RSS Feed LinkedIn Twitter Facebook
FMG Law Blog Line

Archive for the ‘Financial Services and Securities Litigation’ Category

SEC Issues Risk Alert on the Cybersecurity Practices of Registered Broker-Dealers, Investment Advisers, and Investment Funds.

Posted on: August 11th, 2017

By: Jennifer Lee


The U.S. Securities and Exchange Commission (“SEC”) is becoming increasingly focused on cybersecurity issues in recent years as data breaches and ransomware attacks become more frequent and wide-spread across all industries. The most recent Risk Alert, issued on August 7, 2016 by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”), shows that cybersecurity continues to be a high priority for the SEC in 2017.

The Risk Alert was based on an examination of the cybersecurity policies and practices of 75 broker-dealers, investment advisers, and investment funds over a nine-month period, from September 2015 to June 2016. The examinations focused on firms’ written policies and procedures regarding cybersecurity, including whether such policies were actually implemented and followed.

The 6-page report found that although most firms had cybersecurity policies in place, such policies were often too general and vague, as they did not articulate specific procedures for implementing the policies or examples of how employees can apply the policies in their daily work. In addition, even when firms had specific cybersecurity protocols in place, their actual practices were much more lax and did not reflect their stated policies and procedures. For example, firms often had policies requiring all employees to complete cybersecurity awareness training. However, they did not have a mechanism in place to enforce such requirements. The Risk Alert also pointed out that some firms were using outdated operating systems that were no longer supported by security patches and not taking measures to address the results of any penetrating testing.

In light of the findings, the report listed specific measures firms can take to ensure that their cybersecurity practice are “robust,” including:

  • Creating and maintaining an inventory of data and information, including classification of the risks of the disclosure of each category of data or information and business consequences in the event of such disclosures;
  • Tracking access and requests for access to data and information;
  • Following a regular schedule of system scans and updates, including security patches;
  • Establishing and enforcing controls concerning firm network and equipment, including protocols with respect to personal devices on firm networks; and
  • Requiring mandatory employee training on cybersecurity issues.

Cybersecurity incidents are a growing and costly problem for the financial services industry, and they do not appear to be going away anytime soon. The SEC has picked up on this and has begun to dedicate more resources to cybersecurity enforcement. In fact, last year, the SEC brought charges against Morgan Stanley Smith Barney LLC (“MSSB”) following a data breach involving customer data for failure to adopt written policies and procedures reasonably designed to protect customer records and information. MSSB, a dually registered broker-dealer and investment adviser, settled the matter by agreeing to a censure and a $1 million fine. With the release of the August 7, 2017 Risk Alert, it seems more likely now, more than ever, that firms will be held accountable for cybersecurity incidents, including data breaches and ransomware attacks, if they fail to implement the recommended measures and protocols contained in the Risk Alert.

However, SEC enforcement actions are not the only thing that broker-dealers and investment advisers need to worry about. As the public becomes more aware of cybersecurity issues, data breaches and ransomware incidents will result in the filing of customer claims. This may prove to be problematic as a single incident can affect thousands of customers, so a broker-dealer or an investment adviser may find itself trying to fight off thousands of individual actions or face a handful of actions involving a large number of customers, similar to a class action or a mass tort case.

To reduce the risk of an SEC enforcement action or customer actions based on cybersecurity incidents, broker-dealers and investment advisers should ensure that they are in compliance with SEC regulations and guidelines regarding cybersecurity, including but not limited to Regulation S-P, Exchange Act Rule 13n-6, and Exchange Act Rule 15c3-5—both on paper and in practice. Firms should also proactively implement any recommendations contained in OCIE’s Risk Alerts to the extent that they have not already.

If you have any questions regarding your firm’s compliance with SEC cybersecurity regulations or cybersecurity litigation in general, please contact the writer, Jennifer Lee, at [email protected].

The DOL Fiduciary Rule is Delayed No More

Posted on: June 1st, 2017

By: Ze’eva Kushner

Broker-dealers and registered investment advisors take note. The Department of Labor’s much anticipated Fiduciary Rule requiring financial advisors to act in the best interests of their clients in retirement accounts became effective on June 9, 2017. As those following the Rule are aware, full implementation is not required to take place until January 1, 2018, but certain provisions of the Rule became effective on June 9, 2017.

The DOL Fiduciary Rule has been a work in process since the Obama Administration made its first rule proposal in 2010. The rule, entitled “Definition of the Term ‘Fiduciary’; Conflict of Interest Rule – Retirement Investment Advice,” expands the definition of who is a fiduciary under the Employment Retirement Income Security Act of 1974 (ERISA) and the Internal Revenue Code of 1986 as a result of giving investment advice to a retirement plan or its participants or beneficiaries.

The DOL Fiduciary Rule has had a tumultuous history, but the rulemaking process was completed before the election, and the first phase of the Fiduciary Rule was set to take effect on April 10, 2017. Many broker-dealers and investment advisors had invested substantial time, energy and financial resources into preparing to comply with the new rule.

But with a new administration comes new directives. President Trump issued an official memorandum on February 3, 2017 ordering the DOL to conduct an updated economic and legal analysis of the Fiduciary Rule. The DOL was re-tasked with undertaking a new analysis regarding whether the Fiduciary Rule would adversely affect the ability of investors to get access to retirement information and financial advice as financial services businesses and trade organizations have been warning since 2010.

Approximately a month later, on March 2, 2017, the DOL delayed the applicability of the Fiduciary Rule for 60 days and opened the floor for public comments, which were due by April 17, 2017. Before the April 17 deadline, however, the DOL again delayed the implementation date of the Rule, this time until June 9, 2017.

Two provisions of the Rule became applicable on June 9, 2017: (i) the expansion of the definition of who is a fiduciary; and (ii) the establishment of impartial conduct standards. In other words, advisors to retirement investors must give advice that is in the best interest of the retirement investor, charge no more than reasonable compensation, and make no misleading statements. The DOL is going to continue its economic analysis and has requested additional input. In the meantime, politicians in Washington D.C. are working on legislation that would kill the DOL’s Fiduciary Rule in its current state.

The DOL has stated that it will not enforce any part of the Fiduciary Rule until the January 1, 2018 full implementation date. It seems unlikely that Plaintiff’s lawyers will delay trying out their new theories of liability under the new Rule. The much-anticipated change in the landscape regarding servicing retirement accounts has arrived.

The Financial Services practice group attorneys are here to assist you. Please contact Ze’eva Kushner at [email protected] for more information.


The SEC’s Authority Does Not End at the Border

Posted on: April 18th, 2017

By: Ze’eva R. Kushner

Companies with significant operations in the United States but offering securities in other countries should beware. After almost seven years of uncertainty, it finally has been determined by one court that the Securities and Exchange Commission’s (SEC) power to bring enforcement actions extends beyond the border to companies that market securities abroad to foreign investors, even if they do not have any securities listed or sold in this country, if they have substantial operations here.

Back in the summer of 2010, the Supreme Court and Congress got into a tussle over the extraterritorial application of federal securities laws. Prior to that point, courts permitted private plaintiffs and the government to bring extraterritorial claims under the federal securities laws based on whether significant wrongful conduct related to the transaction at issue occurred in the U.S. or whether wrongful conduct had had a substantial effect in the U.S.  However, this “conduct or effects” test was rejected by the Supreme Court in its Morrison v. National Australia Bank, 561 U.S. 247 (2010), opinion issued on June 24, 2010.  Instead, the Supreme Court instituted a new “transactional” test. This test hinges on the purchase or sale of the security at issue taking place in the U.S. or the security being traded on an American stock exchange. Consequently, the risk to companies of being subjected to enforcement actions by the SEC relating to offering securities abroad was reduced considerably.

Less than one month after Morrison, the Dodd-Frank Act was signed into law. Section 929(b) includes language that seemed to restore the “conduct and effects” test for government securities actions. Thus, the question arose of whether the more limited transactional test or the broader conduct and effects test was applicable to actions brought by the SEC. Until last month, courts had avoided deciding the issue.

The case SEC v. Traffic Monsoon, LLC, No. 2:16-cv-00832-JNP, 2017 WL 1166333 (D. Utah Mar. 28, 2017), resolved the issue in favor of the SEC being able to extend its reach by employing the conduct and effects test. Traffic Monsoon, targeted by the SEC, was an internet advertising company that sold advertising packages to members, 90% of which resided outside of the U.S. The SEC alleged the company was engaged in an illegal Ponzi scheme in violation of certain federal securities laws. The Court held that the Dodd-Frank Act superseded Morrison, thus making the conduct and effects test apply to the SEC’s extraterritorial securities actions. More specifically, the SEC’s allegations against Traffic Monsoon’s activities passed the conduct and effects tests because the company operated in the U.S. while allegedly defrauding investors abroad. Nonetheless, out of an abundance of caution, the court also found that it passed the transaction test given that the purchases were made over the internet and liability had been incurred in the U.S. to deliver the products to the buyers.

For any questions, please contact Ze’eva Kushner at [email protected].

The S.E.C.’s Administrative Star Chamber Deemed Constitutional

Posted on: October 11th, 2016

judgeBy: John H. Goselin and Ze’eva Kushner Banks

If you are a broker-dealer, registered investment advisor or an individual associated with an entity regulated by the Securities and Exchange Commission (“S.E.C.”), the deck may be stacked against you. The Dodd-Frank Act provided the S.E.C. with expanded authority to utilize administrative proceedings presided over by administrative law judges selected by the S.E.C. to police the activities of entities and individuals regulated by the S.E.C.

In fiscal year 2015, administrative law judges issued 207 initial decisions and ordered civil penalties totaling $20,823,750 and disgorgement totaling $12,065,036 against industry individuals and entities. The administrative law judges are hired through the S.E.C.’s Office of Administrative Law Judges.  They issue decisions, which then get memorialized or altered by the Commission.  The S.E.C. sets the rules of procedure, the rules of discovery, and the scope of the proceedings in these administrative hearings.  And, of course, the S.E.C. picked the judges.

A number of individuals and companies in recent years have attempted to challenge the S.E.C.’s use of administrative law judges on a variety of grounds. Although due process and equal protection arguments generally have not been successful, there was some hope that relief from these administrative proceedings might be achieved through the argument that the S.E.C.’s appointment of its administrative law judges violates the Appointments Clause of Article II of the Constitution.  The Appointments Clause requires that the President has the ultimate authority to hire or fire government officials with executive authority.  Because the President neither appoints nor is able to directly fire these administrative judges, aggrieved parties have been arguing that the administrative law judges are executing unlawful executive powers.  The hope of undercutting these proceedings significantly dimmed with the recent decision by the U.S. Court of Appeals for the District of Columbia in Raymond James Lucia Cos. v. S.E.C. (No. 15-1345).

In Lucia, an appellate court, for the first time, considered the merits of the arguments regarding the constitutionality of the S.E.C.’s appointment of administrative law judges.  In one of these proceedings, a former investment advisor, Mr. Raymond Lucia, was barred for life from working in the securities industry and received an adverse judgment of $300,000 in monetary penalties and disgorgement.  Mr. Lucia followed the rules and exhausted his appellate options within the Commission before filing his case at the circuit court level.  The D.C. Circuit affirmed the Commission’s decision upholding the administrative law judge’s findings against Mr. Lucia, holding that because the S.E.C.’s administrative law judges do not have the power to issue final decisions, they fall below the threshold of authority required to be considered an officer for purposes of the Appointments Clause of the Constitution.  In short, the S.E.C. can legally appoint the judges.

When pursuing legal action against regulated individuals and/or entities, the S.E.C. has the choice to file civil charges for violations of the securities laws in either federal court or pursuant to its administrative proceedings. Regulated individuals and entities should be forewarned of the high likelihood that any such claims will end up in front of an administrative law judge hand-picked by the S.E.C.

Given that the odds of successfully challenging the constitutionality of these S.E.C. administrative courts has decreased drastically, it becomes even more important to have skilled counsel familiar with the process representing you if the S.E.C. knocks on your door.

Insider Trading Alert – It is Not Just a Wall Street Issue

Posted on: August 9th, 2016

one couple man and woman whispering at ear in studio silhouette isolated on white backgroundBy:  John Goselin and Ze’eva Kushner Banks

Be forewarned!  The Securities and Exchange Commission continues to hunt down individuals for improper insider trading.  Last week, the S.E.C. announced charges against Doctor Edward Kosinski for violations of the antifraud provisions of the federal securities laws by buying and selling shares of Regado Biosciences, Inc. (“Regado”) based on inside information.  And the regulator is not simply seeking disgorgement of ill-gotten gains.  The S.E.C. wants Doctor Kosinski to go to jail!!

Regado was a biotech company working on developing a drug called REG-1 to help regulate clotting in patients undergoing heart surgery.  Doctor Kosinski, a cardiologist, was also the president of Connecticut Clinical Research, LLC, and through this venture, Doctor Kosinski served as principal investigator of the drug trial of REG-1.  Doctor Kosinski had various contractual duties to keep any information he learned in connection with participating in the drug trial strictly confidential.  Doctor Kosinski, however, couldn’t resist the temptation to make multiple purchases of shares of Regado stock. Moreover, Doctor Kosinski failed to disclose his ownership in the company as required.  The value of Doctor Kosinski’s investment in Regado increased from approximately $34,090 in October 2013 to $250,800 by the end of May 2014.

June 29, 2014 was the beginning of the end for Doctor Kosinski.  Doctor Kosinski received important, undisclosed confidential information about Regado’s decision to put the REG-1 drug trial on hold due to serious allergic reactions suffered by some participants.  The very next day, Doctor Kosinski sold all of his shares in Regado for a profit.  When Regado ultimately made that same information public, the share price of Regado stock fell by 58%.  Consequently, Kosinski avoided a loss of approximately $160,000 by using his undisclosed, inside information to sell prior to the public announcement.

Nonetheless, Doctor Kosinski was not finished.  When he received additional undisclosed, confidential information a month later about the death of a participant in the drug trial, he bet that the price of Regado shares would drop further.  Just as before, after the company publicly released the information, its share price dropped drastically.  Doctor Kosinski’s bet against the stock price made him a profit of around $3,291.

The Securities and Exchange Commission has charged Doctor Kosinski with violating provisions of both the Securities Act of 1933 and the Securities Exchange Act of 1934.  Doctor Kosinski violated these antifraud provisions by trading in Regado’s stock based on confidential information that had not been made public.  The Securities and Exchange Commission is demanding that Doctor Kosinski return all the profits he made and/or the losses he avoided in addition to pay a penalty.  Doctor Kosinski could also find himself in jail.  Of course, Doctor Kosinski is also likely spending any profits he made to pay for his legal costs.

It is important to remember that professionals whether they are doctors, lawyers, accountants or just managers in a corporation can find themselves in possession of undisclosed confidential information about a publicly traded company.  You can receive this information through your business relationships, your personal friendships or even just chatting with the neighbors about how their summer may be going.  If you happen to learn important information, you need to be very cautious about buying or selling stock based in this confidential information.  In fact, you should not even consider buying or selling stock under these circumstances.  If you have any doubts, but feel compelled to make a purchase or a sale, you should really seek a second opinion.