FTC Confirms Investigation into Facebook’s Data Privacy Practices

Acting Director Tom Pahl of the Federal Trade Commission (“FTC”) Bureau of Consumer Protection confirmed that the FTC is investigating the data privacy practices of Facebook Inc. (“Facebook”) following reports that Cambridge Analytica, a data collection and analytics firm, may have misappropriated the personal information of over 50 million users. Facebook previously settled charges with the FTC in 2011 for deceiving consumers regarding the privacy of their account information. The conditions of that settlement required Facebook to obtain approval from consumers before changing the way it shares their data, and to periodically review its privacy practices. The 2011 charges alleged that Facebook’s practices violated Section 5(a) of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices in or affecting commerce.

In addition, a group of 37 Attorneys General issued a letter to Facebook CEO Mark Zuckerberg requesting information on Facebook’s policies and procedures for protecting users’ personal information, as well as the social networking platform’s plans for improving privacy controls and disclosures going forward. Watchdog group Common Cause filed complaints with the Department of Justice and the Federal Election Commission accusing Cambridge Analytica of violating federal election laws.

Earlier this month, Facebook stated that a University of Cambridge professor created an application that used Facebook’s platform to gain access to consumers’ information. At the time, Facebook argued that the situation was not a data breach because consumers knowingly gave away their consent when they signed up for the app. Since then, however, Facebook acknowledged that the professor violated Facebook’s Platform Policies by failing to disclose that the data collected was passed onto data collections and analytics firms, Strategic Communication Laboratories and its affiliate corporation, Cambridge Analytica.

CFTC Officials Criticize Budget Allocation

CFTC Chair J. Christopher Giancarlo and Commissioner Rostin Behnam criticized the CFTC budget allocation made in the recently passed Congressional spending bill. The budget was signed by President Trump.

The CFTC requested a budget of $281.5 million for fiscal year 2018. After CFTC funding has remained flat at $250 million for four years, the new spending bill allocates $249 million for fiscal year 2018. For fiscal year 2019, the CFTC requested $281.5 million (with $31.5 million to come from derivatives user fees).

According to a Bloomberg report, CFTC spokeswoman Erica Elliott Richardson said that Chair Giancarlo takes the decrease “incredibly personally,” noting that the CFTC is “absolutely astounded” by the outcome. Mr. Behnam echoed Mr. Giancarlo’s message, arguing that the agency “cannot responsibly innovate and meet the needs of rapidly evolving markets and market participants absent additional funding.”

Lofchie Comment: While in the minority at the Commission, Mr. Giancarlo was constantly forward-thinking on developing legal issues such as cybersecurity, while being attentive to economic issues and consequences (such as global market fragmentation). As Chair, he has worked to improve existing rules (e.g. project KISS). He has managed this while avoiding no-win partisan arguments. If Members of Congress were looking for a model of a good regulator, Mr. Giancarlo would be high on the list.

Chair Giancarlo made a detailed and compelling case for necessary and modest increases in budget. His request should have been met.

GAO FinTech Report Calls for Improvements in Customer Protection and Regulatory Oversight

The Government Accountability Office (“GAO”) issued a report evaluating the risks and benefits, customer protections, and regulatory oversight of FinTech products and activities. Among other things, the GAO advised regulators to (i) improve interagency coordination, (ii) address competing concerns on financial account aggregation and (iii) analyze the feasibility of adopting successful foreign regulatory approaches.

The GAO report found that the fragmented regulatory framework, split between state and federal regulators, does not sufficiently address the risks of these products. The GAO advised regulators to protect customers by addressing the unique characteristics of FinTech products, including data security and privacy liabilities. The GAO also found that the regulatory framework presents several challenges to FinTech payment and lending firms, including costly and time-consuming compliance activities.

The GAO report praised innovation taken by regulators in foreign jurisdictions. A “regulatory sandbox” is one such innovation that allows regulators and FinTech firms to collaborate and understand evolving market trends. In practice, it allows FinTech firms to offer products on a limited scale, which enables firms and regulators to get useful feedback on the products and their risks. The GAO advised U.S. regulators to consider similar approaches and be adaptive to market innovations.

Lofchie Comment: According to the summary of the GAO report:

“The U.S. regulatory structure poses challenges to fintech firms. With numerous regulators, fintech firms noted that identifying the applicable laws and how their activities will be regulated can be difficult.”

A great part of the problem is the prevailing Dodd-Frank notion that more rules, more agencies and more overlapping authority means that the market is safer. The reality is that, in many cases, it just means that the system is more cumbersome and that greater authority in ever more governmental agencies provides even less certainty as to what the rules actually are. For a somewhat fuller discussion of the impact of regulatory complexity, here is a 2009 pre-Dodd-Frank article: The Future of Financial Regulation: Meet the New Regulators, Better Than the Old Regulators?

SEC Commissioner Urges SEC to Conduct Review of Mutual Fund Regulations

SEC Commissioner Hester M. Peirce urged the SEC to scrutinize and potentially eliminate costly regulations that hinder mutual funds’ ability to generate returns and thus negatively impact investors.

In a speech before the 2018 Mutual Funds and Investment Management Conference, Ms. Peirce argued that the SEC should pay careful attention to the costs and time burdens of complying with rules. Ms. Peirce suggested that the SEC should conduct retrospective reviews of its regulations to assess (i) whether the rules are accomplishing their intended objectives, and (ii) if there are more cost-effective alternatives than the rules currently in place.

Ms. Peirce highlighted that the SEC recently conducted a review of ICA Rule 22e-4, which addresses fund liquidity, before it took full effect. The SEC learned that, among other problems, the liquidity classification requirements in ICA Rule 22e-4 did not accommodate different types of funds and required difficult judgment calls in several instances. Ms. Peirce counseled regulators to remember that funds are not banks and should not be regulated as such.

Ms. Peirce also encouraged the SEC to amend rules to provide investors with disclosure in an easily accessible, readable format. She suggested that the SEC should harness technology to improve fund disclosures. In particular, she advocated for adopting proposed ICA Rule 30e-3, which would allow shareholder reports to be transmitted over a website.

Finally, Ms. Peirce emphasized the need for a rulemaking on ETFs, echoing comments by the Director of the Division of Investment Management (covered here).

Lofchie Comment: There may be no other place in regulation where the tension between (i) adopting regulations that protect retail investors and (ii) imposing regulatory costs that are passed on to retail investors is so obvious. Over time, it seems that regulators tend to focus more and more on investor protection and to ignore the costs. It is important to revisit the trade-offs, as Commissioner Peirce urges.

SEC Director of Investment Management Says Rulemaking on ETFs a “High Priority”

SEC Division of Investment Management Director Dalia Blass emphasized the need for SEC rulemaking on exchange-traded funds (“ETF”), noting that the ETF market is a $3.5 trillion market “operating under more than 300 individually issued exemptive orders.” Ms. Blass’s remarks were delivered at the ICI 2018 Mutual Funds and Investment Management Conference.

Among other recommendations, Ms. Blass urged a reconsideration of the nomenclature currently used to describe key terms. She argued that basic terms like “ETFs” and “index providers” are being used in a manner that is different from their original meanings and have become confusing to investors. Ms. Blass noted that the term ETF is used to encompass commodity pools and exchange-traded notes as well as SEC-registered investment companies. She also challenged some common assumptions about “index providers” including the notion that they may rely on the publisher’s exclusion from the definition of “investment adviser.”

Additionally, Ms. Blass argued that recent developments, particularly with regard to bespoke or narrowly focused indices, appear to have “moved certain index providers away from what we might think of as publishers.” Ms. Blass advised industry professionals to review these terms and provide feedback as to whether they are being used appropriately.

Lofchie Comment: Ms. Blass’s statements are a good example of the SEC focusing on the basics: regulating large scale public markets, seeking to protect public investors, and establishing rules that are of broad general application. Given the size of the market, it makes sense for the SEC to take on rulemaking with respect to ETFs. In fact, it raises a question as to whether the Investment Company Act itself should be amended to provide statutory recognition of the product.

CFS Monetary Measures for February 2018

Today we release CFS monetary and financial measures for February 2018. CFS Divisia M4, which is the broadest and most important measure of money, grew by 4.9% in February 2018 on a year-over-year basis versus 4.8% in January.

For Monetary and Financial Data Release Report:
http://www.centerforfinancialstability.org/amfm/Divisia_Feb18.pdf

For more information about the CFS Divisia indices and the data in Excel:
http://www.centerforfinancialstability.org/amfm_data.php

Bloomberg terminal users can access our monetary and financial statistics by any of the four options:

1) {ALLX DIVM }
2) {ECST T DIVMM4IY}
3) {ECST} –> ‘Monetary Sector’ –> ‘Money Supply’ –> Change Source in top right to ‘Center for Financial Stability’
4) {ECST S US MONEY SUPPLY} –> From source list on left, select ‘Center for Financial Stability’

SEC Commissioner Highlights Cybersecurity as Serious Corporate Governance Issue

SEC Commissioner Robert J. Jackson, Jr. highlighted the increasing prevalence of cybercrime and its detrimental effect on public companies, citing over 1,000 incidents in 2016 alone that cost American companies more than $100 billion. Consistent with recent enhanced guidance on cybersecurity risks and disclosure obligations issued by the SEC, Commissioner Jackson encouraged collaboration between corporate counselors and the SEC to develop (i) proactive measures to combat cybercrime and to ensure timely and transparent disclosures following data breaches, (ii) corporate frameworks that discourage insider trading, and (iii) internal reporting structures to enable company boards and management to react.

When a security breach occurs, Commissioner Jackson emphasized the necessity of reporting it to the public quickly. In the absence of timely disclosure, he warned that companies may ultimately face prosecution, pay significant settlements, and suffer reputational harm.

To prevent insider trading, Commissioner Jackson said that senior management should be aware that trading on breach-related information before the breach has been disclosed could be fraudulent. Since the law is less clear regarding non-insiders trading on material nonpublic information, he expressed concern that hackers may be able to profit by making strategic trades after they have executed a cyberattack but before the public has learned about it. To prevent this type of misconduct, Commissioner Jackson said that timely public disclosure must be prioritized in the wake of any cyberattack.

Commissioner Jackson also stressed how vital it is for public companies across all industries to build effective internal cybersecurity controls. In addition to cyber-oriented corporate policies and procedures, Commissioner Jackson urged Congress or the SEC to take further action to address the issue of corporate insider trading in the cybersecurity context.

House Committee Reviews Regulation of Cryptocurrencies and ICOs

At a U.S. House Financial Services Committee hearing, witnesses outlined their recommendations for Congress concerning the regulation of cryptocurrencies and initial coin offering (“ICO”) markets.

Mike Lempres, Chief Legal and Risk Officer at Coinbase, touted the potential of ICOs and expressed support for the “responsible regulation” of such offerings. However, he criticized “regulation by enforcement,” arguing that it can stifle innovation and inhibit progress. Mr. Lempres called for clear and consistent guidance from regulators, including definitive guidelines on the classification of cryptocurrencies as securities or commodities. He also called for increased coordination between regulatory agencies, and warned that investments are likely to move to other countries absent the development of a clear and comprehensive regulatory framework.

Dr. Chris Brummer, Professor of Law at the Georgetown University Law Center, said that a robust disclosure system for ICOs is important to ensure investor protection. He recommended that policymakers require an ICO to disclose (i) a promoter’s location and contact information, (ii) a technological problem and proposed solution, (iii) a description of the token, (iv) qualifications of the technical team, and (v) industry risk factors.

Peter Van Valkenburgh, Director of Research at Coin Center, urged Congress to consider establishing a federal framework rather than relying on a state-by-state approach for regulating cryptocurrency exchanges. He also identified the distinction between existing scarce cryptocurrencies (e.g., bitcoin) and the promise of future tokens offered by ICOs, and explained that each presents a unique set of risks deserving tailored regulatory consideration. Mr. Valkenburgh said that cryptocurrencies should be treated as commodities and fall within the CFTC’s jurisdiction, while ICO tokens should be treated as securities and regulated by the SEC.

Robert Rosenblum, Partner at Wilson Sonsini Goodrich & Rosati, argued that not enough is yet known about cryptocurrency markets to establish a comprehensive legislative or regulatory framework. In the short term, he suggested that Congress (i) appoint a single federal regulator to have primary jurisdiction over ICOs, tokens and token-related platforms, (ii) authorize the SEC and other regulators to waive certain rules, as applicable to cryptocurrency activity, that may impede blockchain or cryptocurrency development, and (iii) expressly preempt certain state laws that may impose unnecessary requirements on cryptocurrency-related entities and platforms. In the long term, Mr. Rosenblum suggested building a comprehensive legislative framework that is simple, tailored to address the needs of token investors and users, and protects against systemic risk.

IOSCO Issues Recommendations to Protect Senior Investors

The International Organization of Securities Commissions (“IOSCO”) published a report on senior financial fraud. The report provides member states and financial regulators with guidance on protecting vulnerable senior investors.

The IOSCO report concludes that senior investors are more susceptible to fraud as a result of declining cognitive capacity, lack of financial literacy and social isolation, among other factors. The report urges member states to (i) strengthen protective measures focused on seniors, (ii) improve financial service providers’ employee training, and (iii) provide guidance on life planning issues, including arrangements for loss of capacity.

The report also issues recommendations for regulators and encourages the development of:

  • educational programs and resources for senior investors;
  • senior-focused specialists within existing assistance programs;
  • research on risks and issues facing seniors; and
  • guidelines and training programs for employees reviewing transactions conducted with senior investors.

Lofchie Comment: Securities firms would benefit from a common framework as to how to handle dealings with senior investors. On the one hand, firms must recognize that they face material liability in facilitating risky investments by seniors. On the other hand, many seniors are perfectly capable, control a lot of wealth, and have long investment horizons.

At a minimum, this means that firms need to be very cautious as to situations in which they may be deemed to exercise discretion or material influence over account decisions. Conversely, firms cannot refuse to comply with the trading instructions of wealthy clients simply because they are elderly. In negotiating this Scylla and Charybdis, firms will benefit from working jointly, along with regulators and interested organizations, in developing common rules of the road.

SEC Chairman Highlights Pressing Matters Affecting Retail Investors

SEC Chairman Jay Clayton urged the Investor Advisory Committee (the “Committee”) to focus on priorities outlined in the SEC Regulatory Flexibility Act agenda. He warned that the Committee’s deliberations on mandatory arbitration provisions and dual-class share structure may require a disproportionate share of resources, and that other authorities and market participants may take action to address these issues. On dual-class structures, Mr. Clayton asserted that any discussion needs to consider additional related concerns beyond just “disclosure deficiencies and investor confusion.”

Mr. Clayton urged the SEC instead to dedicate its resources to matters that affect retail investors, including:

  • Standards of conduct for investment professionals;
  • Examination of equity and fixed income market structure;
  • Regulation of investment products (including exchange-traded funds);
  • Impact of distributed ledger technology;
  • FinTech developments;
  • Elimination of burdensome or ineffective regulations; and
  • Congressionally mandated rulemaking.

Lofchie Comment: That seems a good “to do” list. The priorities reflect a return by the SEC to its traditional missions (which is all to the good) plus FinTech.