FinTech

Subscribe to FinTech

On September 15, 2020, the Securities and Exchange Commission issued a cease‑and‑desist order against Unikrn, Inc. concerning its 2017 initial coin offering  of UnikoinGold .  The SEC found that the Unikrn ICO violated the prohibition in Section 5 of the Securities Act of 1933 against the unregistered public offer or sale of securities.  The SEC imposed several remedies, including requiring Unikrn to permanently disable the UnikoinGold token and a civil money penalty of $6.1 million.
Continue Reading SEC Issues Enforcement Action Against Unikrn, Inc. for its ICO, Prompting Rare Public Dissent from Commissioner Hester Peirce

In a landmark enforcement action related to a bank data breach, the Office of the Comptroller of the Currency (“OCC”) assessed an $80 million civil monetary penalty and entered into a cease and desist order with the bank subsidiaries of Capital One on August 6, 2020.  The actions follow a 2019 cyber-attack against Capital One.  The Federal Reserve Board also entered into a cease and desist order with the banks’ parent holding company.  The OCC actions represent the first imposition of a significant penalty against a bank in connection with a data breach or an alleged failure to comply with the OCC’s guidelines relating to information security.
Continue Reading OCC Imposes $80 Million Penalty in Connection with Bank Data Breach

On June 25, 2020, a federal district court in the Eastern District of Virginia held that a bank must produce in discovery a report generated by its cybersecurity forensic investigator following a 2019 data breach involving unauthorized access to personal information of customers and individuals who had applied for accounts.[1]  Even though the report was produced at the direction of outside counsel, the court rejected arguments that the forensic report is protected from disclosure by the work product doctrine.  Instead, the court determined that the report was not produced primarily in anticipation of litigation based on several factors, including the similarity of the report to past business-related work product by the investigator and the bank’s subsequent use and dissemination of the report.  This decision raises questions about the scope of work product protection for forensic expert and other similar reports in the context of an internal investigation.
Continue Reading Federal Court Compels Production of Data Breach Forensic Investigation Report

The emergence of online, non-traditional financial service platforms creates additional avenues for terrorist groups to receive and transfer funds outside of the traditional banking system.  One consequence of this trend is the potential for increased litigation against these providers under U.S. statutes that create civil liability for provision of material support to terrorists: the Anti-Terrorism Act (the “ATA”), 18 U.S.C. § 2333(a), and the Justice Against Sponsors of Terrorism Act (“JASTA”), 18 U.S.C. § 2333(d)(2).

Civil claims for damages under the ATA and JASTA have historically been brought against large banks for providing financial services to entities with alleged terrorist links.  Typically in such cases, victims of a terrorist attack and/or their family members allege that the bank supported the attack by processing U.S. dollar denominated transactions to an entity with links to terrorism (often through a chain of intermediaries).  In recent years, the range of entities against which ATA and JASTA claims have been brought has increasingly expanded to include companies outside of the banking sector, such as pharmaceutical companies, government contractors, and social media platforms.  As terrorist groups increase their use of non-traditional financial service platforms, cryptocurrency exchanges, decentralized fintech platforms, and other similar businesses may begin to face ATA and JASTA claims.
Continue Reading Online Financial Service Companies:  The Anti-Terrorism Act’s Next Frontier

On October 11, 2019, the leaders of the Commodity Futures Trading Commission, Financial Crimes Enforcement Network, and Securities and Exchange Commission issued a joint statement to remind businesses that engage in digital asset activities of their anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) obligations under the Bank Secrecy Act (“BSA”).

As market

On December 20, 2018, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its 2019 Examination Priorities.  The six themes for this year’s priorities are:  retail investors (including seniors and those saving for retirement), compliance and risk in registrants responsible for critical market infrastructure (clearing agencies, transfer agents, national securities exchanges and Regulation SCI entities), oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board, digital assets, cybersecurity and anti-money laundering.  The only new theme for 2019 compared to 2018 is digital assets, which we take to imply a plan to more closely—and substantively—regulate investment advisers and broker-dealers involved with this asset class.  The 2019 priorities also more explicitly than the 2018 priorities describe specific practices that OCIE found concerning in examinations of those entities, many of which involved failure to adequately safeguard client assets and the adequacy of disclosures of conflicts of interest.  We expect to see a corresponding focus in Enforcement Division investigations and cases on these issues as a result.
Continue Reading Lessons from the SEC Office of Compliance Inspections and Examinations’ 2019 Priorities

On November 28, 2018, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) identified for the first time digital currency addresses associated with sanctioned persons.  The newly sanctioned individuals, Iran-based Ali Khorashadizadeh and Mohammad Ghorbaniyan, were accused of converting digital currency payments into Iranian rial as part of a widespread ransomware scheme.  Since 2015, the ransomware scheme (known as “SamSam”) has infected the data networks of corporations, hospitals, universities, and government agencies.  According to OFAC’s announcement, the identified bitcoin addresses were used with over 40 digital currency exchangers to process more than 7,000 illicit transactions in bitcoins worth millions of U.S. dollars.
Continue Reading OFAC Lists Digital Currency Addresses for First Time, Releases New Guidance

On November 16, 2018, the U.S. Securities and Exchange Commission (“SEC”) Division of Corporation Finance (“Corp. Fin.”), Division of Investment Management, and Division of Trading and Markets issued a joint public statement on “Digital Asset Securities Issuance and Trading.”  The public statement is the latest in the Divisions’—and the Commission’s—steady efforts to publicly outline and develop its analysis on the application of the federal securities laws to initial coin offerings (“ICOs”) and certain digital tokens.  These efforts have combined a series of enforcement proceedings with public statements by Chairman Jay Clayton and staff, including a more detailed statement of the SEC’s analytical approach in Corp. Fin. Director William Hinman’s speech on digital assets in June 2018.
Continue Reading SEC Divisions’ Issue Public Statement on Digital Assets and ICOs, Echoing Recent Enforcement Actions

On November 8, the Securities and Exchange Commission (“SEC”) imposed a cease-and-desist order against Zachary Coburn for causing his former company, EtherDelta, to operate as an unregistered securities exchange in violation of Section 5 of the Securities Exchange Act of 1934 (“Exchange Act”).  Notably, EtherDelta, a trading platform specializing in digital assets known as Ether and ERC20 tokens,[1] was not operated like a traditional exchange with centralized operations, as there was no ongoing, active management of the platform’s order taking and execution functions. Instead, EtherDelta was “decentralized,” in that it connected buyers and sellers through a pre-established smart contract protocol upon which all operational decisions were carried out.

In the SEC’s view, EtherDelta met Exchange Act Rule 3b-16(a)’s definition of an exchange notwithstanding the lack of ongoing centralized management of order taking and execution.  Robert Cohen, the Chief of the SEC’s Cyber Unit within the Division of Enforcement stated after the order’s release, “The focus is not on the label you put on something . . . The focus is on the function . . . whether it’s decentralized or not, whether it’s on a smart contract or not, what matters is it’s an exchange.” This functional approach echoes prior SEC guidance and enforcement actions in the digital asset securities markets in emphasizing that the Commission will look to the substance and not the form of a market participants’ operations in evaluating their effective compliance with U.S. securities laws.
Continue Reading SEC Brings First Enforcement Action Against a Digital Assets Trading Platform for Failure to Register as a Securities Exchange

On November 2, the SEC’s Enforcement Division released its annual report detailing the facts and figures of its enforcement efforts in fiscal year 2018.  At first blush, this year’s report looks strikingly similar to those from recent years, as the headline numbers in most categories are nearly indistinguishable from 2015, 2016, and 2017.  This consistency may be surprising given that 2018 is the first such report reflecting exclusively the enforcement priorities of the Commission since it was reconstituted under Chair Jay Clayton.

But a closer examination of the report, including the components feeding into the top-line facts and figures and commentary by Division co-directors Stephanie Avakian and Steven Peikin, reveals a clear shift in priorities by the Division.  These range from a philosophical shift in its mission to the reallocation of resources during a hiring freeze.  We address here the most notable of these subtle but important changes. 
Continue Reading Retail, Remedies, Resources and Results: Observations From the SEC Enforcement Division 2018 Annual Report