Category: finance

“Red Flags in the Mind Set”: SEC Sanctions Three Broker/Dealers for Identity Theft Deficiencies

In 1975, around the time of “May Day” (1 May 1975), which brought the end of fixed commission rates and the birth of registered clearing agencies for securities trading (1976), the U. S. Securities and Exchange Commission (“SEC”) created a designated unit to deal with the growth of trading and the oversight of broker/dealers. That unit, the Office of Compliance Inspections and Examinations (the “OCIE”), evolved and grew over time. It regularly issued Risk Alerts on specific topics aimed at Broker/Dealers and/or Investment Advisers, expecting that those addressees would take appropriate steps to prevent the occurrence of the identified risk, or at least mitigate its impact on customers. On Sept. 15, 2020, the OCIE issued a Risk Alert entitled “Cybersecurity: Safeguarding Client Accounts against Credential Compromise,” which emphasized the importance of compliance with SEC Regulation S-ID, the “Identity Theft Red Flags Rule,” adopted May 20, 2013, under Sections of the Securities Exchange Act of 1934 (the “34 Act”) and the Investment Advisers Act of 1940, as amended (the “40 Act”). See, in that connection, the discussion of this and related SEC cyber regulations in my Nov. 19, 2020, Blog “Credential Stuffing: Cyber Intrusions into Client Accounts of Broker/Dealers and Investment Advisors.”

The SEC was required to adopt Regulation S-ID by a provision in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, which amended a provision of the Fair Credit Reporting Act of 1970 (“FCRA”) to add both the SEC and the Commodity Futures Trading Commission to the federal agencies that must have “red flag” rules. That “red flag” requirement for the seven federal prudential bank regulators and the Federal Trade Commission was made part of the FCRA by a 2003 amendment. Until Wednesday, July 27, 2022, the SEC had (despite the Sept. 15, 2020, Risk Alert) brought only one enforcement action for violating the “Red Flag” Rule (in 2018 when customers of the firm involved suffered harm from the identity thefts). In 2017, however, the Commission created a new unit in its Division of Enforcement to better address the growing risks of cyber intrusion in the U.S. capital markets, the Crypto Assets and Cyber Unit (“CACU”). That unit almost doubled in size recently with the addition of 20 newly assigned persons, as reported in an SEC Press Release of May 3, 2022. There the Commission stated the Unit “will continue to tackle the omnipresent cyber-related threats in the nation’s [capital] markets.” Also, underscoring the ever-increasing role played by the SEC in overseeing the operations of broker/dealers and investment advisers, the OCIE was renamed the Division of Examinations (“Exams”) on Dec. 17, 2020, elevating an “Office” of the SEC to a “Division.”

Examinations of three broker/dealers by personnel from Exams led the CACU to investigate all three, resulting in the institution of Administrative and Cease-and Desist Proceedings against each of the respondents for violations of Regulation S-ID. In those proceedings, the Commission alleged that the Identity Theft Protection Program (“ITPP”), which each respondent was required to have, was deficient. Regulation S-ID, including its Appendix A, sets forth both the requirements for an ITPP and types of red flags the Program should consider, and in Supplement A to Appendix A, includes examples of red flags from each category of possible risks. An ITPP must be in writing and should contain the following:

  1. Reasonable policies and procedures to identify, detect and respond appropriately to relevant red flags of the types likely to arise considering the firm’s business and the scope of its brokerage and/or advisory activities; and those policies and procedures should specify the responsive steps to be taken; broad generalizations will not suffice. Those policies and procedures should also describe the firm’s practices with respect to theft identification, prevention, and response, and direct that the firm document the steps to be taken in each case.
  2.  Requirements for periodic updates of the Program, including updates reflecting the firm’s experience with both a) identity theft; and b) changes in the firm’s business. In addition, the updates should address changes in the types and mechanisms of cybersecurity risks the firm might plausibly encounter.
  3. Requirements for periodic review of the types of accounts offered and the risks associated with each type.
  4. Provisions directing at least annual reports to the firm’s board of directors, and/or senior management, addressing the program’s effectiveness, including identity theft-related incidents and management responses to them.
  5. Provisions for training of staff in identity theft and the responses required by the firm’s ITPP.
  6. Requirements for monitoring third party service providers for compliance with identity theft provisions that meet those of the firm’s program.

The ITPP of each of the three broker/dealers was, as noted, found deficient. The first, J.P. Morgan Securities, LLC (“MORGAN”), organized under Delaware law and headquartered in New York, New York, is a wholly owned subsidiary of JPMorgan Chase & Co. (described by the Commission as “a global financial services firm” in its July 27, 2022, Order Instituting Administrative and Cease-and-Desist Proceedings [the “Morgan Order”]). Morgan is registered with the Commission as both a broker/dealer (since Dec. 13, 1985) and an investment adviser (since April 3, 1965). As recited in the Morgan Order, the SEC found Morgan offered and maintained customer accounts “primarily for personal, family, or household purposes that involve or are designed to permit multiple payments or transactions.” The order further notes that from Jan. 1, 2017, through Dec. 31, 2019, Morgan’s ITPP did not meet the requirements of Regulation S-ID because it “merely restated the general legal requirements” and did not specify how Morgan would identify a red flag or direct how to respond to it. The Morgan Order notes that although Morgan did take action to detect and respond to incidents of identity theft, the procedures followed were not in Morgan’s Program. Further, Morgan did not periodically update its program, even as both the types of accounts offered, and the extent of cybersecurity risks changed. The SEC also found Morgan did not adequately monitor its third-party service providers, and it failed to provide any identity theft-specific training to its staff. As a result, Morgan had violated Regulation S-ID. The order noted that Morgan “has undertaken substantial remedial acts, including auditing and revising … [its Program].” Nonetheless, Morgan was ordered to cease and desist from violating Regulation S-ID, was censured, and was ordered to pay a civil penalty of $1.2 million.

The second broker/dealer charged was UBS Financial Services Inc.(“UFS”), a Delaware corporation dually registered with the Commission as both a broker/dealer and an investment adviser since 1971. UFS, headquartered in Weehawken, New Jersey, is a subsidiary of UBS Group AG, a publicly traded major financial institution incorporated in Switzerland. In 2008, UBF adopted an ITPP (the “UBF Program”) pursuant to the 2003 amendments to the FCRA. The program applied both to UBF and to other affiliated entities and branch offices in the U.S. and Puerto Rico “which offered private and retail banking, mortgage, and private investment services that operated under UBS Group AG’s Wealth Management Americas’ line of business.” See my blog published on Aug. 22, 2022, “Only Sell What You Know: Swiss Bank Negligence is a Fraud on Clients,” for information about the origins and history of UBS Group AG.

The July 27, 2022, SEC Order instituting Administrative and Cease-and-Desist Proceedings against UBF (the “UBF Order”) stated that UBF made no change to the UBF Program when, in 2013, it became subject to Regulation S-ID, or thereafter from Jan. 1, 2017, to Dec. 31, 2019, other than to revise the list of entities and branches it covered. The Commission found UBF failed to update the UBF Program even as the accounts it offered changed, and without considering if some accounts offered by affiliated entities and branches are not “covered accounts” within regulation S-ID. The UBF Program did not have reasonable policies and procedures to identify red flags, taking into consideration account types and attendant risks, and did not specify what responses were required. The SEC also found the program wanting for not providing for periodic updates, especially addressing changes in accounts and/or in cybersecurity risks. The annual reports to the board of directors “did not provide sufficient information” to assess the UBF Program’s effectiveness or the adequacy of UBF’s monitoring of third-party service providers; indeed, the UBF Order notes the “board minutes do not reflect any discussion of compliance with Regulation S-ID.” In addition, UBF “did not conduct any training of its staff specific” to the UBF Program, including how to detect and respond to red flags.  As a result, the Commission found UBF in violation of Regulation S-ID. Although the Commission again noted the “substantial remedial acts” undertaken by UBF, including retaining “an outside consulting firm to review its Program” and to recommend change, the SEC nonetheless ordered UBF to cease and desist from violating the Regulation, censured UBF, and ordered it to pay a civil penalty of $925,000.

The third member of this broker/dealer trio is TradeStation Securities, Inc. (“TSS”), a Florida corporation headquartered in Plantation, Florida, that, according to the July 27, 2022, SEC Order Instituting Administrative and Cease-and-Desist Proceedings (the “TSS Order”), “provides primarily commission-free, directed online brokerage services to retail and institutional customers.” TSS has been registered with the SEC as a broker/dealer since January 1996. Their ITPP, too, was found deficient. The ITPP implemented by TSS (the “TSS Program”) essentially ignored the reality of TSS’s business as an online operation. For instance, the TSS Program cited only the red flags offered as “non-comprehensive examples in Supplement A to Appendix A” and not any “relevant to its business and the nature and scope of its brokerage activities.” Hence, the TSS Program cited the need to confirm the physical appearance of customers to make certain it was consistent with photographs or physical descriptions in the file. But an online broker/dealer would have scant opportunity to see a customer or a new customer in person, even when opening an account. Nor did TSS check the Supplement A red flag examples cited in the TSS Program when opening new customer accounts. The TSS Program directed only that “additional due diligence” should be performed if a red flag were identified, rather than directing specific responsive steps to be taken, such as not opening an account in a questionable situation. There were no requirements for periodic updates of the TSS Program. Indeed, “there were no material changes to the Program” after May 20, 2013, “despite significant changes in external cybersecurity risks related to identity theft.” At this point in the TSS Order, the Commission cited a finding in the Federal Register that “[a]dvancements in technology … have led to increasing threats to the integrity … of personal information.” The SEC found that TSS did not provide reports about the TSS Program and compliance with Regulation S-ID either to the TSS board or to a designated member of senior management, and that TSS had no adequate policies and procedures in place to monitor third-party service providers for compliance with detecting and preventing identity theft. The order is silent on the extent of TSS’s training of staff to deal with identity threats, but considering the other shortcomings, presumably such training was at best haphazard. The Commission found that TSS violated Regulation S-ID. Although the TSS Order noted (as with the other Proceedings) the “substantial remedial acts” undertaken by TSS, including retaining “an outside consulting firm” to aid compliance, the Commission nonetheless ordered TSS to cease-and-desist from violating the Regulation, censured TSS, and ordered it to pay a civil penalty of $425,000.

These three enforcement actions on the same day, especially ones involving two of the world’s leading financial institutions, signal a new level of attention by the Commission to cybersecurity risks to customers of broker/dealers and investment advisers, with a focus on the risks inherent in identity theft. As one leading law firm writing about these three actions advised, “[f]irms should review their ITPPs placing particular emphasis on identifying red flags tailored to their business and on conducting regular compliance reviews to update those red flags and related policies and procedures to reflect changes in business practices and risk.” That sound advice should be followed NOW, before the CACU comes calling.

For more Financial, Securities, and Banking Law news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Article By Sara E. Gilley, Lindsay Schick, and Heather B. Lazur of Cornerstone Research

For more securities and SEC legal news, click here to visit the National Law Review.

Copyright ©2022 Cornerstone Research

Is Crypto Collapsing?

November 11, 2022, brought news of yet another massive crypto bankruptcy filing. One of the largest crypto exchanges, FTX, filed a petition for bankruptcy protection in Delaware. FTX, Alameda, and other affiliates estimated in their filings that they have more than 100,000 creditors. With their estimated range of between $10 and $50 billion worth of assets and liabilities, this could well be the largest crypto-related bankruptcy ever filed.

This follows a slew of other big names in crypto which have filed bankruptcy petitions recently, including lender Three Arrows Capital (3AC) and the Celsius crypto exchange. Others have sought similar protections overseas, such as Zipmex’s proceeding in Singapore.

Why are these companies filing bankruptcy? The reasons vary.

  • Business models built on unsustainable growth rates in cryptocurrency prices
  • Collapse in cryptocurrency prices, leading to “runs on the bank”
  • Financial irregularities

Is your crypto safe? That depends on what it is and where you park it. Some newer tokens and wallet software may not have been extensively tested, and so may have weak points that an attacker might exploit. Even “safe” currencies like Bitcoin can be hacked if stored in a hot wallet. Of particular interest, customers of a bankruptcy exchange may find it difficult to recover their crypto deposits because their investments may be treated as mere unsecured claims against the exchange, drastically reducing the odds of recovery.

Filings by crypto-based entities come with a host of thorny issues. The most obvious is whether a crypto exchange’s bankruptcy estate owns the tokens it holds for others. But there are many others, including privacy concerns with respect to what previously were anonymous transactions and questions about the propriety of large financial withdrawals by high-ranking individuals in the days surrounding the filing of bankruptcy petitions.

For More FinTech Legal News, click here to visit the National Law Review.

© 2022 Miller, Canfield, Paddock and Stone PLC

What Brokers, Company Insiders, and Others Need to Know about Securities Litigation

Individuals, companies, and firms involved in all aspects of the securities industry face litigation risks daily. From whistleblower lawsuits and U.S. Securities and Exchange Commission (SEC) enforcement actions to Financial Industry Regulatory Authority (FINRA) arbitration and private-right-of-action cases under the Securities Exchange Act of 1934, all types of securities litigation present risks for civil liability. In some cases, securities litigation can present risks for criminal penalties as well.

With this in mind, there is a lot that brokers, company insiders, investment advisers, and others need to know when targeted in lawsuits and investigations. When brokers, company insiders, and others make informed decisions based on the advice of experienced counsel, they can significantly mitigate their risk in both private and governmental securities litigation.

“Securities litigation can present substantial risks for individuals, companies, and firms. Whether facing allegations in civil litigation, SEC enforcement proceedings, or FINRA arbitration, the key to mitigating these risks is to build and execute a comprehensive, strategic and forward-thinking defense.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C. law firms.

Answers to 10 Frequently Asked Questions (FAQs) about Securities Litigation

Here are answers to 10 frequently asked questions (FAQs) about securities litigation:

1. What Are Some of the Most Common Claims Against Brokers and Brokerage Firms in Securities Litigation?

Brokers and brokerage firms have faced a growing volume of litigation in recent years. This includes private litigation involving individual investors as well as litigation involving the SEC. Investigations, lawsuits, and arbitration filings targeting brokers and brokerage firms primarily focus on acts and omissions constituting investor fraud, though brokers and brokerage firms can face a variety of other claims in securities litigation as well.

Some examples of common claims against brokers and brokerage firms in securities litigation include:

  • Making unsuitable investment recommendations

  • Unauthorized trading and account churning

  • Charging excessive fees and commissions

  • Failing to disclose or misconstruing material information (especially in connection with structured products and other high-risk investments)

  • Failure to supervise or implement adequate internal controls

2. What Are Some of the Most Common Claims Against Company Insiders and Issuers in Securities Litigation?

Securities fraud lawsuits and enforcement actions targeting company insiders and securities issuers can also involve an extremely broad range of allegations. These cases are typically very different from those targeting brokers and brokerage firms; and, while both falls under the umbrella of “securities litigation,” the resemblances between the two categories are minimal. Some examples of common claims against company insiders and issuers in securities litigation include:

  • Accounting and recordkeeping violations

  • Submitting false SEC filings

  • Insider trading

  • Market manipulation

  • Selling unregistered securities and conducting unregistered IPOs

3. What Are Some of the Most Common Triggers for Securities Fraud Lawsuits and Investigations?

Many securities fraud lawsuits and investigations result from investor complaints. Typically, investors will have concerns about losses in their portfolios that they believe cannot be explained by ordinary market forces. These concerned investors will contact plaintiffs’ lawyers to help them file claims alleging fraud in federal courts, district courts or FINRA arbitration.

In some cases, concerned investors will file whistleblower claims with the SEC. The SEC has an obligation to investigate all whistleblower complaints that meet the basic filing requirements, and SEC whistleblowers can receive substantial compensation awards.

The SEC also initiates investigations on its own. Questionable EDGAR filings, market activity, media reports, and referrals from other federal law enforcement agencies can all trigger SEC investigations that may lead to civil or criminal enforcement action. The SEC also monitors activity on social media and other online platforms, and activity on these platforms is increasingly serving as the basis for SEC enforcement activity.

4. What Types of Claims Are Most Likely to Lead to Class Action Securities Litigation?

While all securities litigation presents liability risks for the individuals or entities targeted, companies and firms targeted in class action litigation face risk on an entirely different scale. Class action lawsuits lead to devastating liability that can threaten companies’ and firms’ viability as a going concern.

The types of claims that are most likely to lead to class action securities litigation are those that involve violations affecting large groups of investors. Inadequate brokerage controls that lead to systemic unsuitable investment recommendations, omitting material information from companies’ 10-K or 10-Q filings, mismanagement of investors’ funds, and market manipulation resulting in widespread losses are all examples of issues that can lead (and have led) to securities-related class action lawsuits.

5. How Does the SEC’s Whistleblower Program Work?

The SEC’s Office of the Whistleblower accepts tips from company employees, investors, and others who believe they have information about securities fraud. When a whistleblower complaint spurs enforcement action resulting in sanctions of $1 million or more, the whistleblower can receive between 10% and 30% of the amount collected.

As a result, individuals have a strong financial incentive to come forward and work with the SEC. Additionally, even if the SEC declines to pursue enforcement action based on a whistleblower’s tip, the whistleblower can still choose to pursue a claim directly, and whistleblower compensation awards are higher in these cases. Due to these incentives, whistleblower litigation is a key component of the SEC’s overall securities law enforcement strategy.

6. When Is It Advantageous to Settle a Securities Fraud Lawsuit or Arbitration Claim?

When facing substantiated allegations of securities fraud, settling will often prove to be the most cost-effective solution. However, targeted individuals and entities must be careful not to settle too soon, as there are numerous ways to fight securities fraud allegations even in scenarios that seem highly unfavorable (more on this below).

So, when is it advantageous to settle? Simply put, the costs of settling need to be less than the costs of any other alternative. This includes not only legal costs and any potential judgment liability, but reputational and administrative (i.e. suspension or debarment) costs as well.

7. When Can the U.S. Department of Justice Pursue Criminal Securities Fraud Litigation?

The U.S. Department of Justice (DOJ) pursues criminal securities fraud litigation in cases involving intentional (or apparently intentional) securities law violations. According to the DOJ’s website, the Department’s Market Integrity and Major Frauds (MIMF) Unit, “focuses on the prosecution of complex securities, commodities, cryptocurrency, and other financial fraud and market manipulation cases.” In criminal securities fraud cases, the DOJ can seek penalties ranging from substantial fines to long-term imprisonment for company executives and other insiders.

8. What Remedies Can Investors Seek in Securities Litigation?

In private securities litigation and FINRA arbitration, retail investors can seek compensatory damages for their fraudulent investment losses. An investor’s losses may be deemed fraudulent if they result from either: (i) broker fraud or mismanagement (i.e., making unsuitable investment recommendations), or (ii) a drop in the value of their securities that is not attributable to ordinary market forces. Along with the recovery of their lost principal and investment earnings, investors can seek to recover interest, fees, and other costs as well.

9. What Remedies Can the SEC Seek in Securities Litigation?

When pursuing enforcement actions against brokers, brokerage firms, company insiders, and issuers, the SEC can seek a range of civil and administrative penalties. These include fines, disgorgement, and restitution as well as cease-and-desist orders, suspension, and debarment from the securities industry.

10. What Defenses Can Individuals, Companies, and Firms Use to Protect Themselves in Securities Litigation?

While securities litigation can involve a broad range of allegations and present substantial risk for liability and other penalties, targeted individuals and entities may be able to successfully defend themselves by several means. Whether securing a favorable result means avoiding liability entirely or negotiating a favorable settlement, the key to success is making informed decisions in light of the available opportunities.

For brokers and brokerage firms, some examples of potential defenses include:

  • Misguided Allegations – In many cases, investors (and their counsel) simply lack an adequate understanding of the law. Demonstrating that an investor’s allegations are misguided can serve as an efficient and complete defense against liability.

  • Investor Authorization – One particular area of confusion for many investors is the area of authorization (including discretionary authorization). If an investor is challenging a trade that he or she authorized, providing documentation of authorization can be sufficient to avoid liability.

  • Statutory and Regulatory Compliance – Brokers and brokerage firms will also be able to successfully defend against securities fraud allegations by demonstrating compliance with the relevant statutes, regulations, or FINRA rules.

For company insiders and issuers, some examples of potential defenses include:

  • Compliance with Pre-Arranged Trading Plans – In cases involving insider trading allegations, company insiders can avoid liability by demonstrating compliance with a pre-arranged trading plan.

  • Good-Faith Disclosure – Issuers accused of withholding material information or publishing incomplete or misleading information can often defend against fraud allegations by demonstrating good-faith efforts to maintain disclosure compliance.

  • Qualifying for a Registration Exemption – Issuers can qualify for registration exemptions in various scenarios. If security is exempt, then offering security without registration is 100% permissible.

The fact that these are just examples cannot be overemphasized. Securities litigation can involve an extraordinarily broad range of allegations under numerous laws, rules, and regulations. In many cases, targeted companies and individuals will be able to assert a successful defense by focusing on discrete elements of the plaintiff’s or SEC’s burden of proof. From asserting the applicable statute of limitations to preventing class certification, several technical defenses can prove highly effective in securities litigation as well. As with all types of litigation, the key is to explore all viable defenses, build a comprehensive and cohesive defense strategy, and then execute that strategy while remaining prepared to adapt as necessary.

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more securities and SEC legal news, click here to visit the National Law Review.

Oberheiden P.C. © 2022

Federal Reserve Issues Latest Financial Stability Report

At the end of last week, the Federal Reserve Board (“FRB”) issued its semi-annual Financial Stability Report.

In a statement issued with the report, FRB Vice Chair Lael Brainard stated that over the past six months, “household and business indebtedness has remained generally stable, and on aggregate households and businesses have maintained the ability to cover debt servicing, despite rising interest rates.” She also noted that “[t]oday’s environment of rapid synchronous global monetary policy tightening, elevated inflation, and high uncertainty associated with the pandemic and the war raises the risk that a shock could lead to the amplification of vulnerabilities, for instance due to strained liquidity in core financial markets or hidden leverage.”

The Report notes that the FRB’s monitoring framework “distinguishes between shocks to, and vulnerabilities of, the financial system,” and “focuses primarily on assessing vulnerabilities, with an emphasis on four broad categories and how those categories might interact to amplify stress in the financial system.” The four categories of vulnerabilities are (1) valuation pressures, (2) borrowing by businesses and households, (3) leverage within the financial sector, and (4) funding risks. The overview of the Report notes that since the May report was released, “the economic outlook has weakened and uncertainty about the outlook has remained elevated, noting that “[i]nflation remains unacceptably high in the United States and is also elevated in many other countries.”

Related to the funding risk vulnerability (and perhaps showing some prescience to our lead story on FTX this week), the Report noted that stable coins remained vulnerable to runs. The Report included a highlighted discussion of digital assets and financial stability noting trouble and volatility in the crypto market in the spring of this year. That discussion noted that the “[t]he turmoil in the digital asset ecosystem did not have notable effects on the traditional financial system because the digital assets ecosystem does not provide significant financial services and its interconnections with the broader financial system are limited.” However, the report noted that as digital assets grow, so too will the risks to financial stability, and cited the October FSOC Report on Digital Asset Financial Stability Risks and Regulation in addressing those risks and regulatory gaps.

The Report identified several near-term risks that “could be amplified” through the four financial vulnerabilities, including high inflation, geopolitical risks (noting Russia’s invasion of Ukraine), market fragilities, and possible shocks caused by a cyber event.

Article By Daniel Meade of Cadwalader, Wickersham & Taft LLP

For more finance and financial institutions legal news, click here to visit the National Law Review.

© Copyright 2022 Cadwalader, Wickersham & Taft LLP

Not Ship Shape: SEC Sues Retired Chief Petty Officer for Fraudulent Offerings to Navy-Related Victims

The U.S. Securities and Exchange Commission (“SEC”) Office of Investor Education and Advocacy (“OIEA”), which dates from last century, is concerned with explaining aspects of the capital markets for “Main Street” investors and warning them against potential risks and fraud schemes. On Sept. 25, 2017, the Commission announced the formation of the Retail Strategy Task Force (“RSTF”) in its Division of Enforcement. Its purpose is to consider and implement “strategies to address misconduct that victimizes retail investors,” according to the SEC Press Release issued that day. A primary focus area of the OIEA and RSTF is so-called “affinity investments,” i.e., investment offerings aimed at groups such as churches, ethnic communities, college alumni groups, etc.

On Wednesday, July 27, 2022, the SEC filed suit in the Federal Court for the Northern District of Ohio, Eastern Division, against Robert F. Murray, 42, a retired U.S. Navy Chief Petty Officer residing in North Canton, Ohio, for conducting an unregistered offering of securities in Deep Dive Strategies, LLC, an Ohio private pooled investment fund (the “Fund”). Murray controlled the Fund and acted as investment adviser, telling investors the fund would invest in publicly traded securities. Murray marketed the offering through a Facebook group “with over 3500 active duty, reservists and veterans of the U.S. Navy who shared an interest in investing,” according to the Complaint. Most certainly an “affinity” group. Murray also created “a channel on the Discord social media platform where he live-streamed his trading activity and posted trading advice with a focus on options.”

The Fund was organized in September 2020 and solicited investors through February 2021. Although Murray told investors they could change their minds within 15 days and get their money back, in fact he “almost immediately began spending Fund money on personal expenses.” He transferred monies to his personal checking account and even withdrew cash from the Fund, so by February 2021, $148,000, or approximately 42% of the $355,000 invested by the unsuspecting “Goats” (a nickname for the Navy affinity group), had been “misappropriated” (i.e., stolen) by Murray. By March 2021 he had ceased regular communication with the Goats and failed to respond to requests to redeem “invested” dollars. Some of that misappropriated money was lost gambling at casinos in Cleveland and elsewhere in the Midwest.

Murray provided potential investors with both a Disclosure Statement and a copy of the Fund’s Operating Agreement, and the Complaint identifies several material misstatements and omissions in the two documents. In addition, Murray made oral material misstatements and omitted material information when speaking with potential and actual investors. In fact, Murray lost most of the Fund’s brokerage account on Jan. 13, 2021, when GameStop options purchased in the account saw their value plummet. In that connection see my Feb. 2, 2021, Blog “Rupture Rapture: Should the GameStop?” When the SEC began investigating Murray and the Fund, he asserted his Fifth Amendment rights and declined to answer questions.

In the Complaint, the Commission charges Murray with seven different securities law violations, each set out in a separate Count as follows:

  1. Violation of Section 10(b) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder by using devices, making untrue statements, and misleading omissions, and engaging in a business which operate as a fraud on securities purchasers.
  2. Violation of Section 17(a)(1) of the Securities Act of 1933, as amended (the “33 Act”), by offering and selling securities by means of interstate commerce using devices to defraud.  Violations of the 33 Act can be proven without the need to prove scienter (broadly, intent).
  3. Violation of Section 17(a)(2) of the 33 Act by obtaining money or property in connection with the sale of securities by means of untrue statements of material facts and making misleading omissions, engaging in transactions which operate as a fraud on the purchaser, where Murray was at least negligent in engaging in these activities.
  4. Violation of Sections 5(a) and 5(c) of the 33 Act by selling securities without the offering being registered (or exempt from registration), and with the use of a prospectus where the offering was not registered.
  5. Violation of Section 206(1) of the Investment Advisers Act of 1940, as amended (the “40 Act”) by acting as an investment adviser using devices to defraud clients and prospective clients.
  6. Violation of Section 206(2) of the 40 Act by acting as an investment adviser engaging in transactions which operate as a fraud on clients and prospective clients.
  7. Violation of Section 206(4) of the 40 Act and Rule 206(4)-8 thereunder by acting as an investment adviser to a pooled investment vehicle, making untrue statements of material fact and making misleading omissions and engaging in acts that are fraudulent with respect to investors in the pooled investment vehicle.

The SEC seeks entry of findings by the Court of the facts cited in the Complaint and of conclusions of law that concur with the Commission’s assertions of violations. In addition, the SEC seeks entry of a permanent injunction against future violations of the cited securities laws; an order requiring disgorgement of all Murray’s ill-gotten gains plus prejudgment interest; an order imposing a civil penalty of $1,065,000; and an order barring Murray from serving as an officer or director of any public company.

Murray preyed on his fellow Naval servicemen in violation of the unspoken understandings of the “Goats,” that a fellow Navy NCO would not seek to take financial advantage of them. That is why the SEC’s July 28, 2022, Press Release reporting this matter includes an express warning from the OIEA and the RSTF not to make “investment decisions based solely on common ties with someone recommending or selling the investment.” One wonders whether, if the Goats were to catch up with Murray, he would be keelhauled.

Article By Peter D. Hutcheon of Norris McLaughlin P.A.

For more securities and SEC legal news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

Buying, Selling, and Investing in Telehealth Companies: Navigating Structural and Compliance Issues

A multi-part series highlighting the unique health regulatory aspects of Telemedicine mergers and acquisitions, and financing transactions

Investors in the telehealth space and buyers and sellers of telehealth companies need to account for a set of health regulatory considerations that are unique to deals in this sector. As all parties to potential telehealth transactions analyze their long term role in the telehealth marketplace, two of the central issues to any transaction are compliance and structure – both in terms of structuring the telehealth transaction itself and due diligence issues that arise related to a target’s structure.

The COVID-19 pandemic, combined with strained health care staffing and provider availability, have accelerated the growth of the telehealth, and start-ups and traditional health systems alike are competing for access to patient populations in the telehealth space. However, as we adjust to life with COVID-19 as the norm, the expiration of the federal Public Health Emergency (PHE) looms, and the national economy contracts, we expect that the remainder of 2022 and into 2023 will see consolidation as the telehealth market begins to saturate and the long-term viability of certain platforms are tested. Telehealth companies, health systems, pharma companies and investors are all in potential positions to take advantage of this consolidation in a ripening M&A sector (while startups in the telehealth space continue to seek venture and institutional capital).

This is the first post in a series highlighting the unique health regulatory aspects of telehealth transactions. Future installments of this series are expected to cover licensure and regulatory approvals, compliance / clinical delivery models, and future market developments.

Telehealth Transaction Structure Considerations

The structure of any given telehealth transaction will largely depend on the business of the telehealth organization at play, but also will depend on the acquirer / investor. Regardless of whether a party is buying, selling or investing in a telehealth company, structuring the transaction appropriately will be important for all parties involved. While a standard stock purchase, asset purchase or merger may make sense for many of these transactions, we have also seen a proliferation of, affiliation arrangements, joint ventures (JV), alliances and partnerships.  These varieties of affiliation transactions can be a good choice for health systems that are not necessarily looking to manage or develop an existing platform, but instead are looking to leverage their patient populations and resources to partner with an existing technology platform. An affiliation or JV is more popular for telehealth companies operating purely as a technology platform (with no core business involving clinical services being provided). For parties in the traditional healthcare provider sector that provide clinical services, an affiliation or JV, which is easier to unwind or terminate than a traditional M&A transaction, can allow the parties to “test the waters” in a new, combined business venture. The affiliation or JV can take a variety of forms, including technology licensing agreements; the creation of a new entity to house the telehealth mission, which then has contractual arrangements with the both the JV parties; and exclusivity arrangements relating to use of the technology and access to patient populations.

While an affiliation or JV offers flexibility, can minimize the need for a large upfront investment, and can be an attractive alternative to a more permanent purchase or sale, there can be increased regulatory risk. Entrepreneurs, investors, and providers considering any such arrangement should bear in mind that in the wake of the COVID-19 pandemic and proliferation of telehealth, the Office of Inspector General of the Department of Health and Human Services (HHS-OIG) has expressed a heightened interest in investigating so called “telefraud” and recently issued a special fraud alert regarding suspect arrangements, discussed in this prior post. Further, the OIG’s guidance on contractual joint ventures that would run afoul of the federal Anti-Kickback Statute (AKS) should be front of mind and parties should strive to structure any affiliation or JV in a manner that meets or approximates an AKS safe harbor.

Target Telehealth Company Structure Compliance

Where telehealth companies are providing clinical services, and are not purely technology platforms, structuring and transaction diligence should focus on whether the target is operating in compliance with corporate practice of medicine (CPOM) laws. The CPOM doctrine is intended to maintain the independence of physician decision-making and reduce a “profits over people” mentality, and prevent physician employment by a lay-owned corporation unless an exception applies. Most states that have adopted CPOM impose similar restrictions on other types of clinical professionals, such as nurses, physical therapists, social workers, and psychologists. Telehealth companies often attempt to utilize a so-called “friendly PC” structure to comply with CPOM, whereby an investor-owned management services organization (“MSO”) affiliates with a physician-owned professional corporation (or other type of professional entity) (a “PC”) through a series of contractual agreements that foster a close working relationship between the MSO, PC, and PC owner and whereby the MSO provides management services, and sometimes start-up financing. The overall arrangement is intended to allow the MSO to handle the management side of the PC’s operations without impeding the professional judgment of the PC or the medical practice of its physicians and the PC owner.

CPOM Compliance Considerations and Diligence for Telehealth Companies

A sophisticated buyer will want to confirm that the target’s friendly PC structure is not only formally established, but is also operationalized properly and in a manner that minimizes fraud and abuse risk. If CPOM compliance gaps are identified in diligence this may, at worst, tank the deal and, at best, cause unexpected delays in the transaction timeline, as restructuring may be required or advisable. The buyer may also request additional deal concessions, such as a purchase price reduction and special indemnification coverage (with potentially a higher liability limit and an escrow as security). Accordingly, a telehealth company anticipating a sale or fund raise would be well served to engage in a self-audit to identify any CPOM compliance issues and undertake necessary corrective actions prior to the commencement of a transaction process.

Below are nine key questions with respect to CPOM compliance and related fraud and abuse issues that a buyer/investor in a telehealth transaction should examine carefully (and that the target should be prepared to answer):

  1. Does target have a PC that is properly incorporated or foreign qualified in all states where clinical services are provided (based on the location of the patient)?
  2. Does the PC owner (and any directors and officers of the PC, to the extent different from the PC owner) have a medical license in all states where the PC conducts business (to the extent in-state licensure is required)? To the extent the PC has multiple physician owners and directors/officers, are all such individuals licensed as required under applicable state law?
  3. Does the PC(s) have its own federal employer identification number, bank account (including double lockbox arrangement if enrolled in federal healthcare programs), and Medicare/Medicaid enrollments?
  4. Does the PC owner exercise meaningful oversight and control over the governance and clinical activities of the PC? Does the PC owner have background and expertise relevant to the business (e.g., a cardiologist would not have appropriate experience to be the PC owner of a PC that provides telemental health services)?
  5. Are the physicians and other professionals providing clinical services for the business employed or contracted through a PC (rather than the MSO)? Employment or independent contractor agreements should be reviewed, as well as W-2s, and payroll accounts.
  6. Is the PC properly contracted with customers (to the extent services are provided on a B2B basis) and payors?
  7. Do the contractual agreements between the MSO and PC respect the independent clinical judgment of the PC owner and PC physicians and otherwise comply with state CPOM laws.
  8. Do the financial arrangements between the MSO, PC, and PC owner comply with AKS, the federal Stark Law, and corollary state laws and fee-splitting prohibitions, to the extent applicable?
  9. Is the PC owner or any other physician performing clinical services for the PC an equity holder in the MSO? If so, are these equity interests tied to volume/value of referrals to the PC or MSO (i.e., if the MSO provides ancillary services such as lab or prescription drugs) or could equity interests be construed as an improper incentive to generate healthcare business (e.g., warrants that can only be exercised upon attainment of certain volume)?

Telehealth companies considering a sale or financing transaction, and potential buyers and investors, would be well served to spend time on the front end of a potential transaction assessing the above issues to determine potential risk areas that could impact deal terms or necessitate any friendly PC structuring.

Article By Hannah E. Zaitlin, Mitchell D. Lindstrom, David S. Sanders, and Natasha Allen of Foley & Lardner LLP

For more health law legal news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

Is The End Of FINRA Drawing Nigh?

The Financial Industry Regulatory Authority, aka FINRA, is a non-profit Delaware corporation.  It was formed in 2007 by the combination of the National Association of Securities Dealers, Inc. and the regulatory arm of the New York Stock Exchange, Inc.  FINRA is a self-regulatory organization that primarily regulates securities broker-dealers.

Professor Benjamin P. Edwards recently reported that a complaint has been filed in Florida challenging the constitutionality of FINRA.  The lawsuit filed by two broker-dealers alleges:

However, FINRA’s current structure and operations, particularly in light of the transformation of the organization over the course of the last two decades, contravene the separation of powers, violate the Appointments Clause of the United States Constitution (the “Constitution”) and constitute an impermissible delegation of powers. Because it purports to be a private entity, FINRA is unaccountable to the President of the United States (the “President,” or “POTUS”), lacks transparency, and operates in contravention of the authority under which it was formed.  It utilizes its  own in-house tribunals in a manner contrary to Article III and the Seventh Amendment of the Constitution and deprives entities and individuals of property
without due process of law.

The plaintiffs are seeking, among other things, declaratory and injunctive relief.

For more Finance Legal News, click here to visit the National Law Review

© 2010-2022 Allen Matkins Leck Gamble Mallory & Natsis LLP

FRB and FDIC Issue Joint ANPR on Possible Resolution Requirements for Large Banking Organizations While FRB and OCC Approve U.S. Bank MUFG Union Bank Merger

The Federal Reserve Board (“FRB”) and Federal Deposit Insurance Corporation (“FDIC”) Board issued an Advanced Notice of Proposed Rulemaking (“ANPR”) titled “Resolution-Related Resource Requirements for Large Banking Organizations.” Separately, but relatedly (if for no other reason than the FRB put it in the same press release as the ANPR), the Office of the Comptroller of the Currency (“OCC”) and the FRB approved their respective applications for the merger of MUFG Union Bank into U.S. Bank.

The ANPR is seeking comment on possible changes to the resolution-related standards applicable to large banking organizations (“LBOs”) that are not global systemically important banks (“GSIBs”). Those possible changes that the FRB and FDIC are contemplating would bring some of what is required for GSIB resolution planning down to LBOs, particularly focusing on “Category III” firms with $250 billion to $700 billion in total assets. The main focus of the ANPR is on whether LBOs ought to be required to issue long-term debt similar to the total loss-absorbing capacity (“TLAC”) requirements for GSIBs. The ANPR notes that the Fed and FDIC are considering “whether an extra layer of loss-absorbing capacity could increase the FDIC’s optionality in resolving the insured depository institution,” but also costs associated with such a requirement.

The ANPR flows logically from remarks made by Acting Comptroller Hsu at the Wharton Conference on Financial Regulation in April (and which we discussed in a previous issue), and that Acting Comptroller Hsu noted in his statement when he voted in favor of the ANPR at the FDIC Board meeting.

As noted above, in the same press release announcing the ANPR, the FRB announced the approval of the application by U.S. Bancorp to acquire MUFG Union Bank. The FRB’s order noted that upon consummation, U.S. Bancorp’s consolidated assets would total approximately $698.7 billion, and noting the close proximity to becoming a “Category II” firm over $700 billion in assets imposed a unique commitment to give quarterly implementation plans for complying with Category II requirements. The commitment by U.S. Bancorp also could trigger a need for U.S. Bancorp to comply with Category II requirements by December 31, 2024, even if its asset size has not gone above the $700 billion threshold. FRB Governor Michelle Bowman issued a statement supporting both the issuance of the ANPR and the approval of U.S. Bancorp’s application, but questioned the appropriateness of imposing Category II requirements on a one-off basis. The OCC’s approval was conditioned, among other things, on U.S. Bank making plans for its possible operability in the event of a resolution in order to facilitate its sale to more than one acquiring institution.

Article By Daniel Meade of Cadwalader, Wickersham & Taft LLP

For more financial legal news, click here to visit the National Law Review.

© Copyright 2022 Cadwalader, Wickersham & Taft LLP