Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 19, the SEC announced that an online lending platform will pay a $3 million penalty to resolve allegations it miscalculated and materially overstated annualized net returns (ANR) to investors. According to the order, between 2015 and 2017, the company allegedly excluded securities linked to certain charged-off consumer loans from its calculation of ANR and allegedly failed to identify and correct the error, despite knowing that employees misunderstood the code underlying the ANR calculation and despite alleged complaints by investors. As a result, the company allegedly materially overstated the ANR to a total of more than 30,000 investors. After a large institutional investor complained to the company in April 2017, it notified investors of the misstatements and corrected the ANR in May 2017. In agreeing to a settlement, the company did not admit or deny the SEC’s findings, and the order acknowledges that the company has since instituted “a number of controls designed to prevent and detect similar errors in the future,” including new management supervision, quarterly reviews, and semi-annual testing.
On April 16, the SEC’s Office of Compliance Inspections and Examinations issued a Risk Alert to discuss compliance issues related to Regulation S-P—the SEC’s primary rule regarding privacy notices and safeguard policies—and to provide assistance to registered investment advisors and broker-dealers (registrants) when issuing compliant privacy and opt-out notices. Regulation S-P requires registrants to provide customers with a clear and conspicuous notice accurately reflecting its privacy policies and practices, plus any options to opt out of sharing certain non-public personal information with nonaffiliated third parties. The notice must be sent annually throughout the duration of the customer relationship. Regulation S-P also requires registrants to implement written policies and practices reasonably designed to ensure that customer records and information are secure and protected against unauthorized access. The Risk Alert provides examples of common Regulation S-P compliance deficiencies and weaknesses, and advises registrants to “review their written policies and procedures, including implementation of those policies and procedures, to ensure that they are compliant with Regulation S-P.”
On April 12, the DOJ announced that a multinational corporation will pay $1.5 billion in a settlement resolving claims brought under the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) that a financial services subsidiary of the corporation misrepresented the quality of loans it originated in connection with the marketing and sale of residential mortgage-backed securities (RMBS). According to the DOJ, between 2005 and 2007, the majority of the mortgage loans sold by the subsidiary for inclusion in RMBS did not comply with the quality representations made about the loans. Specifically, the loan analysts allegedly approved mortgage loans that did not meet criteria outlined in the company’s underwriting guidelines, as they would receive additional compensation based on the number of loans they approved. The DOJ asserts that there were inadequate resources and authority for the subsidiary’s quality control department, resulting in deficiencies in risk management and fraud controls. Additionally, if an investment bank were to reject a loan due to defects in the loan file, the DOJ alleges the subsidiary would attempt to find a new purchaser, without disclosing the previous rejection or identifying the alleged defects. The corporation does not admit to any liability or wrongdoing, but agreed to pay a $1.5 billion civil money penalty to resolve the matter.
On April 3, the SEC issued a no-action letter to a Delaware-based airline chartering services company not recommending enforcement action for offering and selling “tokens” without registration under the SEC Act. According to the letter, the SEC relied upon the company’s counsel’s opinion, which assured that consumers are purchasing the tokens solely for prepaid “air charter services and not for investment purposes or with an expectation to earn a profit,” in determining that the “tokens” were not securities. Additionally, the SEC’s relief considered numerous other factors such as: (i) the platform for conducting the sale of the tokens will “be fully developed and operational” at the time any tokens are sold and funds derived from token sales will not be used to develop the platform; (ii) consumers will be able to immediately use the tokens for their intended functionality (i.e., to purchase air charter services) at the time of sale; (iii) the company will restrict the transfer of tokens to company wallets only and not to external wallets; (iv) the tokens will be sold for one dollar to be used solely on the platform to purchase air charter services, and will be treated as having a value of one dollar; (v) if the company offers to repurchase tokens, it will do so at a discount to the face value of the tokens that the holder seeks to resell to the company, unless a court orders the company to liquidate the tokens; and (vi) the tokens will not be marketed in such a way that there is a perceived potential for an increase in the token’s market value.
On March 22, the SEC announced a settlement with a financial services firm to resolve allegations that certain associated persons on its securities lending desk allegedly “improperly borrowed” pre-released American Depositary Receipts (ADRs)—“U.S. securities that represent shares in foreign companies”—from non-firm brokers who did not own the foreign shares required to support those ADRs. The SEC noted in its press release that ADRs can be pre-released without the deposit of foreign shares only if (i) the brokers receiving the ADRs have an agreement with a depositary bank; and (ii) “the broker or its customer owns the number of foreign shares that corresponds to the number of shares the ADR represents.” The SEC alleged that the firm’s practices violated the Securities Act of 1933 and led to “inappropriate short selling and dividend arbitrage that should not have been occurring.” Moreover, the SEC claimed that the firm’s supervisory policies and procedures “failed to prevent and detect” the securities laws violations. The firm neither admitted nor denied the SEC’s allegations, but agreed to pay more than $4.4 million in disgorgement, roughly $725,000 in prejudgment interest, and a civil money penalty of approximately $2.9 million. The SEC’s order acknowledges the bank’s cooperation in the investigation.
On March 26, the SEC announced awards totaling $50 million to two whistleblowers for volunteering information that led to a successful enforcement action, with one whistleblower receiving $37 million (the third-highest SEC award to date) and the other receiving $13 million. While details of the related enforcement action were not made public, the SEC’s award order noted that one of the whistleblowers “provided information and documentation that were of a significantly high quality and critically important,” including documents that “were akin to ‘smoking gun’ evidence.” As previously covered by InfoBytes here and here, the SEC awarded $50 million to two joint whistleblowers in March 2018 and $39 million to a single whistleblower in September 2018—the two highest awards given by the SEC so far. Since the program’s inception in 2012, the SEC has awarded more than $376 million to 61 whistleblowers.
CFTC, SEC settle with foreign trading platform conducting Bitcoin transactions without proper registration
On March 4, the CFTC resolved an action taken against a foreign trading platform and its CEO (defendants) for allegedly offering and selling security-based swaps to U.S. customers without registering as a futures commission merchant or designated contract market with the CFTC. The CFTC alleged that the platform permitted customers to transact in “contracts for difference,” which were transactions to exchange the difference in value of an underlying asset between the time at which the trading position was established and the time at which it was terminated. The transactions were initiated through, and settled in, Bitcoin. The CFTC alleged that these transactions constituted “retail commodity transactions,” which would have required the platform to receive the proper registration.
According to the CFTC, the defendants, among other things, (i) neglected to register as a futures commission merchant with the CFTC; and (ii) failed to comply with required anti-money laundering procedures, including implementing an adequate know-your-customer/customer identification program. The consent order entered by the U.S. District Court for the District of Columbia imposes a civil monetary penalty of $175,000 and requires the disgorgement of $246,000 of gains. The consent order also requires the defendants to certify to the CFTC the liquidation of all U.S. customer accounts and the repayment of approximately $570,000 worth of Bitcoins to U.S. customers.
In a parallel action, the SEC entered into a final judgment the same day to resolve claims that, among other things, the defendants failed to properly register as a security-based swaps dealer. The defendants are permanently restrained and enjoined from future violations of the Securities Act of 1933 and are required to pay disgorgement of approximately $53,393. This action demonstrates the potential application of CFTC and SEC registration requirements to non-U.S. companies engaging in covered transactions with U.S. customers.
On February 20, the SEC announced a cease-and-desist order with a cybersecurity startup for conducting an unregistered Initial Coin Offering (ICO), which the company self-reported. According to the order, in late 2017, the startup conducted an unregistered ICO, which raised approximately $12.7 million in digital assets. The money was used to finance the startup’s plan to “develop a network in which participants could rent spare bandwidth and storage space on their computers and servers to others for use in defense against certain types of cyberattacks.” The SEC noted that the tokens offered and sold were considered securities because a purchaser would have a reasonable expectation of obtaining a future profit from the investment. The startup did not register the ICO nor did it qualify for an exemption to the registration requirements. The SEC did not impose a monetary penalty because, according to the order, in the summer of 2018 the startup self-reported the unregistered ICO and offered to take prompt remedial actions. The order requires the startup to return the funds to investors who purchased the tokens and register the tokens as securities.
On January 29, NYDFS announced a $40 million settlement with a London-based financial services company to resolve allegations the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the company did not implement and maintain sufficient controls to identify illegal tactics used by traders to maximize profits or minimize losses at the expense of the company’s customers, competitors, and the market as a whole. Among other things, the order states that between 2007 and 2013 the company’s FX traders (i) improperly coordinated trading through a chat room; (ii) improperly shared confidential consumer information; and (iii) engaged in “deliberate underfills” of consumer accounts. In addition to the fine, the company is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program. NYDFS acknowledged the company’s full cooperation with the investigation, in addition to taking disciplinary action against those identified as engaging in the misconduct.
On December 26, the SEC announced a settlement with a national bank to resolve allegations that the bank mishandled the pre-release of American Depositary Receipts (ADRs)—U.S. securities that represent shares in foreign companies. The SEC noted in its press release that ADRs can be pre-released without the deposit of foreign shares only if: (i) the brokers receiving the ADRs have an agreement with a depository bank; and (ii) the broker or the broker's customer owns the number of foreign shares that corresponds to the number of shares the ADR represents. The SEC alleged that the bank improperly provided thousands of pre-released ADRs where neither the broker nor its customers possessed the required shares. According to the SEC’s order, the bank’s alleged practice of allowing pre-released ADRs, that were in many instances not backed by ordinary shares, violated the Securities Act of 1933. The bank has neither admitted nor denied the SEC’s allegations, but has agreed to pay more than $71 million in disgorgement, roughly $14.4 million in prejudgment interest, and an approximate $49.7 million penalty. The SEC’s order further acknowledges the bank’s cooperation in the investigation and implementation of remedial measures.
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium