Photo of Alexis Collins

Alexis Collins’ practice focuses on litigation, including criminal and regulatory enforcement matters and complex civil and antitrust litigation.

On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1]  As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner.  The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.   
Continue Reading United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement

On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets.  In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the launch of ICOs in digital asset securities since 2017.
Continue Reading SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets

In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook.  Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors

In the past year, members of the U.S. Congress and Senate on both sides of the aisle have proposed data privacy bills that would impose nationwide standards on companies who collect and/or share consumers’ personal information. Currently, all 50 states have separate, but often overlapping, data privacy regimes—each subjecting companies to various combinations of recordkeeping standards, data sharing restrictions, and data breach reporting requirements—creating a patchwork of state laws that can generate substantial uncertainty for corporations.
Continue Reading Legislators Propose Differing Approaches to Federalizing Corporate Responsibility for Data Breaches

On May 6, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-18, addressing members’[1] anti-money laundering (“AML”) compliance programs.  This notice focused extensively on members’ monitoring for suspicious activities and subsequent suspicious activity report (“SAR”) filing obligations, providing 97 examples of “money laundering red flags” to securities industry market participants.  Where applicable to a members’ business operations, FINRA encouraged broker-dealers to take a “risk-based approach” to AML compliance and incorporate these red flags into their AML programs, even though the organization noted that merely doing so will not satisfy all obligations.  Where any red flags are detected, FINRA encouraged firms to consider whether “additional investigation, customer due diligence measures or a SAR filing may be warranted.”
Continue Reading FINRA Publishes AML Red Flags to Help Broker-Dealers Satisfy Suspicious Activity Monitoring and Reporting Requirements

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms.  This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms.  Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.
Continue Reading FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

On December 20, 2018, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its 2019 Examination Priorities.  The six themes for this year’s priorities are:  retail investors (including seniors and those saving for retirement), compliance and risk in registrants responsible for critical market infrastructure (clearing agencies, transfer agents, national securities exchanges and Regulation SCI entities), oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board, digital assets, cybersecurity and anti-money laundering.  The only new theme for 2019 compared to 2018 is digital assets, which we take to imply a plan to more closely—and substantively—regulate investment advisers and broker-dealers involved with this asset class.  The 2019 priorities also more explicitly than the 2018 priorities describe specific practices that OCIE found concerning in examinations of those entities, many of which involved failure to adequately safeguard client assets and the adequacy of disclosures of conflicts of interest.  We expect to see a corresponding focus in Enforcement Division investigations and cases on these issues as a result.
Continue Reading Lessons from the SEC Office of Compliance Inspections and Examinations’ 2019 Priorities

On November 16, 2018, the U.S. Securities and Exchange Commission (“SEC”) Division of Corporation Finance (“Corp. Fin.”), Division of Investment Management, and Division of Trading and Markets issued a joint public statement on “Digital Asset Securities Issuance and Trading.”  The public statement is the latest in the Divisions’—and the Commission’s—steady efforts to publicly outline and develop its analysis on the application of the federal securities laws to initial coin offerings (“ICOs”) and certain digital tokens.  These efforts have combined a series of enforcement proceedings with public statements by Chairman Jay Clayton and staff, including a more detailed statement of the SEC’s analytical approach in Corp. Fin. Director William Hinman’s speech on digital assets in June 2018.
Continue Reading SEC Divisions’ Issue Public Statement on Digital Assets and ICOs, Echoing Recent Enforcement Actions

On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active management of the platform’s order taking and execution functions. Instead, EtherDelta was “decentralized,” in that it connected buyers and sellers through a pre-established smart contract protocol upon which all operational decisions were carried out.

In the SEC’s view, EtherDelta met Exchange Act Rule 3b-16(a)’s definition of an exchange notwithstanding the lack of ongoing centralized management of order taking and execution.  Robert Cohen, the Chief of the SEC’s Cyber Unit within the Division of Enforcement stated after the order’s release, “The focus is not on the label you put on something . . . The focus is on the function . . . whether it’s decentralized or not, whether it’s on a smart contract or not, what matters is it’s an exchange.” This functional approach echoes prior SEC guidance and enforcement actions in the digital asset securities markets in emphasizing that the Commission will look to the substance and not the form of a market participants’ operations in evaluating their effective compliance with U.S. securities laws.
Continue Reading SEC Brings First Enforcement Action Against a Digital Assets Trading Platform for Failure to Register as a Securities Exchange

On November 2, the SEC’s Enforcement Division released its annual report detailing the facts and figures of its enforcement efforts in fiscal year 2018.  At first blush, this year’s report looks strikingly similar to those from recent years, as the headline numbers in most categories are nearly indistinguishable from 2015, 2016, and 2017.  This consistency may be surprising given that 2018 is the first such report reflecting exclusively the enforcement priorities of the Commission since it was reconstituted under Chair Jay Clayton.

But a closer examination of the report, including the components feeding into the top-line facts and figures and commentary by Division co-directors Stephanie Avakian and Steven Peikin, reveals a clear shift in priorities by the Division.  These range from a philosophical shift in its mission to the reallocation of resources during a hiring freeze.  We address here the most notable of these subtle but important changes. 
Continue Reading Retail, Remedies, Resources and Results: Observations From the SEC Enforcement Division 2018 Annual Report