Weekly RoundUp
September 27, 2017

Financial Services Weekly News

Cybersecurity Returns to Center Stage. The Equifax breach and recent news that the Securities and Exchange Commission’s (SEC) EDGAR test filing system was hacked in 2016 have brought cybersecurity back to center stage in Washington. SEC Chairman Jay Clayton issued a statement highlighting the importance of cybersecurity to the agency and market participants, and detailing the agency’s approach to cybersecurity as an organization and as a regulatory body. Meanwhile, various industry trade groups wrote a letter to Congress to advocate a sweeping uniform national law to deal with data breaches that would preempt the existing patchwork of state laws. These and other recent developments are covered below.

Regulatory Developments

CFTC Director of the Division of Enforcement Announces Cooperation and Self-Reporting Program

On September 25, James McDonald, the Director of the Division of Enforcement (the Division) for the Commodity Futures Trading Commission (CFTC), discussed the CFTC’s cooperation and self-reporting program. Noting the need for other enforcement strategies besides tough prosecution, Director McDonald described a program built around the principles of optimal deterrence, proper incentives, and the alignment of interests and incentives between the CFTC and the business community. Under the program, the CFTC expects a company to (1) voluntarily and promptly self-report wrongdoing (meaning before threat of disclosure or of a government investigation, and it must be made independent of any other legal obligation), (2) fully cooperate with the Division throughout the investigation, and (3) timely and appropriately remediate to ensure the misconduct does not happen again. Where a participant complies in these three areas, the Division will recommend a “substantial reduction” in the otherwise applicable penalty. The level of compliance will determine the level of reduction and in some “extraordinary circumstances” the Division might go as far as to recommend declining to prosecute a case. The hope, Director McDonald explained, is that the program will complement other independent reasons to self-report.

SEC Chairman Clayton Issues Statement on Cybersecurity

On September 20, SEC Chairman Jay Clayton issued a statement highlighting the importance of cybersecurity to the agency and market participants, and detailing the agency’s approach to cybersecurity as an organization and as a regulatory body. The statement is part of an ongoing assessment of the SEC’s cybersecurity risk profile that Chairman Clayton initiated upon taking office in May. Components of the initiative include the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency. The statement provides an overview of the SEC’s collection and use of data and discusses key cyber risks faced by the agency, including a 2016 intrusion of the SEC’s EDGAR test filing system. In the statement, Chairman Clayton acknowledged that the SEC’s EDGAR test filing system had been hacked in 2016 and may have provided the basis for illicit gain through trading. The statement also outlines the management of internal cybersecurity risks, including the incorporation of cybersecurity considerations in disclosure-based and supervisory efforts, coordination with other government entities, and the enforcement of the federal securities laws against cyber threat actors and market participants that do not meet their disclosure obligations.

Cybersecurity Regulation Back on Center Stage After Data Breach

The issue of cybersecurity is back in front of Congress in the wake of the news of the data breach at Equifax Inc., which reportedly has affected approximately 143 million consumers. Various industry trade groups, including the National Retail Federation, wrote a letter to Congress to advocate a sweeping uniform national law to deal with data breaches that would preempt the existing patchwork of state laws. Importantly, the letter points out that data breaches most strongly affect the financial services industry. According to the 2017 Verizon Data Breach Investigations Report, up to 24% of all data breaches are in the financial services industry, more than any other industry. View the LenderLaw Watch blog post.

House Contemplates Reforming the Federal Reserve’s Responsibilities

On September 12, the U.S. House of Representatives’ Financial Services Subcommittee on Financial Institutions and Consumer Credit and the Subcommittee on Monetary Policy and Trade conducted a joint hearing titled, “Examining the Relationship Between Prudential Regulation and Monetary Policy at the Federal Reserve.” A link to the videotaped testimony is located here. The Federal Reserve not only regulates and supervises various financial institutions, but also conducts monetary policy. The purpose of the hearing was to determine whether the Federal Reserve’s dual responsibilities of both regulation and monetary policy “complement or conflict” with one another. Witnesses included Dr. Charles Calomiris, a Columbia Business School professor of financial institutions, Dr. Stephen G. Cecchetti, the Rosen Family Chair in International Finance at Brandeis International Business School, and Jim Sivon, a partner at Barnett Sivon & Natter, P.C, who spoke on behalf of the Financial Services Roundtable. All three witnesses spoke in favor of reforming the way the Federal Reserve operates. View the LenderLaw Watch blog post.

Client Alert: Planning for the Approaching CEO Pay Ratio Disclosure Requirement

It appears likely that the CEO pay ratio disclosure rule adopted by the SEC in 2015 will require companies that are subject to the rule to begin including CEO pay ratio disclosure for 2017 compensation in their proxy statements or Form 10-K annual reports to be filed in 2018. Companies that will be subject to these disclosure requirements should continue to prepare to comply with the CEO pay ratio disclosure rule, or begin doing so if they have not already started. For more information, read the client alert issued by Goodwin’s ERISA and Executive Compensation and Public Companies practices.

Client Alert: NYSE Proposes Change in Material News Releases After Closing

The New York Stock Exchange has filed a proposal that will prohibit listed companies from issuing material news after the close of trading (generally 4:00 p.m. Eastern Time) until the earlier of the publication of the company’s official NYSE closing price or five minutes after the close of trading. For more information, read the client alert issued by Goodwin’s Public Companies practice.

Enforcement & Litigation

SEC Staff Extends No-Action Letter Relief Regarding Auditor Independence Requirements Under the Loan Rule

On September 22, the SEC’s Division of Investment Management issued a letter extending the relief offered to Fidelity Management & Research Company in a no-action letter (NAL) originally issued in June of 2016 (previously covered in the Roundup) and which was set to expire in December of this year. The extension makes no changes to the scenarios or representations in the original NAL and extends the assurances such that they will be withdrawn upon the effectiveness of any amendments to the Loan Rule designed to address the concerns expressed in the NAL.

DOJ Obtains $907,000 Settlement for Auto Lender’s Repossession of Active Duty Servicemembers’ Vehicles

On September 18, the Department of Justice (DOJ) announced that it had entered into a $907,000 settlement with an auto loan lender and servicer (Defendant). In its complaint, filed the same day in the United States District Court for the Northern District of Texas, the DOJ alleged that the Defendant had violated the Servicemembers Civil Relief Act (SCRA), 50 U.S.C. § 3901, et seq. by failing to obtain court orders prior to repossessing vehicles owned by covered active duty servicemembers. View the Enforcement Watch blog post.  

It’s About Context: CFPB Wins Bench Trial Against Third-Party Servicer for Deceptive Advertising

On September 8, a judge in the Northern District of California assessed a statutory penalty of $7.93 million against Nationwide Biweekly Administration, Inc. (Nationwide) and issued an injunction prohibiting further deceptive advertising, after a bench trial in CFPB v. Nationwide Biweekly Administration, Inc., Case No. 3:15-cv-02106-RS (N.D. Cal. Sept. 8, 2017). The judgment was based on Nationwide’s advertising for a fee-based accelerated mortgage loan repayment service, which the Consumer Financial Protection Bureau (CFPB) had alleged was unfair and deceptive. The court concluded that, taken individually, none of Nationwide’s statements were untruthful, but taken together, the court found that the “net effect” of the advertising would be misleading to the average consumer. View the LenderLaw Watch blog post

Goodwin News

International Finance Law Review: Crackdown Needed on Corporate Disclosure

Shareholders are faced with ever-expanding levels of corporate information, which is impairing their decision-making process. Focusing on the data that is material to investors could be the solution. As shareholder activism and an increased focus on board responsibilities grow, the world has put corporate governance in the spotlight. Goodwin counsel David Bernstein looks at the practicalities of empowering shareholders and other fundamental questions regarding corporate governance in this International Finance Law Review article.

BlockCon 2017 – October 10 – 12

Goodwin is a sponsor of what may be the largest blockchain conference ever: BlockCon 2017. Grant Fondo, Chair of Goodwin’s Digital Currency and Blockchain Technology practice, will moderate a panel discussing the legal and regulatory aspects of initial coin offerings (ICOs). For additional information, please visit the event website.

Money 20/20 – October 22 – 25

The Money 20/20 Conference, one of the largest global events focused on payments and financial services innovation, attracts more than 1,500 CEOs from over 4,500 companies and 85 countries. Goodwin is a sponsor and is speaking on the panel, “Privacy & Data Security: Why It Matters & What To Do About It” on Sunday, October 22. For more information, please visit the event website.

Expert Institute’s Best Legal Blog Contest: Voting Open Through November 3

Goodwin’s Enforcement Watch and Digital Currency + Blockchain Perspectives blogs were recently nominated for The Expert Institute’s Best Legal Blogs Hall of Fame. We want to thank all of our Roundup readers who participated in the nomination process. Each blog will now compete for rank within its category, while the three blogs that receive the most votes in any category will be designated overall winners. Voting will remain open until 12:00 AM on November 3, at which point the votes will be tallied and the winners announced. Please note that you can only cast one vote in this competition. To vote for Enforcement Watch, please click here. To vote for Digital Currency + Blockchain Perspectives, please click here.

This week’s Roundup contributors: Catalina Azuero, Tucker DeVoe, Courtney Hayden and George Schneider