United States

Subscribe to United States via RSS

On May 15, 2019, the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Commodity Futures Trading Commission (“CFTC”) announced that they entered into an Enhanced Multilateral Memorandum of Understanding Concerning Consultation and the Exchange of Information (“Enhanced MMoU”) under the auspices of the International Organization of Securities Commissions (“IOSCO”), along with nine other international financial regulators.[1]  Both the SEC and CFTC are already signatories to IOSCO’s predecessor memorandum of understanding with 121 other signatories.  However, the Enhanced MMoU provides for significant enhancements in cross-border enforcement cooperation—including the ability to compel testimony outside of the United States—that, if widely adopted, could increase the signatory regulators’ abilities to undertake (and coordinate) multilateral cross-border investigations.
Continue Reading SEC and CFTC Chairs Sign Enhanced Multilateral Memorandum of Understanding Expanding Cross-Border Enforcement Cooperation

On May 6, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-18, addressing members’[1] anti-money laundering (“AML”) compliance programs.  This notice focused extensively on members’ monitoring for suspicious activities and subsequent suspicious activity report (“SAR”) filing obligations, providing 97 examples of “money laundering red flags” to securities industry market participants.  Where applicable to a members’ business operations, FINRA encouraged broker-dealers to take a “risk-based approach” to AML compliance and incorporate these red flags into their AML programs, even though the organization noted that merely doing so will not satisfy all obligations.  Where any red flags are detected, FINRA encouraged firms to consider whether “additional investigation, customer due diligence measures or a SAR filing may be warranted.”
Continue Reading FINRA Publishes AML Red Flags to Help Broker-Dealers Satisfy Suspicious Activity Monitoring and Reporting Requirements

On April 16, 2019, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert addressing all registered broker-dealers and investment advisers’ (together, “Firms”)[1] privacy-related obligations under Regulation S-P (“Reg S-P”).  The Risk Alert set out the most frequent Reg S-P deficiencies OCIE identified during examinations over the past two years, and encouraged registrants to review their written privacy policies and procedures as well as the consistency with which these policies and procedures have been implemented.  The Alert is the latest in a series of recent privacy and cybersecurity guidance documents issued by the SEC, including the February 2018 Commission Statement and Guidance on Public Company Cybersecurity Disclosures and October 2018 Report of Investigation on cyber-related frauds and public company accounting controls.

This Risk Alert is consistent with the SEC’s approach of seeking to influence the conduct of registrants by providing guidance on specific compliance issues, followed by Risk Alerts noting common exam deficiencies, prior to pursuing enforcement actions.  Investment advisers and broker-dealers should  take this as a prompt to review their relevant policies and procedures to ensure they are appropriate and being followed in practice.
Continue Reading SEC Privacy Risk Alert may Foreshadow Upcoming Reg S-P Enforcement Against Broker-Dealers, Investment Advisers

Legal and regulatory scrutiny regarding the use of non-disclosure agreements by companies to resolve allegations of sexual harassment and misconduct continues to increase in the wake of the #MeToo movement.  Such scrutiny featured prominently this month in two high-profile sexual harassment matters: the Wynn Resorts investigation and the various legal proceedings following the allegations against Harvey Weinstein.  Both in-house and outside counsel for companies with senior executives facing such allegations should take note of these developments, as they call into question whether the use of NDAs could in certain circumstances amount to investigatory obstruction or a violation of ethical obligations.
Continue Reading New Scrutiny for NDAs in Sexual Harassment Matters

On March 4, 2019, the Commodity Futures Trading Commission (“CFTC”) announced a whistleblower award of over $2 million to an individual—unaffiliated with the company the CFTC charged—for providing expert analysis in conjunction with a related action instituted by another federal regulator.  While the Securities and Exchange Commission, which possesses a similar whistleblower award regime,[1] has previously issued awards to multiple claimants for both related actions[2] and to company outsiders,[3] this is the first such award to be granted by the CFTC in either respect.

The award demonstrates the CFTC’s continued commitment to the Whistleblower Program, and to using all available means in conducting enforcement actions.  This award also reflects both the CFTC’s willingness to collaborate with other federal regulators and to rely on external sources of expert data analysis and likely reflects the CFTC’s continued expansion of its Whistleblower Program, both in terms of sources of information and awards granted. 
Continue Reading CFTC Issues First Whistleblower Award Originating From Both a Related Action and a Company Outsider

On February 20, the Securities and Exchange Commission (the “SEC” or “Commission”) issued a cease-and-desist order against Gladius Network LLC (“Gladius”) concerning its 2017 initial coin offering (“ICO”).  The SEC found that the Gladius ICO violated the Securities Act of 1933’s (“Securities Act”) prohibition against the public offer or sale of any securities not made pursuant to either an effective registration statement on file with the SEC or under an exemption from registration.[1]  While this is far from the first time that the SEC has found that a particular ICO token meets the definition of a “security” under the Securities Act,[2] this is notably the first action involving an ICO token issuer that self-reported its potential violation.  Due to this, and Gladius’s cooperation throughout the investigation, the SEC stopped short of imposing any civil monetary penalties among its ordered remedial measures.
Continue Reading SEC Issues First ICO Enforcement Action Against a Self-Reporting Token Issuer

On 12 February 2019, the English High Court issued a judgment in proceedings related to the takeover of Autonomy Corporation Limited (now ACL Netherlands BV) by the Hewlett-Packard group in 2011. The question before the Court was whether a U.S. grand jury subpoena served on Hewlett Packard Enterprise (the U.S. parent company of the claimants)

Nearly a decade ago, WikiLeaks ushered in the age of mass leaks.  Since then, corporations, governments, public figures and private entities have increasingly had to reckon with a new reality: that vigilantes, activists, extortionists and even state actors can silently steal and rapidly disseminate proprietary information, including customer data and other sensitive information.  Last month, the Department of Justice (“DOJ”) indicted four individuals based on information first revealed in the “Panama Papers” leak.  This marks a significant milestone in law enforcement’s reliance on evidence based on an unauthorized mass leak of information.  While leaks and hacks are not a novel phenomenon—in 1971, the New York Times published top secret documents on the Vietnam War and, in 1994, a paralegal leaked tobacco industry documents that ultimately cost the industry billions of dollars in litigation and settlement costs—the frequency, scale and ease of dissemination of leaked information today presents a difference not only of degree, but of kind.  The new Panama Papers-based criminal case will likely raise a host of novel legal issues based on legal challenges to the DOJ’s reliance on information illegally obtained by a third party, as well as information that would ordinarily be protected by the attorney-client privilege.  In this memorandum, we discuss the potential issues raised by the prosecution and their implications.
Continue Reading U.S. Criminal Prosecution Based on Panama Papers Hack Raises Novel Legal Issues

As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel

On December 20, 2018, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its 2019 Examination Priorities.  The six themes for this year’s priorities are:  retail investors (including seniors and those saving for retirement), compliance and risk in registrants responsible for critical market infrastructure (clearing agencies, transfer agents, national securities exchanges and Regulation SCI entities), oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board, digital assets, cybersecurity and anti-money laundering.  The only new theme for 2019 compared to 2018 is digital assets, which we take to imply a plan to more closely—and substantively—regulate investment advisers and broker-dealers involved with this asset class.  The 2019 priorities also more explicitly than the 2018 priorities describe specific practices that OCIE found concerning in examinations of those entities, many of which involved failure to adequately safeguard client assets and the adequacy of disclosures of conflicts of interest.  We expect to see a corresponding focus in Enforcement Division investigations and cases on these issues as a result.
Continue Reading Lessons from the SEC Office of Compliance Inspections and Examinations’ 2019 Priorities