InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC orders global accounting firm’s Chinese affiliate to pay $20 million for auditing failures
On September 29, the SEC issued a cease and desist order against the Chinese affiliate of a global accounting firm for allegedly failing to comply with U.S. professional auditing requirements when conducting component audits of U.S. issuers and auditing foreign companies listed on U.S. exchanges. According to the SEC, during the course of numerous audits, personnel at the Chinese affiliate allegedly, among other things, asked clients to choose their own samples for testing and complete required audit documentation purportedly showing that the Chinese affiliate had obtained and assessed supporting evidence for certain clients’ accounting entries. This was allegedly done in order to create the illusion that the required testing of clients’ financial statements and internal controls had been conducted when there was allegedly no evidence that it had in fact happened. The SEC noted that the alleged misconduct involved both junior and senior audit team members and demonstrated a lack of supervision by audit partners. Moreover, the Chinese affiliate’s alleged failure to follow required Public Company Accounting Oversight Board (PCAOB) auditing standards created a significant threat to U.S. investors.
“While the SEC’s action today does not implicate a violation of the Holding Foreign Companies Accountable Act, the action does underscore the need for the [PCAOB] to be able to inspect Chinese audit firms,” SEC Chair Gary Gensler said in the announcement. “A fundamental goal of the PCAOB’s inspection regime is to identify weaknesses in the firms’ quality control processes—the very weaknesses at issue in this case.”
Without admitting or denying the allegations, the Chinese affiliate agreed to settle the charges by paying a $20 million civil money penalty and implementing extensive remedial measures, including completing a review and assessment of its policies and procedures by an independent consultant and implementing a course of action to address identified deficiencies. Audit professionals at the Chinese affiliate who serve U.S. public company audit clients are also required to undertake additional training.
OFAC issues guidance on instant payment systems sanctions compliance
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published Sanctions Compliance Guidance for Instant Payment Systems, which emphasizes the importance of taking a risk-based approach to managing sanctions risks in the context of new payment technologies, such as instant payment systems, and highlights considerations relevant to managing those risks. According to OFAC, the guidance “encourages developers of instant payment systems to incorporate sanctions compliance considerations and features as they develop these systems.” The guidance, among other things, describes: (i) risk factors and considerations for instant payment systems; (ii) domestic vs. cross-border payment system; (iii) availability of emerging sanctions compliance technologies and solution; (iv) nature and value of payment; and (v) OFAC engagement and resources.
OFAC announces Russian sanctions, REPO provides update
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), together with the Departments of Commerce and State, announced sanctions against 14 persons in Russia’s military-industrial complex, including two international suppliers, three key leaders of Russia’s financial infrastructure, and immediate family members of certain senior Russian officials, as well as 278 members of Russia’s legislature, for enabling Russia’s referenda and effort to annex Ukraine. As a result of the sanctions, all property and interests in property belonging to the sanctioned targets that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned 50 percent or more by one or more designated persons” are blocked. U.S. persons are prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless exempt or authorized by a general or specific OFAC license. Additionally, OFAC issued FAQ 1091 to provide new guidance warning of the heightened sanctions risk that international actors outside of Russia would face for providing political or economic support to Russia as a result of its illegal attempts to change the status of Ukrainian territory. According to OFAC, the FAQ emphasizes that the U.S. “is prepared to more aggressively use its existing sanctions authorities, including E.O. 13660, E.O. 14024, and E.O. 14065, to target persons—inside or outside Russia—whose activities may constitute material assistance, sponsorship, or provision of financial, material, or technological support for, or goods or services (together ‘material support’) to or in support of persons sanctioned pursuant to those Executive orders, or sanctionable activity related to Russia’s sham referenda, purported annexation, and continued occupation of the Kherson, Zaporizhzhya, Donetsk, and Luhansk regions of Ukraine.” OFAC noted, however, that it “will generally not impose sanctions on non-U.S. persons that engage in transactions that would be authorized for U.S. persons, such as certain energy-related transactions.”
The same day, Treasury and the DOJ announced that the Russian Elites, Proxies, and Oligarchs (REPO) Task Force Deputies convened to accelerate oligarch asset forfeiture efforts in response to Russia’s war in Ukraine. As previously covered by InfoBytes, REPO is a multilateral task force that was formed in February 2022 and is “committed to using their respective authorities in concert with other appropriate ministries to collect and share information to take concrete actions, including sanctions, asset freezing, and civil and criminal asset seizure, and criminal prosecution.” Representatives from Australia, Canada, Germany, France, Italy, Japan, the UK, the European Commission, and the U.S. discussed continuing initiatives “to tailor already robust asset forfeiture tools and maximize the impact of our joint work on Russian elites and their cronies” for their involvement with the war in Ukraine. REPO further noted that their steps “immobilized Russian assets as one of several means to induce Russia to come into compliance with its international law obligations, including the obligation to pay reparations.”
OFAC announces settlement with electronic rewards company
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $116,000 settlement with a Washington-based company that supplies and distributes electronic rewards, for allegedly processing transactions in violation of multiple U.S sanctions regulations. According to OFAC’s notice, the company allegedly “transmitted 27,720 merchant gift cards and promotional debit cards, totaling $386,828.65, to individuals with email or IP addresses associated with Cuba, Iran, Syria, North Korea, or the Crimea region of Ukraine.” In arriving at the settlement amount, OFAC considered various aggravating factors, including that the company (i) “failed to impose risk-based geolocation rules using tools at its disposal to identify the location of its reward recipients, despite having reason to know that it was transmitting rewards to recipients in sanctioned jurisdictions”; and (ii) “conferred up to $386,828.65 in economic benefit to jurisdictions and regions subject to sanctions.” OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, “represents that it undertook various measures to strengthen its OFAC compliance processes,” voluntarily self-disclosed the alleged violations, and substantially cooperated with the investigation.
U.S.-UK Data Access Agreement now in effect
On October 3, the DOJ announced that the U.S.-UK Data Access Agreement (Agreement) is now in effect. According to the DOJ, the Agreement, authorized by the Clarifying Lawful Overseas Use of Data (CLOUD) Act, is the first of its kind and will allow investigators from each country to gain better access to vital data to combat serious crime in a manner “consistent with privacy and civil liberties standards.” Under the Agreement, “service providers in one country may respond to qualifying, lawful orders for electronic data issued by the other country, without fear of running afoul of restrictions on cross-border disclosures,” the DOJ said. The Agreement is intended to foster “more timely and efficient access to electronic data required in fast-moving investigations through the use of orders covered by the Agreement,” and will greatly improve the two countries’ ability “to prevent, detect, investigate, and prosecute serious crime, including terrorism, transnational organized crime, and child exploitation, among others.” U.S. and UK officials are required to meet numerous requirements in order to invoke the Agreement, such as orders must relate to a serious crime and may not target persons located in the country for which the order is submitted. Authorities in both countries must also follow agreed upon requirements, limitations, and conditions when obtaining and using data obtained under the Agreement. The DOJ’s Office of International Affairs has been selected as the designated authority responsible for implementing the Agreement in the U.S. and “has created a CLOUD team to review and certify orders that comply with the Agreement on behalf of federal, state, local, and territorial authorities located in the United States, transmit certified orders directly to UK service providers, and arrange for the return of responsive data to the requesting authorities.”
FSOC reports on cryptocurrency systemic risks
On October 3, the Financial Stability Oversight Council (FSOC) released its Report on Digital Asset Financial Stability Risks and Regulation. As called for by Executive Order 14067, “Ensuring Responsible Development of Digital Assets” (covered by InfoBytes here), the report reviewed financial stability risks and regulatory gaps posed by various types of digital assets and provided recommendations to address such risks. Among other things, the report noted three gaps in the existing cryptocurrency regulatory framework: (i) limited direct federal oversight of the spot market for crypto-assets that are not securities; (ii) opportunities for regulatory arbitrage; and (iii) whether vertically integrated market structures can or should be accommodated under existing laws and regulations. The report stated that FSOC recommended that Congress pass legislation that would create “a comprehensive prudential framework for stablecoin issuers that also addresses the associated market integrity, investor and consumer protection and payments system risks, including for entities that perform services critical to the functioning of the stablecoin arrangement.” FSOC further recommended that the member agencies should follow several guiding principles, including “same activity, same risk, same regulatory outcome,” and “technology neutrality.” The report also requested that agencies consider whether “vertical integration” or other business models where retail customers can directly access markets instead of going through a broker-dealer “can or should be accommodated.” The report noted that if banks “scale up their participation in the crypto-asset ecosystem, such activity could potentially entail much greater access to the crypto-asset market by a broad range of institutional investors, corporations, and retail customers than currently exists.” The U.S. Treasury Department released a Fact Sheet summarizing the report’s key findings and recommendations.
Treasury Secretary Janet Yellen noted in a statement that the “report adds to analysis of digital asset issues that have been covered in other recent reports, including on the future of money and payments; consumers and investor protection; illicit finance; and a framework for international engagement.” Acting Comptroller of the Currency Michael J. Hsu released a statement supporting the report, emphasizing that “it is critical for the Council and Congress to prioritize Recommendation 4 regarding interagency coordination, Recommendation 5 regarding a federal prudential framework for stablecoin issuers, and Recommendation 6 regarding regulatory visibility and authorities over all of the activities of crypto-asset entities.” SEC Chair Gary Gensler also expressed his support in a statement, noting that he looks “forward to working with Congress to achieve our public policy goals, consistent with maintaining the regulation of crypto security tokens and related intermediaries at the SEC.” Texas Banking Commissioner and FSOC state banking representative Charles G. Cooper released a statement of support through the Conference of State Bank Supervisors saying that the report should “inform the work that we do as individual agencies and on an interagency basis to balance responsible innovation with safeguarding our financial markets and consumers.”CFPB Director Rohit Chopra released a statement, noting that “agencies have already taken steps to address discrete issues related to deposit insurance misrepresentation and to lay groundwork to address concerns related to fraud, hacks, and scams,” and emphasized the need “to tackle broader risks to the financial system.”
FINRA revises Sanctions Guidelines
On September 29, FINRA issued Regulatory Notice 22-20, announcing revisions to its Sanctions Guidelines to ensure they align with the levels of sanctions imposed in FINRA disciplinary proceedings and reflect the differences between types of respondents. Among other things, the revised guidelines: (i) differentiate current guidelines for individuals and firms; (ii) establish separate fine ranges for firms based on size; (iii) remove the upper limit of the fine range for mid- and large-size firms “to reflect the settlement amounts that FINRA frequently seeks for these types of violations and the fact that these guidelines address the most serious violations that FINRA pursues”; (iv) create six new AML guidelines (the revisions specify that the guidelines “have no upper limit on the fine range for mid-size and large-size firms for AML violations that involve the failure to reasonably monitor to report suspicious transactions”); (v) include a discussion of non-monetary sanctions for firms; (vi) create “single fine ranges for all actions in the Quality of Markets guidelines and other select guidelines”; (vii) establish a $5,000 minimum fine for all firms regardless of size; and (viii) delete certain infrequently used guidelines.
OFAC sanctions Iranian entities for petrochemicals and petroleum sales
On September 26, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13846 against an international network of companies involved in the sale of Iranian petrochemicals and petroleum products in South and East Asia. According to OFAC, the designations target Iranian brokers and several front companies in the UAE, Hong Kong, and India that have facilitated financial transfers and shipping of Iranian petroleum and petrochemical products. OFAC also noted that the sanctioned entities have played a critical role in concealing the origin of the Iranian shipments and enabling two sanctioned Iranian brokers to transfer funds and ship Iranian petroleum and petrochemicals to buyers in Asia. In addition to OFAC’s designations, the State Department is designating two entities based in the People’s Republic of China for their involvement in Iran’s petrochemical trade. As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons unless authorized by an OFAC general or specific license. Persons that engage in certain transactions with the individuals or entities designated today may themselves be exposed to designation. Additionally, OFAC warned that “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”
SEC fines tech company $23 million for FCPA violations
On September 27, the SEC announced that a multinational information technology company headquartered in Texas (the “Company”) agreed to pay over $23 million to settle claims that its agents and employees of its subsidiaries in Turkey, the United Arab Emirates (UAE), and India violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA. According to the SEC’s order, from at least 2014 through 2019, several subsidiary employees used discount schemes and false marketing reimbursement payments to create slush funds used to bribe foreign officials in exchange for business. The slush funds were also used to provide other benefits, including paying for foreign officials and their families to attend technology conferences around the world and trips to the U.S. The SEC explained that first-level supervisors at the subsidiaries could approve purchase orders under $5,000 without evidence that marketing activity actually took place. By exploiting this loophole in the company’s controls, employees of the Company’s subsidiaries in Turkey, the UAE, and India were able to funnel money into the slush funds undetected. Employees of the Turkish subsidiary allegedly used the funds to bribe government officials and pay for the travel and accommodation expenses of customers, including foreign officials, the SEC claimed. Employees of the UAE subsidiary allegedly used the funds to pay $130,000 in bribes to government officials in exchange for six contracts. Employees in India also allegedly engaged in a similar scheme, with one employee claiming that the Company would lose out on a deal if the Indian Ministry of Railways was not provided a 70 percent software discount. According to the SEC, the Ministry’s procurement website showed that the Indian subsidiary faced no competition because the Ministry required the use of the Company’s products for the project.
The resolution requires the Company to pay a $15 million civil money penalty, $7,114,376 million in disgorgement, and $791,040 in prejudgment interest. The Company neither admitted nor denied the allegations.
This is the second time the Company has resolved FCPA charges with the SEC. In 2012, the Company paid a $2 million penalty to settle allegations that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA when it allegedly failed to prevent an India subsidiary from maintaining unauthorized side funds at distributors.
FinCEN releases final rule on beneficial ownership reporting
On September 29, FinCEN issued a final rule establishing a beneficial ownership information reporting requirement, pursuant to the bipartisan Corporate Transparency Act. According to FinCEN, the final rule will require most corporations, limited liability companies, and other entities created in or registered to do business in the U.S. to report information about their beneficial owners to FinCEN. FinCEN noted that the final rule is designed to protect national security and strengthen the integrity and transparency of the U.S. financial system. FinCEN also released a Fact Sheet clarifying the final rule. The final rule is effective January 1, 2024. Reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial reports, while reporting companies created or registered after January 1, 2024, will have 30 days after creation or registration to file their initial reports. Once the initial report has been filed, both existing and new reporting companies will have to file updates within 30 days of a change in their beneficial ownership information, according to FinCEN. The same day, Treasury Secretary Janet L. Yellen released a statement, noting that the final rule is “a major step forward in giving law enforcement, national security agencies, and other partners the information they need to crack down on criminals, corrupt individuals, and other bad actors who seek to take advantage of America’s financial system for illicit purposes.”