Photo of Michael H. Krimminger

Michael H. Krimminger’s practice focuses on U.S. and international banking and financial institutions.

On March 27, 2018, Massachusetts Secretary of State William Galvin announced that the state had ordered five firms to halt initial coin offerings (“ICOs”) on the grounds that the ICOs constituted unregistered offerings of securities but made no allegations of fraud.  These orders follow a growing line of state enforcement actions aimed at ICOs.

This was not Massachusetts’s first foray into regulating ICOs.  On January 17, 2018 the state filed a complaint alleging violations of securities and broker-dealer registration requirements against the company Caviar and its founder for an ICO that sought to create a “pooled investment fund with hedged exposure to crypto-assets and real estate debt.”

Continue Reading Massachusetts Orders Five Companies to Halt ICOs as States Step Up Enforcement Efforts

This past week, we received further evidence that U.S. federal regulators will continue to scrutinize potential compliance issues in virtual currency trading and initial coin offerings (“ICOs”) under existing law. However, the key takeaway is that the U.S. regulators, so far, are doing so under established interpretations of their existing authority. In our view, none of these events should be construed either as establishing a new regulatory framework or as a significant expansion of prior regulatory authority.

Please click here to read the full alert memorandum.

New York’s new cybersecurity regulations (the “Regulations”) become effective on August 28, 2017, marking a significant milestone in what is likely to be a new era in cybersecurity regulation on both a national and international level.

As governments grapple with how best to address cyber threats to their citizens, businesses and national security, there is an increasing focus on the potential use of regulatory requirements to impose minimum cybersecurity standards, particularly in the financial services sector. As more states and nation states adopt cybersecurity requirements, financial institutions are facing increased compliance costs and potentially a diversion of resources away from risk mitigation to compliance with regulatory requirements. As the Regulations come into effect, we briefly take stock of their requirements, their impact on international best practices, and related global developments.

Click here, to continue reading.

On August 1, 2017, the United States Court of Appeals for the D.C. Circuit held that policyholders of the health insurer CareFirst had standing to sue the company after their information was compromised during a cyberattack.

Wading into a vigorously contested area between plaintiffs and companies that have suffered data breaches, the court held that the policyholders’ elevated risk of identity theft and medical fraud was a sufficient injury to bring suit—even without any evidence that plaintiffs had actually suffered such harm. In so holding, the D.C. Circuit came down on one side of a circuit split, which may ultimately need to be resolved by the Supreme Court.

Click here, to continue reading.

On March 1, 2017, the New York Department of Financial Services’ Cybersecurity Regulations entered into effect.

The Regulations impose on financial institutions minimum cybersecurity standards that exceed existing federal standards and introduce new requirements, including obligations to critically evaluate cybersecurity practices, maintain detailed documentation demonstrating compliance and report cyber events to the New York Department of Financial Services.

Click here, to continue reading.

On September 13, 2016, the New York Department of Financial Services issued the first comprehensive state regulatory proposal to address cybersecurity.

Under the proposed regulations, certain banks, insurers and other financial services institutions authorized to operate in New York will be required to assess their cybersecurity risks and establish and maintain a cybersecurity program designed to address such risks.  This alert memorandum covers the key obligations set forth in the state proposal and contrasts them with the obligations required under the federal Gramm-Leach-Bliley Act.

Click here, to continue reading.