Looking Out for Main Street: SEC Focuses on Retail, Cybersecurity and Cryptocurrency

The Commissioners and senior officials of the Securities and Exchange Commission (“SEC” or “Commission”) addressed the public on February 23-24 at the annual “SEC Speaks” conference in Washington, D.C. Throughout the conference, many speakers referred to the new energy that SEC Chairman Jay Clayton had brought to the Commission since his confirmation in May 2017. The speakers also seemed relieved that the SEC was finally operating with a full set of commissioners since the recent additions of Robert J. Jackson, Jr. and Hester M. Peirce. Clayton’s address introduced the main refrain of the conference: that the SEC under his leadership is focused on the long-term interests of Main Street investors. Other oft-repeated themes included the challenges presented by cybersecurity and the fast-paced developments in cryptocurrency and blockchain. To address these shifts in focus, the Enforcement division plans to add more resources to the retail, cybersecurity and cryptocurrency spaces.

Following are the key litigation and enforcement takeaways.

Main Street Investors

Commissioner Kara Stein picked up on Clayton’s Main Street investors focus when she asked whether increasingly complex and esoteric investments, such as product strategies and structures that utilize derivatives, were appropriate for retail investors. She explained that it was not a question whether the financial industry could develop and sell these products, but whether it should. She said it was not clear that financial professionals fully understood the products they were selling, and that even if brokers and advisers made disclosures regarding the potential outcomes and risks to investors, complete disclosures might not even be possible due to the products’ complexity. Both SEC and FINRA Enforcement have brought actions related to the sales practices of inverse and leveraged ETFs, as well as the purchase and sale of complex products. Stein opined that gatekeepers needed to remember the real people behind every account number when they were advising clients on how to handle these types of products.

Steven Peikin, Co-Director of the Division of Enforcement, described the SEC’s Share Class Selection Disclosure Initiative as one way in which Enforcement was trying to help Main Street investors. The Initiative was created to address the problem of investment advisers putting their clients into higher fee share classes when no fee or lower fee classes were available. The SEC is incentivizing advisers to self-report this issue by promising not to impose any penalties, and only requiring them to disgorge their profits to investors. Peikin encouraged investment advisers to take advantage of this opportunity, indicating that if the Commission learned that an adviser had engaged in this conduct and did not self-report, it would be subject to significant penalties. The Chief of the SEC’s Broker-Dealer Task Force shared that AML programs and SAR-filing obligations are also a priority for the Enforcement division and OCIE exams. READ MORE

The SEC Wants to Know What’s Next for Blockchain: Are You Keeping Up?

On October 12, 2017, the United States Securities and Exchange Commission’s Investor Advisory Committee met to discuss Blockchain technology and its impact on the securities industry. While Blockchain is best known as the decentralized accounting system that make transactions in Bitcoin and other cryptocurrencies possible, the panel of industry professionals and academics emphasized its potential to transform “mainstream” financial recordkeeping in a way that makes executing and recording all financial transactions more secure and efficient.

SEC Chairman Jay Clayton, who oversaw the proceedings, explained that the Commission seeks to explore the ways in which Blockchain can promote robust and competitive markets, while ensuring that investors are protected and federal securities laws are applied to transactions in cryptocurrencies made possible by the technology.


SEC Chairman Testifies About SEC’s Direction and 2016 Cyberattack

On September 26, 2017, SEC Chairman Jay Clayton testified before the Senate’s Banking, Housing and Urban Affairs Committee regarding the direction of the SEC under his Chairmanship. He also took the opportunity to address the 2016 cyberattack on EDGAR, the agency’s electronic filing system.

As in his first public speech as SEC Chair, in July 2017, Chairman Clayton’s testimony reveals his focus on issues related to cybersecurity, capital formation, and enforcement actions addressing traditional forms of fraud and misconduct. His testimony further reveals his position that regulations should be retroactively evaluated and relaxed as necessary, in order to account for the direct and indirect costs of compliance.

Below are key highlights of Chairman Clayton’s testimony:


Chairman Clayton Sets New SEC Agenda

On Wednesday July 12, 2017, in his first public speech as Chairman of the SEC, SEC Chairman Jay Clayton laid out a set of eight priorities that will guide his SEC Chairmanship.[1] He said his priorities are consistent with and complimentary to the seven “core principles” set forth in President Donald Trump’s February 3, 2017 executive order regarding the regulation of the U.S. financial system.

The overarching themes in Chairman Clayton’s speech are that he is focused primarily on capital formation, modernizing the trading and markets system, and he favors a disclosure and market-based approach to federal securities regulation . Given the kind words for former Chair Mary Jo White and multiple references of areas of agreement, it is difficult to determine how much of a shift one can expect from the Commission under Chairman Clayton. Nevertheless, the following are a few key takeaways from the speech.


New Year, Similar Priorities: SEC Announces 2017 OCIE Areas of Focus

On January 12, 2017 the SEC announced its Office of Compliance Inspections and Examinations (OCIE) priorities for the year, including areas of focus for Retail Investors, Senior Investors and Retirement Investments, Market-wide risks, FINRA oversight, and cybersecurity.  These priorities reflect an extension of previous years’ commitments, in particular with regard to focus on the retirement industry and cybersecurity.  The “Regulation Systems Compliance and Integrity” (Regulation SCI) adopted by the SEC in November 2014 will also be a continued focus.

Once again, protection of retail investors is of primary concern for the OCIE. Among the detailed areas of focus are examining risks related to electronic investment advice, “wrap fee” programs where investors are charged a single fee for bundled advisory and brokerage services, and “Never-before examined” Investment advisers, an initiative that was started in 2014 to engage with newly-registered advisers that had never-before been examined.  Examination of Exchange-Traded funds (ETFs) and continuation of the ReTIRE initiative are two carryovers from 2016 priorities .  The OCIE previously identified ETFs, which are sometimes seen as alternatives to mutual funds, for examination related to compliance with the Securities Exchange Act of 1934 and the Investment Company Act of 1940. ReTIRE, launched in June 2015, places particular focus on those SEC-registered investment advisers and broker dealers who offer retirement-oriented investment services to retail investors, including examining whether there is a reasonable basis for the recommendations made.  This year, the SEC will expand ReTIRE to include “assessing controls surrounding cross-transactions, particularly with respect to fixed income securities.”


The SEC Audit Trail – Several Industry Groups See Problems as Currently Proposed

Last week, several securities industry groups filed critical responses to the SEC’s plan for an audit trail.  While most groups that commented on the SEC’s proposed regulation supported implementing the proposal, several had concerns regarding the cost for investors and firms, and the protection of private data.


Shareholder Derivative Suit Following Data Breach Misses Target

On July 7, 2016, Judge Paul A. Magnuson of the United States District Court for the District of Minnesota granted Defendants’ Motions to Dismiss a shareholder class action that had been initiated following a 2013 holiday season data breach involving customers of Target Corporation (“Target,” or “the Company”).  The data breach, which resulted in the release of information of approximately 70 million consumer credit and debit cards, made headlines as one of the biggest privacy hacks at the time.  Initially disclosed to the public in December 2013, with an estimated 40 million credit and debit cards affected, Target subsequently revealed a little less than a month later that additional consumer data, including customers’ names, mailing addresses, phone numbers and email addresses, were also stolen, and increased its initial estimate to 110 million.


The SEC Opens Up a New Front in the Cybersecurity Wars

For the last few years, the SEC has been issuing guidance as to appropriate cybersecurity policies and procedures for financial firms.  In a move that signal’s the regulator’s willingness to put muscle into its cybersecurity guidance, the SEC announced an agreement with St. Louis-based investment company, R.T. Jones Capital Equities Management (“R.T. Jones” or “the company”), to settle charges that the company failed to adequately safeguard the personal information (“PI”) of approximately 100,000 individuals.  Consistent with this trend, the SEC has announced that its Office of Compliance Inspections and Examinations (“OCIE”) would be conducting a second round of investigations[1] into the cybersecurity practices of brokerage and advisory firms (the “Cybersecurity Examination Initiative”).  These moves signal the SEC’s increasing scrutiny of investment firms’ information security practices and indicate the regulator’s willingness to enforce the guidance that it has issued.


International Hacking and Insider Trading Scheme Exposes Cybersecurity Vulnerabilities at Third-Party Vendors

On August 11, 2015, the SEC announced that it was bringing fraud charges against 32 defendants for their alleged participation in a five-year, international hacking and insider trading scheme.  According to the SEC, two Ukrainian men hacked into at least two major newswire services, stole non-public copies of embargoed corporate announcements containing quarterly and annual earnings data, and provided the announcements to 30 other defendants, who traded off the information.  In parallel actions, the U.S. Attorney’s Offices for the District of New Jersey and the Eastern District of New York also announced criminal charges against some defendants named in the SEC’s action.  The SEC’s enforcement action may be a harbinger of events to come.  As we have written, cybersecurity is emerging as the SEC’s newest area of focus for enforcement actions.


FBI Warns Against Fraudulent E-mail Scheme

Companies should take notice of a new fraud scheme that has been making the rounds, targeting businesses that regularly make wire transfers.  Known as the “Business E-mail Compromise,” or BEC, this scam targets employees responsible for wiring money, instructing them under false pretenses to wire large sums to fraudulent accounts.  The Federal Bureau of Investigation estimates that the scam has claimed over 2,000 victims and resulted in losses totaling nearly $215 million since October 2013.  In one version of the BEC fraud, the e-mail accounts of high-level business executives (CEO, CFO, CTO, etc.) are compromised by the creation of spoof e-mail addresses.  The imposters then use the compromised executive’s e-mail account to send a request for a wire transfer to a second employee within the company who is responsible for processing such requests.  This version of the scheme has been referred to as “CEO Fraud” or the “Business Executive Scam.”  In another variation of the scam, businesses which have a long-standing relationship with a particular supplier or vendor (i.e. a landlord) receive a spoofed e-mail purportedly from that vendor directing the business to wire funds for invoice payment to an alternate, fraudulent account.  This version of the scheme has been referred to as “The Bogus Invoice Scheme” or “The Supplier Swindle.”