The summer is for trips to the beach, hikes in the mountains and maybe even strolls through a vineyard.
Not so fast. The regulatory and enforcement agencies don't seem to be taking any summer vacation this year, as indicated by a series of important developments that have been in the news.
This week's Cabinet News and Views takes a look at a number of those news items from U.S. and UK agencies, with some perspectives from our authors. We think their write-ups comprise the mandatory "Summer Reading List" assignment.
Associate | White Collar Defense and Investigations
Two recent OFAC enforcement actions highlight real-world challenges that financial institutions and other companies may face in their efforts to implement an effective sanctions compliance program.
First, OFAC announced on July 15 that a U.S. credit card services provider had agreed to pay $430,500 to settle apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations. The settlement arose from 214 transactions totaling $155,189 that allegedly involved an individual who had been issued a supplemental credit card and was later named on OFAC’s Specially Designated Nationals and Blocked Persons List (the “SDN List”). According to OFAC, the apparent violations were the result of a series of human errors and compliance program flaws, including: (i) erroneous closure of a “high confidence” alert in May 2018, which permitted the sanctioned individual to continue using the supplemental card on the account; (ii) improper removal of an account suspension by a customer service representative, one day after it was implemented on June 27, 2018; and (iii) a subsequent error by the firm’s anti-money laundering team, which caught the customer service representative’s mistake but then applied an incorrect suspension code to the account. As a result of using the incorrect code, seven additional transactions were processed in apparent violation of sanctions before the account was finally closed on July 6, 2018.
Second, OFAC issued a finding of violation in connection with 34 transactions totaling $604,000 processed by a U.S. bank on behalf of two individuals sanctioned under the Weapons of Mass Destruction Proliferators Sanctions Regulations. In its Enforcement Release, OFAC explained that the transactions were allowed to take place because the bank mistakenly understood that its third-party sanctions screening service provider was screening all of the bank’s existing customer base against changes to the SDN List on a daily basis. In fact, screening was conducted for most customers monthly; only new customers, as well as existing customers with certain account changes, were screened daily. Accordingly, the bank did not learn of the two individuals’ sanctions designation status until 14 days after their addition to the SDN List on September 21, 2020.
These enforcement actions underscore that effective compliance requires a long-term commitment to excellence − for example, through proper employee training and oversight. In addition, compliance procedures and systems – including those that are outsourced to third parties – should receive close, careful attention to ensure that any gaps are identified and addressed.
The Commodity Futures Trading Commission (“CFTC”) has two levels of jurisdiction under the Commodity Exchange Act (“CEA”).
First, there is an exclusive (or regulatory) jurisdiction over “derivatives” on “commodities,” where the CFTC can regulate how, where, by whom and when derivatives trade. Derivatives traditionally include swaps, options and futures on commodities.
In addition, CFTC also has the non-exclusive jurisdiction to prosecute fraud and manipulation relating to a contract of sale of any “commodity” in interstate commerce. This is also referred to as enforcement jurisdiction, which may be concurrent with enforcement or regulatory jurisdiction of other regulators, such as the Securities and Exchange Commission (“SEC”). The CFTC rarely exercises this jurisdiction because it is so immensely broad and is only limited by the subject matter – the fraud and manipulation needs to occur with respect to a “commodity.” Most fungible things that are traded in interstate commerce are recognized as “commodities,” even if they are not specifically defined as such in the CEA § 1a(9). Virtual currencies, such as Bitcoin, ether, verge, dogecoin, and reddcoin, have been recognized as “commodities” by the CFTC and several courts.
On July 14, the U.S. District Court for the Southern District of New York entered a consent order in CFTC v. McAffee and Watson for violations of the CEA and CFTC regulations. McAffee and Watson on several occasions through mass media aggressively “pumped up” the market in specific cryptocurrencies, issuing recommendations to buy without disclosing that they had built up their own inventory of the cryptocurrencies before the commencement of the advertisement campaign. Then, when the price had significantly increased, they “dumped” the crypto, realizing a significant profit.
Even though no derivatives were involved, the CFTC alleged that this scheme constituted a fraud on the market and manipulation of commodity prices in violation of § 6(c)(1), § 6(c)(3) and § 9(a)(2) of the CEA, and § 180.1 and § 180.2 of the CFTC Regulations.
This case is significant as one of very few cases where the CFTC was successfully able to assert its enforcement jurisdiction over commodity transactions, as opposed to its traditional jurisdiction over commodity derivatives. Considering several Congressional proposals (here and here) to expand CFTC’s exclusive (regulatory) jurisdiction over cash commodity markets in cryptocurrencies, this case demonstrates that the CFTC is ready and able to take on this additional role. To that end, the Chairman of the CFTC has announced on July 26 the formation of the CFTC Office of Technology Innovation to spearhead its FinTech and digital assets regulatory focus.
Associate | White Collar Defense and Investigations
On July 21, the U.S. Securities and Exchange Commission (“SEC”) and the U.S. Attorney’s Office for the Southern District of New York announced parallel civil and criminal actions (here and here) against a former product manager at Coinbase Global, Inc. (“Coinbase”), the largest cryptocurrency exchange in the United States, as well as his brother and his friend, for an alleged scheme to trade ahead of announcements that certain crypto assets would be “listed” on the exchange. The U.S. Attorney’s Office charged the defendants with a criminal wire fraud conspiracy and wire fraud, while the SEC alleged the insider trading scheme constituted securities fraud in violation of the Securities Exchange Act and Rule 10b-5.
Notably, the civil case filed by the SEC is its first enforcement action for insider trading of a “crypto asset security.” (As used in the SEC’s complaint, “crypto asset security” refers to “an asset that is issued and/or transferred using distributed ledger or blockchain technology – including, but not limited to, so-called ‘digital assets,’ ‘virtual currencies,’ ‘coins,’ and ‘tokens’ – and that meets the definition of ‘security’ under the federal securities laws.”) The SEC specifically alleged that the defendants traded in at least 25 crypto assets ahead of more than ten listing announcements, and that nine of the 25 crypto assets were securities.
The criminal case, for its part, closely resembles the “first ever” digital asset insider trading case recently announced by the U.S. Attorney’s Office on June 1, 2022. There, the U.S. Attorney’s Office charged a former product manager at OpenSea, the largest online marketplace for the purchase and sale of non-fungible tokens (“NFTs”), with wire fraud and money laundering in connection with an alleged scheme to personally trade NFTs ahead of announcements that they would be featured on OpenSea’s homepage. These cases do not require that the digital assets meet the definition of “security” under federal securities laws.
In an opinion written by U.S. District of Delaware circuit judge Stephanos Bibas that begins, “A good template serves as a guide, not gospel,” Del-One Federal Credit Union was denied the safe harbor typically proffered by use of model forms in a potential class action regarding its overdraft fees.
The model language in question (found in Appendix A-9 of Reg. E) states, “An overdraft occurs when you do not have sufficient money in your account to cover a transaction, but we pay it anyway.” However, the credit union had an atypical overdraft fee policy that caused customers to incur a fee even when they always had sufficient funds in their account for present transactions, but did not have sufficient funds in their account to also cover scheduled future transactions, like a utility bill. The fee was charged to customers whether or not they deposited funds in time to sufficiently cover those future bills, and even though the credit union never had to “shell out anything” on the customer’s behalf. Thus, the fee was charged in contradiction of the model language that said that the fee would only be charged when the credit union paid the transaction, despite insufficient funds in the account.
This case is an excellent reminder to all financial institutions utilizing model language to make sure that their policies are consistent with the model language, and to not just assume the language will provide a safe harbor from liability and class actions.
On July 25, the Federal Deposit Insurance Corporation (“FDIC”) announced amendments to its Enforcement Actions Manual. The amendments to chapters 1 and 4 update and clarify the FDIC’s approach to terminating cease-and-desist orders and consent orders issued under section 8(b) of the Federal Deposit Insurance Act (“FDI Act”).
The FDIC reiterated that “Section 8(b) of the FDI Act authorizes the FDIC to issue a cease-and-desist order, which is titled a ‘consent order’ if the action is not contested, when the facts reasonably support the conclusion that an insured depository institution has engaged, or is about to engage, in
An unsafe or unsound practice in conducting the business of the institution, or
A violation of a law and/or regulation, written agreement with the FDIC, or written condition imposed by the FDIC in connection with the granting of any application or other request.”
The FDIC went on to clarify that “[s]ection 8(b) orders may be terminated under any of the following conditions:
The institution is in full compliance with all the provisions of the order and has fully corrected the violations of laws and regulations, unsafe and unsound practices, or conditions that led to the issuance of the order.
Any provisions deemed ‘not in compliance’ have become outdated or irrelevant to the institution’s current circumstances, including situations in which the institution is closed.
Deterioration or any provisions deemed ‘not in compliance’ leads to issuance of a new or revised formal action.”
The amendments don’t appear to make substantive changes, but it does seem to clarify that, in most cases, the FDIC will not be terminating a section 8(b) enforcement order unless the institution has met all of its obligations under the order and rectified the problem that underlies the order.
On July 21, the UK Treasury and the City of London Corporation (“CLC”) published a report on their first annual review of the UK financial services sector (the “Report”). The Report sets out findings from a review of the attractiveness and international competitiveness of the UK financial services sector. It was prepared in response to the recommendation made in the 2021 UK Listing Review where it was suggested that the Government present an annual report covering this topic.
The Report is split into chapters that focus on themes − for example, “Chapter 1: an open and global financial hub” compares the UK’s to other major economies using various key performance indicators and metrics to illustrate the themes and historic trends.
A key finding of the Report is that the UK is “already a tremendously successful financial services hub” and that there is broad industrywide consensus as to the future direction of travel required in order to maintain the UK’s position as a world-leading financial services centre.
The Report identifies opportunities where the government and industry can do more to best ensure the future success of UK financial services, including the passage of the Financial Services and Markets Bill, which was introduced to parliament last week (see our article covering this here). This proposed bill will, according to the Report, “cut red tape to make the UK an even more attractive place to invest and do business.” Annex 2 to the report sets out steps the government is currently taking, and the progress they have made, in delivering their policy objectives for the financial services sector.
In a lengthy, numbers-heavy blog post, the Consumer Financial Protection Bureau (“CFPB”) showed off its math skills by analyzing fees that banks collect from their retail deposit customers, with a particular focus on overdraft fee trends. After discussing overdraft fee declines and observing that upticks in other deposit-related fees do not make up for those declines, the post concluded with the quiet observation that “these figures give suggestive evidence that changes in overdraft program settings and [other] policies are making meaningful difference in the amount consumers incur in various fees while using [deposit accounts].”
Based upon a total of five separate communications from the CFPB in as many months, including charts comparing fees, retail banks are well-advised to continue being conscientious about deposit-related fees, because the CFPB is most definitely watching and crunching those numbers.