Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Fed announces enforcement action against Kansas bank for operational deficiencies

    On September 5, the Fed announced a cease and desist order (the “order”) against a Kansas bank holding company and its subsidiary bank (collectively, the “bank”) for having significant operational deficiencies, including deficiencies related to staffing, internal controls, credit risk management, lending and credit administration, capital, information technology and information security, books and records, regulatory reporting, liquidity and funds management, earnings, interest rate risk management, third-party risk management, and other deficiencies such as compliance with federal laws related to AML/BSA requirements.

    The order directs the bank to, among other things, (i) strengthen board oversight; (ii) engage a third party to conduct an assessment of the bank’s corporate governance and staffing; (iii) improve lending and credit administration policies and procedures; (iv) correct the identified information technology and information security deficiencies; (v) revise its allowance for credit losses methodology to comply with supervisory guidance; (vi) enhance interest rate risk management practices; (vii) improve internal controls; (viii) submit a written plan to maintain sufficient capital; (ix) enhance liquidity risk management; and (x) improve the bank’s earnings and overall condition. The order also directs the Bank to improve its BSA/AML compliance program and internal audit program, and to take all necessary steps to correct all violations of law or regulation and to ensure future compliance.

    Bank Regulatory Federal Issues Enforcement Cease and Desist Bank Secrecy Act Anti-Money Laundering Kansas

  • SEC charges broker-dealer with failure to file suspicious activity reports


    On August 29, the SEC announced that it had brought charges against a Chicago-based broker-dealer. The SEC alleged that between August 2012 and September 2020 the broker-dealer failed to file over 400 hundred legally required suspicious financial transaction reports related to over-the-counter securities transactions executed in the broker-dealer’s alternative trading system (ATS). According to the SEC’s order, it was found that the broker-dealer did not establish an anti-money laundering surveillance program until September 2020, despite having thousands of high-risk microcap and penny stock securities transactions executed daily on its ATS.

    Daniel R. Gregus, Director of the SEC’s Chicago Regional Office, stated, “All SEC-registered broker-dealers have the responsibility to comply with the requirements of the Bank Secrecy Act, including the obligation to file SARs.”

    Without admitting or denying that it violated Section 17(a) of the Securities Exchange Act and Rule 17a-8, the broker-dealer agreed to a censure and a cease-and-desist order, along with a $1.5 million penalty.


    Securities Federal Issues SEC Broker-Dealer Enforcement Recordkeeping SARs Cease and Desist

  • SEC charges fintech investment adviser for misleading advertising


    On August 21, the SEC announced charges against a New York-based fintech investment adviser for using hypothetical performance metrics in misleading advertisements, compliance failures that led to misleading disclosures, and failure to adopt policies concerning crypto asset trading by employees, among other things. These charges mark the first violation of the SEC’s amended marketing rule.

    According to the order, the fintech investment adviser made misleading statements on its website by failing to include material information, and without having adopted and implemented required policies and procedures under the SEC’s marketing rule. The SEC also found that the company made conflicting disclosures regarding crypto assets custody and failed to adopt policies related to employee personal trading in crypto assets. 

    The company consented to the order finding that it violated the Advisers Act and without admitting or denying the SEC’s findings, entered into a cease-and-desist order, a censure, and agreed to pay $192,454 in disgorgement, prejudgment interest and an $850,000 civil penalty that will be distributed to affected clients.

    Securities Fintech Enforcement SEC Disclosures Cryptocurrency Cease and Desist

  • DFPI launches actions against crypto scams, initiates education campaign

    State Issues

    On August 9, the California Department of Financial Protection and Innovation (DFPI) announced that it issued cease and desist orders against three entities (orders here, here, and here) for allegedly offering and selling unqualified securities, and making material misrepresentations and omissions to investor related to cryptocurrency investments. The entities allegedly created high-yield investment programs (HYIPs), which DFPI characterizes as “investment frauds that typically promise high returns with low risk, promise overly consistent returns, provide little details about the people running the HYIP, use vague language to describe how the HYIP makes money, offer referral bonuses, facilitate deposits and withdrawals with crypto assets, and use social media to gain attention and attract investors.” 

    The cease and desist orders are just one of the tools DFPI employs to address investment scams involving crypto assets, also using enforcement actions, social media, and a Crypto Scam Tracker. DFPI has posted videos to its social media accounts that are directed towards the same group of individuals targeted by the crypto community in order to educate investors about its enforcement actions and violations of law. The Crypto Scam Tracker was launched earlier this year to help Californian’s identify and avoid scams involving cryptocurrency. (Covered by InfoBytes here).

    State Issues Privacy, Cyber Risk & Data Security Cryptocurrency California Enforcement Cease and Desist DFPI FDCPA

  • SEC settles allegations regarding robo-adviser service


    On June 13, the SEC announced a settlement with three subsidiaries of a financial services holding company (collectively, “respondents”) regarding their robo-adviser service. The order, which the respondents consented to without admitting or denying the findings, imposes a civil money penalty of $135 million and a total of $52 million in disgorgement. The order also provides that the respondents must cease and desist from committing or causing any future violations of the antifraud provisions in the Investment Advisers Act.

    Securities Enforcement Cease and Desist Investment Advisers Act Robo-Advisor Service

  • Fed issues cease and desist order against California bank

    On January 18, the Federal Reserve Board issued a cease and desist order against two California-based bank holding companies (companies) and their jointly-owned bank, due to “additional safety and soundness deficiencies at the Bank, including with respect to unsecured loans,” following the termination of a February 2021 written agreement. According to the Fed’s order, “the Bank is currently operating without a permanent Chief Executive Officer, and Chief Financial Officer, and a sufficient number of board members, which are vital to the safe and sound operations of the Bank in light of the numerous remedial requirements of the Written Agreement.” The order requires, among other things, that the bank, within 60 days, submit written lending and credit administration policies and procedures and retain an independent third party to assess the adequacy of the bank’s compensation governance, policies, procedures, and internal controls. The order imposes no financial penalty.

    Bank Regulatory Federal Reserve Cease and Desist Enforcement California

  • OCC issues cease and desist order against bank

    Federal Issues

    On September 20, the OCC announced a cease and desist order issued against a bank for alleged “unsafe or unsound practices” related to “technology and operational risk management,” in addition to the bank’s noncompliance with the OCC’s Interagency Guidelines Establishing Information Security Standards contained in Appendix B to 12 CFR Part 30. Without admitting to or denying the claims, the bank is required by the order to improve information technology and operational risk governance, technology risk assessments, internal controls, and staffing deficiencies. Specifically, the bank must develop an acceptable, written action plan outlining the remedial actions necessary to achieve compliance with the order by addressing the alleged unsafe or unsound practices and noncompliance, which must specify, among other things, a description of the corrective actions, reasonable and well-supported timelines, and those responsible for completing the actions. The order provides that the bank must also establish a Compliance Committee to quarterly submit: (i) “a description of the corrective actions needed to achieve compliance with each Article of the order”; (ii) the specific corrective actions undertaken to comply with each Article of the Order”; and (iii) “the results and status of the corrective actions.”

    Federal Issues OCC Enforcement Cease and Desist Compliance Risk Management Bank Regulatory

  • SEC charges alternative data provider with securities fraud


    On September 14, the SEC announced a settlement with an alternative data provider and one of the company’s co-founders (collectively, "respondents") resolving allegations that the company violated antifraud provisions by engaging in deceptive practices and making material misrepresentations regarding alternative data. According to the order, the respondents understood that companies would share their confidential app performance data if they promised not to disclose it to third parties. As a result, the respondents assured companies that their data would be aggregated and anonymized before being used by a statistical model to generate estimates of app performance. However, the respondents, between 2014 and mid-2018, utilized non-aggregated and non-anonymized data to alter its model-generated estimates to make them more valuable to sell to trading firms. The SEC alleged that the respondents violated provisions of the Exchange Act, such as Section 10(b) and Rule 10b-5 thereunder, because their misrepresentations and other deceptive practices misled subscribers regarding how the company’s intelligence estimates were calculated. The order, to which the respondents consented, imposes civil money penalties of $300,000 and $10 million. The order also provides that the company must cease and desist from committing or causing any future violations of the Exchange Act, and prohibits the co-founder from serving as an officer or director of a public company for three years.

    Securities Enforcement Alternative Data Securities Exchange Act Cease and Desist

  • OCC issues cease and desist order and $250 million penalty against national bank

    Federal Issues

    On September 9, the OCC announced a cease-and-desist and consent order and a $250 million civil money penalty against a national bank for alleged unsafe or unsound practices related to deficiencies in its home lending loss mitigation program and for violations of a 2018 consent order. According to the OCC, the bank, among other things: (i) failed to fully implement and maintain adequate loss mitigation practices; (ii) had mitigation decisioning tools and operational deficiencies that caused errors in loss mitigation processes; (iii) failed to timely detect, prevent, and quantify inaccurate loan modification decisions, due to inadequate controls, insufficient independent oversight, and ineffective governance related to loss mitigation activities; and (iv) had deficient internal auditing, which failed to consider aspects of previously identified issues. The cease and desist order requires the bank, among other things, to establish significant improvements to its loss mitigation program and cease taking on certain new bulk residential mortgage servicing rights from third parties. The September 9 civil money penalty order, which notes that the bank has taken steps to comply with the 2018 consent order but failed to effectively implement corrective actions, requires the bank to pay a civil penalty of $250 million.

    Federal Issues OCC Enforcement Cease and Desist Loss Mitigation Bank Regulatory

  • SEC says digital asset trading company violated the Exchange Act


    On August 9, the SEC announced charges against a digital asset trading company for operating an unregistered online digital asset exchange in connection with its operation of a trading platform that facilitated buying and selling of digital asset securities. According to the SEC’s order, the company operated a web-based trading platform that facilitated buying and selling digital assets, which included digital assets that were investment contracts and therefore securities. The order finds that, “[n]otwithstanding its operation of the [Company] Trading Platform, [the company] did not register as a national securities exchange nor did it operate pursuant to an exemption from registration at any time, and its failure to do so was a violation of Section 5 of the Exchange Act,” despite operating as a Rule 3b-16(a) system under the Exchange Act. The order, which the company consented to without admitting or denying the findings, imposes a disgorgement fee of $8,484,313, a prejudgment interest fee of $403,995, and a civil penalty of $1.5 million, for a total of $10,388,309. The order also provides that the company must cease and desist from committing or causing any future violations of the Exchange Act and establishes a fair fund for the benefit of victims.

    Securities Federal Issues SEC Enforcement Courts Cease and Desist Securities Exchange Act Digital Assets


Upcoming Events