FCM Settles CFTC Charges Resulting from Cybersecurity Failure

A futures commission merchant (“FCM”) settled CFTC charges for failing to enact sufficient cybersecurity measures and to notify customers of a $1 million cyber breach.

According to the Order, the FCM, Phillip Capital Inc. (“PCI”) failed to implement sufficient cybersecurity and customer disbursement policies and procedures that ultimately allowed hackers to access their email systems and withdraw customer funds. After discovering $1 million in customer funds had been withdrawn, PCI (i) approved reimbursement of the mistakenly wired customer funds, (ii) notified the CFTC Division of Swap Dealer and Intermediary Oversight the day of the fraudulent wire and (iii) implemented measures to prevent further fraudulent transfers. The CFTC found that PCI failed to disclose in a timely manner the material facts of the cyber breach and fraudulent wire to current and prospective customers.

The CFTC credited PCI the $1 million restitution as a result of its prompt reimbursement of the customer funds upon discovery of the fraud. PCI also agreed to (i) cease and desist from further violating CFTC Rules, (ii) report remedial efforts to the CFTC and (iii) pay a civil monetary penalty of $500,000.

LOFCHIE COMMENTARY

This enforcement action is an illustration of both (i) what can go wrong in connection with a cybersecurity failure and (ii) how much the task of compliance has changed as a result of the need to deal with cybersecurity, as well as other technology, issues.

The firm’s initial problems resulted from the fact that its employees were deemed not be up to their cybersecurity tasks. Allegedly, the firm’s IT Manager “had limited training in cybersecurity, and cybersecurity was not broadly within the IT Engineer’s sphere of responsibility.” Apparently, neither the firm’s CCO, who was responsible for maintaining the firm’s Information Systems Security Program (“ISSP”), nor the CCO’s staff was qualified to manage cybersecurity defenses or problems. Even when firm employees discovered the breach, they failed to respond adequately and the hacker immediately rebreached the system. (The firm was arguably lucky that the hacker was so impatient. Had the hacker bided his time following the firm’s initial discovery, it is certainly possible that a second breach might have gone undiscovered for a longer period.)

The firm’s cybersecurity weakness was exacerbated by the fact that it had very weak “change of address” and disbursement policy controls. That was not of itself a cyber failure, but had those policies been up to speed, it is very likely that the major damage from the cyber failure itself could have been averted.

Finally, the firm failed to provide timely notice as to the breach. These days, firms must anticipate the possibility of a breach. While it seems unattractive to go public with information as to the breach, it is also risky not to do so.

SEC Provides Proxy Voting Guidance, Clarifies Obligations of Advisers

In a three-to-two vote, the SEC approved (i) guidance on an investment adviser’s responsibilities in proxy voting and in vetting any advice that the adviser may itself receive from a proxy advisor, and (ii) an interpretation and related guidanceon rules for solicitation of proxies and proxy voting advice.

Proxy-Advisor Guidance

In the proxy-adviser guidance, the SEC clarified an investment adviser’s fiduciary duty and obligations under Advisers Act Rule 206(4)-6 (“Proxy Voting”) in connection with an adviser’s proxy voting for clients. In its guidance, the SEC:

  • recognized that the adviser-client relationship should not be handled with a “one-size-fits-all” approach; and
  • recognized the wide variety of ways that investment advisers can use proxy advisory firms’ services while fulfilling their fiduciary duty to clients.

SEC Commissioner Elad L. Roisman voted in favor of the guidance, asserting that it (i) conforms to the Proxy Voting Rule’s flexible, principles-based approach to investment advisers’ proxy voting responsibilities, (ii) modernizes the Staff Legal Bulletin 20 (“SLB 20”) and (iii) highlights the importance of serving a client’s best interests.

SEC Commissioner Robert J. Jackson, Jr. dissented, expressing concern that the guidance would further concentrate the “proxy-advisory industry” due to the additional costs of compliance. According to Mr. Jackson, smaller institutions may not be able to bear the necessary costs, which could lead smaller investors to opt out of voting. Mr. Jackson noted that although the “role of proxy advisors has been hotly debated for decades,” all sides know that a competitive market helps both investors and issuers.

SEC Commissioner Allison Herren Lee voted against the guidance, saying that it “creates significant risks to the free and full exercise of shareholder voting rights.” Specifically, Ms. Lee criticized the guidance stating it:

  • would increase costs and “time pressure”;
  • would require more issuer involvement, despite “widespread agreement” that it would “undermine the reliability and independence of voting recommendations”; and
  • should undergo a notice and comment period or a cost-benefit analysis.

Interpretation and Guidance on Proxy Voting Advice

The SEC also provided an interpretation of SEA Rule 14a-1 (“Solicitation of Proxies – Definitions”). The SEC stated that proxy voting advice by a proxy advisory firm generally constitutes a solicitation under federal proxy rules. The SEC clarified that solicitations that are exempt from proxy filing requirements nonetheless remain subject to SEA Rule 14a-9 (“False or Misleading Statements”).

Commissioner Roisman supported the interpretation of SEA Rule 14a-1, emphasizing that it reiterates previous SEC statements that proxy voting advice is generally considered a “solicitation” under the rule. Mr. Roisman said that the interpretation will not interfere with proxy advisory firms’ ability to rely on information and filing exemptions under the federal proxy rules. Further, Mr. Roisman stated that the guidance on Rule 14a-9 offers “helpful” information on proxy voting advice, such as what information proxy advisors should disclose.

Commissioner Lee opposed the interpretation of SEA Rule 14a-1, stating that the SEC is planning to review the solicitation rules and may soon change the underlying exemptions. Ms. Lee highlighted the potential compliance burdens, which would force market participants to implement processes to comply with a regulatory framework that may soon change.

Future Actions

SEC Chair Jay Clayton stated that the interpretation and guidance provided a “first step” toward modernizing the proxy system. Mr. Clayton added that the SEC is also considering recommendations to amend SEA Rule 14a-2(b) (“Solicitations to Which § 240.14a-3 to § 240.14a-15 Apply”), which provides information and filing requirement exemptions. These exemptions, according to Mr. Clayton, were “adopted decades ago and warrant a fresh look.”

LOFCHIE COMMENTARY

Investment advisers will need to take a close look, and a periodically ongoing look, at their proxy voting policies. Advisers should be mindful that nothing obligates them to vote their clients’ shares, as long as an adviser has made it clear in its agreement with its clients that it will not do so. For many advisers, voting shares will not be worth the effort.

Separately, the very interesting aspect of declaring that proxy advisors are subject to SEA Rule 14a-9 is that it imposes on proxy advisors a more significant burden to justify or support their advice and to disclose any conflicts related to that advice. Query whether the threat of liability under SEA Rule 14a-9 changes the way that proxy advisors go about their business?

CFS Monetary Measures for July 2019

Today we release CFS monetary and financial measures for July 2019. CFS Divisia M4, which is the broadest and most important measure of money, grew by 5.0% in July 2019 on a year-over-year basis versus 4.8% in June.

For Monetary and Financial Data Release Report:
http://www.centerforfinancialstability.org/amfm/Divisia_Jul19.pdf

For more information about the CFS Divisia indices and the data in Excel:
http://www.centerforfinancialstability.org/amfm_data.php

Bloomberg terminal users can access our monetary and financial statistics by any of the four options:

1) {ALLX DIVM }
2) {ECST T DIVMM4IY}
3) {ECST} –> ‘Monetary Sector’ –> ‘Money Supply’ –> Change Source in top right to ‘Center for Financial Stability’
4) {ECST S US MONEY SUPPLY} –> From source list on left, select ‘Center for Financial Stability’

CFPB Highlights Analysis on the Use of Non-Traditional Data in Credit Process

The CFPB highlighted the results of an analysis comparing the uses of traditional and non-traditional sources of information by consumers in the credit process.

In 2017, the CFPB granted no-action relief from certain Regulation B requirements to Upstart Network, Inc. (“Upstart Network”) to use alternative data (such as education and employment history) and machine learning for the purpose of an underwriting and pricing model. The no-action letter was contingent on Upstart Network providing the CFPB with information about compared results between (i) its credit underwriting and pricing model (a tested model) and (ii) a more standard model. Upstart Network was tasked with answering:

whether the Alternative Model’s use of alternative data and machine learning would increase access to credit; and
if the Alternative Model’s underwriting or pricing results create greater disparities than the traditional model (i.e., race, ethnicity, sex, age).
Based on the information gathered by Upstart Network, the CFPB found that:

access-to-credit comparisons showed the Alternative Model approved 27 percent more applicants than the traditional model, in addition to yielding 16 percent lower average annual percentage rates (“APRs”) for approved loans;
the expansion of credit access increased the acceptance rates in the Alternative Model for all tested races, ethnicity and sex segments by 23-29 percent while decreasing the average APRs by 15-17 percent;
“near prime” consumers in the Alternative Model with FICO scores between 620 and 660 were approved nearly twice as frequently;
applicants under 25 years of age in the Alternative Model were 32 percent more likely to be approved; and
consumers in the Alternative Model with incomes under $50,000 were 13 percent more likely to be approved.

LOFCHIE COMMENTARY

Should the regulators be approving credit models based on whether they are happy with the results? What happens if another credit scoring metric produces different or less favored results: does that metric become illegal to use without regard to the process of its production or its accuracy?

Big data raises lot of important social/moral questions; and “disparate impact” is one of the more complex ones. For some background discussion of “big tech,” “big data” and credit scoring, see “Big tech in finance: opportunities and risks,” particularly the discussion of credit provision beginning on page 60, and Senate Banking Committee Considers Testimony on Consumer Data Vendors.

Global Regulators Express Concern with Libra Network’s Ability to Protect Consumer Data

Data protection and privacy enforcement regulators expressed concern with the lack of information provided by Facebook and other members of the Libra Network regarding the proposed cryptocurrency.

In a joint statement, the UK Information Commissioner’s Office and authorities from Albania, Australia, Canada, Burkina Faso, the European Union and the United States expressed doubt about the Libra Network’s ability to protect consumer data given the (i) current lack of transparency regarding the digital currency and infrastructure and (ii) Facebook’s recent misuse of consumer data, which “had not met the expectations of regulators, or their own users.” The regulators warned that once Libra is launched, it could give the network access to “millions of people’s personal information.” Given these issues, the regulators emphasized that they were “surprised and concerned” that more information has not been provided regarding the network’s data protection efforts.

To achieve some clarity, the regulators called on the Libra Network to answer a number of very broadly phrased questions regarding data protection and privacy, and the ability of individual consumers to protect their information, including by deleting their accounts.

Levy on Monetary Realities Facing the ECB, Fed and BoJ: More Easing Won’t Stimulate the Economy

CFS is delighted to publish a thoughtful piece by Mickey Levy – Berenberg Capital Markets, Chief Economist for the Americas and Asia and Shadow Open Market Committee member.

In “Monetary Realities Facing the ECB, Fed and BoJ: More Easing Won’t Stimulate the Economy,” Mickey digs into the monetary policy transmission channels to assess growth implications of policy alternatives and considers the risks of excessive reliance on monetary easing.

He illustrates why further eases may not be the elixir for future growth. The paper is available at www.CenterforFinancialStability.org/research/Monetary_Policy_Realities_072919.pdf.

ECB presentation by Philipp Hartmann

The Center for Financial Stability (CFS) recently hosted a roundtable discussion on European Central Bank (ECB) monetary policy with Philipp Hartmann. Philipp is Deputy Director General for research at the ECB and one of the founders of its research department.

Philipp’s presentation – covered the first 20 years of ECB policy, the relatively wide range of monetary instruments, defining new ones, and the strategic underpinning of its policy framework – available at http://www.CenterforFinancialStability.org/research/20190717_ECB_Monetary_Policy_Hartmann.pdf

Schuler on “Just Before Bretton Woods: The Atlantic City Conference”

CFS senior fellow Kurt Schuler presented on “Just before Bretton Woods: The Atlantic City Conference” at an event organized by the Treasury Historical Association.

Kurt’s presentation on the conference that laid the groundwork for Bretton Woods is available at http://www.CenterforFinancialStability.org/speeches/Just_before_Bretton_Woods_THA_20190717.pdf

His talk is based on a forthcoming book of the conference minutes that he is working on with co-editor Gabrielle Canning.

Monopoly Money: Facebook Executive Responds to Regulatory Concerns over Proposed Cryptocurrency

A Facebook executive responded to regulatory concerns over the company’s proposed blockchain-based cryptocurrency, “Libra.”

In testimony before the U.S. Senate Committee on Banking, Housing and Urban Affairs, Facebook subsidiary Calibra executive David Marcus emphasized that Facebook will not release Libra until it has addressed regulatory concerns and received the necessary approvals.

Mr. Marcus clarified that, among other things:

– Libra is like cash and will serve as a payment tool, “not as an investment”;

– Libra Reserve will be subject to its respective government’s monetary policies;

– Libra Association does not intend to compete with sovereign currencies or engage in the “monetary policy arena”;

– Facebook will hold a leadership role until the Libra network launches, after which Facebook will have the same voting power as all other members;

– Libra Association will be supervised by the Swiss Financial Markets Supervisory Authority and intends to register as a money services business with the Financial Crimes Enforcement Network;

– Libra will adhere to anti-money laundering and Bank Secrecy Act requirements; and

– Libra Association “cannot . . . and will not” monetize data from the blockchain.

Mr. Marcus outlined the structure and management of Calibra, established “to provide financial services using the Libra Blockchain.” Mr. Marcus distinguished Libra and Calibra, saying that the entities are separate and that they will not exchange individual customer data. Additionally, Mr. Marcus noted that, with exceptions, Calibra will not share customers’ accounts and financial information with Facebook, and that the information will not be used for ad targeting. Facebook said that Calibra will increase user activity on Facebook, thereby generating greater advertising revenue.

COMMENTARY / STEPHEN LOFCHIE

The principal point of the statement was to assert that Libra will be operated in full compliance with all relevant national laws. As to one of the key questions concerning whether Libra coins might be a “security,” Mr. Marcus stated that it would not be because “Libra is a payment tool, not an investment. People will not buy it to hold like they would a stock or bond, expecting it to pay income or increase its value. Libra is like cash.”

Notwithstanding Mr. Marcus’ assertion, Libra raises a number of very difficult (or at least unresolved) legal questions. Unlike “stablecoins” that are completely linked to the value of a single currency (they are just representations of bank deposits), it is intended that Libra will be backed by a reserve of a number of different currencies. The relative proportions of various currencies to be held in the reserve is uncertain. The fact that Libra is not simply a virtual dollar means that, at least under current law, each purchase and sale of a Libra could be a taxable event for U.S. taxpayers. There are also securities law issues raised by, for example, the fact that the determination of the assets to back a Libra will involve discretion as to the purchase and sale of securities.

From a business standpoint, Mr. Marcus suggests that the real market for Libra may be outside of the United States or of any developed economy. Rather, the market for Libra could be principally in countries where the local currency is volatile or where there is significant uncertainty as to the soundness of the banking system. That actually makes a good deal of sense. Consumers in the United States may not have much use in their daily lives for a currency tied to a global basket of other currencies and securities that fluctuates each day, even if not that much, against the dollar. On the other hand, consumers in Venezuela might find such a currency very appealing.

CFS Monetary Measures for June 2019

Today we release CFS monetary and financial measures for June 2019. CFS Divisia M4, which is the broadest and most important measure of money, grew by 4.8% in June 2019 on a year-over-year basis versus 4.6% in May.

For Monetary and Financial Data Release Report:
http://www.centerforfinancialstability.org/amfm/Divisia_Jun19.pdf

For more information about the CFS Divisia indices and the data in Excel:
http://www.centerforfinancialstability.org/amfm_data.php

Bloomberg terminal users can access our monetary and financial statistics by any of the four options:

1) {ALLX DIVM }
2) {ECST T DIVMM4IY}
3) {ECST} –> ‘Monetary Sector’ –> ‘Money Supply’ –> Change Source in top right to ‘Center for Financial Stability’
4) {ECST S US MONEY SUPPLY} –> From source list on left, select ‘Center for Financial Stability’