source of confusion was, or whether the alleged confusion caused a reduction in the financial returns for plan participants. Claimants further allege that the DOL did not consider alternatives and failed to consider that the solution to the purported concerns caused by the 2020 rules would be to issue clarifying sub-regulatory guidance. The claimants request the court to postpone the DOL ESG Rule’s effective date and to impose a preliminary injunction and declare the DOL ESG Rule in violation of the APA and ERISA.

SEC Charges Options Clearing Corporation with Rule Failures

The SEC announced that The Options Clearing Corporation (“OCC”) will undertake remedial efforts and pay $17 million in penalties to settle charges that it failed to comply with its own SEC-approved stress testing and clearing fund methodology rule during certain times between October 2019 and May 2021. According to the SEC’s February 16, 2023, order, Chicago-based OCC’s failure to implement and comply with its own rule was the result of its failure to properly establish, implement, and enforce written policies and procedures reasonably designed to manage certain operational risks. The SEC’s order further found that OCC failed to modify its comprehensive stress testing system and did not provide timely notification to the SEC of this failure as required by Regulation SCI. The SEC also found that OCC failed to comply with its margin methodology, margin policy, and stress testing and clearing fund methodology relating to specific wrong way risk and holiday margin.

According to the SEC, in addition to the $17 million penalty, OCC has undertaken several remedial measures, including revising its model validation policies and procedures; enhancing its approach to risk data governance; implementing changes to elements of its control environment, including processes, procedures, and controls; and conducting appropriate training on the changes. This is the SEC’s second enforcement action against OCC. In a September 2019 settled action, the SEC charged OCC with failure to establish and enforce policies and procedures involving financial risk management, operational requirements, and information-systems security, and imposed remedial measures and a $15 million penalty.

Republican Attorney-Generals Ask Court to Set Aside SEC Proxy Voting Disclosure Rules

Texas Attorney General Ken Paxton and three other Republican attorneys general filed a petition on February 21, 2023, against the SEC in the federal appeals court opposing the new proxy voting disclosure rules. Among other changes, the new rules amend Form N-PX by expanding the number of voting categories to include information about votes in certain standardized categories, including various ESG-related topics such as environment or climate, and diversity, equity and inclusion. Though the petition does not detail the states’ legal arguments against the proxy voting disclosure rules, Attorney General Paxton claimed in a statement that the rules are politically motivated. According to the office of Utah’s attorney general, the rules “will put shareholders at increased risk of loss, encouraging political activism and raising administrative costs.” The SEC’s two Republican commissioners, Hester Peirce and Mark Uyeda, both voted against adopting the rules, which the SEC’s three Democrats supported.

SEC Charges a Church and Its Investment Management Company for Disclosure Failures and Misstated Filings

The SEC announced charges against an exempt investment adviser (the “Adviser”), a non-profit entity operated by a religious organization (the “Church”) to manage the Church’s investments, for failing to file forms that would have disclosed the Church’s equity investments, and for instead filing forms for shell companies that obscured the Church’s portfolio and misstated the Adviser’s control over the Church’s investment decisions. The SEC also announced charges against the Church for causing these violations. To settle the charges, the Adviser agreed to pay a $4 million penalty and the Church agreed to pay a $1 million penalty. The SEC’s order, issued on February 21, 2023, found that from 1997 through 2019, the Adviser failed to file Forms 13F. According to the SEC’s order, the Church was concerned that disclosure of its portfolio, which by 2018 had grown to approximately $32 billion, would lead to negative consequences and in order to obscure the amount of the Church’s portfolio, and with the Church’s knowledge and approval, the Adviser filed Forms 13F in the names of shell LLCs which it had created rather than in the Adviser’s name.

The order found that the Adviser maintained investment discretion over all relevant securities, that it controlled the shell LLCs, and that it directed nominee “business managers,” most of whom were employed by the Church, to sign the SEC filings. The SEC found that the shell LLCs’ Forms 13F misstated, among other things, that the LLCs had sole investment and voting discretion over the securities, when in reality the Adviser retained control over all investment and voting decisions. The Adviser agreed to settle the SEC’s allegation that it violated Section 13(f) of the Exchange Act and Rule 13f-1 thereunder by failing to file Forms 13F and by misstating information in these forms. The Church also agreed to settle the SEC’s allegation that it caused the Adviser’s violations through its knowledge and approval of the Adviser’s use of the shell LLCs.

SEC Charges Private Fund Auditor and Audit Engagement Partner with Improper Professional Conduct

The SEC announced settled charges against Spicer Jeffries LLP, an audit firm based in Denver, and an audit engagement partner Sean P. Tafaro, for their improper professional conduct in connection with audits of two private funds. According to the SEC’s March 29, 2023, order, during the audit planning stages, Spicer Jeffries and Tafaro assessed that valuation of investments was a significant fraud risk but did not implement the planned audit approach to respond to the risk. The order further finds that Spicer Jeffries and Tafaro failed to obtain sufficient audit evidence about the method of measuring fair value, the valuation models, and whether alternative valuation assumptions were considered. According to the order, due to these failures and others, Spicer Jeffries and Tafaro did not exercise due care, including professional skepticism. The order also found that Spicer Jeffries’ deficient system of quality control led to failures to adhere to professional auditing standards. Without admitting or denying the findings, Spicer Jeffries and Tafaro consented to the SEC’s order finding that they engaged in improper professional conduct. Spicer Jeffries agreed to be censured and to implement undertakings to retain an independent consultant to review and evaluate certain of its audit, review, and quality control policies and procedures. Tafaro agreed to be suspended from appearing and practicing before the SEC as an accountant. The SEC’s order permits Tafaro to apply for reinstatement after one year.

Cyber Fraud and Crypto Asset Enforcement Actions

The SEC brought charges against various individuals and entities relating to cyber fraud and crypto assets, including blockchain and lending programs. For example, these include:

  1. The SEC charged five individuals and three entities for their involvement in a fraudulent investment scheme named CoinDeal that raised more than $45 million from sales of unregistered securities to tens of thousands of investors worldwide. According to the SEC’s complaint filed on January 4, 2023, the five individuals allegedly disseminated false and misleading statements to investors about extravagant returns from investing in a blockchain technology called CoinDeal; the purported value of CoinDeal; the parties involved in the supposed sale of CoinDeal; and the use of investment proceeds. The complaint further alleged that no sale of CoinDeal ever occurred and no distributions were made to CoinDeal investors, and that the defendants collectively misappropriated millions of dollars of investor funds for personal use. In June 2022, the U.S. Department of Justice indicted one of the individuals on three counts of wire fraud and two counts of monetary transaction in unlawful proceeds for his involvement in CoinDeal. The SEC’s complaint charged each party with different violations of the antifraud and registration provisions of the Securities Act and Exchange Act; and aiding and abetting under the antifraud provisions of the Exchange Act; and under the antifraud and registration provisions of the Securities Act and Exchange Act.
  2. The SEC charged a crypto asset-related financial products and services corporation (the “Corporation”), with failing to register the offer and sale of its retail crypto asset lending product. To settle the SEC’s charges, the Corporation agreed to pay a $22.5 million penalty and cease its unregistered offer and sale of its product to U.S. investors. In parallel actions announced the same day, the Corporation agreed to pay an additional $22.5 million in fines to settle similar charges by state regulatory authorities. The SEC’s January 19, 2023, order found that the Corporation marketed its product as a means for investors to earn interest on their crypto assets, and that the Corporation exercised its discretion to use investors’ crypto assets in various ways to generate income for its own business and to fund interest payments to investors. The order also found that the Corporation’s product is a security and that the offer and sale of the Corporation’s product did not qualify for an exemption from SEC registration. Without admitting or denying the SEC’s findings, the Corporation agreed to a cease-and-desist order prohibiting it from violating the registration provisions of the Securities Act.
  3. The SEC charged Avraham Eisenberg with orchestrating an attack on a crypto asset trading platform, Mango Markets, by manipulating the MNGO token, a so-called governance token that was offered and sold as a security. Eisenberg is facing parallel criminal and civil charges in the Southern District of New York brought by the U.S. Department of Justice and the Commodities Futures Trading Commission (“CFTC”). The SEC’s complaint alleged that beginning on October 11, 2022, Eisenberg engaged in a scheme to steal approximately $116 million worth of crypto assets from the Mango Markets platform. The SEC’s complaint, filed in federal district court in Manhattan, charged Eisenberg with violating antifraud and market manipulation provisions of the securities laws and sought permanent injunctive relief, a conduct-based injunction, disgorgement with prejudgment interest, and civil penalties.
  4. The SEC charged Singapore-based Terraform Labs PTE Ltd and Do Hyeong Kwon with orchestrating a multibillion-dollar crypto asset securities fraud involving an algorithmic stablecoin and other crypto asset securities. According to the SEC’s complaint filed on February 16, 2023, from April 2018 until the scheme’s collapse in May 2022, Terraform and Kwon raised billions of dollars from investors by offering and selling an inter-connected suite of crypto asset securities, many in unregistered transactions. The complaint charged the defendants with violating the registration and antifraud provisions of the Securities Act and the Exchange Act.
  5. The SEC announced charges against former NBA player Paul Pierce for touting EMAX tokens, crypto asset securities offered and sold by EthereumMax, on social media without disclosing the payment he received for the promotion and for making false and misleading promotional statements about the same crypto asset. The SEC’s February 17, 2023, order found that Pierce violated the anti-touting and antifraud provisions of the federal securities laws. Without admitting or denying the SEC’s findings, Pierce agreed to settle the charges and pay over $1.4 million in penalties, disgorgement, and interest. Pierce also agreed not to promote any crypto asset securities for three years.
  6. The SEC charged the former co-lead engineer (the “defendant”) of an Antigua- and Barbuda-based company that operated a global crypto asset trading platform (the “Company”), for his role in a multiyear scheme to defraud equity investors. According to the SEC’s complaint, issued on February 28, 2023, the defendant created software code that allowed Company customer funds to be diverted to a quantitative trading firm specializing in crypto assets (a “crypto hedge fund”) owned by co-founders and officers of the Company, despite false assurances to investors that the Company was a safe crypto asset trading platform with sophisticated risk mitigation measures to protect customer assets and that the crypto hedge fund was just another customer with no special privileges. The complaint alleged that the defendant knew or should have known that such statements were false and misleading, and that the defendant actively participated in the scheme to deceive the Company’s investors
    The SEC’s complaint charged the defendant with violating the antifraud provisions of the Securities Act and the Exchange Act. The defendant consented to a bifurcated settlement, subject to court approval, which would permanently enjoin him from violating the federal securities laws, a conduct-based injunction, and an officer and director bar. In a parallel action, the U.S. Attorney’s Office for the Southern District of New York and the Commodity Futures Trading Commission (“CFTC”) announced charges against the defendant on the same day the SEC’s complaint was filed.
  7. The SEC charged the crypto asset trading platform beaxy.com (the “Beaxy Platform”) and its executives for failing to register as a national securities exchange, broker, and clearing agency. The SEC also charged the founder of the platform, Artak Hamazaspyan, and a company he controlled, Beaxy Digital, Ltd., with raising $8 million in an unregistered offering of the Beaxy token (“BXY”) and alleged that Hamazaspyan misappropriated at least $900,000 for personal use, including gambling. Finally, the SEC charged market makers operating on the Beaxy Platform as unregistered dealers. Pursuant to the Consents filed on March 29, 2023, the charged market makers have agreed to perform certain undertakings, including ceasing all activities as an unregistered exchange, clearing agency, broker, and dealer; shutting down the Beaxy Platform; providing an accounting of assets and funds for the benefit of customers; transferring all customer assets and funds to each respective customer; and destroying any and all BXY in possession.

Thomas R. Westle and Stacy H. Louizos would like to thank Margaret M. Murphy and Hiba Hassan for their contributions to this update.

© 2023 Blank Rome LLP
For more Financial and Securities legal news, click here to visit the National Law Review

The Future of Stablecoins, Crypto Staking and Custody of Digital Assets

In the wake of the collapse of cryptocurrency exchange firm FTX, the Securities and Exchange Commission (SEC) has ratcheted up its oversight and enforcement of crypto firms engaged in activities ranging from crypto staking to custody of digital assets. This is due in part to concerns that the historically free-wheeling and largely unregulated crypto marketplace may adversely impact U.S. investors and contaminate traditional financial systems. The arguments that cryptocurrencies and digital assets should not be viewed as securities under federal laws largely fall on deaf ears at the SEC. Meanwhile, the state of the crypto economy in the United States remains in flux as the SEC, other regulators and politicians alike attempt to balance competing interests of innovation and investment in a relatively novel and untested asset class.

Is Crypto Staking Dead?

First, what is crypto staking? By way of background, it’s necessary to understand a bit about blockchain technology, which serves as the underpinning for all cryptocurrency and digital asset transactions. One of the perceived benefits of such transactions is that they are decentralized and “peer-to-peer” – meaning that Person A can transact directly with Person B without the need for a financial intermediary to approve the transaction.

However, in the absence of a central authority to validate a transaction, blockchain requires other verification processes or consensus mechanisms such as “proof of work” (which in the case of Bitcoin mining ensures that transactions are valid and added to the Bitcoin blockchain correctly) or “proof of stake” (a network of “validators” who contribute or “stake” their own crypto in exchange for a chance to validate a new transaction, update the blockchain and earn a reward). Proof of work has come under fire by environmental activists for the enormous amounts of computer power and energy required to solve complex mathematical or cryptographic puzzles to validate a transaction before it can be recorded on the blockchain. In contrast, proof of stake is analogous to a shareholder voting their shares of stock to approve a corporate transaction.

Second, why has crypto staking caught the attention of the SEC? Many crypto firms and exchanges offer “staking as a service” (SaaS) whereby investors can stake (or lend) their digital assets in exchange for lucrative returns. This practice is akin to a person depositing cash in a bank account in exchange for interest payments – minus FDIC insurance backing of all such bank deposits to protect investors.

Recently, on February 9, 2023, the SEC charged two crypto firms, commonly known as “Kraken,” for violating federal securities laws by offering a lucrative crypto asset SaaS program. Pursuant to this program, investors could stake their digital assets with Kraken in exchange for annual investment returns of up to 21 percent. According to the SEC, this program constituted the unregistered sale of securities in violation of federal securities laws. Moreover, the SEC claims that Kraken failed to adequately disclose the risks associated with its staking program. According to the SEC’s Enforcement Division director:

“Kraken not only offered investors outsized returns untethered to any economic realities but also retained the right to pay them no returns at all. All the while, it provided them zero insight into, among other things, its financial condition and whether it even had the means of paying the marketed returns in the first place.”1

Without admitting or denying the SEC’s allegations, Kraken has agreed to pay a $30 million civil penalty and will no longer offer crypto staking services to U.S. investors. Meanwhile, other crypto firms that offer similar programs, such as Binance and Coinbase, are waiting for the other shoe to drop – including the possibility that the SEC will ban all crypto staking programs for U.S. retail investors. Separate and apart from potentially extinguishing a lucrative revenue stream for crypto firms and investors alike, it may have broader consequences for proof of stake consensus mechanisms commonly used to validate blockchain transactions.

NY DFS Targets Stablecoins

In the world of cryptocurrency, stablecoins are typically considered the most secure and least volatile because they are often pegged 1:1 to some designated fiat (government-backed) currency such as U.S. dollars. In particular, all stablecoins issued by entities regulated by the New York Department of Financial Services (NY DFS) are required to be fully backed 1:1 by cash or cash equivalents. However, on February 13, 2023, NY DFS unexpectedly issued a consumer alert stating that it had ordered Paxos Trust Company (Paxos) to stop minting and issuing a stablecoin known as “BUSD.” BUSD is reportedly the third largest stablecoin by market cap and pegged to the U.S. dollar.

The reasoning behind the NY DFS order remains unclear from the alert, which merely states that “DFS has ordered Paxos to cease minting Paxos-issued BUSD as a result of several unresolved issues related to Paxos’ oversight of its relationship with Binance in regard to Paxos-issued BUSD.”The same day, Paxos confirmed that it would stop issuing BUSD. However, in an effort to assuage investors, Paxos stated “All BUSD tokens issued by Paxos Trust have and always will be backed 1:1 with U.S. dollar–denominated reserves, fully segregated and held in bankruptcy remote accounts.”3

Separately, the SEC reportedly issued a Wells Notice to Paxos on February 12, 2023, indicating that it intended to commence an enforcement action against the company for violating securities laws in connection with the sale of BUSD, which the SEC characterized as unregistered securities. Paxos, meanwhile, categorically denies that BUSD constitute securities, but nonetheless has agreed to stop issuing these tokens in light of the NY DFS order.

It remains to be seen whether the regulatory activity targeting BUSD is the beginning of a broader crackdown on stablecoins amid concerns that, contrary to popular belief, such coins may not be backed by adequate cash reserves.

Custody of Crypto Assets

On February 15, 2023, the SEC proposed changes to the existing “custody rule” under the Investment Advisers Act of 1940. As noted by SEC Chair Gary Gensler, the custody rule was designed to “help ensure that [investment] advisers don’t inappropriately use, lose, or abuse investors’ assets.”The proposed changes to the rule (referred to as the “safeguarding rule”) would require investment advisers to maintain client assets – specifically including crypto assets – in qualified custodial accounts. As the SEC observed, “[although] crypto assets are a relatively recent and emerging type of asset, this is not the first time custodians have had to adapt their practices to safeguard different types of assets.”5

A qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant or certain foreign financial institutions.6 However, as noted by the SEC, many crypto assets trade on platforms that are not qualified custodians. Accordingly, “this practice would generally result in an adviser with custody of a crypto asset security being in violation of the current custody rule because custody of the crypto asset security would not be maintained by a qualified custodian from the time the crypto asset security was moved to the trading platform through the settlement of the trade.”7

Moreover, in a departure from existing practice, the proposed safeguarding rule would require an investment adviser to enter into a written agreement with the qualified custodian. This custodial agreement would set forth certain minimum protections for the safeguarding of customer assets, including crypto assets, such as:

  • Implementing appropriate measures to safeguard an advisory client’s assets8
  • Indemnifying an advisory client when its negligence, recklessness or willful misconduct results in that client’s loss9
  • Segregating an advisory client’s assets from its proprietary assets10
  • Keeping certain records relating to an advisory client’s assets
  • Providing an advisory client with periodic custodial account statements11
  • Evaluating the effectiveness of its internal controls related to its custodial practices.12

The new proposed, cumbersome requirements for custodians of crypto assets appear to be a direct consequence of the collapse of FTX, which resulted in the inexplicable “disappearance” of billions of dollars of customer funds. By tightening the screws on custodians and investment advisers, the SEC is seeking to protect the everyday retail investor by leveling the playing field in the complex and often murky world of crypto. However, it still remains to be seen whether, and to what extent, the proposed safeguarding rule will emerge after the public comment period, which will remain open for 60 days following publication of the proposal in the Federal Register.


1 SEC Press Release 2023-25 (Feb. 9, 2023).

NY DFS Consumer Alert (Feb. 13, 2023) found at https://www.dfs.ny.gov/consumers/alerts/Paxos_and_Binance.

3 Paxos Press Release (Feb. 13, 2023) found at https://paxos.com/2023/02/13/paxos-will-halt-minting-new-busd-tokens/.

4 SEC Press Release 2023-30 (Feb. 15, 2023).

5 SEC Proposed Rule, p. 79.

6 SEC Fact Sheet: Proposed Safeguarding Rule.

7 SEC Proposed Rule, p. 68.

For instance, per the SEC, this could require storing crypto assets in a “cold wallet.”

9 Per the SEC, “the proposed indemnification requirement would likely operate as a substantial expansion in the protections provided by qualified custodians to advisory clients, in particular because it would result in some custodians holding advisory client assets subject to a simple negligence standard rather than a gross negligence standard.” See SEC Proposed Rule, p. 89.

10 Per the SEC, this requirement is intended to “ensure that client assets are at all times readily identifiable as client property and remain available to the client even if the qualified custodian becomes financially insolvent or if the financial institution’s creditors assert a lien against the qualified custodian’s proprietary assets (or liabilities).” See SEC Proposed Rule, p. 92.

11 Per the SEC, “[in] a change from the current custody rule, the qualified custodian would also now be required to send account statements, at least quarterly, to the investment adviser, which would allow the adviser to more easily perform account reconciliations.” See SEC Proposed Rule, p. 98.

12 Per the SEC, the proposed rule would require that the “qualified custodian, at least annually, will obtain, and provide to the investment adviser a written internal control report that includes an opinion of an independent public accountant as to whether controls have been placed in operation as of a specific date, are suitably designed, and are operating effectively to meet control objectives relating to custodial services (including the safeguarding of the client assets held by that qualified custodian during the year).” See SEC Proposed Rule, p. 101.

© 2023 Wilson Elser

Was This The Least Transparent Report In SEC History?

Professor Alexander I. Platt at the University of Kansas School of Law has just released a draft of a forthcoming paper that takes the Securities and Exchange Commission to task for the lack of transparency in its whistleblower program, Going Dark(er): The SEC Whistleblower Program’s FY 2022 Report Is The Least Transparent In Agency History.  As Professor Platt notes in a footnote, I have been complaining about the whistleblower’s lack of transparency since at least 2016.  See Five Propositions Concerning The SEC Whistleblower Program.  Last summer, I observed that “There is certainly no dearth of irony in a federal agency dedicated to full disclosure cloaking in secrecy a billion dollar awards program”.

Professor Platt offers four possible reasons for the SEC’s lack of transparency: (1) resource constraints; (2) lack of respect for public participation and accountability; (3) data problems; and/or (4) an intent to bury something controversial or embarrassing.  My concern is, and has been, that whatever the reason(s), the SEC’s lack of transparency creates an ideal substrate for fraud.  Unless the SEC drops its cloak of secrecy and exposes its whistleblower program to public scrutiny, it is highly likely that the next article will be about how the whistleblower program was used and abused.

© 2010-2023 Allen Matkins Leck Gamble Mallory & Natsis LLP

Caremark Liability Following the SEC’s New ESG Reporting Requirements

Recent developments in the Court of Chancery concerning a corporate board’s duty to monitor and provide oversight over a corporation’s operations, so-called Caremark claims, are likely to intersect with the Securities and Exchange Commission’s (“SEC”) proposed new ESG disclosure obligations to create a new category of corporate risk.  In this article, we discuss the recent trends in Delaware law that have led to a revitalization of Caremark and the SEC’s current proposals for enhanced ESG disclosure, the intersection of which can be expected to result in litigation and other corporate risk, and some commonsense steps corporations can take to mitigate this potential new category of risk.

The “Caremark” Doctrine

One of the more notable developments in Delaware case law in recent years has been the revitalization of “Caremark duty” claims.  Caremark actions traditionally were notoriously difficult to plead—in explaining the doctrine, the Chancery Court famously called it “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”  In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996). In recent years, however, the Delaware courts have breathed new life into the Caremark doctrine by allowing these types of claims to proceed to discovery.

Specifically, the Caremark doctrine was returned to potency in 2019 following the Delaware Supreme Court’s decision in Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).  Although Marchand did not change the Caremark standard, it demonstrated the Delaware courts’ greater willingness to permit Caremark claims to pass the motion to dismiss phase if they could be plausibly pled.  Marchand ultimately laid the groundwork for a number of subsequent rulings demonstrating the renewed vitality of Caremark claims—not only have at least four Caremark suits survived a motion to dismiss since Marchand, but there are also several ongoing Caremark suits in Delaware.

Under Caremark, there are two distinct types of claims.  The first type concern a board’s failure to implement a system of controls to prevent some unlawful misconduct that occurred.  The second type of claims concern a failure to monitor by the directors.  It is imperative, therefore, that boards focus on:  (1) establishing adequate information and reporting systems to monitor “mission critical” aspects of their company’s business; and (2) monitoring those systems once in place.

The SEC’s Proposed New Climate-Related Disclosures

On March 21, 2022, the SEC proposed new rules requiring companies to report extensive line-item disclosures on climate-related ESG issues, entitled: “The Enhancement and Standardization of Climate-Related Disclosures for Investors.”  If implemented as written, the proposed rules would require registrants to make significant additional disclosures regarding the impact of climate-related risks on their business.

Among other things, under the proposed rules, registrants would be required to disclose:

  1. Greenhouse gas (“GHG”) emissions, regardless as to whether those emissions are deemed material by the company.  Emissions would now be reported by “scope” or type.

  2. “Climate-related risks” that are “reasonably likely to have a material impact,” including climate-related conditions and events that impact financial statements, business operations, or value chains.

  3. Governance disclosures related to climate risk, including how the board and management assess and manage these climate-related risks.

  4. Any targets or goals related to the reduction of GHG emissions.

These proposed new rules are part of the Biden Administration’s efforts to “advance consistent, clear, intelligible, comparable, and accurate disclosure of climate-related financial risk.”  Yet the sheer breadth, specificity, and complexity of the proposed rules would result in one of the most profound changes to public companies’ disclosure obligations in the history of the SEC.

Additional Caremark Exposure

The SEC’s climate-related disclosure rules will likely fuel ESG-related Caremark claims.  In particular, heightened disclosure requirements will provide ammunition for derivative or class action lawsuits and may expose companies to specific indirect risks, including heightened exposure to pre-suit discovery and proxy contests.

Direct Litigation Risk

The SEC’s new reporting requirements are likely to create new grounds for investors to assert liability claims against corporations and their boards of directors and management. Shareholders can be expected to leverage the new disclosures to seek to hold companies accountable for failing to properly oversee, mitigate or eliminate climate-related risk.  The revitalized Caremark doctrine is likely to be employed to allege boards and managers failed to oversee so-called “mission-critical” aspects of their business that generate climate-related risk.

In this vein, plaintiffs may choose to use disclosures required by the SEC’s proposed rules as the basis for a breach of duty to monitor or Caremark claim through either a derivative suit, brought on behalf of the company against its directors and officers, or a class action suit, brought on behalf of a class of injured shareholders or investors.  Caremark claims will likely arise if and when a board fails to exercise proper oversight with respect to climate-related risks or to consider proper mitigating steps. This new threat will be amplified for companies that (i) have yet to fully examine how ESG issues factor into their mission-critical operations or (ii) have yet to devote resources and personnel to measuring (using consistent, comparable and reliable data) and analyzing their own ESG-related risks. Companies need to be able to ascertain and address their most pressing ESG-related risks to avoid future Caremark liability.

Indirect Risks

Indirect risks from the proposed new disclosure regime may manifest in a variety of ways..  They can result in the disclosure of embarrassing or harmful information about a company, its board, or managers, and lead to the replacement of key company executives or directors by aggrieved shareholders.  Moreover, they give rise to issues that are expensive and resource-intensive to address.  While these risks are indirect to companies, they pose a direct threat to board members and managers.

Pre-Suit Discovery.  Boards can expect new disclosure requirements to enable shareholders to gain greater access to pre-suit discovery.  Section 220 of Delaware’s General Corporate Law provides shareholders with a qualified right to inspect a company’s books and records for suspected corporate wrongdoing or mismanagement, and need only demonstrate a “credible basis” to proceed.  The new ESG reporting requirements will likely provide shareholders with even more information as ammunition to fuel Section 220 demands.  Opening a company’s books to pre-suit discovery could expose boards, management, or companies to serious reputational harm, as well as provide fodder for future lawsuits against the current board.

Proxy Contests.  New ESG-related disclosures are also likely to generate greater turmoil in the form of proxy battles at the board level.  Historically, shareholder activists have been focused on addressing short-term profit, stock price and total shareholder return.  Yet activist campaigns containing an environmental or social objective have doubled as a proportion of campaigns overall during the five years between 2016 and 2021, including a successful campaign against Exxon to place directors on its board.  The proliferation of new ESG reporting requirements is expected to further fuel these contests, particularly with respect to companies that are perceived to be lagging on ESG commitments or expectations.

Avoiding Environmental-Caremark Claims

Companies should take several steps in preparation for the increased pressure expected to arise from the need to address ESG issues.

First, companies should be aware of the obligations and risks they face with regard to ESG issues.  That means determining what ESG-related risks could detrimentally impact a “mission-critical” aspect of a company’s business.  What is determined to be “mission-critical” will necessarily vary by company.

Second, once companies are cognizant of the ESG-related risks they face, they will need to start implementing appropriate governance structures so that they are aware of, and can take steps to address, ESG risks.  Directors should establish responsible committees and internal information and reporting procedures to ensure board members have proper oversight of these efforts.  This will allow boards to demonstrate their engagement in response to potential Caremark claims, as well as to respond to any ESG risks arising in the company’s operations.

Third, with these governance structures in place, companies must focus on generating, collecting, and analyzing consistent and comparable data on the ESG-related risks they face.  These data should be actively monitored by managers and board members so they can identify and address ESG risks before they result in catastrophic situations and resulting litigation.  And, if Caremark claims ensue, boards will be able to use these governance structures and reporting regimes to demonstrate that they have satisfied their oversight obligations.

Finally, once these systems are in place, companies should take steps to prepare for the adoption of the SEC’s new climate-related disclosure requirements.  The development of governance and reporting structures will undoubtedly aid in the collection of information for these purposes.  While taking these steps, it is advisable that corporate executives and boards seek input from subject matter experts and experienced legal counsel to help design and implement robust compliance and monitoring regimes that can help to discourage or forestall future litigation in the form of Caremark or other claims related to ESG issues.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
For more Securities Law coverage, click here to visit the National Law Review.

Are Loans Securities?

We have been following a case that has been winding its way through New York federal courts for some time that players in the syndicated loan market have described as everything from “a potential game changer” to an “existential threat” to the syndicated loan market.

The case in question is Kirschner v. JPMorgan Chase Bank, N.A., which is before the United States Court of Appeals for the Second Circuit. In this case, the Court will consider an appeal of a 2020 decision by the United States District Court for the Southern District of New York which held that the syndicated term loan in question was not a security. Significantly, this ruling indicated that because syndicated term loans are not securities, they are therefore not subject to securities laws and regulations.

The consequence of a determination that syndicated loans are securities would be significant. It would mean, among other things, that the syndicated loan market would have to comply with various state and federal securities laws. This would significantly change the cost of these transactions as well as the means by which syndication and loan trading take place. The Loan Syndications and Trading Association (LSTA) filed an amicus brief in this case in May of this year, which we covered here. The LSTA argued in its brief, among other things, that beyond the increased cost, regulating syndicated loans as securities would fundamentally change other aspects of the syndicated loan market. Specifically, the LSTA pointed to the importance of a borrower’s ability to have veto rights and other control in determining which entities will hold its debt. The LSTA also noted the importance of quick access to funding on flexible terms specific to the borrower in question – something we know is at the heart of so many fund finance transactions – which would be greatly compromised within a securities regulatory regime. The LSTA brief also discusses potential negative impacts on the CLO market.

Those in favor of a change in regulation point to features such as nonbank lender participation in the market, the fact that the test to determine whether a loan is a security may be outdated, and the overall size of the syndicated loan market – at $1.4 trillion – which could be a risk to the larger global financial system potentially warranting more stringent regulation.

Most experts believe that the Second Circuit will not overturn the decision issued in the lower court, but the issue in question is significant enough that market players should keep an eye on this one. Oral arguments will take place early next year. We will continue to watch as this case develops and update you here.

© Copyright 2022 Cadwalader, Wickersham & Taft LLP

Dead Canary in the LBRY

In a case watched by companies that offered and sold digital assets1 Federal District Court Judge Paul Barbadoro recently granted summary judgment for the Securities and Exchange Commission (“SEC”) against LBRY, Inc.2 This case is seen by some as a canary in the coalmine in that the decision supports the SEC’s view espoused by SEC Chairman Gary Gensler that nearly all digital assets are securities that were offered and sold in violation of the securities laws.3 For FinTech companies hoping to avoid SEC enforcement actions, the LBRY decision strongly suggests that all companies offering digital assets could be viewed by courts as satisfying the Howey test for investment contract securities.4

LBRY is a company that promised to use blockchain technology to allow users to share videos and images without the need for third-party intermediaries like YouTube or Facebook. LBRY offered and sold LBRY Credits, called LBC tokens, that would compensate participants of their blockchain network and would be spent by LBRY users on things like publishing content, tipping content creators, and purchasing paywall content. At launch, LBRY had pre-mined 400 million LBC for itself, and approximately 600 million LBC would be available in the future to compensate miners. LBRY spent about half of the 400 million LBC tokens on various endeavors, such as direct sales and using the tokens to incentivize software developers and software testers.

Judge Barbadoro concluded as a matter of law (i.e., that no reasonable jury could conclude otherwise) that the LBC tokens were securities under Section 5 of the Securities Act. Applying the Howey test, Judge Barbadoro noted the only prong of the Howey test that was disputed in the case was: Did investors buy LBC tokens “with an expectation of profits to be derived solely from the efforts of the promoter or a third party”? Judge Barbadoro answered resoundingly, “Yes.”

Most important to his conclusion that investors purchased LBC tokens with the expectations of profits solely through the efforts of the promoter (i.e., LBRY) were: the many statements made by LBRY employees and community representatives about the price of LBC and trading volume of LBC; and many statements that LBRY made about the development of its content platform, including how the platform would yield long-term value to LBC holders. Critically, however, Judge Barbadoro found that even if LBRY had made none of these statements, the LBC token would still constitute a security because “any reasonable investor who was familiar with the company’s business model would have understood the connection” between LBC value growth and LBRY’s efforts to grow the use of its network. Even if LBRY had never said a word about the LBC token, Judge Barbadoro found that the LBC token would constitute a security because LBRY retained hundreds of millions of LBC tokens for themselves, thus signaling to investors that it was committed to working to improve the value of the token.

Judge Barbadoro flatly rejected LBRY’s defense that the LBC token cannot be a security because the token has utility.5 The judge noted, “Nothing in the case law suggests that a token with both consumptive and speculative uses cannot be sold as an investment contract.” Likewise, Judge Barbadoro was unmoved by LBRY’s argument that it had no “fair notice” that the SEC would treat digital assets as unregistered securities simply because this was the first time the SEC had brought an enforcement action against an issuer of digital currency.6

In sum, if Judge Barbadoro’s reasoning is applied more broadly to the thousands of digital assets that have emerged over the last several years—including companies that tout the so called “utility” of their tokens—they will all likely be deemed digital asset securities that were offered and sold without a registration or an exemption from registration.

The LBRY decision is yet another case in which a court has concluded a digital asset is a security. Developers of digital assets must proceed with a high degree of caution. The SEC continues to display a high degree of willingness to initiate investigations and enforcement actions against issuers of digital assets that are viewed as securities under the Howey and Reeves tests, investment companies, or security-based swaps.

For more Securities Law and Digital Assets news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP


FOOTNOTES

The SEC defines “digital assets” as intangible “asset[s] that [are] issued and transferred using distributed ledger or blockchain technology.” Statement on Digital Asset Securities Issuance and Trading, Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets, SEC (Nov. 16, 2018), available here.

SEC v. LBRY, Inc., No. 1:21-cv-00260-PB (D.N.H. filed Mar. 29, 2021), available here. A copy of the complaint against LBRY can be found here.

See, e.g., Gary Gensler, Speech – “A ‘New’ New Era: Prepared Remarks Before the International Swaps and Derivatives Association Annual Meeting” (May 11, 2022) (“My predecessor Jay Clayton said it, and I will reiterate it: Without prejudging any one token, most crypto tokens are investment contracts under the Supreme Court’s Howey Test.”), available here. Section 5(a) of the Securities Act of 1933 (the “Securities Act”) provides that, unless a registration statement is in effect as to a security, it is unlawful for any person, directly or indirectly, to sell securities in interstate commerce. Section 5(c) of the Securities Act provides a similar prohibition against offers to sell or offers to buy securities unless a registration statement has been filed.

SEC v. W.J. Howey Co., 328 U.S. 293 (1946). This case did not address when digital assets could be deemed debt securities under the test articulated by the U.S. Supreme Court in Reves v. Ernst & Young, 494 U.S. 56, 66-67 (1990), or when digital assets could be deemed an investment company under the Investment Company Acy of 1940. See, e.g., In the Matter of Blockfi Lending, Feb. 14, 2022, available here. This case also does not address when a digital asset is a security-based swap. See, e.g., In the Matter of Plutus Financial, Inc., (July 13, 2020), available here.

The argument a digital asset is not a security because it has “utility” is a favorite argument of critics of the SEC’s enforcement actions against issuers of digital assets. Unfortunately, the “utility” argument appears to be of little merit when the digital asset is offered and sold to raise capital.

This is an argument that has been made by a number of defendants in SEC enforcement actions involving digital asset securities.

“Red Flags in the Mind Set”: SEC Sanctions Three Broker/Dealers for Identity Theft Deficiencies

In 1975, around the time of “May Day” (1 May 1975), which brought the end of fixed commission rates and the birth of registered clearing agencies for securities trading (1976), the U. S. Securities and Exchange Commission (“SEC”) created a designated unit to deal with the growth of trading and the oversight of broker/dealers. That unit, the Office of Compliance Inspections and Examinations (the “OCIE”), evolved and grew over time. It regularly issued Risk Alerts on specific topics aimed at Broker/Dealers and/or Investment Advisers, expecting that those addressees would take appropriate steps to prevent the occurrence of the identified risk, or at least mitigate its impact on customers. On Sept. 15, 2020, the OCIE issued a Risk Alert entitled “Cybersecurity: Safeguarding Client Accounts against Credential Compromise,” which emphasized the importance of compliance with SEC Regulation S-ID, the “Identity Theft Red Flags Rule,” adopted May 20, 2013, under Sections of the Securities Exchange Act of 1934 (the “34 Act”) and the Investment Advisers Act of 1940, as amended (the “40 Act”). See, in that connection, the discussion of this and related SEC cyber regulations in my Nov. 19, 2020, Blog “Credential Stuffing: Cyber Intrusions into Client Accounts of Broker/Dealers and Investment Advisors.”

The SEC was required to adopt Regulation S-ID by a provision in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, which amended a provision of the Fair Credit Reporting Act of 1970 (“FCRA”) to add both the SEC and the Commodity Futures Trading Commission to the federal agencies that must have “red flag” rules. That “red flag” requirement for the seven federal prudential bank regulators and the Federal Trade Commission was made part of the FCRA by a 2003 amendment. Until Wednesday, July 27, 2022, the SEC had (despite the Sept. 15, 2020, Risk Alert) brought only one enforcement action for violating the “Red Flag” Rule (in 2018 when customers of the firm involved suffered harm from the identity thefts). In 2017, however, the Commission created a new unit in its Division of Enforcement to better address the growing risks of cyber intrusion in the U.S. capital markets, the Crypto Assets and Cyber Unit (“CACU”). That unit almost doubled in size recently with the addition of 20 newly assigned persons, as reported in an SEC Press Release of May 3, 2022. There the Commission stated the Unit “will continue to tackle the omnipresent cyber-related threats in the nation’s [capital] markets.” Also, underscoring the ever-increasing role played by the SEC in overseeing the operations of broker/dealers and investment advisers, the OCIE was renamed the Division of Examinations (“Exams”) on Dec. 17, 2020, elevating an “Office” of the SEC to a “Division.”

Examinations of three broker/dealers by personnel from Exams led the CACU to investigate all three, resulting in the institution of Administrative and Cease-and Desist Proceedings against each of the respondents for violations of Regulation S-ID. In those proceedings, the Commission alleged that the Identity Theft Protection Program (“ITPP”), which each respondent was required to have, was deficient. Regulation S-ID, including its Appendix A, sets forth both the requirements for an ITPP and types of red flags the Program should consider, and in Supplement A to Appendix A, includes examples of red flags from each category of possible risks. An ITPP must be in writing and should contain the following:

  1. Reasonable policies and procedures to identify, detect and respond appropriately to relevant red flags of the types likely to arise considering the firm’s business and the scope of its brokerage and/or advisory activities; and those policies and procedures should specify the responsive steps to be taken; broad generalizations will not suffice. Those policies and procedures should also describe the firm’s practices with respect to theft identification, prevention, and response, and direct that the firm document the steps to be taken in each case.
  2.  Requirements for periodic updates of the Program, including updates reflecting the firm’s experience with both a) identity theft; and b) changes in the firm’s business. In addition, the updates should address changes in the types and mechanisms of cybersecurity risks the firm might plausibly encounter.
  3. Requirements for periodic review of the types of accounts offered and the risks associated with each type.
  4. Provisions directing at least annual reports to the firm’s board of directors, and/or senior management, addressing the program’s effectiveness, including identity theft-related incidents and management responses to them.
  5. Provisions for training of staff in identity theft and the responses required by the firm’s ITPP.
  6. Requirements for monitoring third party service providers for compliance with identity theft provisions that meet those of the firm’s program.

The ITPP of each of the three broker/dealers was, as noted, found deficient. The first, J.P. Morgan Securities, LLC (“MORGAN”), organized under Delaware law and headquartered in New York, New York, is a wholly owned subsidiary of JPMorgan Chase & Co. (described by the Commission as “a global financial services firm” in its July 27, 2022, Order Instituting Administrative and Cease-and-Desist Proceedings [the “Morgan Order”]). Morgan is registered with the Commission as both a broker/dealer (since Dec. 13, 1985) and an investment adviser (since April 3, 1965). As recited in the Morgan Order, the SEC found Morgan offered and maintained customer accounts “primarily for personal, family, or household purposes that involve or are designed to permit multiple payments or transactions.” The order further notes that from Jan. 1, 2017, through Dec. 31, 2019, Morgan’s ITPP did not meet the requirements of Regulation S-ID because it “merely restated the general legal requirements” and did not specify how Morgan would identify a red flag or direct how to respond to it. The Morgan Order notes that although Morgan did take action to detect and respond to incidents of identity theft, the procedures followed were not in Morgan’s Program. Further, Morgan did not periodically update its program, even as both the types of accounts offered, and the extent of cybersecurity risks changed. The SEC also found Morgan did not adequately monitor its third-party service providers, and it failed to provide any identity theft-specific training to its staff. As a result, Morgan had violated Regulation S-ID. The order noted that Morgan “has undertaken substantial remedial acts, including auditing and revising … [its Program].” Nonetheless, Morgan was ordered to cease and desist from violating Regulation S-ID, was censured, and was ordered to pay a civil penalty of $1.2 million.

The second broker/dealer charged was UBS Financial Services Inc.(“UFS”), a Delaware corporation dually registered with the Commission as both a broker/dealer and an investment adviser since 1971. UFS, headquartered in Weehawken, New Jersey, is a subsidiary of UBS Group AG, a publicly traded major financial institution incorporated in Switzerland. In 2008, UBF adopted an ITPP (the “UBF Program”) pursuant to the 2003 amendments to the FCRA. The program applied both to UBF and to other affiliated entities and branch offices in the U.S. and Puerto Rico “which offered private and retail banking, mortgage, and private investment services that operated under UBS Group AG’s Wealth Management Americas’ line of business.” See my blog published on Aug. 22, 2022, “Only Sell What You Know: Swiss Bank Negligence is a Fraud on Clients,” for information about the origins and history of UBS Group AG.

The July 27, 2022, SEC Order instituting Administrative and Cease-and-Desist Proceedings against UBF (the “UBF Order”) stated that UBF made no change to the UBF Program when, in 2013, it became subject to Regulation S-ID, or thereafter from Jan. 1, 2017, to Dec. 31, 2019, other than to revise the list of entities and branches it covered. The Commission found UBF failed to update the UBF Program even as the accounts it offered changed, and without considering if some accounts offered by affiliated entities and branches are not “covered accounts” within regulation S-ID. The UBF Program did not have reasonable policies and procedures to identify red flags, taking into consideration account types and attendant risks, and did not specify what responses were required. The SEC also found the program wanting for not providing for periodic updates, especially addressing changes in accounts and/or in cybersecurity risks. The annual reports to the board of directors “did not provide sufficient information” to assess the UBF Program’s effectiveness or the adequacy of UBF’s monitoring of third-party service providers; indeed, the UBF Order notes the “board minutes do not reflect any discussion of compliance with Regulation S-ID.” In addition, UBF “did not conduct any training of its staff specific” to the UBF Program, including how to detect and respond to red flags.  As a result, the Commission found UBF in violation of Regulation S-ID. Although the Commission again noted the “substantial remedial acts” undertaken by UBF, including retaining “an outside consulting firm to review its Program” and to recommend change, the SEC nonetheless ordered UBF to cease and desist from violating the Regulation, censured UBF, and ordered it to pay a civil penalty of $925,000.

The third member of this broker/dealer trio is TradeStation Securities, Inc. (“TSS”), a Florida corporation headquartered in Plantation, Florida, that, according to the July 27, 2022, SEC Order Instituting Administrative and Cease-and-Desist Proceedings (the “TSS Order”), “provides primarily commission-free, directed online brokerage services to retail and institutional customers.” TSS has been registered with the SEC as a broker/dealer since January 1996. Their ITPP, too, was found deficient. The ITPP implemented by TSS (the “TSS Program”) essentially ignored the reality of TSS’s business as an online operation. For instance, the TSS Program cited only the red flags offered as “non-comprehensive examples in Supplement A to Appendix A” and not any “relevant to its business and the nature and scope of its brokerage activities.” Hence, the TSS Program cited the need to confirm the physical appearance of customers to make certain it was consistent with photographs or physical descriptions in the file. But an online broker/dealer would have scant opportunity to see a customer or a new customer in person, even when opening an account. Nor did TSS check the Supplement A red flag examples cited in the TSS Program when opening new customer accounts. The TSS Program directed only that “additional due diligence” should be performed if a red flag were identified, rather than directing specific responsive steps to be taken, such as not opening an account in a questionable situation. There were no requirements for periodic updates of the TSS Program. Indeed, “there were no material changes to the Program” after May 20, 2013, “despite significant changes in external cybersecurity risks related to identity theft.” At this point in the TSS Order, the Commission cited a finding in the Federal Register that “[a]dvancements in technology … have led to increasing threats to the integrity … of personal information.” The SEC found that TSS did not provide reports about the TSS Program and compliance with Regulation S-ID either to the TSS board or to a designated member of senior management, and that TSS had no adequate policies and procedures in place to monitor third-party service providers for compliance with detecting and preventing identity theft. The order is silent on the extent of TSS’s training of staff to deal with identity threats, but considering the other shortcomings, presumably such training was at best haphazard. The Commission found that TSS violated Regulation S-ID. Although the TSS Order noted (as with the other Proceedings) the “substantial remedial acts” undertaken by TSS, including retaining “an outside consulting firm” to aid compliance, the Commission nonetheless ordered TSS to cease-and-desist from violating the Regulation, censured TSS, and ordered it to pay a civil penalty of $425,000.

These three enforcement actions on the same day, especially ones involving two of the world’s leading financial institutions, signal a new level of attention by the Commission to cybersecurity risks to customers of broker/dealers and investment advisers, with a focus on the risks inherent in identity theft. As one leading law firm writing about these three actions advised, “[f]irms should review their ITPPs placing particular emphasis on identifying red flags tailored to their business and on conducting regular compliance reviews to update those red flags and related policies and procedures to reflect changes in business practices and risk.” That sound advice should be followed NOW, before the CACU comes calling.

For more Financial, Securities, and Banking Law news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Copyright ©2022 Cornerstone Research

What Brokers, Company Insiders, and Others Need to Know about Securities Litigation

Individuals, companies, and firms involved in all aspects of the securities industry face litigation risks daily. From whistleblower lawsuits and U.S. Securities and Exchange Commission (SEC) enforcement actions to Financial Industry Regulatory Authority (FINRA) arbitration and private-right-of-action cases under the Securities Exchange Act of 1934, all types of securities litigation present risks for civil liability. In some cases, securities litigation can present risks for criminal penalties as well.

With this in mind, there is a lot that brokers, company insiders, investment advisers, and others need to know when targeted in lawsuits and investigations. When brokers, company insiders, and others make informed decisions based on the advice of experienced counsel, they can significantly mitigate their risk in both private and governmental securities litigation.

“Securities litigation can present substantial risks for individuals, companies, and firms. Whether facing allegations in civil litigation, SEC enforcement proceedings, or FINRA arbitration, the key to mitigating these risks is to build and execute a comprehensive, strategic and forward-thinking defense.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C. law firms.

Answers to 10 Frequently Asked Questions (FAQs) about Securities Litigation

Here are answers to 10 frequently asked questions (FAQs) about securities litigation:

1. What Are Some of the Most Common Claims Against Brokers and Brokerage Firms in Securities Litigation?

Brokers and brokerage firms have faced a growing volume of litigation in recent years. This includes private litigation involving individual investors as well as litigation involving the SEC. Investigations, lawsuits, and arbitration filings targeting brokers and brokerage firms primarily focus on acts and omissions constituting investor fraud, though brokers and brokerage firms can face a variety of other claims in securities litigation as well.

Some examples of common claims against brokers and brokerage firms in securities litigation include:

  • Making unsuitable investment recommendations

  • Unauthorized trading and account churning

  • Charging excessive fees and commissions

  • Failing to disclose or misconstruing material information (especially in connection with structured products and other high-risk investments)

  • Failure to supervise or implement adequate internal controls

2. What Are Some of the Most Common Claims Against Company Insiders and Issuers in Securities Litigation?

Securities fraud lawsuits and enforcement actions targeting company insiders and securities issuers can also involve an extremely broad range of allegations. These cases are typically very different from those targeting brokers and brokerage firms; and, while both falls under the umbrella of “securities litigation,” the resemblances between the two categories are minimal. Some examples of common claims against company insiders and issuers in securities litigation include:

  • Accounting and recordkeeping violations

  • Submitting false SEC filings

  • Insider trading

  • Market manipulation

  • Selling unregistered securities and conducting unregistered IPOs

3. What Are Some of the Most Common Triggers for Securities Fraud Lawsuits and Investigations?

Many securities fraud lawsuits and investigations result from investor complaints. Typically, investors will have concerns about losses in their portfolios that they believe cannot be explained by ordinary market forces. These concerned investors will contact plaintiffs’ lawyers to help them file claims alleging fraud in federal courts, district courts or FINRA arbitration.

In some cases, concerned investors will file whistleblower claims with the SEC. The SEC has an obligation to investigate all whistleblower complaints that meet the basic filing requirements, and SEC whistleblowers can receive substantial compensation awards.

The SEC also initiates investigations on its own. Questionable EDGAR filings, market activity, media reports, and referrals from other federal law enforcement agencies can all trigger SEC investigations that may lead to civil or criminal enforcement action. The SEC also monitors activity on social media and other online platforms, and activity on these platforms is increasingly serving as the basis for SEC enforcement activity.

4. What Types of Claims Are Most Likely to Lead to Class Action Securities Litigation?

While all securities litigation presents liability risks for the individuals or entities targeted, companies and firms targeted in class action litigation face risk on an entirely different scale. Class action lawsuits lead to devastating liability that can threaten companies’ and firms’ viability as a going concern.

The types of claims that are most likely to lead to class action securities litigation are those that involve violations affecting large groups of investors. Inadequate brokerage controls that lead to systemic unsuitable investment recommendations, omitting material information from companies’ 10-K or 10-Q filings, mismanagement of investors’ funds, and market manipulation resulting in widespread losses are all examples of issues that can lead (and have led) to securities-related class action lawsuits.

5. How Does the SEC’s Whistleblower Program Work?

The SEC’s Office of the Whistleblower accepts tips from company employees, investors, and others who believe they have information about securities fraud. When a whistleblower complaint spurs enforcement action resulting in sanctions of $1 million or more, the whistleblower can receive between 10% and 30% of the amount collected.

As a result, individuals have a strong financial incentive to come forward and work with the SEC. Additionally, even if the SEC declines to pursue enforcement action based on a whistleblower’s tip, the whistleblower can still choose to pursue a claim directly, and whistleblower compensation awards are higher in these cases. Due to these incentives, whistleblower litigation is a key component of the SEC’s overall securities law enforcement strategy.

6. When Is It Advantageous to Settle a Securities Fraud Lawsuit or Arbitration Claim?

When facing substantiated allegations of securities fraud, settling will often prove to be the most cost-effective solution. However, targeted individuals and entities must be careful not to settle too soon, as there are numerous ways to fight securities fraud allegations even in scenarios that seem highly unfavorable (more on this below).

So, when is it advantageous to settle? Simply put, the costs of settling need to be less than the costs of any other alternative. This includes not only legal costs and any potential judgment liability, but reputational and administrative (i.e. suspension or debarment) costs as well.

7. When Can the U.S. Department of Justice Pursue Criminal Securities Fraud Litigation?

The U.S. Department of Justice (DOJ) pursues criminal securities fraud litigation in cases involving intentional (or apparently intentional) securities law violations. According to the DOJ’s website, the Department’s Market Integrity and Major Frauds (MIMF) Unit, “focuses on the prosecution of complex securities, commodities, cryptocurrency, and other financial fraud and market manipulation cases.” In criminal securities fraud cases, the DOJ can seek penalties ranging from substantial fines to long-term imprisonment for company executives and other insiders.

8. What Remedies Can Investors Seek in Securities Litigation?

In private securities litigation and FINRA arbitration, retail investors can seek compensatory damages for their fraudulent investment losses. An investor’s losses may be deemed fraudulent if they result from either: (i) broker fraud or mismanagement (i.e., making unsuitable investment recommendations), or (ii) a drop in the value of their securities that is not attributable to ordinary market forces. Along with the recovery of their lost principal and investment earnings, investors can seek to recover interest, fees, and other costs as well.

9. What Remedies Can the SEC Seek in Securities Litigation?

When pursuing enforcement actions against brokers, brokerage firms, company insiders, and issuers, the SEC can seek a range of civil and administrative penalties. These include fines, disgorgement, and restitution as well as cease-and-desist orders, suspension, and debarment from the securities industry.

10. What Defenses Can Individuals, Companies, and Firms Use to Protect Themselves in Securities Litigation?

While securities litigation can involve a broad range of allegations and present substantial risk for liability and other penalties, targeted individuals and entities may be able to successfully defend themselves by several means. Whether securing a favorable result means avoiding liability entirely or negotiating a favorable settlement, the key to success is making informed decisions in light of the available opportunities.

For brokers and brokerage firms, some examples of potential defenses include:

  • Misguided Allegations – In many cases, investors (and their counsel) simply lack an adequate understanding of the law. Demonstrating that an investor’s allegations are misguided can serve as an efficient and complete defense against liability.

  • Investor Authorization – One particular area of confusion for many investors is the area of authorization (including discretionary authorization). If an investor is challenging a trade that he or she authorized, providing documentation of authorization can be sufficient to avoid liability.

  • Statutory and Regulatory Compliance – Brokers and brokerage firms will also be able to successfully defend against securities fraud allegations by demonstrating compliance with the relevant statutes, regulations, or FINRA rules.

For company insiders and issuers, some examples of potential defenses include:

  • Compliance with Pre-Arranged Trading Plans – In cases involving insider trading allegations, company insiders can avoid liability by demonstrating compliance with a pre-arranged trading plan.

  • Good-Faith Disclosure – Issuers accused of withholding material information or publishing incomplete or misleading information can often defend against fraud allegations by demonstrating good-faith efforts to maintain disclosure compliance.

  • Qualifying for a Registration Exemption – Issuers can qualify for registration exemptions in various scenarios. If security is exempt, then offering security without registration is 100% permissible.

The fact that these are just examples cannot be overemphasized. Securities litigation can involve an extraordinarily broad range of allegations under numerous laws, rules, and regulations. In many cases, targeted companies and individuals will be able to assert a successful defense by focusing on discrete elements of the plaintiff’s or SEC’s burden of proof. From asserting the applicable statute of limitations to preventing class certification, several technical defenses can prove highly effective in securities litigation as well. As with all types of litigation, the key is to explore all viable defenses, build a comprehensive and cohesive defense strategy, and then execute that strategy while remaining prepared to adapt as necessary.

Oberheiden P.C. © 2022