Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • New Jersey orders company to stop selling unregistered securities

    Securities

    On July 19, the New Jersey Bureau of Securities (Bureau) announced a cease and desist order against a financial services company for allegedly selling unregistered securities in the form of interest-earning cryptocurrency accounts and failing to explain to investors that the accounts were not licensed in New Jersey. According to the order, the company has been funding its lending operations and proprietary trading business since 2019 by selling interest-bearing cryptocurrency accounts that are not protected by or registered with any federal or state securities regulator. The order notes that the company “held the equivalent of $14.7 billion from the sale of these unregistered securities in violation of the Securities Law.” In addition, the order, which become effective July 22, requires the company to stop selling any unregistered security or violating any securities law. According to the Bureau, the recent action “comes amid rising concerns over the proliferation of decentralized finance platforms like [the company] that seek to reinvent traditional financial systems such as banks and brokerages for digital asset investors,” and that “[u]nlike traditional, regulated banks and brokerage firms, however, investors’ losses are not insured against or protected by the Federal Deposit Insurance Corporation or Securities Investor Protection Corporation.”

    Securities State Issues New Jersey Cease and Desist Cryptocurrency

    Share page with AddThis
  • SEC charges settlement company with cybersecurity disclosure violations

    Securities

    On June 15, the SEC announced charges against a real estate settlement services company for its role in allegedly failing to disclose controls and procedures related to a cybersecurity vulnerability that exposed sensitive customer information. According to the SEC’s order, an independent cybersecurity journalist warned the company in May 2019 of a vulnerability concerning its system for sharing document images that exposed over 800 million images dating back to 2003, including images containing sensitive personal data such as social security numbers and financial information. In response, the company allegedly issued a press release for inclusion in the cybersecurity journalist’s report published in May 2019 and furnished a Form 8-K to the Commission on May 28, 2019. However, according to the order, the company’s senior executives responsible for these kinds of releases “were not apprised of certain information that was relevant to their assessment of the company’s disclosure response to the vulnerability and the magnitude of the resulting risk.” Specifically, the order states that senior executives were not informed that the company’s information security personnel had identified a vulnerability several months earlier, in January 2019, but failed to remediate the vulnerability in accordance with the company’s policies. The order finds that the company “failed to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning the vulnerability was analyzed for disclosure in the company’s public reports filed with the Commission.” The SEC charged the company with violating Rule 13a-15(a) of the Exchange Act and ordered the company, who agreed to a cease-and-desist order, to pay a $487,616 penalty.

    Securities Federal Issues SEC Enforcement Courts Cease and Desist Privacy/Cyber Risk & Data Security Data Breach

    Share page with AddThis
  • FDIC releases January enforcement actions

    Federal Issues

    On February 28, the FDIC released a list of administrative enforcement actions taken against banks and individuals in January. The FDIC issued 18 orders, which “consisted of two consent orders; one civil money penalty; three removal and prohibition orders; eight section 19 orders; three terminations of consent orders and cease and desist orders; and one order terminating prompt corrective action.” Among the actions was a civil money penalty assessed against a Montana-based bank for allegedly violating the Flood Disaster Protection Act by failing to obtain adequate flood insurance coverage on certain loans and failing to provide borrowers with notice of the availability of federal disaster relief assistance. Separately, in a joint action with the California Department of Business Oversight, the agency issued a consent order against a California-based bank related to alleged weaknesses in its Bank Secrecy Act and anti-money laundering (BSA/AML) compliance program. Among other things, the bank was ordered to (i) retain qualified management to ensure compliance with applicable laws and regulations; (ii) “correct all violations of law to the extent possible”; (iii) implement a revised, written BSA compliance program to address BSA/AML deficiencies; (iv) establish a written Customer Due Diligence Program to ensure the reasonable detection of suspicious activity and the identification of higher-risk customers; (v) adopt a process for reviewing transaction monitoring alerts; and (vi) “ensure that suspicious activity monitoring system is independently validated.”

    Federal Issues FDIC Enforcement Bank Secrecy Act Anti-Money Laundering Cease and Desist Customer Due Diligence FDI Act Civil Money Penalties Flood Disaster Protection Act CDBO Flood Insurance

    Share page with AddThis
  • OCC releases January enforcement actions

    Federal Issues

    On February 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include four civil money penalty orders, three cease and desist orders, five removal/prohibition orders, and a termination of an existing enforcement action. Included among the actions is a January 30 Consent Order to resolve the OCC’s claims that a New York-based bank engaged in Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program violations. According to the consent order, an OCC examination identified alleged deficiencies in the bank’s BSA/AML compliance program, including (i) failure to “assess and monitor high risk customer activity flowing to or from high risk jurisdictions”; (ii) deficient BSA/AML policies, procedures, systems and controls; (iii) inadequate suspicious activity monitoring and suspicious activity reporting (SAR) to FinCEN; (iv) deficient Customer Due Diligence processes, including failure to appoint a BSA officer; and (v) failure to sufficiently monitor or provide controls for increased wire and ACH transactions. The consent order requires the bank to, among other things, (i) appoint a compliance committee within 30 days; (ii) submit a written strategic plan to the OCC covering at least the next three years; (iii) appoint a “permanent, qualified, and experienced BSA Officer” with sufficient staff; (iv) create and adopt a “written program of internal control policies and procedures to provide for the compliance with the BSA”; and (v) adopt and deploy a “written system of internal controls and processes to ensure compliance with the requirements to file SARs.”

    Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Customer Due Diligence Examination Cease and Desist SARs

    Share page with AddThis
  • OCC issues cease and desist order against Japanese bank for BSA/AML issues

    Federal Issues

    On February 22, the OCC announced a cease and desist order against three U.S. branches of a Japanese bank for allegedly violating the Bank Secrecy Act (BSA). According to the order, after an examination of the branches’ BSA/Anti-Money Laundering and OFAC compliance programs, the OCC identified alleged deficiencies in the branches’ BSA compliance program, including (i) internal controls; (ii) suspicious activity monitoring, which resulted in untimely suspicious activity report filings; (iii) foreign correspondent due diligence program; and (iv) trade finance monitoring. The OCC did not issue a monetary penalty against the branches and noted in the order’s announcement that the branches have already begun corrective actions. This action demonstrates U.S. banking regulators’ continued scrutiny of the BSA compliance programs of U.S. branches and subsidiaries of non-U.S. banks that provide international access to the U.S. financial system.

    As previously covered by InfoBytes, in November 2017, the OCC issued a consent order with the branches that required corrective actions related to OFAC compliance. The branches continue to operate under this order.

    Federal Issues OCC Cease and Desist Bank Secrecy Act Anti-Money Laundering Financial Crimes Of Interest to Non-US Persons Compliance

    Share page with AddThis

Upcoming Events