Benham announced his plans to resign in a statement in which he expressed his gratitude to the Commission for all the effort and work it put in in order to drive growth and strength in the financial markets. He also thanked President Joe Biden, Senator Chuck Schumer, and Senator Debbie Stabenow for their support.

“Over the past several years, a multitude of domestic and global events tested the resilience of all financial markets,” Behnam said in the statement. “I am proud that the Commission consistently made deliberate and intentional decisions to ensure continued strength.”

Benham was well-known for his unsuccessful effort in convincing Congress to allow the CFTC to oversee the cryptocurrency industry. Although Congress did not authorize such oversight, Benham was successful in bringing enforcement actions against two notorious cypto companies, Binance and FTX. More recently, a cypto exchange company, Gemini, agreed to pay a $5 million fine to the Commission for allegations that it misrepresented certain aspects of a proposed bitcoin future’s contract.

The Future of the Crypto Industry

President-elect Trump has somewhat recently moved to a “crypto-friendly” stance. Trump and his family back their own crypto project, World Liberty Financial, which recently got a $30 million investment from Justin Sun, a crypto entrepreneur. As a result, it is expected that his administration will push for crypto-friendly rules. During his campaign, the President promised to make America “the crypto capital of the planet” by bringing in those who had a similar stance on crypto. He recently picked Paul Atkins, a lawyer known for his backing of the crypto industry, as his pick to lead the Securities and Exchange Commission. chair of the Securities and Exchange Commission. He also appointed former PayPal executive David Sacks to the new role of AI and crypto czar, more signs that he intends to change American policy and boost cryptocurrency.

Although Benham will be resigning on Inauguration Day, he will remain with the agency until February 7^th in order to ensure a smooth transition.  

The post CFTC Chair Behnam to Resign as President Trump Prepares Pro-Crypto Agenda appeared first on Compliance Chief 360.

The CTA was developed in 2021 as a way to restrict the use of shell companies to conceal flows of illicit money. With the Act, eligible businesses were originally required to file information of any owner who either has a major influence on the reporting company’s decisions or operations, owns at least 25% of the company’s shares, or has a similar level of control over the company’s equity.

The CTA would apply to nearly 34 million businesses and would exclude many from the requirement including those businesses with more than $5 million in gross sales and more than 20 full-time employees. Businesses and owners that didn’t comply with the reporting rules could face fines of up to $591 a day. They could also face up to $10,000 in criminal fines and up to two years in prison.

The Fifth Circuit granted the injunction to put the law on hold in the case of Texas Top Cop Shop v. Garlandwhere Texas Top argued that to have such a rule in place would be to unconstitutionally invade small-business owners and associations. The court said that it has paused enforcement of the reporting requirement in order to “preserve the constitutional status quo while the merits panel considers the parties’ weighty substantive arguments.”

The Financial Crimes Enforcement Network clarified the court’s ruling by putting out of the following statement: “In light of a recent federal court order, reporting companies are not currently required to file beneficial ownership information with FinCEN and are not subject to liability if they fail to do so while the order remains in force. However, reporting companies may continue to voluntarily submit beneficial ownership information reports.”

Before the Fifth Cicuit’s ruling, FincCEN announced that it has extended the deadline to file to January 13^thhowever due to the court’s ruling, it remains clear that such a deadline will not be enforced at that time. “While it is not known how long the injunction will remain in effect, the case is calendared for oral argument en banc on March 25, 2025, so we expect that the injunction will be effective at least through March,” Daniel Stipano, a partner at law firm Davis Polk & Wardwell, wrote in an email.

FinCEN said that it still believes that the law is constitutional and will continue to pursue an appeal. As a result, the rule may ultimately be placed into effect which will require companies to gather information of its owners. Therefore, while business owners may be in favor of invalidating the CTA, it may make sense to continue to gather ownership information.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post Fifth Circuit Halts Corporate Transparency Act Amid Constitutional Challenge appeared first on Compliance Chief 360.

The OCC initially charged Bank of America based on violations and unsafe practices relating to these programs, including a failure to timely file suspicious activity reports and failure to correct a previously identified deficiency related to its Customer Due Diligence processes. The order also identifies deficiencies in the internal controls, governance, independent testing, and training components of the bank’s BSA compliance program.

The order requires the bank to take corrective actions to enhance its BSA/anti—money laundering (“AML”) and sanctions compliance programs, including the hiring of an independent consultant to assess the bank’s BSA/AML and sanctions compliance programs and conduct reviews to ensure all suspicious activity was appropriately reported.

The OCC found that Bank of America “had a breakdown in its policies, procedures, and processes to identify, evaluate, and report suspicious activity, including the Bank’s systemic failure to ensure that it transaction monitoring system had appropriate thresholds for determining when transaction alerts should trigger a case investigation” and that it “failed to make acceptable substantial progress towards correcting a deficiency related to the Bank’s Customer Due Diligence processes that was previously reported to the Bank by the OCC.”

This settlement should not come as a surprise to investors as Bank of America disclosed in its October filing that it has been in contact with regulators about its compliance programs and could foresee potential enforcement actions charged against the bank.

This settlement represents the OCC’s effort in combatting deficient BSA/AML compliance programs. The OCC recently imposed a $450 million fine against TD Bank for its failure to develop and maintain a BSA/AML program reasonably designed to assure and monitor compliance with the BSA. As a result of the bank’s failure, may criminal groups such as drug cartels used it to launder more than $650 million in drug money.  

The post Bank of America Settles OCC Cease-and-Desist Order Over Compliance Deficiencies appeared first on Compliance Chief 360.

The CFPB’s lawsuit describes how hundreds of thousands of consumers filed fraud complaints and were largely denied help, with some being told to contact the fraudsters directly to recover their money. Bank of America, JPMorgan Chase, and Wells Fargo also allegedly failed to properly investigate complaints or reimburse consumers for fraud and errors as is required by law.

Jane Khodos, a spokesperson for Zelle, said that the CFPB’s arguments are “legally and factually flawed, and the timing of this lawsuit appears to be driven by political factors unrelated to Zelle.”

“Zelle leads the fight against scams and fraud and has industry-leading reimbursement policies that go above and beyond the law,” Khodos said. “The CFPB’s misguided attacks will embolden criminals, cost consumers more in fees, stifle small businesses and make it harder for thousands of community banks and credit unions to compete. Zelle is relied upon by 143 million enrolled American consumers and small businesses, and we are fully prepared to defend this meritless lawsuit to ensure their service does not suffer.”

The Alleged Failures and Neglect

According to statement made by CFPB Director Rohit Chopra, this lawsuit results from an investigation that launched in 2021. The investigation found that three of the nation’s largest banks allegedly “rushed to launch a payment system without implementing basic protections for their customers.”

The CFPB alleges widespread consumer losses since Zelle’s 2017 launch due to the platform’s and the banks’ failure to implement appropriate fraud prevention and detection safeguards. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo, and Early Warning Services violated federal law through critical failures including:

• Leaving the door open to scammers: Zelle’s limited identity verification methods have allowed scammers to quickly create accounts and target Zelle users. For example, criminals often exploited Zelle’s design and features to link a victim’s token to the fraudster’s deposit account, which caused payments intended for the consumer’s account to instead flow to the fraudster account.
• Allowing repeat offenders to hop between banks: Early Warning Services and the banks were too slow to restrict and track criminals as they exploited multiple accounts across the network. The banks did not share information about known fraudulent transactions with other banks on the network. As a result, the fraudsters could carry out repeated fraud schemes across multiple institutions before being detected, if they were detected at all.
• Ignoring red flags that could prevent fraud: Despite receiving hundreds of thousands of fraud complaints, the banks failed to use this information to prevent further fraud. They also allegedly violated the Zelle Network’s own rules by not reporting fraud incidents consistently or on time.
• Abandoning consumers after fraud occurred: Despite obligations under the Electronic Fund Transfer Act and Regulation E, the banks failed to properly investigate Zelle customer complaints and take appropriate action for certain types of fraud and errors.

The lawsuit aims reimburse those who suffered financial losses due to the alleged neglect of fraud. It also seeks to impose penalties on the banks and implement measures to prevent similar violations in the future.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post CFPB Sues Major Banks and Zelle Operator for Alleged Fraud appeared first on Compliance Chief 360.

In the case of Alliance for Fair Board Recruitment v. SEC, the Fifth Circuit court held that the SEC’s approval of the Board Diversity Rules was “arbitrary and capricious” and as a result an overreach of power. In reaching its decision, the court found that the SEC did not give adequate reasons as to why such rules were in line with the Securities Exchange Act of 1934. The court held that such Diversity Rules were unnecessary and unimportant within the context of the 1934 Act and overruled the SEC’s approval on a constitutional basis.

Case Analysis

The court consistently noted that the purpose of the 1934 Act is to protect investors from fraud and other similar types of harm. Due to this, the court held that such disclosures are permitted to be required “only if it is related to the elimination of fraud, speculation, or some other Exchange Act-related harm.” Ultimately, the court found that since the Rules (i) did not “promote just and equitable principles of trade” because they are not directed toward the unethical practices this Exchange Act language addresses, (ii) did not “remove impediments to” or “perfect the mechanism of a free and open market” because they are not related to a free and open market in the execution of securities transactions as the Exchange Act intends, and (iii) were not “designed . . . in general, to protect investors and the public interest”  they were not related to the more specific purposes states in the 1934 Act.

“SEC has intruded into territory far outside its ordinary domain,” U.S. Circuit Judge Andrew Oldham who wrote for the majority opinion. “It is not unethical for a company to decline to disclose information about the racial, gender, and LGTBQ+ characteristics of its directors,” the ruling stated. “We are not aware of any established rule or custom of the securities trade that saddles companies with an obligation to explain why their boards of directors do not have as much racial, gender, or sexual orientation diversity as Nasdaq would prefer.”

Under the original rule, companies were required to have at least one woman, racial minority or LGBTQ person on the board or explain why they do not. Additionally, the rule required that companies also disclose how board members identify in those categories.

This case represents the ongoing of court rulings overturning SEC rulemaking such as share repurchase rules and the private fund rules. The Fifth Circuit has, for a while, been known to limit agencies’ authority to make rules as was seen when the court affirmed a case using the Loper Bright approach, also known as the case that overruled the Chevron Doctrine. This case once again indicates that judicial system seems to be leaning away from agency rulemaking and authority.  

The post Court Invalidates Nasdaq Board Diversity Requirements appeared first on Compliance Chief 360.

The rule will ensure that pricing information is provided in a transparent and truthful way and that consumers are no longer harmed from such unfair and deceptive practices. Consumers searching for hotels or vacation rentals or seats at a show or sporting event will no longer be surprised by a pile of “resort,” “convenience,” or “service” fees inflating the advertised price. By requiring up-front disclosure of total price that includes all applicable fees, the rule will make comparison shopping easier, resulting in savings for consumers and leveling the competitive playing field.

“People deserve to know up-front what they’re being asked to pay—without worrying that they’ll later be saddled with mysterious fees that they haven’t budgeted for and can’t avoid,” said FTC Chair Lina Khan. “The FTC’s rule will put an end to junk fees around live event tickets, hotels, and vacation rentals, saving Americans billions of dollars and millions of hours in wasted time. I urge enforcers to continue cracking down on these unlawful fees and encourage state and federal policymakers to build on this success with legislation that bans unfair and deceptive junk fees across the economy.”

The FTC launched this rulemaking in 2022 by requesting public input on whether a rule could help eliminate unfair and deceptive pricing tactics. After receiving more than 12,000 comments on how hidden and misleading fees affected personal spending and competition, the FTC announced a proposed rule in October 2023 and invited a second round of comments. The Commission received more than 60,000 additional comments which it considered in developing the final rule announced today.

The Final Rule

 The Junk Fees Rule aims to prevent businesses from deceiving its consumers in terms of pricing information. The rule does not prohibit any type or amount of fee and any specific pricing strategies. Rather, it simply requires that businesses that advertise their pricing tell consumers the whole truth up-front about prices and fees.

The rule requires that businesses clearly disclose the true total price which includes all mandatory fees whenever they offer, display, or advertise any price of live-event tickets or short-term lodging. Businesses cannot misrepresent any fee or charge in any offer, display, or ad for live-event tickets or short-term lodging.

In addition, the rule requires businesses to display the total price more blatantly than most other pricing information. This means that the most prominent price in an ad needs to be the all-in total price—truthful itemization and breakdowns are fine but should not overshadow what consumers want to know: the real total.

Finally, the rule requires businesses that exclude fees up front to clearly disclose the nature, purpose, identity, and amount of those fees before consumers agree to pay. For example, businesses that exclude shipping or taxes from the advertised price must openly disclose those fees before the consumer enters their payment information.

The FTC estimates that the Junk Fees Rule will save consumers up to 53 million hours per year of wasted time spent searching for the total price for live-event tickets and short-term lodging. This time savings is equivalent to more than $11 billion over the next decade.  

The post FTC Finalizes Rule that Aims to End Hidden ‘Junk Fees’ appeared first on Compliance Chief 360.

lobal consulting firm McKinsey & Co. has agreed to pay $650 million to settle a Department of Justice investigation into the firm’s consulting work with opioids manufacturer Purdue Pharma. The DoJ had accused McKinsey of fueling the opioid epidemic with its aggressive sales and marketing advice to Purdue, including a 2013 engagement in which McKinsey advised on steps to “turbocharge” sales of OxyContin.

McKinsey has agreed to pay a penalty of over $231 million, a forfeiture amount of over $93 million and a payment of $2 million to the Virginia Medicaid Fraud Control Unit to resolve the criminal allegations.

The settlement marks the first time a management consulting firm has been held criminally responsible for advice resulting in the commission of a crime by a client and reflects the Justice Department’s ongoing efforts to hold those responsible for their roles in the opioid crisis to account. The resolution is also the largest civil recovery for such conduct.

“For the first time in history, the Justice Department is holding a management consulting firm and one of its senior executives criminally responsible for the sales and marketing advice it gave resulting in the commission of crime by a client,” said Attorney Christopher Kavanaugh for the Western District of Virginia. “This ground-breaking resolution demonstrates the Justice Department’s ongoing commitment to hold accountable those companies and individuals who profited from our Nation’s opioid crisis.”

McKinsey also has entered into a civil settlement agreement in which it will pay over $323 million to resolve its liability under the False Claims Act for allegedly providing advice to Purdue that caused the submission of false and fraudulent claims to federal healthcare programs for medically unnecessary prescriptions of OxyContin, as well as allegedly failing to disclose to the U.S. Food and Drug Administration conflicts of interest arising from McKinsey’s concurrent work for Purdue and the FDA. This brings the total payments under the global resolution to $650 million.

McKinsey’s Criminal Liability for Misbranding

The criminal misbranding charge was based on McKinsey’s advice to the titan opioids manufacturer. Between 2004 and 2019, McKinsey contracted with Purdue on 75 different occasions in the United States. In 2007, a Purdue affiliate pleaded guilty to misbranding OxyContin, from 1996 through 2001, by falsely marketing it as less addictive, less subject to abuse and diversion, and less likely to cause dependence and withdrawal than other pain medications, and Purdue entered into a five-year corporate integrity agreement with the Department of Health and Human Services Office of Inspector General. After the 2007 guilty plea, McKinsey partners maintained close contact with Purdue, and in 2009, worked with Purdue to enhance “brand loyalty” for OxyContin and protect market share.

In 2010 McKinsey worked with Purdue to obtain FDA approval for a version of OxyContin that was reformulated with abuse-deterrent properties. Following the introduction of reformulated OxyContin in August 2010, OxyContin sales immediately began to decline. Purdue studied the drivers for this decline and attributed it, in large part, to a drop in prescriptions for individuals abusing OxyContin and increases in regulatory safeguards intended to hinder medically unnecessary prescribing of OxyContin.

In May 2013, Purdue retained McKinsey to conduct a rapid assessment of the underlying drivers of OxyContin performance, identify key opportunities to increase near-term OxyContin revenue and develop plans to capture priority opportunities. This 2013 effort was called Evolve to Excellence, or “E2E,” and included McKinsey advising Purdue on how to “turbocharge” the sales pipeline for OxyContin by, among other strategies, intensifying marketing to High Value Prescribers, included prescribers who were writing opioid prescriptions for uses that were unsafe, ineffective, and medically unnecessary.

McKinsey consultants spoke with Purdue about the concerns and increasing reluctance of pharmacists and pharmacy chains to fill prescriptions for OxyContin as abuse of the drug rose. McKinsey consultants also went on several “ride-alongs” with Purdue sales representatives in the field, as these sales representatives called on prescribers and pharmacists. In notes about one of these ride-alongs, a McKinsey consultant wrote, in part, “Pharmacist; [had] a gun and was shaking; abuse is definitely a huge issue[.]”

In August 2013, McKinsey partners met with certain members of the Purdue Board of Directors to present McKinsey’s findings and proposal; as one McKinsey partner reported afterwards, “[b]y the end of the meeting the findings were crystal clear to everyone and they gave a ringing endorsement of ‘moving forward fast.’” McKinsey also described for Purdue the financial value at stake: “hundreds of millions, not tens of millions.”

For Purdue and McKinsey, E2E was a financial success. Their targeting of High Value Prescribers slowed OxyContin’s declining sales and kept Purdue’s profits flowing at the expense of public health. After the conclusion of McKinsey’s work for Purdue on E2E, McKinsey performed additional work with Purdue that also sought to maximize OxyContin sales by further targeting sales efforts to High Value Prescribers.

False Claims to Federal Healthcare Programs and the FDA

The department’s civil False Claims Act settlement relates to allegations that, from 2013 to 2014, McKinsey, by advising Purdue to turbocharge OxyContin marketing to High Value Prescribers as a means to increase OxyContin sales, and despite its awareness of the opioid crises, knowingly caused false and fraudulent claims for OxyContin to be submitted to Medicare, Medicaid, TRICARE, the Federal Employees Health Benefit Program and the Veterans Health Administration.

The large $650 million fine also settles allegations that, from 2014 to 2017, McKinsey knowingly misled the FDA by assigning consultants to concurrently work on both FDA projects and competitively sensitive Purdue projects, contrary to McKinsey US’ conflict of interest policy. While soliciting a contract from the FDA, McKinsey US represented to the FDA that it had a conflict-of-interest policy in which its consultants serving the FDA would not be assigned to a competitively sensitive project for a significant period of time following an assignment for FDA.

The FDA then awarded McKinsey US the first in a series of contracts on a project relating to the monitoring of the safety of FDA-regulated products. McKinsey US admitted that it did not inform the FDA that its consultants worked on the Purdue projects around the same time those consultants also worked on the FDA project.

McKinsey’s Remedial Measures

As part of the resolution, McKinsey has agreed to implement a significant compliance program, including a system of policies and procedures designed to identify and assess high-risk client engagements. As part of this compliance program, McKinsey will implement new document retention procedures and training for all partners, officers and employees who provide or implement advice to clients. This compliance program is in addition to the provisions negotiated between McKinsey and the DoJ in a concurrent resolution with McKinsey & Company Africa that was announced on December 5^th.

McKinsey has also agreed that it will not do any work related to the marketing, sale, promotion or distribution of controlled substances during the five-year term of the DPA. The settlement requires McKinsey’s Managing Partner to certify, on an annual basis, the firm’s compliance with its obligations under the DPA and federal law.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post McKinsey To Pay $650 Million to DoJ for Advising Client in Criminal Conduct appeared first on Compliance Chief 360.

cKinsey and Company Africa, which operates in South Africa as a subsidiary of international consulting firm McKinsey & Co., will pay over $122 million to resolve an investigation by the Justice Department into a scheme to pay bribes to government officials in South Africa between 2012 and 2016. A former McKinsey senior partner who participated in the bribery scheme has also pleaded guilty in the case.

McKinsey Africa also entered into a three-year deferred prosecution agreement (DPA) with the department in connection with criminal information filed in the Southern District of New York charging the company with one count of conspiracy to violate the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA). Vikas Sagar, a former senior partner of McKinsey who worked in McKinsey Africa’s South Africa office, previously pleaded guilty to one count of conspiracy to violate the FCPA.

According to court documents and admissions, McKinsey Africa, acting through a senior partner, agreed to pay bribes to then-officials at Transnet, South Africa’s state-owned custodian of ports, rails, and pipelines, and at Eskom, South Africa’s state-owned energy company. Between at least 2012 and 2016, McKinsey Africa obtained sensitive confidential and non-public information from Transnet and Eskom regarding the award of lucrative consulting contracts and submitted proposals for multimillion-dollar consulting engagements, while knowing that South African consulting firms with which McKinsey Africa had partnered would pay a portion of their fees as bribes to officials at Transnet and Eskom. As a result of the bribery scheme, McKinsey and McKinsey Africa earned profits of approximately $85,000,000.

“McKinsey Africa bribed South African officials in order to obtain lucrative consulting business that generated tens of millions of dollars in profits,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, in a statement. “The resolution announced today — the department’s third coordinated resolution with South African authorities in only two years — is evidence that our International Corporate Anti-Bribery (ICAB) initiative, which we announced in November 2023, is bearing fruit.”

“This settlement underscores our unwavering commitment to holding companies accountable that willfully engage in corrupt activities around the world,” said Assistant Director Chad Yarbrough of the FBI Criminal Investigative Division. “This misconduct is a blatant violation of law and a breach of public trust. No matter what country the crime occurs in, the FBI will always work closely with our international partners to root out corruption.”

Details of McKinsey Africa’s Credit for Cooperation

The Justice Department has agreed to credit up to one-half of the criminal penalty against amounts McKinsey pays to authorities in South Africa in related proceedings. In addition, both McKinsey and McKinsey Africa have agreed to, among other things, continue cooperating with the Criminal Division’s Fraud Section and the U.S. Attorney’s Office for the Southern District of New York in any ongoing or future criminal investigation arising during the term of the DPA. McKinsey and McKinsey Africa have also agreed to enhance their compliance program where necessary and appropriate and to report to the government regarding remediation and implementation of their enhanced compliance program.

The Justice Department reached this resolution with McKinsey Africa based on a number of factors, including, among others, the nature and seriousness of the offense. McKinsey Africa received credit for its cooperation with the department’s investigation, which included:

• Immediately and proactively cooperating from the inception of the department’s investigation.
• Making numerous factual presentations to the department over the course of its investigation, derived from information obtained through the company’s internal investigation.
• Collecting, reviewing, and producing voluminous records, including those located abroad, in response to requests from the department.
• Promptly reporting the discovery of document-deletion efforts by the McKinsey partner involved in the conduct found during its internal investigation, taking additional investigative steps to uncover information and evidence regarding those efforts, and producing such information and evidence to the department.
• Reporting, in real time, newly discovered information and documents that allowed the department to preserve and obtain evidence as part of its independent investigation.
• Tracing complex internal accounting money-flows and currency exchange-information in response to requests from the department
• Preserving, collecting, and producing to the department documents located abroad, and engaging a third-party forensics consultant to analyze key electronic devices and providing to the department the results of that analysis.

McKinsey and McKinsey Africa also engaged in timely remedial measures, including:

• Putting the McKinsey partner involved in the criminal scheme on leave when it learned of the partner’s role in the scheme, subsequently separating that partner from McKinsey after discovering his deletion activity, and requiring that partner’s continued cooperation post-separation.
• Conducting additional anti-corruption training for employees in South Africa and elsewhere in Africa, and ceasing work with all state-owned enterprises (SOEs) for a period of time while it conducted its internal investigation.
• Enhancing due diligence processes for third-party partners, including instituting controls to ensure that due diligence is completed before work begins on an engagement and imposing a more rigorous risk-review for public sector clients.
• Carrying out an enhanced review process for all sole-source work that requires advance-approval before the engagement can begin.
• Voluntarily repaying, in 2018 and 2021, all revenues that McKinsey and McKinsey Africa received from potentially tainted contracts to the SOEs in South Africa from which they received contracts as a result of the criminal scheme.

In light of these considerations as well as McKinsey’s prior history, the criminal penalty calculated under the U.S. Sentencing Guidelines reflects a 35 percent reduction off the fifth percentile of the otherwise applicable guidelines fine range.  

The post McKinsey Unit to Pay $122 Million to Settle Bribery Charges appeared first on Compliance Chief 360.

nvesco Advisers is paying the price for misleading clients and investors about how much of its assets were truly aligned with environmental, social, and governance principles. The Atlanta-based investment firm has agreed to pay a $17.5 million civil penalty to settle the Securities and Exchange Commission’s charges that it issued misleading statements on ESG.

According to the SEC’s order, from 2020 to 2022, Invesco told clients and stated in marketing materials that between 70 and 94 percent of its parent company’s assets under management were “ESG integrated.” However, in reality, these percentages included a substantial amount of assets that were held in passive ETFs that did not consider ESG factors in investment decisions. Furthermore, the SEC’s order found that Invesco lacked any written policy defining ESG integration.

“As stated in the order, Invesco saw commercial value in claiming that a high percentage of company-wide assets were ESG integrated. But saying it doesn’t make it so,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement, in a statement. “Companies should be straightforward with their clients and investors rather than seeking to capitalize on investing trends and buzzwords.”

The order charges Invesco with willfully violating the Investment Advisers Act of 1940. Without admitting or denying the order’s findings, Invesco agreed to cease and desist from violations of the charged provisions, be censured, and pay the aforementioned $17.5 million civil penalty.  

The post SEC Fines Invesco Advisers $17.5M for Misleading ESG Statements appeared first on Compliance Chief 360.

he Securities and Exchange Commission has charged four public companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The charges against the four companies—Unisys, Avaya, Check Point Software, and Mimecast—result from an investigation involving public companies impacted by the compromise of SolarWinds’ Orion software.

The SEC also charged Unisys with disclosure controls and procedures violations. The companies agreed to pay the following civil penalties to settle the SEC’s charges:

• Unisys will pay a $4 million civil penalty;
• Avaya. will pay a $1 million civil penalty;
• Check Point will pay a $995,000 civil penalty; and
• Mimecast will pay a $990,000 civil penalty.

“As today’s enforcement actions reflect, while public companies may become targets of cyberattacks, it is incumbent upon them to not further victimize their shareholders or other members of the investing public by providing misleading disclosures about the cybersecurity incidents they have encountered,” said Sanjay Wadhwa, acting director of the SEC’s Division of Enforcement. “Here, the SEC’s orders find that these companies provided misleading disclosures about the incidents at issue, leaving investors in the dark about the true scope of the incidents.”

According to the SEC’s orders, Unisys, Avaya, and Check Point learned in 2020, and Mimecast learned in 2021, that the threat actor likely behind the SolarWinds Orion hack had accessed their systems without authorization, but each negligently minimized its cybersecurity incident in its public disclosures.

The SEC’s order against Unisys finds that the company described its risks from cybersecurity events as hypothetical despite knowing that it had experienced two SolarWinds-related intrusions involving exfiltration of gigabytes of data. The order also finds that these materially misleading disclosures resulted in part from Unisys’ deficient disclosure controls.

The SEC’s order against Avaya finds that it stated that the threat actor had accessed a “limited number of [the] Company’s email messages,” when Avaya knew the threat actor had also accessed at least 145 files in its cloud file sharing environment.

The SEC’s order against Check Point finds that it knew of the intrusion but described cyber intrusions and risks from them in generic terms. The order charging Mimecast finds that the company minimized the attack by failing to disclose the nature of the code the threat actor exfiltrated and the quantity of encrypted credentials the threat actor accessed.

Don’t Downplay the Seriousness of a Breach

“Downplaying the extent of a material cybersecurity breach is a bad strategy,” said Jorge Tenreiro, acting chief of the Crypto Assets and Cyber Unit. “In two of these cases, the relevant cybersecurity risk factors were framed hypothetically or generically when the companies knew the warned of risks had already materialized.  The federal securities laws prohibit half-truths, and there is no exception for statements in risk-factor disclosures.”

The SEC’s orders find that each company violated certain applicable provisions of the Securities Act of 1933, the Securities Exchange Act of 1934, and related rules. Without admitting or denying the SEC’s findings, each company agreed to cease and desist from future violations of the charged provisions and to pay the penalties described above. Each company cooperated during the investigation, including by voluntarily providing analyses or presentations that helped expedite the staff’s investigation and by voluntarily taking steps to enhance its cybersecurity controls.  

The post SEC Charges Four Companies With Misleading Cyber Disclosures appeared first on Compliance Chief 360.