On March 6, 2019, the U.S. Commodity Futures Trading Commission (“CFTC”) Enforcement Division released an advisory (the “Advisory”) on self-reporting and cooperation for violations of the Commodity Exchange Act (“CEA”) that involve foreign corrupt practices.[1]  The Advisory lays out guidelines for companies or individuals “not registered (or required to be registered) with the CFTC” to receive significant cooperation credit for voluntarily and timely disclosing CEA violations involving foreign corrupt practices.[2]  Indeed, where such disclosure is followed by “full cooperation and appropriate remediation” and other measures, the Division of Enforcement will extend a presumption that no civil monetary penalties be imposed.[3]  Moreover, while registrants—which are subject to “independent reporting obligations”—will not benefit from such a presumption, cooperation may still garner “substantial reduction in the civil monetary penalty.”[4]

The Advisory is the latest signal of the CFTC’s efforts over the last two years to more clearly define the benefits of voluntary cooperation with the Agency.[5]  This may indicate that the CFTC is taking an increased interest in corruption cases related to the commodities or swaps markets. Continue Reading CFTC Enforcement Division Issues New Advisory on Self-Reporting and Cooperation

On 12 February 2019, the European Data Protection Board (“EDPB”)[1] adopted its first opinion on an “administrative arrangement,” which provides a new mechanism for the transfer of personal data between European Union (“EU”) financial supervisory authorities and securities agencies and their non-EU counterparts.

Under the EU’s General Data Protection Regulation 2016/679 (“GDPR”), personal data cannot be transferred from the European Economic Area (“EEA”) to a third country unless the European Commission has decided that such third country is “adequate” from a data protection laws perspective, or “appropriate safeguards” are in place to ensure that the treatment of personal data in the hands of the recipient reflects the GDPR’s high standards. Article 46 of the GDPR provides for various safeguarding options, including the possibility of “provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.[2] No such “administrative arrangements” have been approved by the EDPB until now. Continue Reading EDPB Issues First Opinion on Administrative Arrangements Under the GDPR for Cross-Border Data Flows Between EU and Non-EU Securities Agencies

On 12 February 2019, the English High Court issued a judgment in proceedings related to the takeover of Autonomy Corporation Limited (now ACL Netherlands BV) by the Hewlett-Packard group in 2011. The question before the Court was whether a U.S. grand jury subpoena served on Hewlett Packard Enterprise (the U.S. parent company of the claimants) required certain documents received by the claimants solely through disclosure in English High Court litigation, as well as witness statements exchanged between the parties to that litigation, to be produced to the U.S. Federal Bureau of Investigation.

In summary:

  • The Court refused to allow disclosure of the documents in response to the grand jury subpoena on the basis that the subpoena did not override English public policy considerations which seek to preserve a litigant’s right to privacy and confidentiality, nor were the parties to the English proceedings compelled to comply with terms of the subpoena.
  • The decision illustrates the high threshold which needs to be met to obtain the court’s permission to make collateral use of documents disclosed in English proceedings, and demonstrates the level of scrutiny which subpoenas from U.S. authorities will be subjected to by the English courts where they relate to documents disclosed in English proceedings and protected by the English courts’ confidentiality rules.

Please click here to read the full alert memorandum.

Last week, in SEC v. Scoville, the U.S. Court of Appeals for the Tenth Circuit held that Dodd-Frank allows the Securities and Exchange Commission to bring fraud claims based on sales of securities to foreign buyers where defendants engage in fraudulent conduct within the United States.

In so holding, the Court concluded that Dodd-Frank abrogated in part the Supreme Court’s rule, announced in Morrison v. National Australia Bank Ltd., that fraud claims under the federal securities laws can only be brought with respect to transactions in securities listed on a U.S. exchange or transactions in other securities in the U.S.  If adopted more broadly, this ruling would restore in government enforcement actions the more expansive conduct-and-effects test that the Morrison Court rejected.

Please click here to read the full alert memorandum.

On January 10, 2019, a Magistrate Judge in the Northern District of California issued an order denying an application for a search warrant that would have compelled any individual present at the premises to be searched to unlock their digital devices using biometric features, such as thumb prints and facial scans.  The order is notable in that the search warrant was not rejected on Fourth Amendment grounds, but rather on the grounds that requiring a person to unlock his or her digital device ran afoul of the Fifth Amendment’s privilege against self-incrimination.[1]  Providing a thumb or facial scan, the court reasoned, constituted testimony protected by the Fifth Amendment, analogizing biometrics to passwords that similarly protect information stored on devices.  This decision highlights the current tension in the courts on the accessibility of information stored on digital devices, and the courts’ continuing efforts to develop rules governing this rapidly-evolving area of law. Continue Reading Court Holds That 5th Amendment Self-Incrimination Privilege Precludes Compelling Fingerprint or Facial Recognition Access to Digital Devices

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms.  This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms.  Below we discuss the report’s key observations and contextualize these insights for members of the financial industry. Continue Reading FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

On November 30, 2018, Judge Richard Sullivan issued a long-anticipated decision in favor of the defendants in Commodity Futures Trading Commission v. Wilson, No. 13 Civ. 7884, following a four-day bench trial in December 2016 before the U.S. District Court for the Southern District of New York.  The court held that the CFTC failed to meet its burden of proof in establishing claims of market manipulation or attempted market manipulation under Sections 6(c) and 9(a)(2) of the Commodity Exchange Act (“CEA”) based on trading by Donald R. Wilson and his firm DRW Investments LLC (“DRW”) of a particular exchange-traded interest rate swap futures contract (the “IDEX Three-Month IRS Contract”).  The court found that although the defendants’ trading affected the price of the IDEX Three-Month IRS Contract in a way that benefitted defendants’ existing positions, there was no evidence that the resulting price was “artificial,” which the Second Circuit has held is a necessary element in establishing market manipulation under the CEA.

The Wilson decision is significant because it rejected the CFTC’s argument that the artificiality element could be satisfied merely by showing that a market participant structured bids in a manner intended to affect settlement prices.  Because the defendants had a “legitimate economic rationale” for the bids they submitted, the court held that defendants’ intent to trade in a manner that affected settlement prices does not itself create liability for market manipulation under the CEA.

Please click here to read the full alert memorandum.

On November 15, 2018, the Division of Enforcement (the “Division”) of the U.S. Commodity Futures Trading Commission (“CFTC”) released its Annual Report on the Division of Enforcement (the “Report”), highlighting the enforcement division’s recent initiatives and reinforcing its focus on cooperation and self-reporting.  The Report provides a succinct overview of the Division’s enforcement priorities over the last year, discusses its overall enforcement philosophy, sets out key metrics about the cases brought in the last year, and highlights its key initiatives for the coming year.  While the Division’s priorities—preserving market integrity, protecting customers, promoting individual accountability, and increasing coordination with other regulators and criminal authorities—do not mark a departure from prior guidance, the Report does highlight the Division’s particular focus on individual accountability and a few target areas of enforcement.  Continue Reading Virtual Currencies, Manipulation, Cooperation, and More: CFTC Enforcement Division’s 2018 Annual Report

On November 16, 2018, the U.S. Securities and Exchange Commission (“SEC”) Division of Corporation Finance (“Corp. Fin.”), Division of Investment Management, and Division of Trading and Markets issued a joint public statement on “Digital Asset Securities Issuance and Trading.”  The public statement is the latest in the Divisions’—and the Commission’s—steady efforts to publicly outline and develop its analysis on the application of the federal securities laws to initial coin offerings (“ICOs”) and certain digital tokens.  These efforts have combined a series of enforcement proceedings with public statements by Chairman Jay Clayton and staff, including a more detailed statement of the SEC’s analytical approach in Corp. Fin. Director William Hinman’s speech on digital assets in June 2018. Continue Reading SEC Divisions’ Issue Public Statement on Digital Assets and ICOs, Echoing Recent Enforcement Actions

On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active management of the platform’s order taking and execution functions. Instead, EtherDelta was “decentralized,” in that it connected buyers and sellers through a pre-established smart contract protocol upon which all operational decisions were carried out.

In the SEC’s view, EtherDelta met Exchange Act Rule 3b-16(a)’s definition of an exchange notwithstanding the lack of ongoing centralized management of order taking and execution.  Robert Cohen, the Chief of the SEC’s Cyber Unit within the Division of Enforcement stated after the order’s release, “The focus is not on the label you put on something . . . The focus is on the function . . . whether it’s decentralized or not, whether it’s on a smart contract or not, what matters is it’s an exchange.” This functional approach echoes prior SEC guidance and enforcement actions in the digital asset securities markets in emphasizing that the Commission will look to the substance and not the form of a market participants’ operations in evaluating their effective compliance with U.S. securities laws. Continue Reading SEC Brings First Enforcement Action Against a Digital Assets Trading Platform for Failure to Register as a Securities Exchange