On May 15, 2019, the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Commodity Futures Trading Commission (“CFTC”) announced that they entered into an Enhanced Multilateral Memorandum of Understanding Concerning Consultation and the Exchange of Information (“Enhanced MMoU”) under the auspices of the International Organization of Securities Commissions (“IOSCO”), along with nine other international financial regulators.[1]  Both the SEC and CFTC are already signatories to IOSCO’s predecessor memorandum of understanding with 121 other signatories.  However, the Enhanced MMoU provides for significant enhancements in cross-border enforcement cooperation—including the ability to compel testimony outside of the United States—that, if widely adopted, could increase the signatory regulators’ abilities to undertake (and coordinate) multilateral cross-border investigations.

The Enhanced MMoU broadens IOSCO’s first information-sharing agreement, the Multilateral Memorandum of Understanding Concerning Consultation and Cooperation and the Exchange of Information (“MMoU”), drafted in 2002 and revised in 2012.[2]  The MMoU was established by IOSCO to support its objectives of protecting investors and facilitating cross-border enforcement of securities and derivatives laws and regulations.  The SEC and the CFTC are signatories to the MMoU, along with 121 other financial regulators.[3]  The MMoU provides guidelines and mechanisms for requesting assistance and sharing information between international regulatory authorities.  Prior to the creation of the MMoU, the SEC relied on bilateral information sharing memoranda of understanding with securities authorities for individual countries; those agreements remain in effect today and supplement the powers of the MMoU.  However, the creation of the MMoU provided a broader, uniform framework for mutual assistance across jurisdictions.

The MMoU outlines the mechanism for a request for assistance and provides for sharing information and documents held in signatory regulators’ files; disclosing contemporaneous records of securities and derivatives transactions, information and documents regarding transactions in bank and brokerage accounts, and the beneficial owners of such accounts; and seeking responses to questions or taking or compelling a person’s statement or, where permissible, a person’s testimony.

The Enhanced MMoU significantly expands the information-sharing mechanisms set out in the Memorandum.  The changes in the Enhanced MMoU reflect the increased importance of technology in markets and the need to analyze electronic data in order to investigate potential financial misconduct.  For example, among these new powers is the ability to obtain records from telephone service providers and internet service providers within the jurisdiction of the regulatory authority requesting the information.  IOSCO has identified these powers as necessary to successfully safeguard market stability and integrity and protect against and deter fraud.  Article 3 of the Enhanced MMoU – titled “Scope of Assistance” – identifies additional powers found in the Enhanced MMoU that are not found in the MMoU.[4]  These include the requirements that signatories:

(1)        obtain and provide information regarding auditing, “including, but not limited to, audit work papers, communication and other Information related to the audit or review of financial statements”;[5]

(2)        compel a person’s physical attendance for the purpose of gathering testimony (and, in the event of non-compliance, a sanction will be applied to the regulator);[6]

(3)        at the request of another signatory, freeze assets, and, if that is not possible, provide information on the assets and advice on how to best use legal procedures to freeze or sequester the assets.[7]

Furthermore, those signatories of the Enhanced MMoU which have signed on to Appendix A.1—including the SEC and the CFTC—are required to assist requesting entities by obtaining and sharing existing records from telephone service providers, internet service providers, or other electronic communication providers, as well as by obtaining “recordings of telephone conversations or other electronic communications held or maintained by Persons regulated by the Requested Authority,” if the signatories are competent to do so.[8]  These provisions underscore that regulatory authorities investigating potential market abuse more and more are prioritizing and relying on electronic and telecommunications.

The SEC and CFTC Chairs have cited technological developments and changes in the complexity and scope of global financial markets as prompting their decisions to sign on to this expansive information-sharing agreement.[9]  In a statement, SEC Chair Jay Clayton said that “as investment products, services and markets evolve, it is critical that the international community of financial regulators continue to cooperate to protect investors from bad actors perpetrating fraud across borders.”[10]  He noted that the SEC took an active role in negotiating and drafting the Enhanced MMoU in order to build upon the prior MMoU.  “This signing demonstrates the SEC’s continued strong commitment to combatting securities and derivatives fraud against American investors – including fraud which is carried out outside our borders,” said Clayton.[11]  CFTC Chair J. Christopher Giancarlo also touted the need for regulators to cooperate with their foreign counterparts in order to protect investors and markets in “[t]oday’s world of rapidly evolving technology and increasingly global financial markets.”[12]

International regulatory authorities are increasingly engaging in parallel investigations, information sharing and cooperation, and ultimately reaching global settlements.  Given the global nature of the modern financial industry, companies are often subject to the oversight of regulatory authorities in multiple jurisdictions and documents, information, or individuals relevant to a regulatory investigation may be located around the world.  It is therefore becoming more common for authorities in different jurisdictions to cooperate with one another, which may result in more efficient and effective investigations and enforcement of securities laws and regulations.  The provisions of the Enhanced MMoU allow jurisdictions that may have less stringent securities laws, more limited resources, or that otherwise may not be able to investigate and prosecute misconduct to share information with regulators that can.  The Enhanced MMoU also encourages jurisdictions to enact legislation that supports full and effective information sharing so that they can fully participate in and derive the benefits from the agreement.

While the majority of the powers and requirements of the Enhanced MMoU remain unchanged from the prior version, the new provisions signal a continued focus on cross-border cooperation and the facilitation of the exchange of information, an increased focus on technological advances, and a willingness of regulatory authorities to expand their powers in order to keep pace with changing financial markets.

Both the MMoU and Enhanced MMoU will remain in force for the time being. However, IOSCO has stated that the objective is for all of the MMoU’s signatories to ultimately migrate to the Enhanced MMoU.[13]  Currently, only eleven regulators have signed on to the Enhanced MMoU, including the SEC and CFTC; other jurisdictions include the Bahamas, British Columbia, Hong Kong, Ontario, Quebec, Singapore, Australia, the Republic of Korea, and the United Kingdom.[14]  Additional signatories would not only expand the effects of the Enhanced MMoU, but also signal an increasing willingness to internationalize enforcement processes.

[1] See May 20, 2019, SEC Press Release, SEC and CFTC Participate in the Signing Ceremony for the IOSCO Enhanced Multilateral Memorandum of Understanding Concerning Cross-Border Enforcement, https://www.sec.gov/news/press-release/2019-71 [hereinafter “SEC Press Release”].  The CFTC signed onto the memorandum on April 18, 2018, and the SEC signed on May 15, 2019.  See International Organization of Securities Commissions, Signatories to EMMoU, https://www.iosco.org/about/?subSection=emmou&subSection1=signatories.

[2] See SEC Press Release.

[3] See id.

[4] IOSCO’s Enhanced Multilateral Memorandum of Understanding Concerning Consultation and the Exchange of Information (2016), Article 3(2), available at https://www.iosco.org/about/pdf/Text-of-the-EMMoU.pdf [hereinafter “Enhanced MMoU”].

[5] Enhanced MMoU Article 3(2)(b)(v).

[6] Enhanced MMoU Article 3(2)(c).

[7] Enhanced MMoU Article 3(2)(d).

[8] Enhanced MMoU Article 3(3)(i)-(iii).  It remains to be seen how the new powers of the Enhanced MMoU will implicate data privacy concerns both in the U.S. and abroad.  However, given an increased focus on data privacy internationally, conflicts may emerge.

[9] See SEC Press Release.

[10] See id.

[11] See id.

[12] See id.

[13] See International Organization of Securities Commissions, Enhanced Multilateral Memorandum of Understanding Concerning Consultation and Cooperation and the Exchange of Information (EMMoU), https://www.iosco.org/about/?subSection=emmou.

[14] See International Organization of Securities Commissions, Signatories to Enhanced MMoU, https://www.iosco.org/about/?subSection=emmou&subSection1=signatories.