Regulatory Developments
On August 8, FINRA published Regulatory Notice 16-29, requesting comment on proposed amendments to the gifts, gratuities and non-cash compensation rules that would, among other things: (1) consolidate the rules under a single rule series in the FINRA rulebook (amended Rule 3220 and new Rules 3221-3223); (2) increase the gift limit from $100 to $175 per person per year and include a de minimis threshold below which firms would not have to keep records of gifts given or received; and (3) amend the non-cash compensation rules to cover all securities products, rather than only direct participation programs (DPPs), variable insurance contracts, investment company securities and public offerings of securities. FINRA is also proposing to incorporate into the amended rules a principles-based standard for business entertainment that would require firms to adopt written policies and supervisory procedures for business entertainment. Comments on the proposals are due September 23.
On August 15, the SEC announced that FINRA had filed a proposed amendment to FINRA Rule 2232 (Customer Confirmations) to require member firms to disclose additional pricing information on retail customer confirmations relating to transactions in fixed income securities. Specifically, the confirmation will be required to include the member’s mark-up or mark-down for the transaction if both of the following apply: (1) the member is effecting a transaction in a principal capacity in a corporate or agency debt security with a non-institutional customer and (2) the member purchased or sold the security in one or more transactions in an aggregate trading size meeting or exceeding the size of the sale to or purchase from the non-institutional customer on the same trading day as the transaction with the non-institutional customer. If the opposite-side transaction occurs with an affiliate of the member and is not an arms-length transaction, the member is required to look through to the time and terms of the affiliate’s transaction with a third party in the security in determining whether the conditions of the new requirement have been met. The proposed amendment also provides two exceptions to the disclosure requirement. The text of the proposed amendments can be found at the end of the FINRA filing. Comments are due 21 days after publication in the Federal Register.
FCC Limits Robocalls on Student Loans, Mortgage and Other Debts Owed to the Federal Government
On August 11, the Federal Communications Commission (FCC) issued final rules limiting how companies can seek to collect on student loans, mortgages and other debts owed to the federal government. The final rules implement Section 301 of the Bipartisan Budget Act of 2015 (the Budget Act), which amended the Telephone Consumer Protection Act of 1991 (TCPA) by excepting from the TCPA’s consent requirement robocalls “made solely to collect a debt owed to or guaranteed by the United States” and authorized the FCC to adopt rules to “restrict or limit the number and duration” of any wireless calls “to collect a debt owed to or guaranteed by the United States.” In issuing the final rules, the FCC sought “to balance the importance of collecting debt owed to the United States and the consumer protections inherent in the TCPA.” The final rules provide that: robocalls may only be made to the borrower and not to any other contacts with certain narrow exceptions; robocalls may only be placed between the hours of 8 a.m. and 9 p.m.; and callers may make only one call or send one text message to a reassigned wireless number before triggering potential penalties.
Recalling Mt. Gox, Bitfinex Exchange Is Latest Target of Bitcoin Hackers
On August 2, Hong Kong-based bitcoin exchange Bitfinex was the latest target of hackers who stole 119,756 bitcoins, for a total loss of approximately $72 million at that time. Some are estimating it to be as high as $80 million. The Bitfinex hack was notable both because Bitfinex is one of the “biggest Bitcoin exchanges in the world” and because it sent bitcoin prices tumbling more than 20%. The exchange notified its customers of the hack in a press release on August 2, stating that it was suspending all trading, and halting “all digital token deposits to and withdrawals from Bitfinex” until further notice. Additional phishing attempts of Bitfinex users continued through August 5, 2016, where users received emails from fake Bitfinex accounts that contained a virus in the email attachment. Intriguingly, and as we discussed in an earlier post, Bitfinex was recently fined $75,000 by the U.S. Commodity Futures Trading Commission (CFTC) for operating an illegal exchange and permitting “users to borrow funds from other users on the platform in order to trade bitcoins on a leveraged, margined, or financed basis.” Bitfinex’s failure to appropriately segregate funds ended up creating some of the current confusion that may have required Bitfinex to “bail in” all its customers to share in the losses. By not creating appropriate safeguards for users borrowing bitcoin from other users, Bitfinex may not have known itself who lost what in the hack. For more information, see our Digital Currency & Blockchain Perspectives blog post.
Enforcement & Litigation
The U.S. Securities and Exchange Commission (SEC) announced its second significant enforcement action against an employer based on confidentiality and release provisions that the SEC asserts will discourage employees from participating in the SEC’s whistleblower program. This enforcement action follows last year’s similar action against KBR, Inc. and expands the scope of prohibitions to certain waivers of remedies in employment separation agreements. Companies that have not evaluated the language in their agreements with current and former employees in light of these actions should consider doing so now. Those that have evaluated such agreements should consider whether the SEC’s recent enforcement action warrants making further changes. For more information, read the client alert from Goodwin’s Public Companies practice.
MetLife Files Brief Defending Court Victory on SIFI Designation
On August 15, MetLife Inc. filed its brief defending the U.S. District Court for the District of Columbia's decision to rescind the FSOC’s designation of MetLife as a nonbank SIFI. The decision was reported in the March 30 edition of the Roundup. The FSOC appealed, as discussed in the April 13 edition of the Roundup, and filed its appellate brief on June 16. In its brief, which is in response to the FSOC’s brief, MetLife argues that its SIFI designation contravened the FSOC's final rule, interpretive guidance, and the Dodd-Frank Act by failing to consider MetLife's vulnerability to material financial distress and that the district court correctly concluded that the FSOC improperly failed to consider the effects of the SIFI designation on MetLife. Amicus briefs supporting MetLife's argument are due on August 22, while the FSOC must submit its final brief by September 9.
Goodwin News
Connecticut Supreme Court Upholds New Fee on Lending Industry
HousingWire features Goodwin Financial Industry partner Joe Yenouskas and Consumer Financial Services attorney George Schneider in “Connecticut Supreme Court Upholds New Fee on Lending Industry.” Read the article here.
Client Alert: EU-US Privacy Shield Framework Formally Adopted
On July 12, the European Commission formally adopted the Privacy Shield, a new transatlantic framework for the transfer of personal data from the European Union (EU) and certain countries of the European Economic Area to the United States (US). The Privacy Shield replaces the Safe Harbor framework that was invalidated by the European Court of Justice in October 2015. The US Department of Commerce began accepting self-certifications to the Privacy Shield on August 1, 2016. US companies should consider whether joining the Privacy Shield makes sense for their business, depending on factors such as the company’s size, group privacy structure, industry, volume and type of data transferred from the EU to the US, and current data handling practices. If they decide to join and go through the certification process, businesses should first review and update their compliance programs and policies to meet the Privacy Shield’s requirements. For more information, read the client alert from Goodwin’s Privacy & Cybersecurity practice.