Enforcement

Subscribe to Enforcement via RSS

On 12 February 2019, the European Data Protection Board (“EDPB”)[1] adopted its first opinion on an “administrative arrangement,” which provides a new mechanism for the transfer of personal data between European Union (“EU”) financial supervisory authorities and securities agencies and their non-EU counterparts.

Under the EU’s General Data Protection Regulation 2016/679 (“GDPR”), personal data cannot be transferred from the European Economic Area (“EEA”) to a third country unless the European Commission has decided that such third country is “adequate” from a data protection laws perspective, or “appropriate safeguards” are in place to ensure that the treatment of personal data in the hands of the recipient reflects the GDPR’s high standards. Article 46 of the GDPR provides for various safeguarding options, including the possibility of “provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.[2] No such “administrative arrangements” have been approved by the EDPB until now.
Continue Reading EDPB Issues First Opinion on Administrative Arrangements Under the GDPR for Cross-Border Data Flows Between EU and Non-EU Securities Agencies

On 12 February 2019, the English High Court issued a judgment in proceedings related to the takeover of Autonomy Corporation Limited (now ACL Netherlands BV) by the Hewlett-Packard group in 2011. The question before the Court was whether a U.S. grand jury subpoena served on Hewlett Packard Enterprise (the U.S. parent company of the claimants)

Last week, in SEC v. Scoville, the U.S. Court of Appeals for the Tenth Circuit held that Dodd-Frank allows the Securities and Exchange Commission to bring fraud claims based on sales of securities to foreign buyers where defendants engage in fraudulent conduct within the United States.

In so holding, the Court concluded that Dodd-Frank

On January 10, 2019, a Magistrate Judge in the Northern District of California issued an order denying an application for a search warrant that would have compelled any individual present at the premises to be searched to unlock their digital devices using biometric features, such as thumb prints and facial scans.  The order is notable in that the search warrant was not rejected on Fourth Amendment grounds, but rather on the grounds that requiring a person to unlock his or her digital device ran afoul of the Fifth Amendment’s privilege against self-incrimination.[1]  Providing a thumb or facial scan, the court reasoned, constituted testimony protected by the Fifth Amendment, analogizing biometrics to passwords that similarly protect information stored on devices.  This decision highlights the current tension in the courts on the accessibility of information stored on digital devices, and the courts’ continuing efforts to develop rules governing this rapidly-evolving area of law.
Continue Reading Court Holds That 5th Amendment Self-Incrimination Privilege Precludes Compelling Fingerprint or Facial Recognition Access to Digital Devices

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms.  This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms.  Below we discuss the report’s key observations and contextualize these insights for members of the financial industry.
Continue Reading FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

On November 30, 2018, Judge Richard Sullivan issued a long-anticipated decision in favor of the defendants in Commodity Futures Trading Commission v. Wilson, No. 13 Civ. 7884, following a four-day bench trial in December 2016 before the U.S. District Court for the Southern District of New York.  The court held that the CFTC failed

On November 15, 2018, the Division of Enforcement (the “Division”) of the U.S. Commodity Futures Trading Commission (“CFTC”) released its Annual Report on the Division of Enforcement (the “Report”), highlighting the enforcement division’s recent initiatives and reinforcing its focus on cooperation and self-reporting.  The Report provides a succinct overview of the Division’s enforcement priorities over the last year, discusses its overall enforcement philosophy, sets out key metrics about the cases brought in the last year, and highlights its key initiatives for the coming year.  While the Division’s priorities—preserving market integrity, protecting customers, promoting individual accountability, and increasing coordination with other regulators and criminal authorities—do not mark a departure from prior guidance, the Report does highlight the Division’s particular focus on individual accountability and a few target areas of enforcement. 
Continue Reading Virtual Currencies, Manipulation, Cooperation, and More: CFTC Enforcement Division’s 2018 Annual Report

On November 16, 2018, the U.S. Securities and Exchange Commission (“SEC”) Division of Corporation Finance (“Corp. Fin.”), Division of Investment Management, and Division of Trading and Markets issued a joint public statement on “Digital Asset Securities Issuance and Trading.”  The public statement is the latest in the Divisions’—and the Commission’s—steady efforts to publicly outline and develop its analysis on the application of the federal securities laws to initial coin offerings (“ICOs”) and certain digital tokens.  These efforts have combined a series of enforcement proceedings with public statements by Chairman Jay Clayton and staff, including a more detailed statement of the SEC’s analytical approach in Corp. Fin. Director William Hinman’s speech on digital assets in June 2018.
Continue Reading SEC Divisions’ Issue Public Statement on Digital Assets and ICOs, Echoing Recent Enforcement Actions

On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active management of the platform’s order taking and execution functions. Instead, EtherDelta was “decentralized,” in that it connected buyers and sellers through a pre-established smart contract protocol upon which all operational decisions were carried out.

In the SEC’s view, EtherDelta met Exchange Act Rule 3b-16(a)’s definition of an exchange notwithstanding the lack of ongoing centralized management of order taking and execution.  Robert Cohen, the Chief of the SEC’s Cyber Unit within the Division of Enforcement stated after the order’s release, “The focus is not on the label you put on something . . . The focus is on the function . . . whether it’s decentralized or not, whether it’s on a smart contract or not, what matters is it’s an exchange.” This functional approach echoes prior SEC guidance and enforcement actions in the digital asset securities markets in emphasizing that the Commission will look to the substance and not the form of a market participants’ operations in evaluating their effective compliance with U.S. securities laws.
Continue Reading SEC Brings First Enforcement Action Against a Digital Assets Trading Platform for Failure to Register as a Securities Exchange

For the first time, the SEC’s staff issued guidance last week under its rule governing audit committees for listed issuers.  The guidance addresses the composition of audit committees for issuers that are listed in both Brazil and the United States, and it takes the form of an interpretive letter from the Division of Corporation Finance