Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • SEC awards $14 million to whistleblower

    Securities

    On March 11, the SEC announced that it awarded a whistleblower nearly $14 million for exposing ongoing fraud by publishing on online report. According to the redacted order, the whistleblower voluntarily provided original information and prompted the opening of an investigation, which resulted in a successful enforcement action against the company and its CEO and the return of millions of dollars to harmed investors.

    The SEC has awarded approximately $1.2 billion to 249 individuals since issuing its first award in 2012.

    Securities SEC Enforcement Whistleblower Investigations

    Share page with AddThis
  • SEC issues $40 million in whistleblower awards

    Securities

    On January 20, the SEC announced whistleblower awards totaling over $40 million to four individuals for providing information and assistance in three separate covered actions. According to the first redacted order, the SEC awarded approximately $37 million to two joint whistleblowers for providing evidence and ongoing assistance throughout the investigation, in addition to helping Commission staff identify information that contributed to the success of the action. According to the second redacted order, the SEC awarded approximately $1.8 million to an individual who provided information that prompted Commission staff to open the investigation. Additionally, the whistleblower continued to provide assistance by participating in interviews and giving additional documents. In the third redacted order, the SEC awarded approximately $1.5 million to a whistleblower for providing new information for Commission staff’s investigative strategy and significantly contributing to the success of the action. In addition, the whistleblower provided substantial and ongoing assistance by helping the Commission staff identify issues.

    The SEC has awarded approximately $1.2 billion to 245 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement Investigations

    Share page with AddThis
  • SEC issues multiple whistleblower awards

    Securities

    On January 10, the SEC announced that it awarded whistleblowers nearly $4 million for providing information and assistance in two separate investigations. According to the first redacted order, the whistleblower, who reported internally prior to reporting to the SEC, provided significant new information during an existing investigation that alerted the SEC to misconduct occurring overseas and permitted SEC staff to develop an efficient investigative plan to discover the full extent of the violations. The whistleblower received approximately $2.6 million. In the second redacted order, the SEC issued approximately $1.5 million to joint whistleblowers for providing substantial ongoing assistance throughout the investigation, such as by consulting telephonically with SEC staff and providing information about key witnesses, which led to the success of the investigation.

    Earlier on January 6, the SEC announced that it awarded a whistleblower nearly $13 million for providing information and assistance that led to an investigation and successful SEC enforcement action. According to the redacted order, the whistleblower voluntarily provided original information to the Commission by meeting in person and helping SEC staff understand the mechanics of the fraudulent scheme, which enabled the Commission to stop an ongoing fraud, minimize investor losses, and return tens of millions of dollars to harmed investors.

    The SEC has awarded approximately $1.2 billion to 241 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement Investigations

    Share page with AddThis
  • New York AG alerts companies on “credential stuffing” cyberattacks

    State Issues

    On January 5, the New York attorney general issued a report, which highlights the results of an investigation into “credential stuffing.” The investigation discovered over 1.1 million online accounts compromised in cyberattacks at 17 well-known companies. The report, Business Guide for Credential Stuffing Attacks, details attacks, which involve repeated, automated attempts to access online accounts using usernames and passwords stolen from other online services, and provides recommendations on how business can protect themselves. Through credential stuffing, which is one of the most common forms of cyberattacks, offenders utilize automated software to reuse stolen usernames and passwords, relying on the human tendency to reuse the same credentials to access various online accounts and platforms. The AG’s office launched the investigation “in light of the growing threat of credential stuffing,” and monitored several online communities dedicated to credential stuffing. According to the report, the office discovered thousands of posts that had customer login credentials that were tested by hackers in a credential stuffing attack and found that the information could be used to access other accounts. From these posts, the office compiled credentials to compromised accounts at seventeen companies, which consisted of online retailers, restaurant chains, and food delivery services, and collected credentials for over 1.1 million customer accounts, all of which seemed to have been compromised. After alerting the companies regarding the compromised accounts and urging them to investigate and take protective action, every company did so. The report recommended that businesses maintaining online accounts have a data security program, including effective safeguards for protecting customers from credential stuffing attacks in four areas: (i) defending against credential stuffing attacks; (ii) detecting a credential stuffing breach; (iii) preventing fraud and misuse of customer information; and (iv) responding to a credential stuffing incident. Specifically, three safeguards considered to be “highly effective” at defending against credential stuffing attacks were bot detection services, multi-factor authentication, and password-less authentication. The report also recommended that companies require reauthentication at the time of a purchase. Additionally, “[b]usinesses should have a written incident response plan that includes processes for responding to credential stuffing attacks” and notification to affected parties.

    State Issues New York Investigations State Attorney General Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • SEC awards $5 million to whistleblower

    Securities

    On December 6, the SEC announced that it awarded a whistleblower nearly $5 million for providing information that led to a successful SEC enforcement action. According to the redacted order, the whistleblower voluntarily provided original information to the Commission, which enabled staff to quickly and efficiently, among other things, develop a case theory, which ultimately led to the enforcement action and the return of millions of dollars to harmed investors.

    The SEC has awarded approximately $1.2 billion to 236 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement Investigations

    Share page with AddThis
  • SEC whistleblower awards total $10.4 million

    Securities

    On November 22, the SEC announced awards totaling approximately $10.4 million to several whistleblowers who provided original information and voluntary assistance in three separate SEC enforcement actions. According to the first redacted order, the SEC awarded two whistleblowers roughly $7.5 million for providing original, significant information leading to a successful action and alerting staff to misconduct occurring in different geographic areas. Both whistleblowers’ substantial, ongoing assistance also conserved significant Commission time and resources. Additionally, the first whistleblower received an award for contributing to a related action brought by another agency. In the second redacted order, the SEC awarded more than $2.4 million to two whistleblowers whose information led to a successful enforcement action. According to the SEC, the first whistleblower voluntarily provided information prompting the opening of the investigation and provided significant assistance throughout the investigation by providing key pieces of evidence. The second whistleblower provided new information that significantly contributed to the success of the enforcement action. In the third redacted order, the SEC awarded whistleblowers roughly $435,000. The first whistleblower alerted SEC staff to potentially fraudulent conduct, which helped prompt the opening of the investigation, and provided additional information during the investigation. The second whistleblower met with SEC staff and provided new, highly valuable information early in the investigation that was vital in helping the staff develop its theory of liability.

    The SEC has awarded approximately $1.2 billion to 233 individuals since issuing its first award in 2012.

    Securities Whistleblower Enforcement SEC Investigations

    Share page with AddThis
  • SEC awards $15 million to whistleblowers

    Securities

    On November 10, the SEC announced awards totaling over $15 million to two whistleblowers whose original information and voluntary assistance led to a successful SEC enforcement action. According to the redacted order, the first whistleblower alerted Commission staff to a fraudulent scheme, which prompted the opening of the investigation. While still substantial, the second whistleblower’s information was more limited in nature, and “had less of an impact on the success of the enforcement action,” as reflected in the respective amounts awarded. The SEC has awarded approximately $1.1 billion to 226 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Enforcement Investigations

    Share page with AddThis
  • SEC approves PCAOB Rule under the Holding Foreign Companies Accountable Act

    Securities

    On November 5, the SEC announced it approved the Public Company Accounting Oversight Board’s (PCAOB) Rule 6100, Board Determinations Under the Holding Foreign Companies Accountable Act, which establishes a framework for the PCAOB’s determinations under that act “that the PCAOB is unable to inspect or investigate completely registered public accounting firms located in a foreign jurisdiction because of a position taken by an authority in that jurisdiction.” According to the Commission order, PCAOB Rule 6100 establishes, among other things: (i) the factors the PCAOB will evaluate and the information the PCAOB will consider when assessing if a determination is warranted; (ii) the form, public availability, effective date, and duration of such determinations; and (iii) the process by which the board will reaffirm, modify, or vacate any such determinations. According to a statement released by SEC Chair Gary Gensler, the rule is an “important step to protect U.S. investors,“ and it is “critical that the Commission and the PCAOB work together to ensure that the auditors of foreign companies accessing U.S. capital markets play by the same rules.”

    Securities SEC Of Interest to Non-US Persons Investigations Agency Rule-Making & Guidance

    Share page with AddThis
  • SEC awards $2 million to whistleblower

    Securities

    On October 29, the SEC announced that it awarded a whistleblower more than $2 million for providing information and assistance leading to a successful SEC enforcement action, as well as an action by the DOJ. According to the redacted order, the whistleblower voluntarily provided the same original information to the SEC and the DOJ, which prompted the opening of the investigations, as well as extensive ongoing assistance throughout the investigations. According to the SEC, the whistleblower had previously received an award for contributing to an SEC enforcement action based on the same information that supported the award for the related action, and was eligible for this award as a result of the recent amendments clarifying the types of actions that may be considered “related” under the whistleblower rules.

    The SEC has awarded approximately $1.1 billion to 224 individuals since issuing its first award in 2012.

    Securities SEC Whistleblower Investigations Enforcement DOJ

    Share page with AddThis
  • SEC issues whistleblower awards totaling $40 million

    Securities

    On October 15, the SEC announced awards totaling approximately $40 million to two whistleblowers who provided information and assistance leading to a successful SEC enforcement action. According to the redacted order, the SEC paid one of the whistleblowers roughly $32 million for providing substantial assistance to enforcement staff, identifying witnesses, and helping staff understand complex fact patterns. The SEC noted that the whistleblower’s tip was the initial source of the underlying investigation, and that without the individual’s information, the abuses would have been difficult to detect. The second whistleblower—who delayed reporting to the SEC for several years—provided helpful information during the course of the investigation that gave enforcement staff a more complete picture of events, and was awarded approximately $8 million.

    The SEC has awarded approximately $1.1 billion to 218 individuals since issuing its first award in 2012.

    Securities Enforcement Whistleblower Investigations

    Share page with AddThis

Pages