Benham announced his plans to resign in a statement in which he expressed his gratitude to the Commission for all the effort and work it put in in order to drive growth and strength in the financial markets. He also thanked President Joe Biden, Senator Chuck Schumer, and Senator Debbie Stabenow for their support.

“Over the past several years, a multitude of domestic and global events tested the resilience of all financial markets,” Behnam said in the statement. “I am proud that the Commission consistently made deliberate and intentional decisions to ensure continued strength.”

Benham was well-known for his unsuccessful effort in convincing Congress to allow the CFTC to oversee the cryptocurrency industry. Although Congress did not authorize such oversight, Benham was successful in bringing enforcement actions against two notorious cypto companies, Binance and FTX. More recently, a cypto exchange company, Gemini, agreed to pay a $5 million fine to the Commission for allegations that it misrepresented certain aspects of a proposed bitcoin future’s contract.

The Future of the Crypto Industry

President-elect Trump has somewhat recently moved to a “crypto-friendly” stance. Trump and his family back their own crypto project, World Liberty Financial, which recently got a $30 million investment from Justin Sun, a crypto entrepreneur. As a result, it is expected that his administration will push for crypto-friendly rules. During his campaign, the President promised to make America “the crypto capital of the planet” by bringing in those who had a similar stance on crypto. He recently picked Paul Atkins, a lawyer known for his backing of the crypto industry, as his pick to lead the Securities and Exchange Commission. chair of the Securities and Exchange Commission. He also appointed former PayPal executive David Sacks to the new role of AI and crypto czar, more signs that he intends to change American policy and boost cryptocurrency.

Although Benham will be resigning on Inauguration Day, he will remain with the agency until February 7^th in order to ensure a smooth transition.  

The post CFTC Chair Behnam to Resign as President Trump Prepares Pro-Crypto Agenda appeared first on Compliance Chief 360.

The CTA was developed in 2021 as a way to restrict the use of shell companies to conceal flows of illicit money. With the Act, eligible businesses were originally required to file information of any owner who either has a major influence on the reporting company’s decisions or operations, owns at least 25% of the company’s shares, or has a similar level of control over the company’s equity.

The CTA would apply to nearly 34 million businesses and would exclude many from the requirement including those businesses with more than $5 million in gross sales and more than 20 full-time employees. Businesses and owners that didn’t comply with the reporting rules could face fines of up to $591 a day. They could also face up to $10,000 in criminal fines and up to two years in prison.

The Fifth Circuit granted the injunction to put the law on hold in the case of Texas Top Cop Shop v. Garlandwhere Texas Top argued that to have such a rule in place would be to unconstitutionally invade small-business owners and associations. The court said that it has paused enforcement of the reporting requirement in order to “preserve the constitutional status quo while the merits panel considers the parties’ weighty substantive arguments.”

The Financial Crimes Enforcement Network clarified the court’s ruling by putting out of the following statement: “In light of a recent federal court order, reporting companies are not currently required to file beneficial ownership information with FinCEN and are not subject to liability if they fail to do so while the order remains in force. However, reporting companies may continue to voluntarily submit beneficial ownership information reports.”

Before the Fifth Cicuit’s ruling, FincCEN announced that it has extended the deadline to file to January 13^thhowever due to the court’s ruling, it remains clear that such a deadline will not be enforced at that time. “While it is not known how long the injunction will remain in effect, the case is calendared for oral argument en banc on March 25, 2025, so we expect that the injunction will be effective at least through March,” Daniel Stipano, a partner at law firm Davis Polk & Wardwell, wrote in an email.

FinCEN said that it still believes that the law is constitutional and will continue to pursue an appeal. As a result, the rule may ultimately be placed into effect which will require companies to gather information of its owners. Therefore, while business owners may be in favor of invalidating the CTA, it may make sense to continue to gather ownership information.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post Fifth Circuit Halts Corporate Transparency Act Amid Constitutional Challenge appeared first on Compliance Chief 360.

The OCC initially charged Bank of America based on violations and unsafe practices relating to these programs, including a failure to timely file suspicious activity reports and failure to correct a previously identified deficiency related to its Customer Due Diligence processes. The order also identifies deficiencies in the internal controls, governance, independent testing, and training components of the bank’s BSA compliance program.

The order requires the bank to take corrective actions to enhance its BSA/anti—money laundering (“AML”) and sanctions compliance programs, including the hiring of an independent consultant to assess the bank’s BSA/AML and sanctions compliance programs and conduct reviews to ensure all suspicious activity was appropriately reported.

The OCC found that Bank of America “had a breakdown in its policies, procedures, and processes to identify, evaluate, and report suspicious activity, including the Bank’s systemic failure to ensure that it transaction monitoring system had appropriate thresholds for determining when transaction alerts should trigger a case investigation” and that it “failed to make acceptable substantial progress towards correcting a deficiency related to the Bank’s Customer Due Diligence processes that was previously reported to the Bank by the OCC.”

This settlement should not come as a surprise to investors as Bank of America disclosed in its October filing that it has been in contact with regulators about its compliance programs and could foresee potential enforcement actions charged against the bank.

This settlement represents the OCC’s effort in combatting deficient BSA/AML compliance programs. The OCC recently imposed a $450 million fine against TD Bank for its failure to develop and maintain a BSA/AML program reasonably designed to assure and monitor compliance with the BSA. As a result of the bank’s failure, may criminal groups such as drug cartels used it to launder more than $650 million in drug money.  

The post Bank of America Settles OCC Cease-and-Desist Order Over Compliance Deficiencies appeared first on Compliance Chief 360.

The CFPB’s lawsuit describes how hundreds of thousands of consumers filed fraud complaints and were largely denied help, with some being told to contact the fraudsters directly to recover their money. Bank of America, JPMorgan Chase, and Wells Fargo also allegedly failed to properly investigate complaints or reimburse consumers for fraud and errors as is required by law.

Jane Khodos, a spokesperson for Zelle, said that the CFPB’s arguments are “legally and factually flawed, and the timing of this lawsuit appears to be driven by political factors unrelated to Zelle.”

“Zelle leads the fight against scams and fraud and has industry-leading reimbursement policies that go above and beyond the law,” Khodos said. “The CFPB’s misguided attacks will embolden criminals, cost consumers more in fees, stifle small businesses and make it harder for thousands of community banks and credit unions to compete. Zelle is relied upon by 143 million enrolled American consumers and small businesses, and we are fully prepared to defend this meritless lawsuit to ensure their service does not suffer.”

The Alleged Failures and Neglect

According to statement made by CFPB Director Rohit Chopra, this lawsuit results from an investigation that launched in 2021. The investigation found that three of the nation’s largest banks allegedly “rushed to launch a payment system without implementing basic protections for their customers.”

The CFPB alleges widespread consumer losses since Zelle’s 2017 launch due to the platform’s and the banks’ failure to implement appropriate fraud prevention and detection safeguards. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo, and Early Warning Services violated federal law through critical failures including:

• Leaving the door open to scammers: Zelle’s limited identity verification methods have allowed scammers to quickly create accounts and target Zelle users. For example, criminals often exploited Zelle’s design and features to link a victim’s token to the fraudster’s deposit account, which caused payments intended for the consumer’s account to instead flow to the fraudster account.
• Allowing repeat offenders to hop between banks: Early Warning Services and the banks were too slow to restrict and track criminals as they exploited multiple accounts across the network. The banks did not share information about known fraudulent transactions with other banks on the network. As a result, the fraudsters could carry out repeated fraud schemes across multiple institutions before being detected, if they were detected at all.
• Ignoring red flags that could prevent fraud: Despite receiving hundreds of thousands of fraud complaints, the banks failed to use this information to prevent further fraud. They also allegedly violated the Zelle Network’s own rules by not reporting fraud incidents consistently or on time.
• Abandoning consumers after fraud occurred: Despite obligations under the Electronic Fund Transfer Act and Regulation E, the banks failed to properly investigate Zelle customer complaints and take appropriate action for certain types of fraud and errors.

The lawsuit aims reimburse those who suffered financial losses due to the alleged neglect of fraud. It also seeks to impose penalties on the banks and implement measures to prevent similar violations in the future.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post CFPB Sues Major Banks and Zelle Operator for Alleged Fraud appeared first on Compliance Chief 360.

In the case of Alliance for Fair Board Recruitment v. SEC, the Fifth Circuit court held that the SEC’s approval of the Board Diversity Rules was “arbitrary and capricious” and as a result an overreach of power. In reaching its decision, the court found that the SEC did not give adequate reasons as to why such rules were in line with the Securities Exchange Act of 1934. The court held that such Diversity Rules were unnecessary and unimportant within the context of the 1934 Act and overruled the SEC’s approval on a constitutional basis.

Case Analysis

The court consistently noted that the purpose of the 1934 Act is to protect investors from fraud and other similar types of harm. Due to this, the court held that such disclosures are permitted to be required “only if it is related to the elimination of fraud, speculation, or some other Exchange Act-related harm.” Ultimately, the court found that since the Rules (i) did not “promote just and equitable principles of trade” because they are not directed toward the unethical practices this Exchange Act language addresses, (ii) did not “remove impediments to” or “perfect the mechanism of a free and open market” because they are not related to a free and open market in the execution of securities transactions as the Exchange Act intends, and (iii) were not “designed . . . in general, to protect investors and the public interest”  they were not related to the more specific purposes states in the 1934 Act.

“SEC has intruded into territory far outside its ordinary domain,” U.S. Circuit Judge Andrew Oldham who wrote for the majority opinion. “It is not unethical for a company to decline to disclose information about the racial, gender, and LGTBQ+ characteristics of its directors,” the ruling stated. “We are not aware of any established rule or custom of the securities trade that saddles companies with an obligation to explain why their boards of directors do not have as much racial, gender, or sexual orientation diversity as Nasdaq would prefer.”

Under the original rule, companies were required to have at least one woman, racial minority or LGBTQ person on the board or explain why they do not. Additionally, the rule required that companies also disclose how board members identify in those categories.

This case represents the ongoing of court rulings overturning SEC rulemaking such as share repurchase rules and the private fund rules. The Fifth Circuit has, for a while, been known to limit agencies’ authority to make rules as was seen when the court affirmed a case using the Loper Bright approach, also known as the case that overruled the Chevron Doctrine. This case once again indicates that judicial system seems to be leaning away from agency rulemaking and authority.  

The post Court Invalidates Nasdaq Board Diversity Requirements appeared first on Compliance Chief 360.

The rule will ensure that pricing information is provided in a transparent and truthful way and that consumers are no longer harmed from such unfair and deceptive practices. Consumers searching for hotels or vacation rentals or seats at a show or sporting event will no longer be surprised by a pile of “resort,” “convenience,” or “service” fees inflating the advertised price. By requiring up-front disclosure of total price that includes all applicable fees, the rule will make comparison shopping easier, resulting in savings for consumers and leveling the competitive playing field.

“People deserve to know up-front what they’re being asked to pay—without worrying that they’ll later be saddled with mysterious fees that they haven’t budgeted for and can’t avoid,” said FTC Chair Lina Khan. “The FTC’s rule will put an end to junk fees around live event tickets, hotels, and vacation rentals, saving Americans billions of dollars and millions of hours in wasted time. I urge enforcers to continue cracking down on these unlawful fees and encourage state and federal policymakers to build on this success with legislation that bans unfair and deceptive junk fees across the economy.”

The FTC launched this rulemaking in 2022 by requesting public input on whether a rule could help eliminate unfair and deceptive pricing tactics. After receiving more than 12,000 comments on how hidden and misleading fees affected personal spending and competition, the FTC announced a proposed rule in October 2023 and invited a second round of comments. The Commission received more than 60,000 additional comments which it considered in developing the final rule announced today.

The Final Rule

 The Junk Fees Rule aims to prevent businesses from deceiving its consumers in terms of pricing information. The rule does not prohibit any type or amount of fee and any specific pricing strategies. Rather, it simply requires that businesses that advertise their pricing tell consumers the whole truth up-front about prices and fees.

The rule requires that businesses clearly disclose the true total price which includes all mandatory fees whenever they offer, display, or advertise any price of live-event tickets or short-term lodging. Businesses cannot misrepresent any fee or charge in any offer, display, or ad for live-event tickets or short-term lodging.

In addition, the rule requires businesses to display the total price more blatantly than most other pricing information. This means that the most prominent price in an ad needs to be the all-in total price—truthful itemization and breakdowns are fine but should not overshadow what consumers want to know: the real total.

Finally, the rule requires businesses that exclude fees up front to clearly disclose the nature, purpose, identity, and amount of those fees before consumers agree to pay. For example, businesses that exclude shipping or taxes from the advertised price must openly disclose those fees before the consumer enters their payment information.

The FTC estimates that the Junk Fees Rule will save consumers up to 53 million hours per year of wasted time spent searching for the total price for live-event tickets and short-term lodging. This time savings is equivalent to more than $11 billion over the next decade.  

The post FTC Finalizes Rule that Aims to End Hidden ‘Junk Fees’ appeared first on Compliance Chief 360.

lobal consulting firm McKinsey & Co. has agreed to pay $650 million to settle a Department of Justice investigation into the firm’s consulting work with opioids manufacturer Purdue Pharma. The DoJ had accused McKinsey of fueling the opioid epidemic with its aggressive sales and marketing advice to Purdue, including a 2013 engagement in which McKinsey advised on steps to “turbocharge” sales of OxyContin.

McKinsey has agreed to pay a penalty of over $231 million, a forfeiture amount of over $93 million and a payment of $2 million to the Virginia Medicaid Fraud Control Unit to resolve the criminal allegations.

The settlement marks the first time a management consulting firm has been held criminally responsible for advice resulting in the commission of a crime by a client and reflects the Justice Department’s ongoing efforts to hold those responsible for their roles in the opioid crisis to account. The resolution is also the largest civil recovery for such conduct.

“For the first time in history, the Justice Department is holding a management consulting firm and one of its senior executives criminally responsible for the sales and marketing advice it gave resulting in the commission of crime by a client,” said Attorney Christopher Kavanaugh for the Western District of Virginia. “This ground-breaking resolution demonstrates the Justice Department’s ongoing commitment to hold accountable those companies and individuals who profited from our Nation’s opioid crisis.”

McKinsey also has entered into a civil settlement agreement in which it will pay over $323 million to resolve its liability under the False Claims Act for allegedly providing advice to Purdue that caused the submission of false and fraudulent claims to federal healthcare programs for medically unnecessary prescriptions of OxyContin, as well as allegedly failing to disclose to the U.S. Food and Drug Administration conflicts of interest arising from McKinsey’s concurrent work for Purdue and the FDA. This brings the total payments under the global resolution to $650 million.

McKinsey’s Criminal Liability for Misbranding

The criminal misbranding charge was based on McKinsey’s advice to the titan opioids manufacturer. Between 2004 and 2019, McKinsey contracted with Purdue on 75 different occasions in the United States. In 2007, a Purdue affiliate pleaded guilty to misbranding OxyContin, from 1996 through 2001, by falsely marketing it as less addictive, less subject to abuse and diversion, and less likely to cause dependence and withdrawal than other pain medications, and Purdue entered into a five-year corporate integrity agreement with the Department of Health and Human Services Office of Inspector General. After the 2007 guilty plea, McKinsey partners maintained close contact with Purdue, and in 2009, worked with Purdue to enhance “brand loyalty” for OxyContin and protect market share.

In 2010 McKinsey worked with Purdue to obtain FDA approval for a version of OxyContin that was reformulated with abuse-deterrent properties. Following the introduction of reformulated OxyContin in August 2010, OxyContin sales immediately began to decline. Purdue studied the drivers for this decline and attributed it, in large part, to a drop in prescriptions for individuals abusing OxyContin and increases in regulatory safeguards intended to hinder medically unnecessary prescribing of OxyContin.

In May 2013, Purdue retained McKinsey to conduct a rapid assessment of the underlying drivers of OxyContin performance, identify key opportunities to increase near-term OxyContin revenue and develop plans to capture priority opportunities. This 2013 effort was called Evolve to Excellence, or “E2E,” and included McKinsey advising Purdue on how to “turbocharge” the sales pipeline for OxyContin by, among other strategies, intensifying marketing to High Value Prescribers, included prescribers who were writing opioid prescriptions for uses that were unsafe, ineffective, and medically unnecessary.

McKinsey consultants spoke with Purdue about the concerns and increasing reluctance of pharmacists and pharmacy chains to fill prescriptions for OxyContin as abuse of the drug rose. McKinsey consultants also went on several “ride-alongs” with Purdue sales representatives in the field, as these sales representatives called on prescribers and pharmacists. In notes about one of these ride-alongs, a McKinsey consultant wrote, in part, “Pharmacist; [had] a gun and was shaking; abuse is definitely a huge issue[.]”

In August 2013, McKinsey partners met with certain members of the Purdue Board of Directors to present McKinsey’s findings and proposal; as one McKinsey partner reported afterwards, “[b]y the end of the meeting the findings were crystal clear to everyone and they gave a ringing endorsement of ‘moving forward fast.’” McKinsey also described for Purdue the financial value at stake: “hundreds of millions, not tens of millions.”

For Purdue and McKinsey, E2E was a financial success. Their targeting of High Value Prescribers slowed OxyContin’s declining sales and kept Purdue’s profits flowing at the expense of public health. After the conclusion of McKinsey’s work for Purdue on E2E, McKinsey performed additional work with Purdue that also sought to maximize OxyContin sales by further targeting sales efforts to High Value Prescribers.

False Claims to Federal Healthcare Programs and the FDA

The department’s civil False Claims Act settlement relates to allegations that, from 2013 to 2014, McKinsey, by advising Purdue to turbocharge OxyContin marketing to High Value Prescribers as a means to increase OxyContin sales, and despite its awareness of the opioid crises, knowingly caused false and fraudulent claims for OxyContin to be submitted to Medicare, Medicaid, TRICARE, the Federal Employees Health Benefit Program and the Veterans Health Administration.

The large $650 million fine also settles allegations that, from 2014 to 2017, McKinsey knowingly misled the FDA by assigning consultants to concurrently work on both FDA projects and competitively sensitive Purdue projects, contrary to McKinsey US’ conflict of interest policy. While soliciting a contract from the FDA, McKinsey US represented to the FDA that it had a conflict-of-interest policy in which its consultants serving the FDA would not be assigned to a competitively sensitive project for a significant period of time following an assignment for FDA.

The FDA then awarded McKinsey US the first in a series of contracts on a project relating to the monitoring of the safety of FDA-regulated products. McKinsey US admitted that it did not inform the FDA that its consultants worked on the Purdue projects around the same time those consultants also worked on the FDA project.

McKinsey’s Remedial Measures

As part of the resolution, McKinsey has agreed to implement a significant compliance program, including a system of policies and procedures designed to identify and assess high-risk client engagements. As part of this compliance program, McKinsey will implement new document retention procedures and training for all partners, officers and employees who provide or implement advice to clients. This compliance program is in addition to the provisions negotiated between McKinsey and the DoJ in a concurrent resolution with McKinsey & Company Africa that was announced on December 5^th.

McKinsey has also agreed that it will not do any work related to the marketing, sale, promotion or distribution of controlled substances during the five-year term of the DPA. The settlement requires McKinsey’s Managing Partner to certify, on an annual basis, the firm’s compliance with its obligations under the DPA and federal law.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post McKinsey To Pay $650 Million to DoJ for Advising Client in Criminal Conduct appeared first on Compliance Chief 360.

he Securities and Exchange Commission announced that it filed 583 total enforcement actions in fiscal year 2024, while obtaining orders for $8.2 billion in financial remedies, the highest amount in SEC history.

That record amount consisted of $6.1 billion in disgorgement and prejudgment interest, also the highest amount on record, and $2.1 billion in civil penalties, the second-highest amount on record. Approximately 56 percent of the $8.2 billion financial remedies ordered is attributable to a monetary judgment obtained following the SEC’s jury trial win against Terraform Labs and Do Kwon, who were charged with one of the largest securities frauds in U.S. history.

The 583 enforcement actions represent a 26 percent decline in total enforcement actions compared to fiscal year 2023. Of those cases, the Commission filed 431 “stand-alone” actions, 93 “follow-on” administrative proceedings, and 59 actions against issuers who were allegedly delinquent in making required filings with the SEC.

“The Division of Enforcement is a steadfast cop on the beat, following the facts and the law wherever they lead to hold wrongdoers accountable,” said outgoing SEC Chair Gary Gensler. “As demonstrated by this year’s results, the Division helps promote the integrity of our capital markets to benefit investors and issuers alike.”

Last month Gensler announced that he would step down as chair of the SEC. President elect Donald Trump has announced that he intends to nominate former SEC Commissioner Paul Atkins, a longtime advocate of deregulation, as the next chairman of the Commission. Market watchers have said that they expect the SEC under Atkins to be far less enforcement minded.

“He has been a strong supporter of the asset management industry and sympathizes with the challenges faced by the industry trying to comply with often-ambiguous SEC rules,” said Brad Bondi, global co-chair of the investigations and white-collar defense practice at Paul Hastings, who served as counsel to Atkins during his time at the SEC.

Protecting Investors

“In fiscal year 2024, the Division continued to vigorously enforce the federal securities laws by recommending to the Commission high-impact enforcement actions addressing noncompliance throughout the securities industry and resulting in robust financial remedies,” said Sanjay Wadhwa, Acting Director of the SEC’s Division of Enforcement. “What our numbers do not reflect, however, are countless investigations that may not have resulted in an enforcement action for evidentiary or other reasons, or where we declined to pursue an enforcement action, but that shined a spotlight on potentially problematic conduct. All of this adds up to protecting innumerable investors and promoting trust in our capital markets.”

In addition, in fiscal year 2024, the SEC obtained orders barring 124 individuals from serving as officers and directors of public companies, the second-highest number of such bars obtained in a decade.

In fiscal year 2024, the SEC distributed $345 million to harmed investors, marking more than $2.7 billion returned to investors since the start of fiscal year 2021. The SEC also received 45,130 tips, complaints, and referrals in fiscal year 2024, the most ever received in one year, including more than 24,000 whistleblower tips. The SEC issued whistleblower awards totaling $255 million.

Securing Credit for Self Reporting and Cooperation

In fiscal year 2024, public companies, investment advisers, and broker-dealers self-reported or remediated securities law violations or otherwise cooperated meaningfully with the Division’s investigations, answering the Division’s call to practice a culture of proactive compliance. In response, the Division recommended, and the Commission approved, resolutions imposing reduced civil penalties or even no civil penalties, including in cases involving very large firms.

To help promote investor trust in the securities market, the Division continued and commenced a number of proactive initiatives to address issues of widespread noncompliance, including the following:

Off-Channel Communications

The Division continued its initiative to ensure that regulated entities, including broker-dealers, investment advisers, and credit ratings agencies, comply with the recordkeeping requirements of the federal securities laws. Compliance with those requirements is essential to investor protection and well-functioning markets. In fiscal year 2024, the Commission brought recordkeeping cases resulting in more than $600 million in civil penalties against more than 70 firms, including the Commission’s first cases charging recordkeeping violations against municipal advisors. Since December 2021, the initiative has resulted in charges against more than 100 firms and more than $2 billion in penalties.

Marketing Rule

The Enforcement Division’s ongoing initiative investigating non-compliance with the Marketing Rule resulted in settled charges against more than a dozen investment advisers. The firms were charged for advertising hypothetical performance to the general public without adopting and implementing policies and procedures reasonably designed to ensure that the hypothetical performance was relevant to the likely financial situation and investment objectives of the advertisement’s intended audience; using untrue or unsubstantiated statements of material fact and/or testimonials, endorsements, or third-party ratings that lacked required disclosures; and advertising misleading performance that was not fair and balanced.

Whistleblower Protection Cases

In fiscal year 2024, the Division recommended, and the Commission authorized, a series of settled enforcement actions to address violations of the Dodd-Frank whistleblower protection rule, which prohibits market participants from taking any action to impede would-be whistleblowers from contacting the SEC, including where firms purported to limit customers’ ability to voluntarily contact the SEC or required employees to waive the right to a possible whistleblower monetary award. The actions included an $18 million civil penalty against J.P. Morgan, the largest penalty on record for a standalone violation of the whistleblower protection rule.

Disclosures of Holdings and Transactions by Insiders and Investment Managers

The federal securities laws require certain insiders and market participants to disclose their securities holdings and transactions. Compliance with those laws is essential for investors to make informed investment decisions.

In fiscal year 2024, the SEC announced settled charges against more than two dozen entities and individuals for failures to timely report information about their holdings and transactions in public company stock or for contributing to filing failures by their officers and directors. The SEC also settled charges against 11 institutional investment managers for failing to disclose certain securities holdings in reports they were required to file because they have discretion over more than $100 million in certain securities.

Robust Financial Remedies

In fiscal year 2024, the Division’s investigations led to orders imposing robust financial remedies in litigated and settled matters.

For example, after a jury verdict finding Terraform Labs and founder Do Kwon liable for fraud, defendants agreed to a final judgment ordering them to pay more than $4.5 billion in disgorgement, prejudgment interest, and civil penalties, the highest remedies ever obtained by the SEC following a trial.

In addition, the Commission filed settled charges with strong financial remedies against:

• Morgan Stanley for a multi-year fraud involving the disclosure of confidential information about the sale of large quantities of stock known as “block trades.”  The firm agreed to pay approximately $166 million in disgorgement and prejudgment interest and an $83 million civil penalty to resolve the SEC’s charges;
• FirstEnergy Corp. for a multi-year political corruption scheme in which FirstEnergy and affiliates made payments to an entity controlled by a state legislator in exchange for official action benefitting FirstEnergy. FirstEnergy agreed to a pay a $100 million civil penalty to resolve the SEC’s charges;
• SAP for violations of the Foreign Corrupt Practices Act arising out of bribery schemes in South Africa, Malawi, Kenya, Tanzania, Ghana, Indonesia, and Azerbaijan. The company agreed to pay disgorgement and prejudgment interest of more than $98 million to resolve the SEC’s charges. Up to $59 million will be offset by payments from SAP to the South African government in connection with its parallel investigations into the same conduct; and
• Advisory firm Macquarie for overvaluing approximately 4,900 largely illiquid collateralized mortgage obligations held in 20 advisory accounts and for executing hundreds of cross trades between advisory clients that favored certain clients over others. The firm agreed to pay disgorgement and prejudgment interest of $9.8 million and a $70 million civil penalty to resolve the SEC’s charges.

Major Fraud

In fiscal year 2024, the Division continued to focus on holding individuals and entities accountable for preying on investors.

• The Division’s investigations led to charges alleging frauds ranging from Ponzi schemes targeting specific communities to billion dollar frauds with thousands of victims;
• The SEC charged Xue Lee (aka Sam Lee) and Brenda Chunga (aka Bitcoin Beautee) for their involvement in an allegedly fraudulent crypto asset pyramid scheme known as HyperFund that raised more than $1.7 billion from investors worldwide;
• The SEC charged Cynthia and Eddy Petion and their company, NovaTech Ltd., for allegedly operating a fraudulent scheme that raised more than $650 million in crypto assets from more than 200,000 investors worldwide;
• The SEC charged five unregistered brokers and their companies in connection with an alleged pre-IPO fraud scheme that raised at least $528 million from more than 4,000 investors around the world; and
• The SEC charged Abraham Shafi, the founder and former CEO of Get Together Inc., a privately held social media startup known as “IRL,” for raising approximately $170 million from investors by allegedly fraudulently portraying IRL as a viral social media platform that organically attracted the vast majority of its purported 12 million users.

Emerging Technologies and Emerging Risks

Fiscal year 2024 saw heightened investor risk from emerging technologies and cybersecurity incidents and from market participants using social media to exploit elevated investor interest in emerging investment products and strategies. The Division kept pace, investigating noncompliance and false or misleading disclosures involving artificial intelligence, social media, cybersecurity, crypto, and more.

Artificial Intelligence

• The SEC charged QZ Asset Management for allegedly falsely claiming that it would use its proprietary AI-based technology to help generate extraordinary weekly returns while promising “100%” protection for client funds; and
• The SEC settled charges against investment advisers Delphia and Global Predictions with making false and misleading statements about their purported use of AI in their investment process.

Relationship Investment Scams

• The SEC charged multiple entities and individuals in connection with two relationship investment scams involving fake crypto asset trading platforms NanoBit and CoinW6. The SEC’s two complaints allege that the defendants solicited investors via social media apps, lied to them to gain their trust and confidence, and then stole their money. These charges are the SEC’s first enforcement actions alleging these types of scams.

Cybersecurity

• The SEC settled charges against The Intercontinental Exchange, Inc. and nine wholly owned subsidiaries, including the New York Stock Exchange, for failing to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity;
• The SEC settled charges against transfer agent Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC, for failures to ensure that client securities and funds were protected against theft or misuse, which led to losses of millions of dollars in client funds; and
• The SEC settled charges against R.R. Donnelley & Sons for disclosure and internal control failures relating to cybersecurity incidents.

Crypto

• The SEC settled charges against Silvergate Capital for false and misleading disclosures to investors about the strength of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program and the monitoring of crypto customers, including FTX, by its wholly owned subsidiary, Silvergate Bank; and
• The SEC settled charges against Barnbridge DAO, a purportedly decentralized autonomous organization, for failing to register its offer and sale of structured crypto assets offered and sold as securities.

Individual Accountability

Charging individuals for securities law violations, where appropriate, is essential for accountability and deterrence and for enhancing public trust in the markets. Fiscal year 2024 enforcement actions against individuals included the following:

• Following a jury verdict finding Terraform Labs and founder Do Kwon liable for fraud, Do Kwon agreed to a final judgment ordering him to pay financial remedies of more than $200 million and imposing an officer and director bar.
• The former CEO and former Chief Risk Officer of Silvergate Capital settled charges for misleading investors about the strength of the compliance program and the monitoring of crypto customers by Silvergate’s wholly owned subsidiary. The individuals agreed to five-year officer-and-director bars and civil penalties of $1 million and $250,000 respectively, as part of the resolution. In addition, the SEC charged the former CFO with misleading investors about the company’s losses from expected securities sales.
• The CEO of formerly registered investment adviser Mass Ave settled charges arising out of false and misleading statements about Mass Ave’s flagship fund. To settle the SEC’s charges, the CEO, who is also the chief investment officer and portfolio manager at MassAve, agreed to pay a $250,000 civil penalty and was suspended for 12 months from industry-related work.
• The former head of Morgan Stanley’s equity syndicate desk settled charges connected to a multi-year fraud involving the disclosure of confidential information about the sale of large quantities of stock known as “block trades.” As part of the resolution, the former head agreed to an order requiring him to pay a $250,000 civil penalty and imposing associational, penny stock, and supervisory bars.
• The SEC permanently suspended Benjamin Borgers, the managing partner of audit firm BF Borgers from appearing and practicing as an accountant before the Commission as part of a resolution of an alleged fraud affecting hundreds of SEC filings. Borgers also agreed to pay a $2 million civil penalty as part of the resolution;
• The former CEO and former Senior Vice President of Cassava Sciences agreed to be subject to officer-and-director bars of three and five years, respectively, to settle charges related to misleading statements about the results of a clinical trial for the company’s purported therapeutic for the treatment of Alzheimer’s disease. They also agreed to pay civil penalties of $175,000 and $85,000, respectively; and
• The SEC charged now-defunct digital pharmacy startup Medly Health’s former CEO, former CFO, and former head of RX Operations with fraudulently overstating Medly’s revenue in connection with capital raising efforts that netted the company more than $170 million.

Public Company Misstatements

It is foundational to the proper operation of the securities markets that public companies provide materially accurate information to investors. In fiscal year 2024, the Division investigated misstatements by public companies leading to a number of enforcement actions, including:

• Settled charges against Cassava Sciences for misleading statements about the results of a Phase 2 clinical trial for its purported therapeutic for the treatment of Alzheimer’s disease;
• Settled charges against Ideanomics for misleading statements about the company’s financial performance; and
• Charges against former executives of Kubient for their alleged roles in a scheme in which the company allegedly overstated and misrepresented its revenue in connection with public stock offerings.

Safeguarding Material Nonpublic Information

The Division investigated market abuse and potential abuse of material nonpublic information (MNPI) in fiscal year 2024, including by using advanced data analytics and technology. The Division’s investigations resulted in enforcement actions addressing a range of violations, including:

• Settled charges against Morgan Stanley and the former head of its equity syndicate desk with a multi-year fraud involving the disclosure of confidential information about the sale of large quantities of stock known as “block trades;”
• Settled charges against several investment advisers for failing to establish, maintain, or enforce written policies and procedures reasonably designed to prevent the misuse of MNPI;
• Charges against former investment adviser representatives for conducting multi-year cherry-picking schemes that allegedly defrauded their clients out of millions of dollars;
• Charges against a U.K. citizen for allegedly hacking into the computer systems of public companies to obtain material nonpublic information and using that information to make millions of dollars in illicit profits;
• Charges against three individuals for allegedly perpetrating a multi-year $2 million “free-riding” scheme, which is when a brokerage customer buys and sells securities without having the funds to pay for the trading; and Settled insider trading charges against a founder and former chair of a public company

The SEC’s 2024 fiscal year includes the period from October 1, 2023 to September 30, 2024.  

Joseph McCafferty is editor & publisher of Compliance Chief 360°

The post SEC Sets Record Year in Enforcement with $8.2 Billion in Fines appeared first on Compliance Chief 360.

e all know about the great migration to “work from home” that occurred during COVID-19 pandemic starting in 2020 and lasting into 2021 and 2022. While many organizations have moved employees back to the office for some or part of the work week, the remote work movement has remained a far more prevalent aspect of working life.

According to a 2023 Pew Research Center study, around 22 million employed adults in the U.S. work from home all the time, equal to roughly 14 percent of all employed adults, while 41 percent are at least part-time remote on a hybrid setup. By 2025, that same survey finds 32.6 million Americans will be working remotely.

While the flexibility creates favorable conditions for the acquisition and retention of top talent, it also contributes to some new challenges. Managing a compliance team in a remote work environment can be difficult. This is especially true for highly regulated sectors, such as finance, health care, defense, and others, but it could impact a business operating in any field.

Identifying the challenges of remote work and coming up with a solid compliance plan will allow employers and workers to fully utilize remote or hybrid work models without worries about security risks, audits, or subsequent fines. Whether or not you utilize a third-party risk monitoring solution, it’s critical to understand the risks associated with remote work.

Compliance Challenges of a Remote Work Environment

The EY 2023 Mobility Re-imagined Survey suggests that while 92 percent of participants believe workplace mobility is important, 71 percent lack confidence in their organization’s ability to handle compliance and other risks stemming from a remote work environment.

Some of the most common compliance challenges work from home creates for organizations include:

• Determining which labor laws and regulations apply to employees on the basis of their home office location
• Employee monitoring and oversight
• Ensuring workplace safety
• Data security and privacy
• Safety of communication carried out in a remote work environment
• Employment verification processes

Having a solid compliance plan in place and adapting to the hybrid work model realities are both essential to mitigate those risks.

Onboarding and Ongoing Training

The first rule of onboarding compliance is understanding applicable rules regarding employment, data privacy, and security. Onboarding processes have to address all those concerns and adhere to regulatory frameworks within the respective jurisdiction.

If your company hires international employees who work from their own location, you’ll have to go through a few important considerations when doing onboarding. Find out if:

• The respective person has the right to work
• Whether they’re entitled to receive home office equipment
• You will have to provide any kind of training during the onboarding process

The agreements and contracts you sign as a part of onboarding should also account for national or regional regulatory specifics. A well-crafted employment contract should have stipulations on job responsibilities, performance expectations, communication protocols, confidentiality clauses, data protection, dispute resolution, and performance reviews.

The next step would be to train remote workers on anything that may lead to compliance issues. Data privacy and security training is non-negotiable. Authentication and access control training can also reduce the risk of violations or security threats stemming from the remote work environment.

The Importance of a Foolproof Remote Work Policy

A remote work policy is a document that outlines expectations and guidelines for all employees to follow. It’s a comprehensive how-to guide that focuses on procedures, safety protocols, workplace specifics, and technologies employed to do one’s job while following a regulatory framework.

As hybrid work is becoming the norm, standard workplace policies have to account for the new reality and the way it’s changing professional interactions.

Well-crafted remote work policies should contain:

• Rules on eligibility for remote work
• Guidelines on mandatory work hours, equipment, and tools made available to each employee
• Provisions on designing and equipping a remote workplace
• Cybersecurity stipulations and protocols
• Guidelines on communication between coworkers
• Guidelines on employee well-being

Good workflow management is also dependent on effective performance tracking, building trust and transparency through daily communication, having clearly defined roles within teams, and offering the right incentives (like career growth opportunities).

Maximizing Cybersecurity in Remote Environments

Cybersecurity is crucial for all organizations, especially those operating in highly regulated sectors.

Remote work has created numerous challenges that concern executives and make IT security managers sweat. In 2023, 72 percent of respondents in a survey responded they are very concerned or at least somewhat concerned about the online risks related to employees working from home. The number of respondents not at all concerned was only 6 percent.

Without concrete policies and being a part of a shared on-site work environment, common cyber threats like ransomware are more likely to evade defense mechanisms, group head of cyber governance at FWD Insurance in Singapore Pritish Purohit told Forbes.

Overcoming these new challenges depends on:

• Educating employees on recognizing cybersecurity threats
• Strengthening the corporate network through good password policies, multi-factor authentication, the selection of the right antivirus applications, frequent updates, and backups
• Securing remote connections by leveraging VPNs and setting device usage boundaries
• Implementing company-wide cybersecurity policies that apply to both in-office and remote workers
• Carrying out regular security assessments and vulnerability audits
• Adhering to data protection laws like HDPR and HIPAA
• Using an extra layer of protection to safeguard the most sensitive information (for example, only having certain individuals accessing such files and maintaining detailed access logs)

A Focus on Employee Well-being Is Crucial

Finally, don’t forget to maintain the focus on employee well-being, regardless of the workplace model your organization has embraced.

To improve the mental and physical well-being of employees, consider the following:

• Maintain regular communication, preferably using video conferencing tools to make everyone feel connected
• If possible, schedule in-person meetings at least a few times per month
• Discourage overwork and promote better work-life balance (by selecting the right compensation models that will keep workers from spending too much time as the lines between personal and professional get blurred)
• Offer personalized health benefits (89 percent of remote workers value having some kind of health benefit as a part of their employment package)
• Make sure everyone is aware of the available paid time off within the organization
• Provide mental health and well-being resources
• Allow work-hour flexibility

Working from home creates legal considerations that some organizations aren’t prepared to face, while others have been attempting to address those ineffectively.

To reduce the risk of compliance issues, come up with a robust remote work policy. Ensure employees are properly trained and stick to those rules to reduce risks. All other challenges can be addressed via regular performance reviews and audits. Identifying challenges and threats quickly is essential to determine viable remedies and implement those before the issue turns into a major compliance problem.   

Giovanni Gallo is the Co-CEO of Ethico, where his team strives to make the world a better workplace with ethics hotline services, sanction screening and license monitoring, and workforce eLearning software and services.

The post Managing Compliance in a Remote Work Environment appeared first on Compliance Chief 360.

cKinsey and Company Africa, which operates in South Africa as a subsidiary of international consulting firm McKinsey & Co., will pay over $122 million to resolve an investigation by the Justice Department into a scheme to pay bribes to government officials in South Africa between 2012 and 2016. A former McKinsey senior partner who participated in the bribery scheme has also pleaded guilty in the case.

McKinsey Africa also entered into a three-year deferred prosecution agreement (DPA) with the department in connection with criminal information filed in the Southern District of New York charging the company with one count of conspiracy to violate the anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA). Vikas Sagar, a former senior partner of McKinsey who worked in McKinsey Africa’s South Africa office, previously pleaded guilty to one count of conspiracy to violate the FCPA.

According to court documents and admissions, McKinsey Africa, acting through a senior partner, agreed to pay bribes to then-officials at Transnet, South Africa’s state-owned custodian of ports, rails, and pipelines, and at Eskom, South Africa’s state-owned energy company. Between at least 2012 and 2016, McKinsey Africa obtained sensitive confidential and non-public information from Transnet and Eskom regarding the award of lucrative consulting contracts and submitted proposals for multimillion-dollar consulting engagements, while knowing that South African consulting firms with which McKinsey Africa had partnered would pay a portion of their fees as bribes to officials at Transnet and Eskom. As a result of the bribery scheme, McKinsey and McKinsey Africa earned profits of approximately $85,000,000.

“McKinsey Africa bribed South African officials in order to obtain lucrative consulting business that generated tens of millions of dollars in profits,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, in a statement. “The resolution announced today — the department’s third coordinated resolution with South African authorities in only two years — is evidence that our International Corporate Anti-Bribery (ICAB) initiative, which we announced in November 2023, is bearing fruit.”

“This settlement underscores our unwavering commitment to holding companies accountable that willfully engage in corrupt activities around the world,” said Assistant Director Chad Yarbrough of the FBI Criminal Investigative Division. “This misconduct is a blatant violation of law and a breach of public trust. No matter what country the crime occurs in, the FBI will always work closely with our international partners to root out corruption.”

Details of McKinsey Africa’s Credit for Cooperation

The Justice Department has agreed to credit up to one-half of the criminal penalty against amounts McKinsey pays to authorities in South Africa in related proceedings. In addition, both McKinsey and McKinsey Africa have agreed to, among other things, continue cooperating with the Criminal Division’s Fraud Section and the U.S. Attorney’s Office for the Southern District of New York in any ongoing or future criminal investigation arising during the term of the DPA. McKinsey and McKinsey Africa have also agreed to enhance their compliance program where necessary and appropriate and to report to the government regarding remediation and implementation of their enhanced compliance program.

The Justice Department reached this resolution with McKinsey Africa based on a number of factors, including, among others, the nature and seriousness of the offense. McKinsey Africa received credit for its cooperation with the department’s investigation, which included:

• Immediately and proactively cooperating from the inception of the department’s investigation.
• Making numerous factual presentations to the department over the course of its investigation, derived from information obtained through the company’s internal investigation.
• Collecting, reviewing, and producing voluminous records, including those located abroad, in response to requests from the department.
• Promptly reporting the discovery of document-deletion efforts by the McKinsey partner involved in the conduct found during its internal investigation, taking additional investigative steps to uncover information and evidence regarding those efforts, and producing such information and evidence to the department.
• Reporting, in real time, newly discovered information and documents that allowed the department to preserve and obtain evidence as part of its independent investigation.
• Tracing complex internal accounting money-flows and currency exchange-information in response to requests from the department
• Preserving, collecting, and producing to the department documents located abroad, and engaging a third-party forensics consultant to analyze key electronic devices and providing to the department the results of that analysis.

McKinsey and McKinsey Africa also engaged in timely remedial measures, including:

• Putting the McKinsey partner involved in the criminal scheme on leave when it learned of the partner’s role in the scheme, subsequently separating that partner from McKinsey after discovering his deletion activity, and requiring that partner’s continued cooperation post-separation.
• Conducting additional anti-corruption training for employees in South Africa and elsewhere in Africa, and ceasing work with all state-owned enterprises (SOEs) for a period of time while it conducted its internal investigation.
• Enhancing due diligence processes for third-party partners, including instituting controls to ensure that due diligence is completed before work begins on an engagement and imposing a more rigorous risk-review for public sector clients.
• Carrying out an enhanced review process for all sole-source work that requires advance-approval before the engagement can begin.
• Voluntarily repaying, in 2018 and 2021, all revenues that McKinsey and McKinsey Africa received from potentially tainted contracts to the SOEs in South Africa from which they received contracts as a result of the criminal scheme.

In light of these considerations as well as McKinsey’s prior history, the criminal penalty calculated under the U.S. Sentencing Guidelines reflects a 35 percent reduction off the fifth percentile of the otherwise applicable guidelines fine range.  

The post McKinsey Unit to Pay $122 Million to Settle Bribery Charges appeared first on Compliance Chief 360.