Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • SEC enters $78 million FCPA settlement with steel pipe manufacturer


    On June 6, the SEC announced that a Luxembourg-based manufacturer and supplier of steel pipe products agreed to pay over $78 million to settle the SEC’s claims that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA and the Exchange Act. The settlement is the latest in the long-running investigation regarding Brazilian state-owned and controlled energy company Petrobras, and resolves allegations that agents and employees of the company’s Brazilian subsidiary paid approximately $10.4 million in bribes between 2008 and 2013 to obtain over $1 billion in new contracts and to retain existing business from Petrobras. The bribes were allegedly funded on behalf of the company through entities associated with its controlling shareholder and paid to Brazilian government officials in exchange for using their influence to persuade Petrobras to forego an international tender process. The DOJ closed its parallel investigation without charges.

    This is the second time the Luxembourg-based company has resolved FCPA charges with U.S. authorities, following 2011 resolutions with both the DOJ and SEC related to a state-owned entity in Uzbekistan. The company had been the first ever to enter into a Deferred Prosecution Agreement with the SEC.

    The current resolution involves a $25 million monetary penalty, as well as $42.8 million in disgorgement and over $10 million in prejudgment interest. The company neither admitted nor denied the allegations.

    Securities Financial Crimes SEC Enforcement FCPA Securities Exchange Act Bribery Of Interest to Non-US Persons Petrobras

  • SEC charges broker-dealer with SAR violations


    On May 20, the SEC announced charges against the broker-dealer affiliate of a national bank for allegedly failing to file Suspicious Activity Reports (SARs) in a timely manner in violation of the Securities Exchange Act and Rule 17a-8. According to the SEC’s order, the broker-dealer’s internal anti-money laundering (AML) transaction monitoring and alert system allegedly failed to reconcile the different country codes used to monitor foreign wire transfers due to an alleged failure to test a new version of the system. The broker-dealer also allegedly did not timely file SARs related to suspicious transactions in its customers’ brokerage accounts involving the wire transfers to or from foreign countries that it determined to be at a high or moderate risk for money laundering, terrorist financing, or other illegal money movements. Additionally, in April 2017, the broker-dealer allegedly failed to timely file additional SARs due to a failure to appropriately process wire transfer data into its AML transaction monitoring system in certain other situations. In addition to the $7 million penalty, the institution, without admitting or denying the SEC’s findings, agreed to a censure and a cease-and-desist order.

    Securities SEC Enforcement Securities Exchange Act Anti-Money Laundering SARs Financial Crimes Broker-Dealer Of Interest to Non-US Persons

  • 5th Circuit rules against SEC’s use of ALJs


    On May 18, the U.S. Court of Appeals for the Fifth Circuit held that the SEC’s in-house adjudication of a petitioners’ case violated their Seventh Amendment right to a jury trial and relied on unconstitutionally delegated legislative power. The appellate court further determined that SEC administrative law judges (ALJs) are unconstitutionally shielded from removal. In a 2-1 decision, the 5th Circuit vacated the SEC’s judgment against a hedge fund manager and his investment company arising from a case, which accused petitioners of fraud under the Securities Act, the Securities Exchange Act, and the Advisers Act in connection with two hedge funds that held roughly $24 million in assets. According to the SEC, the petitioners had, among other things, inflated the funds’ assets to increase the fees they collected from investors. Petitioners sued in federal court, arguing that the SEC’s proceedings “infringed on various constitutional rights,” but the federal courts refused to issue an injunction claiming they lacked jurisdiction and that petitioners had to continue with the agency’s proceedings. While petitioners’ sought review by the SEC, the U.S. Supreme Court issued a decision in Lucia v. SEC, which held that SEC ALJs are “inferior officers” subject to the Appointments Clause of the Constitution (covered by InfoBytes here). Following the decision, the SEC assigned petitioners’ proceeding to an ALJ who was properly appointed, “but petitioners chose to waive their right to a new hearing and continued under their original petition to the Commission.” The SEC eventually affirmed findings of liability against the petitioners, and ordered the petitioners to cease and desist from committing further violations and to pay a $300,000 civil penalty. The investment company was also ordered to pay nearly $685,000 in ill-gotten gains, while the hedge fund manager was barred from various securities industry activities.

    In vacating the SEC’s judgment, the appellate court determined that the SEC had deprived petitioners of their right to a jury trial by bringing its action in an “administrative forum” instead of filing suit in federal court. While the SEC challenged “that the legal interests at issue in this case vindicate distinctly public rights” and therefore are “appropriately allowed” to be brought in agency proceedings without a jury, the appellate court countered that the SEC’s enforcement action was “akin to traditional actions at law to which the jury-trial right attaches.” Moreover, the 5th Circuit noted that while “the SEC agrees that Congress has given it exclusive authority and absolute discretion to decide whether to bring securities fraud enforcement actions within the agency instead of in an Article III court[,] Congress has said nothing at all indicating how the SEC should make that call in any given case.” As such, the 5th Circuit opined that this “total absence of guidance is impermissible under the Constitution.”

    Additionally, the 5th Circuit raised concerns about the statutory removal restrictions for SEC ALJs who can only be removed for “good cause” by SEC commissioners (who are removable only for good cause by the president). “Simply put, if the President wanted an SEC ALJ to be removed, at least two layers of for-cause protection stand in the President’s way,” the appellate court concluded. “Thus, SEC ALJs are sufficiently insulated from removal that the President cannot take care that the laws are faithfully executed. The statutory removal restrictions are unconstitutional.”

    The dissenting judge disagreed with all three of the majority’s constitutional conclusions, contending that the majority, among other things, misread the Supreme Court’s decisions as to what are and are not “public rights,” and that “Congress’s decision to give prosecutorial authority to the SEC to choose between an Article III court and an administrative proceeding for its enforcement actions does not violate the nondelegation doctrine.” The judge further stated that while the Supreme Court determined in Lucia that ALJs are “inferior officers” within the meaning of the Appointments Clause in Article II, it “expressly declined to decide whether multiple layers of statutory removal restrictions on SEC ALJs violate Article II.” Consequently, the judge concluded that he found “no constitutional violations or any other errors with the administrative proceedings below.”

    Courts Appellate Fifth Circuit SEC ALJ Constitution Securities Act Securities Exchange Act Advisers Act Enforcement

  • 4th Circuit will not revive investors’ data breach case

    Privacy, Cyber Risk & Data Security

    On April 21, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court’s dismissal of a securities suit against a hotel corporation (defendant) alleging that they misled the plaintiffs regarding data vulnerabilities connected to a major breach of customers’ personal information. According to the opinion, two years after merging with another hospitality corporation, the defendant “learned that malware had impacted approximately 500 million guest records in the [hospitality corporation’s] guest reservation database.” An investor filed a putative class action against the defendant and nine of its officers and directors, alleging that its failure to disclose severe vulnerabilities in the hospitality corporation’s IT systems rendered 73 different public statements false or misleading in violation of Section 10(b) of the Securities Exchange Act of 1934 (Exchange Act) and SEC Rule 10b-5. The district court granted the defendant’s motion to dismiss with prejudice and concluded that the plaintiffs “‘failed to adequately allege a false or misleading statement or omission, a strong inference of scienter, and loss causation,’ which doomed the claim under Section 10(b) and Rule 10b-5 as well as the secondary liability claim [under Section 20(a) of the Exchange Act].” The investor appealed, dropping its challenge to 55 of the statements but maintaining its challenge to the other 18.

    On appeal, the 4th Circuit agreed with the district court that the defendant’s statements about the importance of cybersecurity were not misleading with respect to the quality of its cybersecurity efforts. The appellate court found that “[t]he ‘basic problem’ with the complaint on this point is that ‘the facts it alleges do not contradict [the defendant’s] public disclosures,’” and that reiterating the “basic truth” that data integrity is important does not mislead investors or create a false impression. The appellate court also noted that the complaint “concedes that [the defendant] devoted resources and took steps to strengthen the security of hospitality corporation’s systems,” and that the company included “such sweeping caveats that no reasonable investor could have been misled by them.” The appellate court concluded that the defendant “certainly could have provided more information to the public about its experience with or vulnerability to cyberattacks, but the federal securities laws did not require it to do so.”

    Privacy/Cyber Risk & Data Security Courts Data Breach Appellate Fourth Circuit SEC Securities Exchange Act

  • SEC to update beneficial ownership reporting requirements


    On February 10, the SEC proposed amendments to its rules governing beneficial ownership reporting under Exchange Act Sections 13(d) and 13(g) in order to “improve transparency and provide more timely information for shareholders and the market.” (See also SEC fact sheet here.) Among other things, the proposed rule would (i) accelerate the filing deadlines for Schedules 13D and 13G beneficial ownership reports from 10 days to five days (amendments would be required to be filed within one business day); (ii) expand the application of Regulations 13D and 13G to certain derivative securities; (iii) clarify the circumstances in which two or more persons have formed a “group” that would be subject to beneficial ownership reporting obligations; (iv) allow for new exemptions “to permit certain persons to communicate and consult with one another, jointly engage issuers, and execute certain transactions without being subject to regulation as a ‘group’”; and (v) require Schedules 13D and 13G filings to be done through a “structured, machine-readable data language.” Comments are due 30 days after publication in the Federal Register, or April 11, whichever is later. SEC Chair Gary Gensler issued a statement supporting the proposed amendments, which “would reduce information asymmetries and promote transparency, thereby lowering risk and illiquidity,” citing the “rapidity of current markets and technologies” as justification for updating the decades-old rules. However, SEC Commissioner Hester M. Peirce dissented, arguing that the proposed amendments fail to fully contend “with the realities of today’s markets or the balance embodied in Section 13(d) of the Exchange Act.” She further challenged the justification of technological advancements as a reason to shorten the 10-day reporting window to five days.

    Securities Agency Rule-Making & Guidance Beneficial Ownership SEC Securities Exchange Act

  • Judgments reached in SEC’s first crowdfunding regulation enforcement action


    On January 28, the U.S. District Court for the Eastern District of Michigan issued judgments (see here and here) against a real estate company and its CEO in the SEC’s first crowdfunding regulation enforcement action. As previously covered by InfoBytes, the SEC filed a complaint last September alleging that several entities and related individuals participated in a fraudulent scheme to sell nearly $2 million of unregistered securities through two crowdfunding offerings. The complaint alleged that two of the entities issued securities without registering with the SEC, while their principals diverted investor funds for personal use rather than using the funds for the disclosed purposes. Without admitting or denying the SEC’s allegations, the real estate company and the CEO consented to be permanently enjoined from violating certain securities laws. The CEO also agreed to a prohibition on “acting as an officer or director of any issuer that has a class of securities registered pursuant to Section 12 of the Exchange Act [15 U.S.C. § 78l] or that is required to file reports pursuant to Section 15(d) of the Exchange Act [15 U.S.C. § 78o(d)].” The judgments decreed that, upon motion of the SEC, the court will decide whether disgorgement and/or civil money penalties are appropriate.

    Securities Enforcement SEC Crowdfunding Courts Securities Act Securities Exchange Act

  • SEC: Taking remedial actions may help companies avoid penalties


    On January 28, the SEC announced a settlement subject to court approval with a private technology company to resolve allegations that the company, through its former CEO, falsely inflated key financial metrics and doctored internal sales records. The complaint, which alleged violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, claimed that the CEO significantly inflated the value of numerous customer deals, and then masked the inflation by creating fake invoices and altering real invoices to make it seem as if customers had been billed higher amounts. The company’s board of directors conducted an internal investigation, which led to the removal of the CEO, a revised company valuation, and remedial efforts including repaying investors. The company also hired new senior management, expanded its board, and implemented processes and procedures to ensure transparency and accuracy of deal reporting and associated revenues. While the company neither admitted nor denied the allegations, it agreed to be permanently enjoined from violations of the antifraud provisions. The SEC highlighted that the lack of a penalty in the settlement is significant, and demonstrates the Commission’s position that a company may receive credit if it makes significant remedial efforts in the wake of an internal investigation. “For companies wondering what types of remedial actions and cooperation might be credited by the Commission after a company uncovers fraud, this case offers an excellent example,” stated Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “[The company’s] remediation and cooperation included not just its internal investigation and revised valuation, but also repaying harmed investors and improving its governance—all of which were factors that counseled against the imposition of a penalty in this case.” 

    Securities Enforcement SEC Settlement Fraud Securities Act Securities Exchange Act

  • FINRA fines securities firm $9 million over customer protection violations


    On January 20, the Financial Industry Regulatory Authority (FINRA) announced it had entered into a Letter of Acceptance, Waiver, and Consent (AWC), which requires a securities firm to pay a $9 million fine for allegedly failing to (i) maintain proper control of excess margin securities it carried on behalf of customers; (ii) store electronic brokerage records in the required non-erasable, “write once, read many” format (known as “WORM”); (iii) disclose potential conflicts of interest when publishing research reports; and (iv) implement and enforce a supervisory system to ensure compliance with federal securities law and FINRA rules. FINRA claimed that among the alleged violations, the firm failed to preserve approximately 18.6 billion records in the required WORM format, which affected applications, “including those related to accounts payable and receivable, fingerprint records, customer account records, general ledger/trial balances, order and trade tickets, trade confirmations, and wire instructions.” According to FINRA, although the firm understood the requirement to store records in WORM format, it allegedly had no supervisory procedures in place to ensure compliance. The firm did not admit nor deny the findings as part of the AWC but has agreed to a censure and will pay the fine. Additionally, the firm is required to certify that it has implemented reasonably designed supervisory systems and procedures to comply with federal securities laws and FINRA rules and requirements.

    Securities FINRA Enforcement Privacy/Cyber Risk & Data Security Securities Exchange Act

  • SEC, CFTC settle with national bank’s subsidiary


    On December 17, the SEC announced charges against a subsidiary limited liability company of a national bank for Securities Exchange Act violations because the firm and its employees allegedly failed to maintain recordkeeping requirements. According to the order, from at least January 2018 through at least November 2020, the company’s employees communicated about securities business matters on their personal devices, using text messaging applications and personal email accounts. These communications were not maintained or preserved by the company, and some were not able to be furnished promptly to a Commission representative when requested, allegedly in violation of Section 17(a) of the Exchange Act and Rules 17a4(b)(4) and 17a-4(j) thereunder. Additionally, the company’s “widespread failure to implement its policies and procedures which forbid such communications led to its failure to reasonably supervise its employees within the meaning of Section 15(b)(4)(E) of the Exchange Act.” The company received subpoenas for documents and records requests in numerous Commission investigations during the time that it failed to maintain required securities records relating to the business. In its response to the subpoena requests, the bank allegedly did not search for relevant records contained on the personal devices of its employees. The order further noted that because the company’s “recordkeeping failures impacted the Commission’s ability to carry out its regulatory functions and investigate potential violations of the federal securities laws across these investigations, the Commission was often deprived of timely access to evidence and potential sources of information for extended periods of time and, in some instances, permanently.” According to the SEC, the company admitted the facts set forth in the SEC’s order and acknowledged that its conduct violated the federal securities laws, and agreed to: (i) pay a $125 million penalty; (ii) implement robust improvements to its compliance policies and procedures, including retaining “a compliance consultant to, among other things, conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices and [the company’s] framework for addressing non-compliance by its employees with those policies and procedures”; and (iii) cease and desist from committing or causing any violations and any future violations of Section 17(a) of the Exchange Act and Rule 17a-4 thereunder.

    The same day, the CFTC announced a $75 million settlement with the company, the national bank, and its public limited company (collectively, “respondents”) for allegedly failing to maintain, preserve, and produce records that were required to be kept under CFTC recordkeeping requirements, and failing to diligently supervise matters associated with its businesses as CFTC registrants. According to the CFTC order, from at least 2015, the respondents’ employees internally and externally communicated on unapproved channels, and had messages related to the respondents’ businesses as CFTC registrants that were required to be maintained under CFTC-mandated recordkeeping requirements. The order also noted that the written communications were not maintained and preserved by the respondents, and they were not able to be furnished promptly to a CFTC representative when requested. The order further alleged that the widespread use of unauthorized communication methods by the respondents’ employees to conduct firm business violated their own policies and procedures. The respondents also did not maintain adequate internal controls with respect to business-related communications on non-approved communication methods. The order requires the respondents to pay a $75 million civil monetary penalty, to cease and desist from further violations of recordkeeping and supervision requirements, and to engage in specified remedial undertakings.

    Securities SEC Enforcement CFTC Securities Exchange Act

  • District Court partially grants SEC’s motion in confidentiality agreements case


    On November 17, the U.S. District Court for the Southern District of New York partially granted the SEC’s (plaintiff) motion for summary judgment in a case questioning the extent to which confidentiality agreements can prevent communication with the SEC regarding potential violations of securities laws. The court found that the Commission did not exceed its authority on a count of impeding SEC rules that is connected to a broader civil suit accusing an online store and its CEO (collectively, “defendants”) of stealing nearly $6 million from investors. The plaintiff alleged that the defendants impeded “individuals’ communication with the SEC regarding potential securities laws violations by enforcing or threatening to enforce confidentiality agreements that would prevent individuals’ communications thereof,” in violation of Rule 21F-17 of the Exchange Act. According to the order, in its stock purchase agreements, the defendants allegedly required investors to reject communication with “governmental or administrative agencies or enforcement bodies for the purpose of commencing or otherwise prompting investigation or other action.” The defendants allegedly used lawsuits to prevent communications that would violate its confidentiality agreements, and advertised these suits “to chill further communication,” which the court ruled were “undoubtedly ‘action[s] to impede’ communications, especially where the Rule explicitly prohibits ‘enforcing, or threatening to enforce’ such agreements.” The district court also denied the defendants' cross-motion for summary judgment stating that “the Court is still not persuaded that Rule 21F-17 exceeds the SEC’s rulemaking nor that it violates the First Amendment,” and concluded that the defendants’ conduct violated Rule 21F-17.

    Securities SEC Courts Securities Exchange Act


Upcoming Events