Weekly RoundUp
October 26, 2016

Financial Services Weekly News

Another Cybersecurity Proposal. On the heels of the New York State Department of Financial Services (NYDFS) issuing its proposed regulation that would require banks and insurance companies to institute comprehensive cybersecurity programs (as covered by the September 21 edition of the Roundup), the federal banking agencies issued their own advance notice of proposed rulemaking last week. Details are discussed below. While both proposals focus on enhanced cybersecurity programs, the federal proposal ups the ante for covered institutions (generally depository institutions and depository institution holding companies with total consolidated assets of $50 billion or more, the U.S. operations of foreign banking organizations with total U.S. assets of $50 billion or more, nonbank financial companies supervised by the Federal Reserve Board and certain third-party service providers) by requiring, among other things, that they have protections in place to get back online within two hours following a cyberattack and evaluate how their protections would prevent a cybersecurity breach from spreading to other firms in the financial system. The level of oversight of third-party service providers could be challenging. The proposal also would require that boards of directors play a more active role in overseeing cybersecurity risks and could set a new standard for liability for cyberattacks. The comments to the proposal, which are due on January 17, 2017, could be particularly interesting.

Regulatory Developments

Federal Banking Regulators Request Comment on Proposed Enhanced Cyber Risk Management Standards

On October 19, the Board of Governors of the Federal Reserve System (Board), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) (collectively, the agencies) issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards for large and interconnected entities. The proposal would apply to depository institutions and depository institution holding companies with total consolidated assets of $50 billion or more, the U.S. operations of foreign banking organizations with total U.S. assets of $50 billion or more, financial market infrastructure companies and nonbank financial companies supervised by the Board and certain third-party service providers. The proposal addresses five categories of cyber standards: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. Comments are due on January 17, 2017.

Client Alert: FINRA Announces Effective Date of New Capital Acquisition Broker Rules

FINRA has announced the adoption of the new Capital Acquisition Broker (CAB) rules. CABs, which will be able to act as brokers for merger and acquisition transactions and agents in private placements to institutional investors, will be registered with the SEC and subject to a reduced set of FINRA rules and compliance obligations. The CAB rules become effective on April 14, 2017. FINRA will accept applications for membership beginning January 3, 2017. This client alert answers questions about who should register as a CAB, what the reduced compliance obligations and limitations are on CABs and how to register or convert from a full FINRA member to a CAB member. For more information, view the client alert issued by Goodwin’s Financial Industry Practice.

CFPB Releases First-Ever Project Catalyst Innovation Highlights Report

On October 24, the Consumer Financial Protection Bureau (CFPB) released its first-ever Project Catalyst Report. The report highlights various market developments emerging from Fintech startups and traditional financial institutions (including new products, services, and trends) that, in the CFPB’s view, have the potential to produce benefits for consumers. The report also provides an overview of Project Catalyst’s work to promote consumer-friendly innovation and outlines the importance of ensuring consumer protections are built into emerging products and services from the outset. Project Catalyst was initiated by the CFPB in 2012 and is designed to encourage consumer-friendly innovation and entrepreneurship in markets for consumer financial products and services.

Fintech Flash: Living in the Regulatory World – What Happens, What Do I Do?

As Fintech companies move more and more into consumer financial services products, they move deeper and deeper into areas that are traditionally highly regulated. Even when they are providing services to a financial institution, they can face such regulatory scrutiny. This Fintech Flash will look at what type of regulators and scrutiny Fintech companies can face, what regulatory interactions can be like, and what Fintech companies can do to prepare for regulatory examinations. For more information, view the Fintech Flash issued by Goodwin’s Fintech Practice.

FinCEN Issues Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime

On October 25, the Financial Crimes Enforcement Network (FinCEN) issued an advisory to assist financial institutions in understanding their Bank Secrecy Act (BSA) obligations regarding cyber-events and cyber-enabled crime. The advisory also highlighted how BSA reporting helps U.S. authorities combat cyber-events and cyber-enabled crime and provided an in-depth discussion of how BSA regulations and requirements apply to the reporting of cyber-events, cyber-related crime, and cyber-related information, including examples of cyber-events that would mandate the filing of a SAR. In addition to the advisory, FinCEN has issued Frequently Asked Questions (FAQs) regarding the reporting of cyber-events, cyber-enabled crime, and cyber-related information through Suspicious Activity Reports.

Enforcement & Litigation

Mutual Fund Adviser Settles with SEC for Alleged  Fair Valuation and Disclosure Failures

On October 18, the SEC announced that a registered investment adviser has agreed to settle claims against it for, among other things,  improperly fair valuing certain mutual fund holdings and failing to disclose key aspects of its attempted remediation of the resulting pricing errors.  In the order, the SEC alleged that the adviser improperly valued certain bond securities held in the portfolios of certain mutual funds that it advises.  The improperly valued securities resulted in NAV errors, inaccurate performance figures and inflated asset-based fees.  The SEC further alleged that the adviser’s attempted remediation was insufficient as the adviser did not precisely calculate fund and shareholder losses in accordance with its NAV error correction procedures.  Additionally, the SEC asserted that the adviser did not properly disclose (1) certain details of its remediation process, namely that it was not based on a full application of the NAV error correction procedures and (2) that the remediation process compensated shareholders differently, depending on whether they invested directly or through an intermediary. Without admitting or denying the findings in the SEC’s order, the adviser agreed to (1) the entry of a cease-and-desist order and a censure, (2) pay a $3.9 million penalty, and (3) undertake a self-administered distribution to affected shareholders.

Q2 2016 Sees Increased Personal and Student Lending Enforcement

For the second quarter of 2016, Consumer Finance Enforcement Watch tracked 46 enforcement actions taken against consumer finance providers. This represents a slight decrease from the 50 enforcement actions that were tracked last quarter, and a decrease from the 56 actions that we tracked in the second quarter of 2015. Approximately two-thirds of Q2 enforcement actions were settlements (with or without consent orders), with the remainder resulting from court judgments, non-judgment court rulings, and new activity in ongoing enforcement actions. For more information including interactive charts, view the Enforcement Watch blog post

Goodwin News

CFO Magazine: ‘One Size Fits All’ Regulation Simply Doesn’t Work

William Stern, a partner in the firm's Financial Industry, Consumer Financial Services, and Fintech practices, writes about the disproportionate effect that the current “one size fits all” banking regulation model has on smaller financial institutions with limited resources. Stern discusses the need to more closely align the degree of regulatory burden to which an institution is subject to the riskiness of its business. Read the full CFO Magazine article here.

Bloomberg BNA: Top Law Firms Getting the Most ERISA Class Action Business

Goodwin ranked in the top 5 of law firms advising on ERISA class actions, defending large employers. Goodwin is defending entities including MIT, American Century Services and Deutsche Bank Americas Holding Corp., in six class actions.

Women’s Alternative Investment Summit 2016 – Nov. 3 – 4

The Women’s Alternative Investment Summit, produced by Falk Marques Group LLC, is a high-level conference designed to enhance networking, fundraising and deal-making opportunities for women across the broad spectrum of alternative investing, including private equity, venture capital, real estate, hedge fund, and distressed investing. Content focuses on issues of intellectual business interest, industry-specific information and trends, and current topics that are critical to the alternative investment strategies of GPs and LPs. Goodwin is a sponsor. For more information, view the event website.

Marketplace Lending Forum: Taking on Current Challenges to Bank Partnerships and More – Nov. 16

Join Goodwin and LendIt for this Marketplace Lending webinar featuring Goodwin partner Mike Whalen. Marketplace lending originations are projected to quadruple in the next four years, but regulatory and business considerations show that challenges still exist. This forum, based on a culmination of a series of industry alerts published by Goodwin, will provide actionable ideas on how online lending platforms and banks can partner in this innovative age. If you are a small business or consumer lender, this forum will help you better understand how partnerships can be structured to stabilize your business model. Banks of all sizes, commercial, community and regional, will learn how technological advances can help improve user experience and what processes can be outsourced or acquired. Register for this webinar.

Key Issues Facing Boards of Directors of Financial Institutions and Corporations: Heightened Expectations & Risk around Compliance Programs – Nov. 17

Directors, C-Suites, and General Counsel are increasingly focusing on compliance – a critical aspect to every business operation. Mistakes can seriously heighten corporate and personal liability. Goodwin partner Richard Strassberg joins Jason Brown, Chief Deputy Attorney General of New York State, Susan Schroeder, Senior Vice President, Deputy Chief, Enforcement Department of FINRA, and Jonny Frank, partner at StoneTurn Group. They will provide an overview of key national and state regulatory issues in financial services and other industry compliance.

5th Annual Banking Symposium – Dec. 6

Goodwin is hosting the 5th Annual Banking Symposium, a forum for CEOs and senior management of financial institutions to discuss critical and emerging issues in the industry. This year's theme, Unwinding the Road Ahead, will cover the aftermath of the 2016 presidential election and the effects of the new political landscape on financial institutions, the regulatory and compliance issues that are keeping you and your peers up at night, and how banks and Fintech partnerships are driving revenue and enhancing the bottom line. For event information and a list of speakers, please visit www.bankingsymposium.com.

This week’s Roundup contributors: William McCurdy.