Regulatory Updates
Blockchain
Regulatory Exams and Oversight
The Securities and Exchange Commission has charged an entity with operating as an unregistered dealer in more than $2 billion of crypto assets offered and sold as securities, violating the registration requirements of the federal securities laws designed to protect investors.
All Fintech
Compliance Operations
The SEC's Division of Examinations announced its 2025 priorities, focusing on areas that pose heightened risk to investors and market integrity.
All Fintech
Social Media
Both FINRA and the SEC have expressed concerns about using social media influencers ("finfluencers") in the financial services industry, particularly regarding compliance with advertising rules, supervision, and investor protection.
Blockchain
Regulatory Exams and Oversight
The SEC has identified crypto exchange-traded products (ETPs) as an area of heightened focus for examinations. The agency is particularly concerned about the custody of crypto assets, market surveillance, pricing, and investor disclosures.
All Fintech
Cybersecurity
The United States Securities and Exchange Commission (SEC) has charged four companies, both current and former public entities, with making materially misleading disclosures regarding cybersecurity risks and intrusions, resulting in nearly $7 million in total penalties.
All Fintech
Cybersecurity
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the cybersecurity risks associated with that practice.
All Fintech
Compliance Operations
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) issued its long-anticipated Open Banking Rule (the Open Banking Rule) under Section 1033 of the Dodd-Frank Act, fundamentally reshaping the data-sharing landscape in financial services.
RIAs
AML
A new FinCEN rule now requires certain investment advisors (RIAs and ERAs) to follow anti-money laundering and counter-terrorist financing (AML/CFT) requirements.
Broker-Dealers
AML
The Securities and Exchange Commission (SEC) recently penalized a broker-dealer for failing to file Suspicious Activity Reports (SARs) as required under the Bank Secrecy Act.
All Fintech
Compliance Operations
FINRA recently fined two broker-dealers for failing to adequately supervise and monitor trading activities to detect and prevent potentially manipulative practices.
Blockchain
Compliance Operations
FINRA has issued an update detailing its ongoing efforts to monitor and regulate crypto asset-related activities among its member firms.
All Fintech
Social Media
The Federal Trade Commission (FTC) has issued a final rule prohibiting businesses from creating, purchasing, or disseminating fake reviews and testimonials.
Broker-Dealers
Compliance Operations
The Financial Industry Regulatory Authority (FINRA) recently took enforcement action against a broker-dealer for failing to adhere to the "Locate Requirement" under Rule 203(b)(1) of Regulation SHO.
Broker-Dealers
AML
The US Securities and Exchange Commission (SEC) has charged a trading platform operating in the over-the-counter (OTC) securities market for failing to comply with the Bank Secrecy Act (BSA) by not filing required Suspicious Activity Reports (SARs).
Blockchain
Regulatory Exams and Oversight
In 2024, we’ve witnessed a series of enforcement actions targeting cryptocurrency-focused fintech companies that provide legitimate services but fail to obtain proper licensing or registration.
RIAs
Regulatory Exams and Oversight
The US Securities and Exchange Commission (SEC) has initiated a sweep examination targeting registered investment advisors (RIAs) to assess their compliance with the new T+1 settlement cycle rules.
All Fintech
Regulatory Exams and Oversight
The Corporate Transparency Act (CTA), a significant new regulation under US anti-money laundering laws, is approaching a crucial compliance deadline.
Broker-Dealers
Compliance Operations
The US Securities and Exchange Commission (SEC) recently took enforcement action against a dually registered investment advisor and broker-dealer for failing to comply with Regulation Best Interest (Reg BI) requirements.
Neobanks
Compliance Operations
The Consumer Financial Protection Bureau ("CFPB") issued a Consent Order against a San Francisco-based fintech for allegedly withholding refunds beyond the 14-day window for closed accounts established in the Company's agreement with account holders.
Payment Fintechs
Compliance Operations
The FTC recently took action against a bill payment company and its co-founders, accusing them of deceptive “junk fee” practices that harmed consumers.
Broker-Dealers
Compliance Operations
FINRA has fined a broker-dealer firm alleging violations of rules regarding nontraditional exchange-traded products (NT-ETPs).
All Fintech
Compliance Operations
The firm failed to establish and maintain a supervisory system, including WSPs, reasonably designed to supervise the accuracy of order times on its order memoranda.
Broker-Dealers
Compliance Operations
FINRA has fined a broker-dealer for charging unfair prices on 62 corporate bond transactions and six municipal bond transactions due to failing to consider the appropriate pricing information to determine the prevailing market price.
RIAs
Social Media
FINRA announced that it fined a firm $850,000 for social media posts made by influencers on the firm’s behalf that were not fair or balanced or contained exaggerated, unwarranted, promissory, or misleading claims.
All Fintech
Cybersecurity
In response to President Biden’s Executive Order authorizing increased data privacy measures, Assistant Attorney General Matthew G. Olsen announced that the National Security Division of the Department of Justice is implementing a data security protection and enforcement program.
All Fintech
Compliance Operations
In a recent speech, the head of SEC’s Enforcement Division, Gurbir Grewal, warned companies to ensure that “representations regarding your use of AI are not materially false or misleading.”
Broker-Dealers
Compliance Operations
As part of a settlement with FINRA, a broker-dealer has agreed to pay a fine of $75,000 for failing to implement a reasonable supervisory system for business-related communications from January 2018 to June 2021.
Broker-Dealers
AML
FINRA has fined an online brokerage firm $700,000 for anti-money laundering (AML) failures from 2016 to 2022.
All Fintech
Cybersecurity
In mid-February, the FTC announced a proposed settlement to resolve allegations that security software company Avast unfairly sold consumers’ granular and re-identifiable browsing information. This was after Avast informed consumers that its software would protect their privacy and that any disclosure of their browsing information would only be in aggregate and anonymous form.
All Fintech
Compliance Operations
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.
Broker-Dealers
Compliance Operations
From January 2018 to present, a broker-dealer firm failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules governing outside business activities (OBAs). During this period, the firm failed to evaluate and document its evaluation of OBAs disclosed by its registered representatives as required by FINRA Rule 3270.
All Fintech
Registration and Licensing
In a February 6, 2024 release, the Securities and Exchange Commission (SEC) adopted two new rules - Rules 3a5-4 and 3a44-2 - that expand the definition of “dealer” and “government securities dealer” under the Securities Exchange Act of 1934 (Exchange Act), requiring registration by market participants that take on significant liquidity-providing roles.
All Fintech
Compliance Operations
Last year, the U.S. Securities and Exchange Commission (SEC) proposed ambitious rules relating to artificial intelligence (AI) that have drawn significant commentary and criticism. While it is unlikely that any changes in the law are imminent, other initiatives by the SEC indicate that it is not willing to wait for those changes before addressing AI-related problems and risks it perceives.
All Fintech
Cybersecurity
While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR.
RIAs
AML
Yesterday, the Financial Crimes Enforcement Network (FinCEN) published a proposal in the Federal Register to enact a federal standard for anti-money laundering (AML) and combating financing of terrorism (CFT) programs on U.S. Securities and Exchange Commission (SEC)-registered investment advisors (RIAs) as well as exempt reporting advisors (ERAs).
All Fintech
Cybersecurity
In a significant ruling on February 9, 2024, the California Court of Appeal reversed a trial court judgment that had stayed enforcement of California Consumer Privacy Act (CCPA) regulations. This decision will make certain CCPA regulations, which a court order had previously stayed, become immediately effective once again.
Broker-Dealers
Compliance Operations
The firm’s reviews of customer execution quality failed to meet the reasonable diligence standard of FINRA Rule 5310 and the “regular and rigorous” review requirements of FINRA Rule 5310.09 from January 2014 to 2023. The firm neither admitted nor denied FINRA’s findings in resolving the matter.
Broker-Dealers
Cybersecurity
The firm failed to establish and maintain a supervisory system reasonably designed to safeguard customer records and information in violation of Rule 30(a) of Regulation S-P.
Broker-Dealers
AML
The firm failed to establish and maintain a supervisory system. It failed to establish, maintain, and enforce written procedures reasonably designed to comply with the firm’s obligation to monitor transmittals of customer funds to third parties.
RIAs
Compliance Operations
The firm failed to establish and maintain a supervisory system, including written procedures, to comply with the firm’s obligation to review correspondence and internal communications.
