The SEC, through its Office of Compliance Inspections and Examinations (“OCIE”), recently issued its most detailed cyber guidance to date. OCIE had previously issued several cybersecurity risk alerts over the past few years. This most recent release, however, offers much more than a risk alert. OCIE’s “Cybersecurity and Resiliency Observations” goes into significantly more detail than OCIE’s prior risk alerts in this area and is fashioned in a vastly different and more user-friendly format. Thus, it is required reading for SEC regulated entities because, rest assured, it will be closely followed and applied by OCIE staff conducting cyber examinations, as well as by the Division of Enforcement’s “Cyber Unit.”
Last week, the Department
of Justice (“DOJ”) and the Securities & Exchange
Commission (“SEC”) announced charges connected to a large-scale,
international conspiracy to hack into the SEC’s Electronic Data Gathering,
Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen
material, non-public information. The
conduct underlying these cases was one of the principal reasons that the SEC created
its Division of Enforcement “Cyber Unit” to target cyber-related
securities fraud violations.
In a 16-count indictment unsealed in
the United States District Court for the District of New Jersey, two Ukrainian
citizens, Artem Radchenko and Oleksander Ieremenko, were charged with
securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy,
wire fraud, and computer fraud. The SEC’s complaint charged nine defendants – Ieremenko,
six traders in California, Ukraine, and Russian, and two entities – with antifraud
violations of the federal securities laws.
The charging documents allege that
Ieremenko and Radchenko hacked into the EDGAR system and stole thousands … Read More »
U.S. Attorney’s Office for the Southern District of New York Announces First-Ever Criminal Bank Secrecy Act Charges Against a U.S.-Based Broker-Dealer
On December 19, 2018, the United States Attorney for the Southern District of New York announced criminal charges against Central States Capital Markets, LLC (“CSCM”), a Prairie Village, Kansas-based broker-dealer. CSCM was charged with a violation of the Bank Secrecy Act (“BSA”) based on its willful failure to file a suspicious activity report (“SAR”) in connection with the illegal activities of one of its customers. The charge against CSCM represents the first criminal BSA charge ever brought against a United States-based broker-dealer.
The U.S. Attorney’s Office also announced that CSCM had entered into a deferred prosecution agreement under which it agreed to accept responsibility for its conduct, forfeit $400,000, and enhance its BSA / Anti-Money Laundering(“AML”) compliance program. If CSCM complies with the terms of the agreement,the U.S. Attorney’s Office agreed to defer prosecution for a period of two years, after … Read More »
Deputy Attorney General Rod Rosenstein recently announced significant changes to the Department of Justice’s corporate enforcement policy regarding individual accountability, previously announced in the 2015 Yates Memo. The revised policy no longer requires companies who are the target of DOJ investigations to identify all parties involved in potential misconduct before they can be eligible to receive any cooperation credit. This alert examines the updated policy, which should provide companies with greater flexibility in conducting investigations and negotiating dispositions with DOJ in both criminal and civil cases.
Read the full alert.
The Securities and Exchange Commission (SEC) recently released a report detailing whether or not certain companies that had fallen victim to cyber-related frauds had violated the Securities Exchange Act of 1934 by failing to have proper internal accounting controls. The nine companies investigated by the SEC fell prey to fraudulent “business email compromise” schemes, which are responsible for the highest estimated out-of-pocket losses of any cyber-related crimes in the last five years. The primary question for the SEC was whether or not the companies had failed to enact compliant internal accounting controls that may have prevented such fraud.
This alert details the SEC’s finding and advice for companies in an environment where cybersecurity is increasingly complicated and essential.
Read the full alert.
Department of Justice Announces New Policy on Coordination of Enforcement Actions and Corporate Penalties
The Department of Justice has established a new policy that requires its attorneys to coordinate with one another and with other enforcement authorities when imposing multiple penalties for the same conduct. This policy is likely to protect companies from unfair outcomes resulting from a lack of coordination among the DOJ and other authorities.
I authored an alert that provides an overview of the new policy and discusses the potential impact on companies affected.
Click here to read the alert.