Bridging the Week by Gary DeWaal

Bridging the Week by Gary DeWaal: March 2 - 6, and March 9, 2020 (COVID-19; Business Continuity Plans; Capping AML Surveillance Alerts)

AML and Bribery    Bitcoin Ecosystem    Bridging the Week    Business Continuity Disaster Recovery Planning    Compliance Weeds    COVID-19    Getting the Business Done    Initial Public Offerings Including Private Placements    Managed Money    Part 30 and 15a-6    Policy and Politics    Trade Practices (including Disruptive Trading)   
Published Date: March 08, 2020

Last week, international regulators began issuing guidance and/or relief to impacted firms in response to the spread of COVID-19. The impact of this novel coronavirus has already begun materially to affect operations and behaviors in the financial services industry. Separately, a former chief operational risk and chief compliance officer of a US national bank was sanctioned US $450,000 by the Financial Crimes Enforcement Network for his role in the bank’s capping of suspicious activity alerts generated by the firm’s monitoring system for over five years in order to accommodate an inadequate number of anti-money laundering surveillance staff. As a result, the following matters are covered in this week’s edition of Bridging the Week:

  • Business Not as Usual – Regulators Issue Guidance on Responding to COVID-19 and Firms Take Precautions to Adapt (includes Getting the Business Done);
  • Former Bank Chief Operational Risk Officer Fined US $450,000 by FinCEN for Role in Capping Number of Potential Suspicious Activity Alerts (includes Compliance Weeds); and more.

Video Version:

Article Version


  • Business Not as Usual – Regulators Issue Guidance on Responding to COVID-19 and Firms Take Precautions to Adapt: Last week, multiple regulators issued informational guidance and/or specific regulatory relief in response to the COVID-19 (coronavirus) outbreak. Additionally, FIA cancelled its annual International Futures Industry conference scheduled for March 10 - 12 in Boca Raton, Florida, while SIFMA cancelled its 2020 Law and Compliance conference planned for March 15 - 18 in Orlando, Florida. Postponed were the DC Blockchain Summit 2020 scheduled for March 11 - 12 in Washington, DC and the LME and LME Clear Member Townhall on March 11 in London, England. Many financial services industry firms have begun separating employees and imposing restrictions or bans on non-essential travel and group meetings.

In a Notice to Members dated March 4, the National Futures Association acknowledged its understanding that members developing contingency plans to deal with the impact of COVID-19 may have “specific concerns” regarding their ability to comply fully with all Commodity Futures Trading Commission and NFA requirements, particularly if some or all of their staff are unable to work from their offices or the firm’s backup locations. According to the regulated futures association, “NFA and CFTC staff intend to take a practical approach that will give Members appropriate flexibility in implementing contingency plans needed to continue to conduct business” if regulatory relief is required.

However, NFA encouraged members to review their business continuity plans to ensure they address situations like COVID-19 and contain up-t0-date information (e.g., current key persons and contact information). NFA also recommended that Members consider providing employees refresher or new training on working from remote locations.

Separately, the UK Financial Conduct Authority restated its expectation that all firms have contingency plans dealing with major events, and indicated it is currently reviewing, along with the Bank of England, “the contingency plans of a wide range of firms.” FCA indicated it expects that firms are taking “all reasonable steps” to ensure they meet their regulatory obligations, including, for example, the capability to enter orders and transactions into appropriate systems, record conversations when trading, and provide staff compliance support when required.

Although neither the Securities and Exchange Commission nor the Commodity Futures Trading Commission have issued any written guidance for brokerage firm registrants (i.e., broker-dealers or futures commission merchants), the SEC provided conditional regulatory relief for certain publicly traded companies’ filing obligations. Specifically, publicly traded companies required to file certain disclosure reports from March 1 through April 30, 2020, may have an additional 45 days to file such reports provided they give the SEC a summary of why they require the relief. The SEC also advised companies to consider their disclosure obligations under federal securities laws should they become aware of some risk to their business because of COVID-19. 

The SEC’s Division of Investment Management separately indicated it would recommend no enforcement action against an investment fund board that did not comply with certain in-person voting requirements from March 4 through at least June 15, 2020, in case of “unforeseen or emergency circumstances affecting some or all of the directors.” The SEC indicated it might be open to extend its no-action position to a later date “as circumstances warrant.”

Getting the Business Done: The spread of the COVID-19 virus worldwide will continue to create unusual challenges for all businesses because of the difficulty of detecting carriers and the current lack of a vaccine. Apparently, persons may be contagious when asymptomatic, and even early tests of persons carrying the virus may not detect its presence. Additionally, it appears the virus may be transmitted without actual contact with a specific carrier – so-called “community” transmission.

As a result, the most important measure companies and individuals can take during the current crisis is to be informed by facts. The Center for Disease Control and Prevention maintains a robust website of relevant information, including frequently asked questions and answers, and persons may subscribe to automatic updates. (Click here to access the CDC website, and here for a subscription link.) It’s important that companies and individuals follow CDC’s myriad recommendations to the extent practical.

Separately, both the Financial Industry Regulatory Authority and the NFA require their members to maintain robust business continuity plans with certain prescribed elements. (Click here to access FINRA Rule 4370, here for NFA Rule 2-38, and here for NFA Interpretive Notice 9052.) Both the SEC and CFTC also require business continuity plans for certain registrants. (Click here, e.g., for CFTC Rule 23.603 related to swap dealers and major swap participants and here for SEC IM Guidance Update 2016-4 for investment companies.) The SEC proposed BCP requirements for investment advisors in 2016 but has not formally implemented any to date. (Click here to access the SEC’s proposal.) Both FINRA and NFA obligate members to provide and update the regulatory organizations with the name and contact information of key management personnel and certain other enumerated information. FINRA also provides a basic checklist of items that should be addressed in BCPs that make sense for all regulated organizations, as relevant:

  • data backup and recovery;
  • essential systems;
  • financial and operational assessments; 
  • backup communications between customers and the firm;
  • alternate physical locations of employees and agents;
  • essential third parties and counterparties;
  • regulatory reporting; and
  • access to customer funds and property.

Employees should have access to a firm’s BCP even when remote.

Additionally, following Hurricane Sandy in October 2012, the SEC, CFTC and FINRA issued a joint advisory on business continuity planning. Some of the key recommendations articulated then in response to lessons learned appear timely now. According to the advisory, firms should especially consider:

  • enhancing the capability of staff that work from home;
  • reviewing critical vendor relationships (how robust are their BCPs);
  • updating communication plans;
  • evaluating regulatory and compliance requirements; and 
  • testing.

As suggested in the current NFA guidance, training is critical. In any case, BCPs should be reviewed to ensure they address or are modified as necessary to deal with infectious disease outbreaks.

Many employment law issues will also arise because of the COVID-19 virus spread. Among other things, CDC recommends that firms: 

  • proactively encourage sick employees to remain home;
  • separate apparently sick employees from others, including sending impacted employees home;
  • routinely clean the workplace; 
  • potentially ban non-essential travel and gatherings; and
  • follow recommended CDC steps for employees required to travel.

Additionally, it is important that employers review their policies and practices to ensure they are consistent with public health recommendations as well as prevailing state and federal workplace laws. (Click here to access CDC’s Interim Guidance for Businesses and Employers.) 

It will be very important for management to promote calm among employees during the next few months until the COVID-19 outbreak diminishes. By thinking through as much as possible how the business needs to get done, and what can be done to effectuate those needs (sometimes considering non-intuitive solutions), financial service business can be conducted effectively with current technology even if many employees work remotely. To the extent there may be regulatory compliance challenges, try to discuss them in advance with relevant regulators and seek relief if possible; in all cases, ensure that all breaches are documented with as much specificity as possible.

  • Former Bank Chief Operational Risk Officer Fined US $450,000 by FinCEN for Role in Capping Number of Potential Suspicious Activity Alerts: Michael LeFontaine, the former chief operational risk officer and chief compliance officer of U.S. Bank National Association, was fined US $450,000 by the Financial Crimes Enforcement Network of the US Department of Treasury for his role in the bank’s capping of suspicious activity alerts generated by the bank’s monitoring system from January 2005 through May 2015.

In February 2018, four federal regulators imposed out-of-pocket sanctions on US Bancorp totaling US $613 million for alleged noncompliance with its anti-money laundering obligations from 2011 to 2015. The regulators were the US Department of Justice, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and FinCEN.

The regulators claimed that, during the relevant time, the bank failed to maintain an adequate staff level to conduct anti-money laundering oversight and capped the number of alerts generated by its AML surveillance system to accommodate the inadequately sized staff. This, alleged the regulators, caused the bank not to identify many potential AML issues and not to make many required suspicious activity reports. (Click here for additional background in the article “Bank Sanctioned US $613 Million for Capping Number of Suspicious Activity Reports” in the February 25, 2018 edition of Bridging the Week.)

FinCEN claimed, in its current enforcement action, that Mr. LeFontaine failed “to take sufficient steps to ensure that the Bank’s compliance division was appropriately staffed to meet regulatory expectations.” Moreover, charged FinCEN, two AML officers expressed concerns to Mr. LeFontaine that the bank’s surveillance system was “inadequate” because caps were imposed to limit alerts. One AML officer sent Mr. LeFontaine two memos with this warning – in December 2009 and April 2010 – and another, new AML officer expressed similar concerns to Mr. LeFontaine by the end of 2012. FinCEN indicated that Mr. LaFontaine did not respond adequately to information brought to his attention. Although FinCEN acknowledged that Mr. Lafontaine sought and received funding to upgrade the firm’s AML surveillance system, it said these actions “were inadequate to correct the deficiencies.”

Mr. LaFontaine admitted to the facts set forth in FinCEN’s determination and consented to the financial penalty.

Compliance Weeds: Applicable law and FinCEN rules require broker-dealers and other covered financial institutions (banks, Commodity Futures Trading Commission-registered futures commission merchants and introducing brokers and Securities and Exchange Commission-registered mutual funds) to file a SAR with FinCEN in response to transactions of at least US $5,000 which a covered entity “knows, suspects, or has reason to suspect” involve funds derived from illegal activity; have no business or apparent lawful purpose; are designed to evade applicable law; or utilize the institution for criminal activity. (Click here for a helpful overview of anti-money laundering requirements for broker-dealers, including SAR requirements. Click here for a similarly helpful compilation of AML resources for members of the National Futures Association.)

Additionally, covered institutions might also have to file SARs following cyber-events. (Click here for background in the article “FinCEN Issues Advisory Saying Cyber Attacks May Be Required to Be Reported Through SARs" in the October 30, 2016 edition of Bridging the Week.) 

In July 2017, Electronic Transaction Clearing, Inc., a registered broker-dealer, agreed to settle charges brought by the Financial Industry Regulatory Authority that it failed to consider whether to file SARs, as required, in response to red flags of possible suspicious conduct as well as for other violations. According to FINRA, ETC did not file such reports even after it restricted trading by certain of its customers after 30 instances where the firm identified problematic conduct, including prearranged trades or trading without an apparent economic reason. ETC agreed to pay a fine of US $250,000 to resolve FINRA’s charges. (Click here for background regarding FINRA’s charges in the article “Clearing Firm’s Failure to File Suspicious Activity Reports in Response to Red Flags Charged as Violation of FINRA Requirements” in the March 26, 2017 edition of Bridging the Week.)

Previously, in August 2015, FINRA fined Aegis Capital Corp. US $950,000 for selling unregistered penny stocks and related supervisory violations, and suspended and fined two individuals – Charles Smulevitz and Kevin McKenna – who served successively as chief compliance and anti-money laundering officers for the firm. According to FINRA, Mr. Smulevitz and Mr. McKenna failed to “reasonably” detect and review red flags of potentially suspicious transactions. As a result, they did not make a “reasoned determination whether or not to report the suspicious transactions to the Financial Crimes Enforcement Network … by filing a Suspicious Activity Report … as appropriate.” (Click here for further details in the article “FINRA Fines and Suspends Two CCOs for Supervisory and AML Violations” in the August 14, 2015 edition of Bridging the Week.)

Covered financial institutions should continually monitor transactions they facilitate, ensure they maintain and follow written procedures to identify and evaluate red flags of suspicious activities and file SARs with FinCEN when appropriate.

Moreover, covered institutions should ensure that problematic transactions identified by non-AML personnel (e.g., compliance staff) that may violate legal or regulatory standards are evaluated by AML personnel to determine whether a SAR should be filed with FinCEN. Indeed, the more complete a ledger a firm can maintain of potential problems identified across otherwise separate surveillance functions, the more likely a firm will be able to recognize and act holistically when it possesses multiple red flags. 

More Briefly:

  • Reciprocity Is a Two-Way Street Warns CFTC in Approving Amendment to Cross-Border Rule: The Commodity Futures Trading Commission amended a rule (30.10; click here to access) to enumerate specific circumstances under which it might terminate a special exemptive order permitting US persons to access directly foreign brokers subject to comparable regulatory supervision. Principal among the reasons is that a non-US regulator or self-regulatory organization failed to grant non-US persons the same type of access to US markets as Rule 30.10 contemplates granting to US persons accessing non-US markets.

‚ÄčAs amended, the CFTC might terminate an exemptive order granted to a foreign regulator or regulatory organization if: 

  • there was a material change in facts and circumstances undercutting the standards pursuant to which relief was initially granted (e.g., a lack of deference to the CFTC’s oversight of US contract markets in authorizing access by non-US persons); 
  • the “continued effectiveness” of any exemptive order became contrary to the public interest; or 
  • there were changes to the arrangements for sharing of information with the CFTC that made the exemptive order nonviable. 

In addition to permitting the affected party 30 business days to challenge any proposed revocation of an exemptive order, the CFTC authorized “any other person” to potentially respond to any proposed exemptive order cancellation.

  • SEC Proposes to Simplify Exempt Offering Framework: The Securities and Exchange Commission proposed comprehensive changes to the ability of companies to issue securities pursuant to exemptions from registration.The proposed amendments principally would raise offering limits for various types of exemptive offerings and authorize issuers to use a generic solicitation of interest to “test the waters” to determine which exemption to use. Generally, securities offerings to or from the United States must be registered or lawfully exempt from registration. There are many different types of potential exemptive offerings. The SEC’s proposed changes are in response to a solicitation of comments to a private offering harmonization concept release issued during June 2019. (Click here for background in the article “SEC Seeks Comments on Private Offering Harmonization Initiative” in the June 23, 2019 edition of Bridging the Week.) Comments on the SEC’s current proposed rule amendments will be accepted for 60 days following their publication in the Federal Register.
  • India Supreme Court Reverses Central Bank’s Ban on Regulated Banks Conducting Business With Virtual Asset Businesses: The India Supreme Court ruled that it was impermissible for the Reserve Bank of India to prohibit entities it regulates (e.g., banks) from providing any services to individuals or businesses dealing with or settling virtual currencies. In so ruling, the Court confirmed the “wide” power of the RBI to potentially prohibit its regulated entities from conducting business that it determined was highly risky in light of “the special place and role that it has in the economy of the country.” However, the Court noted that “the availability of power is different from the manner and extent to which it can be exercised” and in the current instance, the RBI’s exercise of its authority was not proportionate to any demonstrable harm. Here, said the Court, “RBI has not come out with a stand that any of the entities regulated by it … has suffered any loss or adverse effect directly or indirectly on account of the interface that [virtual currency] exchanges had with any of them.”

In other legal and regulatory developments impacting cryptoassets:

  • ESMA Head Stresses Need for Harmonized EU Approach to the Regulation of Cryptoassets: Steven Maijoor, Chair of the European Securities and Market Authority, stressed the need for a “common, holistic approach” to the oversight of cryptoassets, in a speech last week before the Fourth Annual FinTech and Regulation conference in Brussels. He said it was important to ensure “the right level of protection without stifling innovation.” He specifically acknowledged the potential benefits of global stablecoins, including the promotion of financial inclusion and the potential to make global cross-border payments “easier, cheaper and quicker.” However, he cautioned that, although stablecoins may not constitute legal tender, they might, like Libra, be a “currency of [their] own.” All cryptoassets, he said, should be regulated in accordance with the risks they raise on a case-by-case assessment. 

  • FCA Warns Investors That Renowned Cryptoasset Exchange Operates in UK Without Requisite Authorization: The UK Financial Conduct Authority issued a warning that it believed that Bitmex has been providing financial services in the United Kingdom without appropriate authorization. The FCA issued a similar notice regarding Kraken on March 3, but quickly removed the warning from its website without explanation. As of January 10, 2020, all UK businesses engaged in cryptoasset exchange provision services, including issuing new cryptoassets or providing custodian wallets, must comply with UK AML requirements. (Click here for background in the article” FCA Designated AML Supervisor of Many UK Digital Asset Activities” in the January 19, 2020 edition of Bridging the Week.)

  • What’s in a Fund’s Name Asks the SEC – Potentially Something Misleading: The Securities and Exchange Commission sought comment on its current requirements that restrict the use of potentially misleading names for registered funds (click here to access SEC Rule 35d-1). Currently if a fund’s name intimates a certain type of investment (e.g., stock fund), the fund must invest at least 80 percent of its assets in the type of investment, industry, country or geographic region referenced in the name. The SEC expressed concern that because the current “Names Rule” is mostly asset focused, it may not adequately be addressing funds’ leverage qualities, indices relied on by funds but that are themselves not regulated, or investment mandates that are qualitative but not necessarily quantitative (e.g., reference to ESG investment mandates). Comments will be accepted for 60 days after publication of the Request for Comment in the Federal Register
  • Precious Metals Traders Request Court Dismiss Criminal Charges Related to Alleged Spoofing Trading: Four individuals formerly associated with JP Morgan and indicated for purported spoofing activities on the Commodity Exchange, Inc and the New York Mercantile Exchange, Inc. from March 2008 through August 2016 moved to dismiss their 14-count indictment on the grounds that their alleged misconduct does not constitute fraud, and thus did not constitute a racketeering conspiracy or fraud as alleged by the government. This is because, said the defendants, their orders were “real, executable, open-market orders, and the indictment does not allege that they involved any misrepresentation (express or implied) or omission.” Moreover, in connection with a bank fraud charge, the indictment does not allege that defendants had the specific intent to defraud a financial institution. The four individuals are Christopher Jordan, Michael Nowak, Jeffrey Ruffo and Gregg Smith. The defendants’ criminal case is being heard before a federal court in Chicago. (Click here for background on the original indictment against three of the defendants in the article “Three Metals Traders Indicted for Racketeering and Other Offenses for Alleged Spoofing Activities; CFTC Files Parallel Civil Charges” in the September 23, 2019 edition of Bridging the Week.)
  • NFA Describes Path for CTAs to Comply With Recent CFTC Rule Amendment Cancelling Need to File Form PR When Solely Acting as a CPO: The National Futures Association instituted a procedure to ensure that commodity trading advisors that solely direct trading of pools for which the firm operates as a registered or exempt commodity pool operator do not have to file a Form PR. This prior requirement was eliminated through recent amendment of a rule by the Commodity Futures Trading Commission (click here to access Rule 4.27). By March 31, 2020, all relevant firms should log into the CTA Annual Questionnaire and answer “no” to the question “Does the firm currently direct any trading of commodity interest accounts?” and then click “Submit Filing.” (Click here for access to NFA’s CTA Annual Questionnaire.)

For further information:

Business Not as Usual – Regulators Issue Guidance on Responding to COVID-19 and Firms Take Precautions to Adapt:

ESMA Head Stresses Need for Harmonized EU Approach to the Regulation of Cryptoassets:

FCA Warns Investors That Renowned Cryptoasset Exchange Operates in UK Without Requisite Authorization

Former Bank Chief Operational Risk Officer Fined US $450,000 by FinCEN for Role in Capping Number of Potential Suspicious Activity Alerts:

India Supreme Court Reverses Central Bank’s Ban on Regulated Banks Conducting Business With Virtual Asset Businesses:

NFA Describes Path for CTAs to Comply With Recent CFTC Rule Amendment Cancelling Need to File Form PR When Solely Acting as a CPO:

Precious Metals Traders Request Court Dismiss Criminal Charges Related to Alleged Spoofing Trading:

Reciprocity Is a Two-Way Street Warns CFTC in Approving Amendment to Cross-Border Rule:

SEC Proposes to Simplify Exempt Offering Framework:

What’s in a Fund’s Name Asks the SEC – Potentially Something Misleading:

The information in this article is for informational purposes only and is derived from sources believed to be reliable as of March 7, 2020. No representation or warranty is made regarding the accuracy of any statement or information in this article. Also, the information in this article is not intended as a substitute for legal counsel, and is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. The impact of the law for any particular situation depends on a variety of factors; therefore, readers of this article should not act upon any information in the article without seeking professional legal counsel. Katten Muchin Rosenman LLP may represent one or more entities mentioned in this article. Quotations attributable to speeches are from published remarks and may not reflect statements actually made. Views of the author may not necessarily reflect views of Katten Muchin or any of its partners or employees.

© 2024 Katten Muchin Rosenman and Gary DeWaal. All Rights Reserved.