President Signs Executive Order to Impose Sanctions in the Event of Foreign Interference in U.S. Elections

President Donald J. Trump signed an Executive Order (“E.O.”), dated September 12, 2018, directing intelligence and law enforcement agencies to assess foreign interference in U.S. elections, and authorizing sanctions against foreign persons found to have engaged in, assisted or otherwise supported such activity.

In Section 1 of the E.O., President Trump established a multi-step process for assessing and evaluating the involvement of a “foreign government, or any person acting as an agent of or on behalf of a foreign government” in actual or attempted interference in a U.S. election. The initial assessment, to be conducted by the Director of National Intelligence in consultation with other agencies, is to be done within 45 days after the conclusion of an election. During the subsequent 45-day period, the Attorney General and the Secretary of Homeland Security, in consultation with others, are to deliver to the President, the Secretary of State, the Secretary of the Treasury and the Secretary of Defense a report evaluating (i) the extent to which foreign interference materially affected election infrastructure, vote tabulation or the timely transmission of results, and (ii) the extent to which such interference materially affected the security or integrity of infrastructure related to political candidates, campaigns, and other political organizations.

Section 2 of the E.O. authorizes the imposition of blocking sanctions against foreign persons determined (i) to have directly or indirectly engaged in, sponsored, concealed or otherwise been complicit in foreign interference in a U.S. election; (ii) to have materially assisted, sponsored or otherwise supported such interference, or to have supported any person sanctioned in connection with such interference; or (iii) to be owned or controlled by, or to have acted or to have purported to act for or on behalf of, any person sanctioned under the E.O. Section 2 also notes that two Obama-era E.O.s remain in effect, which provide additional authorities for sanctions in connection with election-related and certain other “malicious cyber-related activities.”

Section 3 of the E.O. directs the Secretary of the Treasury, in consultation with others, to recommend to the President a range of potential sanctions – from complete blocking, to restrictions on the extension of credit, to a prohibition on dealings in equity or debt – against “the largest business entities licensed or domiciled in a country whose government authorized, directed, sponsored, or supported election interference,” including at least one entity from each of the finance, defense, energy, technology and transportation sectors.

CFTC Opens Registration for First FinTech Conference

Registration for the upcoming CFTC Conference: “FinTech Forward 2018: Innovation, Regulation and Education” is now open. The conference, which is scheduled to take place from October 2, 2018 to October 4, 2018, will feature CFTC Chair Christopher J. Giancarlo and U.S. Representative Austin Scott (R-GA), among others.

The conference will focus on significant tech-driven developments in the financial markets. Participants will discuss (i) the impact that new technologies may have on markets and customers, and (ii) what regulators ought to do to help identify emerging opportunities, challenges and risks, as well as to better educate market participants.

International Regulators Launch “Global Financial Innovation Network”

Several international regulatory agencies collaborated in the creation of the “Global Financial Innovation Network” (“GFIN”). The new network will focus on regulatory issues related to emerging technologies. There are 11 regulatory agencies in the new network including the Consumer Financial Protection Bureau and the UK’s Financial Conduct Authority.

In a draft consultation document, the agencies explained three major functions of the initiative: (i) information- and knowledge-sharing among regulators, (ii) collaboration in exploring major policy questions and (iii) “cross-border trials” instituted to aid companies as they deal with multi-jurisdictional regulatory challenges. The network is intended to serve as a resource for FinTech companies navigating the complicated web of international regulation. The regulators anticipate that GFIN will increase the speed at which innovative products are able to reach international markets. They also argue that the GFIN will promote transparency and investor protection.

The GFIN proposed the following as its organizational mission statement:

“The GFIN is a collaborative policy and knowledge-sharing initiative aimed at advancing areas including financial integrity, consumer wellbeing and protection, financial inclusion, competition and financial stability through innovation in financial services, by sharing experiences, working jointly on emerging policy issues and facilitating responsible cross-border experimentation of new ideas.”

The GFIN is requesting feedback on its proposed objectives, functions and structure. Comments must be submitted by October 14, 2018.

GAO Calls for Urgent Action to Address Nationwide Cybersecurity Challenges

In a study conducted to update its identification of information security risk areas, the Government Accountability Office (“GAO”) identified four primary cybersecurity challenges and ten corresponding actions that the federal government and other entities must undertake to address them.

The four challenges are (i) establishing a comprehensive cybersecurity strategy and performing effective oversight, (ii) strengthening federal systems and information, (iii) safeguarding cyber critical infrastructure, and (iv) protecting privacy and sensitive data.

The four actions needed to address the first challenge are:

  • developing a more exhaustive federal strategy for national cybersecurity;
  • mitigating global supply chain risks;
  • addressing cybersecurity workforce management challenges (since the federal government faces challenges with respect to ensuring that the nation’s cybersecurity workforce has the necessary skills); and
  • ensuring the security of emerging technologies (such as artificial intelligence and the Internet of Things).

The three actions outlined to deal with the second challenge are:

  • improving the implementation of government-wide cybersecurity initiatives;
  • addressing weaknesses in federal agency information security programs; and
  • bolstering the federal response to cyber incidents.

To confront the third challenge, the GAO identified the need for a more robust federal role in protecting the cybersecurity of critical infrastructure (such as electricity grids and telecommunications networks).

With regard to tackling the fourth challenge, the GAO called for improving federal efforts to protect privacy and sensitive data, limiting the collection and use of personal information, and ensuring that personal information is obtained with appropriate knowledge or consent.

Since 2010, the GAO has made over 3,000 recommendations to federal agencies that relate to mitigating cybersecurity weaknesses. As of July 2018, approximately 1,000 recommendations still need to be implemented.

Guiding Principles for Cyber Risk Governance: Principles for Directors in Overseeing Cybersecurity

The purpose of this document is to provide boards of directors a set of Guiding Principles to enable the implementation of an effective cybersecurity program. A director should understand the full range of cyber risks facing his or her company and encourage management to develop appropriate strategies tailored to the company’s operating environment, risk profile, and long-term goals.

The specific needs of any effective cyber program include careful planning, smart delegation, and a system for monitoring compliance — all of which directors should oversee. It’s no longer a question of whether a company will be attacked but more a question of when this will happen — and how the organization is going to prevent it. Smart network surveillance, early warning indicators, multiple layers of defense, and lessons from past events are all critical components of true cyber resilience. When things go wrong, whether in a major or minor way, the ability to quickly identify and respond to a problem will determine the company’s ultimate recovery.

Cybersecurity cannot be guaranteed, but a timely and appropriate reaction can.

Longer term, the board should understand and consider the strategic business implications of cybersecurity, foster the right company culture surrounding security, and encourage the integration of cyber risk management practices into other governance and approval processes. In essence, the board should consider cybersecurity as a managerial issue, not just as a technical one.

Click here for the full report.

President Trump Issues Executive Order to Establish Task Force on Market Integrity and Consumer Fraud

President Donald J. Trump issued an Executive Order instructing the Attorney General (“AG”) to establish a Task Force on Market Integrity and Consumer Fraud (the “Task Force”). The goal of the Task Force is to provide guidance on financial fraud and other crimes, including cyber fraud, that target members of the public.

Specifically, the Task Force will give recommendations to the AG on fraud enforcement activities across the DOJ regarding (i) actions to improve inter-agency cooperation in investigating and prosecuting financial crimes, (ii) actions to bolster communication among Federal, State, local and tribal authorities with respect to the detection, investigation and prosecution of financial crimes, and (iii) changes in “rules, regulations, or policy, or recommendations to . . . Congress regarding legislative measures, to improve the effective investigation and prosecution” of financial crimes.

The Task Force will terminate and replace the Financial Fraud Enforcement Task Force created by Executive Order 13519 on November 17, 2009, which is now revoked.

In remarks delivered in Washington D.C., SEC Chair Jay Clayton expressed support for the establishment of the Task Force. Mr. Clayton reaffirmed the importance of inter-agency cooperation when it comes to protecting retail investors, and underscored some of the actions that the SEC recently undertook to confront retail securities fraud. In particular, Mr. Clayton highlighted retail enforcement strategies, emergency actions, and cyber and initial coin offering (“ICO”) fraud. With respect to retail enforcement strategy, Mr. Clayton discussed the Retail Strategy Task Force created by the SEC in 2017 to provide additional protection for Main Street investors by developing strategies for dealing with various types of wrongdoing that most impact retail investors. Mr. Clayton also stated that in response to bad actors utilizing new technologies to commit ICO fraud, the Enforcement Division created a Cyber Unit to deal specifically with cyber-related crimes.

Lofchie Comment: There seem to be two major differences between the newly issued order and the Executive Order that it replaced.

First, the former Task Force included membership from a complete A-Z of agencies making it unwieldy at best. The reconstituted Task Force can call upon the agency alphabet as is needed.

Second, the former Task Force was established, in large measure, to address concerns related to the financial crisis. The new Task Force is forward-looking; it now includes fraud on the government, cyberfraud, fraud against senior citizens, health care fraud, and fraud involving cryptocurrencies.

GAO FinTech Report Calls for Improvements in Customer Protection and Regulatory Oversight

The Government Accountability Office (“GAO”) issued a report evaluating the risks and benefits, customer protections, and regulatory oversight of FinTech products and activities. Among other things, the GAO advised regulators to (i) improve interagency coordination, (ii) address competing concerns on financial account aggregation and (iii) analyze the feasibility of adopting successful foreign regulatory approaches.

The GAO report found that the fragmented regulatory framework, split between state and federal regulators, does not sufficiently address the risks of these products. The GAO advised regulators to protect customers by addressing the unique characteristics of FinTech products, including data security and privacy liabilities. The GAO also found that the regulatory framework presents several challenges to FinTech payment and lending firms, including costly and time-consuming compliance activities.

The GAO report praised innovation taken by regulators in foreign jurisdictions. A “regulatory sandbox” is one such innovation that allows regulators and FinTech firms to collaborate and understand evolving market trends. In practice, it allows FinTech firms to offer products on a limited scale, which enables firms and regulators to get useful feedback on the products and their risks. The GAO advised U.S. regulators to consider similar approaches and be adaptive to market innovations.

Lofchie Comment: According to the summary of the GAO report:

“The U.S. regulatory structure poses challenges to fintech firms. With numerous regulators, fintech firms noted that identifying the applicable laws and how their activities will be regulated can be difficult.”

A great part of the problem is the prevailing Dodd-Frank notion that more rules, more agencies and more overlapping authority means that the market is safer. The reality is that, in many cases, it just means that the system is more cumbersome and that greater authority in ever more governmental agencies provides even less certainty as to what the rules actually are. For a somewhat fuller discussion of the impact of regulatory complexity, here is a 2009 pre-Dodd-Frank article: The Future of Financial Regulation: Meet the New Regulators, Better Than the Old Regulators?

SEC Commissioner Highlights Cybersecurity as Serious Corporate Governance Issue

SEC Commissioner Robert J. Jackson, Jr. highlighted the increasing prevalence of cybercrime and its detrimental effect on public companies, citing over 1,000 incidents in 2016 alone that cost American companies more than $100 billion. Consistent with recent enhanced guidance on cybersecurity risks and disclosure obligations issued by the SEC, Commissioner Jackson encouraged collaboration between corporate counselors and the SEC to develop (i) proactive measures to combat cybercrime and to ensure timely and transparent disclosures following data breaches, (ii) corporate frameworks that discourage insider trading, and (iii) internal reporting structures to enable company boards and management to react.

When a security breach occurs, Commissioner Jackson emphasized the necessity of reporting it to the public quickly. In the absence of timely disclosure, he warned that companies may ultimately face prosecution, pay significant settlements, and suffer reputational harm.

To prevent insider trading, Commissioner Jackson said that senior management should be aware that trading on breach-related information before the breach has been disclosed could be fraudulent. Since the law is less clear regarding non-insiders trading on material nonpublic information, he expressed concern that hackers may be able to profit by making strategic trades after they have executed a cyberattack but before the public has learned about it. To prevent this type of misconduct, Commissioner Jackson said that timely public disclosure must be prioritized in the wake of any cyberattack.

Commissioner Jackson also stressed how vital it is for public companies across all industries to build effective internal cybersecurity controls. In addition to cyber-oriented corporate policies and procedures, Commissioner Jackson urged Congress or the SEC to take further action to address the issue of corporate insider trading in the cybersecurity context.

CFTC and UK Financial Conduct Authority Sign FinTech Collaboration Arrangement

The CFTC and the UK Financial Conduct Authority (“FCA”) signed an agreement to facilitate collaboration, share information and support each other’s FinTech initiatives. This is the first FinTech arrangement for the CFTC with a non-U.S. counterpart.

The “Cooperation Arrangement” is primarily focused on the agencies’ respective FinTech initiatives, specifically the CFTC’s “LabCFTC” and the FCA’s “Innovate” programs. The regulators agreed to a framework for the exchange of information on businesses who participate in the programs, trends and developments in FinTech, regulatory issues surrounding FinTech development, best practices for engaging with innovators, and the activities of organizations that promote innovation. The regulators further committed to referring FinTech businesses to each other when such businesses are interested in operating in the other regulator’s jurisdiction. They also agreed to a variety of other measures intended to foster their mutual understanding of technology. The FCA and CFTC will host a joint event in London to facilitate FinTech firms’ engagement with both regulators.

CFTC Chair J. Christopher Giancarlo spoke of the groundbreaking nature of the arrangement: “This is the first FinTech innovation arrangement for the CFTC with a non-U.S. counterpart. We believe that by collaborating with the best-in-class FCA FinTech team, the CFTC can contribute to the growing awareness of the critical role of regulators in 21st century digital markets.” FCA Chief Executive Andrew Bailey agreed, saying, “As our first agreement of this kind with a U.S. regulator, we look forward to working with LabCFTC in assisting firms, both here in the UK and in the U.S., who want to scale and expand internationally in our respective markets.”

Lofchie Comment: Regulators cooperating with each other to better understand markets and products and to prepare for change is a far better approach than fighting over jurisdiction or shutting down change.

Global Markets into 2018

The Center for Financial Stability (CFS) hosted a small private workshop for leaders in finance to delve into issues that will shape the future of asset values and investment management on December 6.

CFS Special Counselor Jack Malvey set the stage with an essay “Toward the Mid-21 st Century Global Financial System” –
www.CenterforFinancialStability.org/research/MalveyGlobal_Dec_2017.pdf

Workshop topics included:

– Geopolitics and Big Picture Challenges through 2020 – AI, cyber, etc;
– Global Macro, Quantitative Tightening, and Financial Stability;
– Financial Industry Transitions – Active versus Passive Management, etc; and
– Opportunities and Risks (a selection follows).

OPPORTUNITIES

– Buy cash today – the rate of return will be extraordinarily high.
– Central banks will more actively incorporate financial stability into actions and mandates.
– Emerging markets will outperform.
– The Fed desires to move further away from the zero lower bound.
– NPLs in China are overstated / bank earnings mitigate and neutralize risks.
– Global macro investment opportunities via uneven tightening.

RISKS

– I will buy cash – but tomorrow.
– Bitcoin correction.
– Limited attractive equity names based on valuation / similar to Tokyo in 1989.
– Geopolitical tensions will increase with North Korea, China, Russia, and Saudi Arabia.
– Inflation surprise / data may be misread.
– Artificial intelligence channeled for ill.

Best wishes into the Holiday Season and 2018!