SEC Warns Investors Regarding Digital Asset Initial Exchange Offerings
On January 14, 2020, the U.S. Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy published an investor alert (Alert) regarding initial exchange offerings (IEOs), a type of digital asset fundraising facilitated by online trading platforms.1 Although the Alert is directed at investors, it provides important information to blockchain companies and trading platforms. The Alert highlights the following:
- an explanation of an IEO
- IEOs that are securities offerings must comply with federal securities laws
- a platform offering an IEO may need to register as a broker-dealer, national securities exchange or operate pursuant to an exemption, such as an alternative trading system (ATS)
- IEOs offered to U.S. investors, even if offered from outside the United States, must comply with federal securities laws
Fund Managers Targeted in Sophisticated Cyberattacks
There has been a spike in 2019 of targeted cyberattacks against Asia-based fund managers, especially those in a startup phase of business. Regulators worldwide, including the Securities and Futures Commission of Hong Kong, have issued guidelines for reducing and mitigating hacking risks. This post summarizes the practical measures that may be adopted to protect your firm against cyberattacks and the keys to successful crisis management in the event that an unauthorized data breach occurs. (more…)
Recent Risk Alerts by SEC OCIE Highlight Privacy and Cybersecurity Issues in Examinations
The SEC’s Office of Compliance Inspections and Examinations (OCIE) released two Risk Alerts, on April 16, 2019 and May 23, 2019, highlighting the importance of privacy and cybersecurity compliance for SEC-registered investment advisors and broker-dealers under Regulation S-P. As previously covered on Data Matters, OCIE has consistently identified cybersecurity as one of its main areas of focus for examinations.
Indeed, cybersecurity was once again identified by OCIE in its 2019 National Exam Program Examination Priorities (2019 Exam Priorities), which placed a particular emphasis on proper configuration of network storage devices, information security governance, and policies and procedures related to retail trading information security. With the issuance of the April 16 and May 23 Risk Alerts, OCIE has provided additional detail regarding specific issues that SEC-registered entities should focus on to mitigate privacy and cybersecurity risk, as well as to prepare for examinations.
SEC FinHub’s Digital Asset Framework: A Guide for Issuers and Secondary Trading Markets
On April 3, the U.S. Securities and Exchange Commission (SEC)’s Strategic Hub for Innovation and Financial Technology (FinHub or Staff) released its much-anticipated guidance, the Framework for “Investment Contract” Analysis of Digital Assets (Framework), regarding its views on factors to consider in applying the Howey test to digital assets. In conjunction with the Framework, the SEC’s Division of Corporation Finance published its first no-action letter in connection with the sale of digital assets, providing relief to TurnKey Jet, Inc., for its proposed token sale.
FTC Announces Record-Setting $5.7M COPPA Penalty
On February 27, 2019, the Federal Trade Commission (“FTC”) announced a record-setting $5.7 million civil penalty against makers of the popular free video creation and sharing app, Musical.ly (now known as TikTok), for violations of U.S. children’s privacy rules. This is the largest civil penalty the FTC has issued concerning violations of the Children’s Online Privacy Protection Act (“COPPA”).
Blockchain Technology: SEC Commissioner Peirce Presents an Opportunity to Rethink Regulation
On February 8, 2019, U.S. Securities and Exchange (SEC) Commissioner Hester Peirce delivered a speech addressing the relationship between technological innovation and regulation, in particular addressing some of the pending regulatory challenges surrounding blockchain and digital assets.1 The key takeaways from Commissioner Peirce’s speech, titled “Regulation: A View From Inside the Machine,” 2 are these:
SEC Announces Examination Priorities for 2019
On December 20, 2018, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (the SEC) released its report (the 2019 Report) setting forth its list of examination priorities for 2019 (the Exam Priorities).1 OCIE announces its exam priorities annually to provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets.2 The Exam Priorities can serve as a roadmap to assist advisers in assessing their policies, procedures and compliance programs; testing for and remediating any suspected deficiencies related to the Exam Priorities; and preparing for OCIE exams. (more…)
The Security Token Story: SEC Reveals Act III — Registered Digital Assets — and Reminds Market Actors of Acts I (Investment Vehicles) & II (Secondary Trading)
On November 16, the U.S. Securities and Exchange Commission (SEC) announced its first enforcement actions against issuers of initial coin offerings solely for failing to register the offerings in violation of the federal securities laws since Munchee (i.e., without allegations of fraud). Unlike the Munchee order, these settlements impose penalties against the issuers and require certain undertakings, such as registering the digital assets as securities under the Exchange Act. The same day, the SEC’s Divisions of Corporation Finance, Investment Management and Trading and Markets released a joint statement reiterating the SEC’s lessons from recent enforcement actions related to digital assets. (more…)
SEC Cautions Public Companies to Address Cyber Threats as Part of Internal Accounting Controls
On October 16, 2018, the U.S. Securities and Exchange Commission (SEC) took the unusual step of issuing a Report of Investigation cautioning public companies that they should consider cyber threats and related human vulnerabilities when designing and implementing their internal accounting controls. The report is an outgrowth of an investigation conducted by the SEC’s Enforcement Division into whether certain public companies that were victims of cyber fraud complied with the federal securities laws requiring public companies to implement and maintain internal accounting controls. The controls provided by these provisions must be sufficient to provide reasonable assurances that transactions occur (e.g., purchasing equipment), and access to assets is permitted (e.g., checking accounts, warehouses), only in accordance with management’s authorization.