Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group

Congress Pushes for CFPB Transparency

ConstitutionOn September 30, 2015, the House Financial Services Committee passed with bipartisan support two bills that would have significant impact on the accountability and transparency of the Consumer Financial Protection Bureau (CFPB).

1.  The Bureau of Consumer Financial Protection-Inspector General Reform Act of 2015

H.R. 957 would create an independent inspector general for the CFPB who is nominated by the president and confirmed by the Senate. The bill also would require the CFPB to set aside 2 percent of its annual funding to operate the inspector general’s office.

Currently, there is no independent inspector general solely dedicated to the CFPB; instead, the CFPB and the Federal Reserve share an inspector general who is appointed by the Federal Reserve chairman, without the need for Senate confirmation. Originally introduced in 2013 by Representative Steve Stivers (R-Ohio), H.R. 957 was re-introduced in February 2015 as a bipartisan bill co-authored by Representatives Tim Walz (D-Minnesota) and Stivers. Representative Stivers has supported the bill, stating, “More than 30 other federal departments and agencies have an independent Inspector General. This bill would bring the CFPB in line with these agencies and provide the necessary oversight and transparency.”

The bill passed the committee by a vote of 56-3.

2.  The Financial Product Safety Commission Act of 2015

H.R. 1266 would remove the CFPB from the Federal Reserve and make it a stand-alone agency governed by a five-member, bipartisan commission that includes no more than three commissioners of one political party. Currently, the CFPB is led by a lone director, Richard Cordray. The bill’s sponsor, Randy Neugebauer (R-Texas), explained the purpose of the bill, stating, “By changing the leadership structure, we can ensure the CFPB is more accountable, transparent and shielded from the whims of political change and partisan politics.” The bill passed the committee by a vote of 35-4.

We will continue to monitor for further developments.


CFPB Online Loan Suit Sent to California

87790287_jpgIn the most recent development in the CFPB’s two-year-old lawsuit alleging unfair, deceptive, and abusive practices by several online lenders, on September 23, 2015, Massachusetts U.S. District Judge George O’Toole, Jr., granted a motion transferring the CFPB’s suit from the District of Massachusetts to the Central District of California.

The case, Consumer Financial Protection Bureau v. CashCall, Inc. et al., is the first action brought by the Bureau against an online lender. In its complaint, the CFPB alleges that three California-based companies violated the Consumer Financial Protection Act (CFPA) by seeking to collect on loans that were void or partially nullified under state law. Several states have laws that render small-dollar loans void if they exceed a maximum interest rate or were made without a consumer-lending license. Under these laws, the lender has no right to collect from consumers, and consumers have no obligation to repay.

The CFPB’s complaint implicates laws from 16 states and alleges, among other things, that the defendants engaged in “abusive” practices by taking unreasonable advantage of consumers’ lack of understanding about the impact of these laws on the parties’ rights and obligations regarding the loans—basically by repeatedly telling borrowers they were required to repay the loans.

According to the complaint, CashCall and WS Funding entered into an agreement with Western Sky Financial where loans were made in Western Sky’s name, but funded by WS Funding, and then almost immediately sold to WS Funding and serviced and collected by CashCall and Delbert Services Corp. Western Sky is owned by a member of the Cheyenne River Sioux Tribe, and the loan agreements stated that the loans were “subject solely to the laws and jurisdiction of the Cheyenne River Sioux Tribe” and therefore exempt from state law.

CFPB director Richard Cordray said that hundreds of thousands of loans were made using this scheme in amounts ranging from $850 to $10,000 and with interest rates from 90% to 343%. The agreements also permitted CashCall to debit a specified monthly installment amount directly from borrowers’ bank accounts.

The CFPB’s argument that the loans were subject to state law relies on allegations that Western Sky is owned by a member of an Indian tribe, but not owned or operated by a tribe or tribal entity, and is organized as an LLC under South Dakota law, as opposed to under tribal law.

Several state courts have held that sovereign immunity does not apply to lawsuits involving tribal lenders because the challenged activity took place away from tribal lands, in states where the loans were considered illegal, and because the entities sought to evade state licensing and usury laws. However, in a case currently on appeal, a California Court of Appeal held that payday lenders owned by federally recognized Indian tribes were immune from suit from the state under the “arm-of-the-tribe” doctrine.

In his order granting the defendants’ motion to transfer venue, Judge O’Toole found the Central District of California to be a “substantially more convenient forum” for the case. Judge O’Toole stated that the “alleged illegal activity at the heart of this case was apparently managed from within the Central District,” where a majority of the defendant-companies’ employees reside and where the companies perform most of their business and house most of their corporate records. “In contrast, there is no strong (if any) reason why Massachusetts would be a more appropriate forum. Massachusetts is one of sixteen states whose laws and public interests are implicated by the [CFPB’s] complaint, and its interests seem relatively minor in comparison to other involved states.”

Aside from addressing the tribal immunity issue, the case’s bigger impact could be in clarifying how the CFPB defines and how courts interpret what constitutes “abusive” practices under the CFPA. Before the creation of the CFPB, regulators could challenge “unfair” or “deceptive” acts and practices, but the Dodd-Frank Act also allows the CFPB to challenge “abusive” practices. Few cases have had occasion to address the scope of what constitutes abusive practices and how those differ from unfair or deceptive practices. That may change soon. In addition to the CashCall suit, the CFPB is presently pursing an “abusive practices” theory against another online lender in Consumer Financial Protection Bureau v. NDG Financial Corp. et al., case number 1:15-cv-5211, filed in July 2015 in the Southern District of New York.


CFPB Proposes Banning Some Arbitration Clauses, Resurrecting Consumer Contract Class Actions

OnMoney October 7, 2015, the Consumer Financial Protection Bureau (CFPB) announced that it is exploring a rulemaking to eliminate the use of certain arbitration agreements in consumer contracts that block consumers from participating in class-action lawsuits. If enacted, the new rule will impact companies that fall within the CFPB’s broad interpretation of businesses that provide financial products and services for consumer purposes.

The announcement comes on the heels of the CFPB’s publication of a three-year study on arbitration that concluded that consumers generally are better served through litigation. According to CFPB Director Richard Cordray, arbitration clauses amount to “a free pass to sidestep the court and avoid accountability for wrongdoing.”

The CFPB does not intend to ban all arbitration agreements in consumer contracts. However, under the proposal, businesses within the CFPB’s jurisdiction will be required to include language in each consumer contract stating that the arbitration agreement does not apply to cases filed as potential class-action lawsuits unless a judge denies class certification or a court dismisses the underlying claims.

By its terms, the proposal will apply to arbitration agreements entered into 180 days from the effective date of any regulation. The CFPB indicated that it will set an effective date of 30 days after the rule is published. The proposal will drastically impact businesses. If passed, businesses will be required to revamp arbitration clauses contained in their consumer contracts within 210 days after the rule is published. Businesses also will likely shoulder increased class-action litigation costs because companies will no longer be able to rely on an arbitration agreement to support a motion to compel arbitration in a class-action case (until after class certification is denied or class claims are dismissed).

The proposal diverges from several Supreme Court decisions that have held that mandatory arbitration clauses can include class action bans, such as AT&T Mobility LLC v. Concepcion and American Express Co. v. Italian Colors Restaurant, as well as the Federal Arbitration Act enacted by Congress in 1925.

Additionally, the CFPB’s rulemaking seeks to impose a reporting obligation on businesses related to arbitration. Specifically, businesses will be required to report all new arbitration claims filed by consumers to the CFPB as well as each arbitration award. The CFPB has considered publishing the claims and awards to its website. This runs contrary to the confidentiality associated with arbitration actions that companies typically value. According to the CFPB, such publication will monitor “problematic business practices” and generate more transparency in the arbitration process.

This announcement marks the first step in the rulemaking process. The CFPB released its proposal and has invited comments from the public.

FCPA Investigations, SEC, SEC Enforcement, Securities Litigation

SEC ‘Broken Windows’ Enforcement Policy Is Showing FCPA Results

In October 2013, SEC Chairwoman Mary Jo White announced a broken windows enforcement policy to “pursue even the smallest infractions” of U.S. securities laws, including the FCPA, as a means of deterrence.

As White stated in announcing the policy, “minor violations” that a company fails to address “feed bigger ones, and, perhaps more importantly, can foster a culture where laws are increasingly treated as toothless guidelines.”

A review of SEC FCPA enforcement actions to date in 2015 seems to demonstrate that the SEC is truly committed to policing the beat, and vigorously pursuing infractions large and small regardless of the potential settlement payout.

For context, in 2005, the average cost to resolve an FCPA enforcement action with the DOJ or SEC was just over $7 million. By 2010, that average was an order of magnitude higher ($78 million), and topped out at $156 million in 2014. For its part, the SEC settled eight FCPA cases in 2014, three of which involved total settlement payments in excess of $100 million.

But 2015 has looked markedly different, with the SEC as of September 30 having settled nine FCPA enforcement actions, at an average cost of just under $9.7 million per settlement, with a high-water mark of $25 million. This spate of a higher volume of smaller value settlements seems to be accelerating, with five SEC FCPA cases having resolved during the third calendar quarter.

The resolution involving Hyperdynamics Corporation (September 29, 2015) is a poster child for the broken windows enforcement philosophy. The oil and gas exploration company, with primary operations in West Africa, agreed to entry of a no-admit-or-deny administrative cease-and-desist order by the SEC to resolve books and records and internal control violations, along with a payment of just $75,000 in penalties to the SEC.

Hyperdynamics — which had received a declination of prosecution by the DOJ in May 2015 — benefited from having taken swift and significant remedial actions after discovering that its Guinean subsidiary had paid $130,000 for services by third parties controlled by a company employee, for which there was inadequate supporting documentation to determine whether the services were actually provided and to identify the ultimate recipient of the funds.

The remedial actions included termination of the company’s senior management and replacement of its entire board of directors, revision to policies and procedures, training, increases to compliance-responsible resources, and improvements to internal controls.

The cease-and-desist order does not include any allegation of bribes having been paid, focusing instead on weak internal controls and lack of third-party due diligence and monitoring. And that seems to be one of the biggest messages broken windows enforcement is meant to convey — that a company can violate the FCPA even without paying bribes, and can best insulate itself from a potentially disastrous enforcement action by ensuring that its internal controls and compliance program are up to snuff.

This article was originally published on the FCPA Blog

Compliance, Enforcement Actions, Financial Regulation, SEC, SEC Enforcement, Securities Fraud

SEC Enforcement Continues to Pursue Hedge Fund Advisers

SEC Enforcement DefenseThe SEC continues to pursue enforcement actions against hedge fund managers for alleged self-dealing, undisclosed conflicts of interest, and valuation issues. As we’ve previously reported (here and here), the SEC has stepped up its review and enforcement of private fund managers following Dodd-Frank, which required most investment advisers to private funds to register with the SEC, which in turn subjected them to increased regulatory oversight.

As previously detailed, the SEC has been publicly counseling fund advisers that its Office of Compliance Inspections and Examination (OCIE) would ramp up examinations of advisers and would focus particularly on certain issues of concern it had identified within the private fund industry, such as marketing practices, portfolio management, conflicts of interest, safety of client assets, and valuation.

As expected, this increased focus has led to SEC enforcement actions against private fund advisers related to these same issues, including a couple of new actions this past month. In early September, the SEC announced it settled an action with an investment adviser and its CEO, accused by the SEC of inflating the value of fund portfolio assets to generate unearned management fees. Among other issues, the CEO allegedly falsely claimed the fund owned an asset, when in reality, it owned a different asset worth substantially less. The SEC obtained over $1 million in combined disgorgement, interest and penalties, and the CEO agreed to be barred from the industry. In the same press release, the SEC announced it had settled an administrative proceeding with the fund’s outside auditors. The SEC alleged that the auditors did not adhere to generally accepted auditing standards and performed a deficient audit, wherein they failed to obtain sufficient appropriate audit evidence regarding whether certain fund assets existed. The auditors have been suspended for three years from practicing as accountants on behalf of any publicly traded company or SEC-regulated entity.

And just last week, the SEC charged a registered investment adviser and its owner with securities fraud (and with violating, or aiding and abetting violations of, other SEC rules) related to its management of affiliated hedge funds and clients of those funds. As explained in the SEC’s press release announcing the charges, the SEC alleged that the adviser (and its owner) engaged in self-dealing and failed to disclose conflicts of interest or material facts about use of investor funds and investment risk. For example, the adviser allegedly caused affiliated hedge funds to invest in companies without disclosing its financial interests in those companies. This case reflects yet another example of the SEC Enforcement Division pursuing the same potential problems − such as conflicts of interest and portfolio management − that have been publicly identified as priority issues by OCIE and the National Examination Program.

This enforcement trend is likely to continue. As more newly registered advisers are inspected, the odds are good that the SEC will identify additional problems and pursue more enforcement actions related to valuation issues, conflicts of interest, and other focal issues of OCIE examinations. Therefore, private fund advisers need to ensure they have robust compliance programs tailored to the particulars of their individual businesses and that they review and update them often. Otherwise, it might not be just OCIE that comes knocking.



CFPB Announces New Set of Advisory Board Members

Government-Regulatory-and-Criminal-Investigations.jpgOn September 18, 2015, the CFPB announced that it was appointing new members to the Consumer Advisory Board, Community Bank Advisory Council, and the Credit Union Advisory Council. These three bodies advise CFPB leadership on consumer financial issues and emerging market trends. However, these advisory groups can only provide nonbinding recommendations and cannot make determinations of fact or policy.

According to CFPB Director Richard Cordray, “These advisory bodies play a crucial role in ensuring that the Bureau is addressing the wide variety of perspectives in the consumer financial marketplace.” Indeed, according to the CFPB, the new members “include experts in consumer protection, financial services, community development, fair lending, civil rights, and consumer financial products or services, as well as representatives of community banks and credit unions.”

New Consumer Advisory Board members will serve three-year terms. New Community Bank Advisory Council members and new Credit Union Advisory Council members will serve two-year terms.

Consumer Advisory Board

 The Consumer Advisory Board provides the CFPB with “information on emerging practices in the consumer financial products or services industry, including regional trends, concerns, and other relevant information.” The CFPB provides the funding and administrative support to operate this board, as well as the Community Bank and Credit Union advisory councils. This board has annual operating costs estimated at $500,000 per year and must meet at least two times per year.

The new members on the Consumer Advisory Board include the following:

  • Seema M. Agnani, director of policy and civic engagement, National Coalition for Asian Pacific American Community Development, Washington, D.C.
  • Sylvia A. Alvarez, executive director, Housing & Education Alliance, Tampa, Fla.
  • Tim Chen, chief executive officer, NerdWallet, San Francisco, Calif.
  • Kathleen C. Engel, research professor, Suffolk University Law School, Boston, Mass.
  • Judith L. Fox, clinical professor of law, University of Notre Dame, Notre Dame, Ind.
  • Neil F. Hall, executive vice president, PNC Financial Services Group, Pittsburgh, Pa.
  • Raul A. Hinojosa-Ojeda, associate professor, University of California Los Angeles Division of Social Sciences, Los Angeles, Calif.
  • Brian D. Hughes, senior vice president of card marketing, Discover Financial Services, Deerfield, Ill.
  • Christopher G. Kukla, senior vice president, Center for Responsible Lending, Durham, N.C.
  • Max R. Levchin, co-founder and chief executive officer, Affirm, San Francisco, Calif.
  • Phaedra B. Robinson, executive director, Coalition for a Prosperous Mississippi, Richland, Miss.
  • Joshua Zinner, co-director, New Economy Project, New York, N.Y.

Community Bank Advisory Council

 The Community Bank Advisory Council is intended to establish “an interactive dialogue and exchange of ideas and experiences between community bankers and Bureau staff.” The Advisory Council has annual operating costs estimated at $300,000 per year and must meet at least twice a year.

The new members on the Community Bank Advisory Council include the following individuals:

  • Jonathan T. Allen, chief compliance officer, Bank of American Fork, American Fork, Utah
  • Kathleen J. Cook, president and chief executive officer, The Village Bank, Saint Libory, Ill.
  • Julia R. DeBery, senior vice president, Internal Audit and Risk Management, Bath Savings Institution, Bath, Maine
  • Jack E. Hopkins, president and chief executive officer, CorTrust Bank, Sioux Falls, S.D.
  • Ricardo “Ricky” D. Leal, community lender and senior vice president, First Community Bank, N.A., Harlingen, Texas
  • Cara L. Quick, vice president of compliance, First Hope Bank, N.A., Hope, N.J.
  • Thomas E. Spitz, chief executive officer, Settlers Bank, Windsor, Wis.
  • Yee Phong (Alan) Thian, president and chief executive officer, Royal Business Bank, Arcadia, Calif.
  • Samuel Vallandingham, president and chief executive officer, First State Bank, Barboursville, W.Va.

Credit Union Advisory Council

Similar to the Community Bank Advisory Council, the Credit Union Advisory Council is intended to establish dialogue between credit union employees and CFPB staff. The Credit Union Advisory Council also has annual operating costs estimated at $300,000 per year with a minimum of two yearly meetings.

The new members on the Credit Union Advisory Council include the following:

  • Gail L. DeBoer, president and chief executive officer, SAC Federal Credit Union, Papillion, Neb.
  • Robert C. Donley, executive vice president, Members Credit Union, Winston-Salem, N.C.
  • Gregory W. Higgins, senior vice president and general counsel, Wings Financial Credit Union, Saint Paul, Minn.
  • Maria A. LaVelle, chief executive officer, Westmoreland Community Federal Credit Union, Greensburg, Pa.
  • Carrie L. O’Connor, senior vice president, Lending and Operations, Community America Credit Union, Shawnee Mission, Kan.
  • Thomas J. O’Shea, president and chief executive officer, Aspire Federal Credit Union, Clark, N.J.
  • Katey Proefke, assistant vice president of compliance, Chevron Federal Credit Union, Oakland, Calif.
  • James E. Spradlin, president and chief executive officer, Park Community Credit Union, Louisville, Ky.

We will continue to monitor the new advisory group appointees and report on developments.


CFPB, Compliance, Corporate Compliance, Enforcement Actions

Hudson City Savings Bank Reaches Largest Mortgage Redlining Settlement in DOJ History

780536982The CFPB, DOJ, and Hudson City Savings Bank, F.S.B. (“Hudson City”) recently entered into the largest residential mortgage redlining settlement in DOJ history. On September 24, 2015, the parties filed a Joint Motion for Entry of Consent Order that resolves allegations of discriminatory practices of redlining in predominately Black and Hispanic neighborhoods. The consent order requires Hudson City, among other things, to spend over $30 million on loan subsidies, penalties and other programs, open new branches, and contract with third party consultants to ensure certain compliance standards. Hudson City’s settlement is another reminder that the CFPB will not hesitate to scrutinize the impact of a lender’s actions, not merely the actions alone.

In its complaint, the CFPB alleged that Hudson City violated the Equal Credit Opportunity Act (“ECOA”) and the Fair Housing Act (“FHA”) by discouraging applicants in affected metropolitan statistical areas (“Affected MSA’s”), which include majority Black and Hispanic neighborhoods (“Affected Neighborhoods”), from applying for residential mortgages. Hudson City allegedly (1) placed the vast majority of its branches and loan officers outside of Affected Neighborhoods, (2) excluded Affected Neighborhoods from Hudson City’s Community Reinvestment Act (“CRA”) assessment, (3) selected mortgage brokers who were located outside of Affected MSA’s, and (4) focused its marketing efforts on neighborhoods with relatively few Black and Hispanic residents. According to government data, 121 out of 135 Hudson City branches are located outside of Affected MSA’s, only 12 out of 162 Hudson City brokers are located in Affected MSA’s, Hudson City excluded a large number of counties with high proportions of Affected MSA’s from its CRA assessment, and “failed to advertise meaningfully” in Affected Neighborhoods. The DOJ and CFPB found it important that only 4.8 percent of loan applications Hudson City received from 2009-2013 were for properties in Affected Neighborhoods even though 35.9 percent of the Affected MSA’s are Affected Neighborhoods. In addition, the agencies emphasized that Hudson City’s peers (who are not identified) generated 13 percent of their applications from those same neighborhoods.

To avoid the costs of litigation and any admission of wrongdoing, Hudson City agreed to (among other things):

  1. invest $25,000,000 in a loan subsidy program to increase credit extended in Affected Neighborhoods;
  2. pay a civil penalty of $5,500,000 to the CFPB;
  3. spend a minimum of $750,000 on partnerships with community-based organizations in Affected Neighborhoods to assist in revitalizing the particular areas;
  4. spend a minimum of $200,000 per year on targeted advertising and an outreach campaign;
  5. spend a minimum of $100,000 per year on specific financial education programs;
  6. open or acquire two new full-service branches within minority neighborhoods;
  7. hire or designate a full-time director of community lending;
  8. propose an independent third party consultant to who will perform an assessment of community needs and submit a written report to the DOJ and the CFPB within a certain number of days;
  9. contract with an independent third party consultant to provide an assessment of Hudson City’s redlining compliance program, and prepare a written report and separate compliance plan; and
  10. provide specific redlining training to all covered employees.


In the current climate, lenders must be aware of the potential effects their actions have, or could have, on a borrower’s decision to apply for credit. Although statistical analysis is often construed in a manner benefitting the government, it is important for lenders to conduct their own analysis and to continually evaluate their marketing efforts, branch locations, broker locations, employee training and compliance programs in an effort to ensure equal access to credit and to prepare for the unavoidable investigation.

CFPB, Enforcement Actions, News, Schemes

CFPB Obtains Injunction Against World Law Group

TCashhe CFPB recently obtained preliminary injunctions against debt-reduction company World Law Group, its affiliates and its owners, thereby freezing the company’s assets and stopping all further operations pending the outcome of a CFPB lawsuit against the company. The injunctions, issued on September 2 and September 14, come on the heels of the complaint filed by the agency last month in the U.S. District Court for the Southern District of Florida. In the complaint, the CFPB alleges that World Law Group operated an illegal debt-relief scheme that charged consumers “exorbitant” upfront fees and rarely delivered promised services, ultimately collecting over $67 million in illegal fees from at least 21,000 consumers.

According to the CFPB, World Law Group promised to provide potential clients with teams of attorneys, including local counsel, to negotiate with their creditors and obtain favorable debt settlements. Clients were instructed to stop paying creditors and make monthly payments to World Law Group in order to receive the company’s services. The company told clients that these upfront payments would be rolled into an account that would be used to negotiate settlement of their debts. According to the CFPB, World Law Group collected fees from these payments before providing any actual debt-relief services, and generally failed to obtain the promised debt reductions for its clients. Additionally, the CFPB contends that most of the company’s work was performed by non-attorneys and that consumers rarely, if ever, spoke to actual lawyers. When creditors sued for payment, World Law Group allegedly provided its clients with boilerplate pleadings and instructed them to file the pleadings themselves.

The CFPB charges that World Law violated the Telemarketing and Consumer Fraud and Abuse Prevention Act (Telemarketing Act) by collecting illegal upfront fees. The Federal Trade Commission enacted the Telemarketing Act in 2010 in an effort to protect consumers against aggressive debt-collection companies by banning those companies from charging upfront fees for their services. Advance fees for legal services were not banned by the Telemarketing Act, and World Law attempted to exploit this loophole by stating that collected fees would be used to pay lawyers, according to the CFPB. The CFPB estimates that 99 percent of the consumers who enrolled in World Law’s program were charged illegal upfront fees. In addition to violating the Telemarketing Act, the CFPB contends that World Law Group’s false promises of legal representation violated the Dodd-Frank Act’s prohibitions against unfair, deceptive, or abusive acts and practices.

The injunctions provide broad relief to the CFPB. Among other things, they freeze all of the company’s assets, order the repatriation of all foreign assets, and order that all company operations be halted. The injunctions also order the appointment of an equity receiver (Robb Evans and Associates, LLC), who is empowered to take control over all assets and business affairs of World Law Group. Although the case technically remains pending, the broad relief granted by the court effectively resolves the matter in the CFPB’s favor.


SEC, SEC Enforcement

SEC Proposes to Amend Rules Governing Administrative Proceedings

sec logoOn September 24, 2015, the Securities and Exchange Commission (SEC) issued a press release announcing proposed amendments to its Rules of Practice governing administrative proceedings. The announcement comes at a critical time, when the SEC’s use of administrative proceedings has come under increasing fire. The proposed rules attempt to address aspects of the administrative process that are most often criticized: the lack of discovery and the compressed hearing schedule. The proposed rules also seek to modernize the administrative process by requiring electronic filing, which the SEC hopes will increase transparency into the administrative process.

In recent years, the SEC’s administrative process has been under heightened scrutiny. With the passage of Dodd-Frank in 2010, Congress gave the SEC the ability to seek monetary penalties in administrative proceedings, and to seek those penalties against “any person,” not just registered entities and individuals. Since that time, the SEC has been bringing more and more of its contested enforcement actions as administrative proceedings, instead of filing them in federal district court.

While the SEC has heralded the efficiency of the administrative process as the reason for its increased reliance on that process, it just so happens that the SEC also enjoys a much higher success rate in the administrative process. In fact, in the past three years, the SEC has won 96 percent of the administrative proceedings that it prosecuted, but only 67 percent of its federal court actions. As a result, the defense bar often accuses the SEC of forum shopping, by bringing cases as administrative proceedings before biased administrative law judges instead of weathering more even-handed scrutiny in federal court.

In an effort to make its forum selection process more transparent, on March 8, 2015, the SEC published guidance on the four factors that it weighs when deciding the forum in which to file a contested action. But publication of the factors did little to silence critics, in part because the list of factors was not exhaustive and they were applied so flexibly that they shed little light on the forum-selection process. And some of the factors (like the cost-, resource- and time-effectiveness of the forum) highlighted the unfairness of the expedited administrative process.

 The SEC’s increasing reliance on the administrative process continues to draw a great deal of criticism. Because the current version of the SEC’s Rules of Practice was adopted long before the passage of Dodd-Frank, the rules did not adequately address certain fairness issues that arise in more complex securities enforcement cases. In recent years, respondents have filed district court actions collaterally challenging the constitutionality of SEC administrative proceedings. While the early due process and equal protection challenges did not see much success, some of the recent challenges, which attack the appointment of the SEC’s administrative law judges as a violation of the Appointments Clause, have succeeded. As a result, some district court judges have enjoined ongoing administrative proceedings.

With the increased scrutiny and the increased success of constitutional challenges, it is not surprising that the SEC is now taking steps to address some of the public’s concerns about the process. And the SEC’s proposed rules address two aspects of the administrative process that are most frequently attacked as unfair: (1) the absence of any real opportunity for a respondent to take discovery, and (2) the short period of time a respondent has to prepare for an administrative hearing.

One of the biggest complaints about the fairness of the SEC’s administrative process has been the respondents’ inability to take discovery. Given that most SEC investigations take years, and given that the Enforcement Division staff has almost unfettered access to information during an investigation, the lack of discovery undermines respondents’ ability to defend themselves and calls into question the fairness of the entire proceeding. The proposed rules would permit each side to take up to five depositions in an administrative proceeding involving multiple respondents, and it would allow a party to ask the hearing officer to subpoena documents in connection with a deposition. The proposed rules would also adopt processes related to depositions that are similar to the Federal Rules of Civil Procedure. This is a step in the right direction, but one must question whether it goes far enough to address fairness concerns. After all, the Enforcement Division could still institute an administrative proceeding against 10 respondents, who collectively would be limited to five depositions. That hardly seems like leveling the playing field – particularly not in a complex securities case.

The SEC has also extended the deadline by which an administrative law judge must issue an initial decision. Administrative proceedings are designed to move quickly. The current version of the Rules of Practice requires an administrative law judge to issue an initial decision within 120, 210 or 300 days of the date of service of the order instituting proceedings. That means that within that timeframe the following must occur: A respondent answers the Order Instituting the Proceeding; a respondent reviews the SEC staff’s often-voluminous investigative file; any motions for summary disposition are heard; the parties prepare for the administrative hearing; the administrative hearing is held; the parties review the hearing transcript; and the parties submit post-hearing briefs – all before the administrative law judge can issue an initial decision. Even in a 300-day case, this is a tight schedule. The proposed rules would do three things: (1) modify the timing of the initial decision to 30, 75 and 120 days from completion of the post-hearing or dispositive briefing; (2) provide a range of 4 to 8 months within which the administrative hearing must begin (thus doubling the maximum amount of time when a hearing must begin); and (3) create a procedure by which the deadline for the initial decision can be extended by up to 30 days. Although extending process is a welcome change, the rules will still require that the most complex administrative proceedings be decided within a 14-month schedule. Given the size of the SEC’s investigative files and the sophistication of many securities fraud cases, it is doubtful that the proposed rules go far enough to ensure respondents adequate time to review the SEC’s investigative files and prepare for the administrative hearing.

While the proposed rule changes take a step toward addressing critics’ fairness arguments, they do nothing to address the arguments that the appointment of administrative law judges is unconstitutional because it violates the Appointments Clause.


The press release can be found here.

The proposed amendments to the timing of and discovery in the administrative process can be found here.

The proposed amendments to the filing requirements can be found here.

Corporate Compliance, SEC

SEC’s OCIE Issues a Second Cybersecurity Risk Alert

On Sept. 15, 2015, the Securities Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published its second cybersecurity risk alert (the “2015 Risk Alert”). The 2015 Risk Alert is a follow up to the OCIE’s April 2014 cybersecurity initiative risk alert (the “2014 Risk Alert”) announcing a series of examinations to identify cybersecurity risks and assess cybersecurity preparedness in the securities industry. The 2015 Risk Alert puts broker-dealers (BDs) and investment advisors (IAs) on notice that OCIE will seek additional information and expand its area of focus in this second round of cybersecurity examinations.

The NIST Framework

The 2014 Risk Alert provided a broad list of documents that OCIE may request for its cybersecurity examinations. Much of the 2014 Risk Alert tracked information from the Framework for Improving Critical Infrastructure Cybersecurity released on Feb. 12, 2014, by the National Institute of Standards and Technology (the “NIST Framework”). The NIST Framework is organized around five core cybersecurity functions: Identify, Protect, Detect, Respond and Recover. The 2014 Risk Alert promotes the NIST Framework and encourages BDs and IAs to incorporate the NIST Framework in their cybersecurity policies and procedures. These are the 2014 Risk Alert focus areas:

  •  Identification of Risks/Cybersecurity Governance
  • Protection of Firm Networks and Information
  • Data Loss Prevention
  • Risks Associated With Remote Customer Access and Funds Transfer Requests
  • Risks Associated With Vendors and Other Third Parties
  • Detection of Unauthorized Activity

Results from the First Round

In February 2015, the OCIE reported in its Cybersecurity Examination Sweep Summary that 93 percent of BDs and 83 percent of IAs have adopted written information security policies and 88 percent of BDs and 53 percent of IAs used external standards, such as the NIST Framework. Given that the 2014 Risk Alert addressed the Identify, Protect, Detect core functions of the NIST Framework and compliance rates left room for improvement, firms should not be surprised that the 2015 Risk Alert will seek additional information on the Identify, Protect and Detect functions and expand its area of focus to the Respond and Recover functions. The 2015 Risk Alert focus areas are:

  • Governance and Risk Assessment
  • Access Rights and Controls
  • Data Loss Prevention
  • Vendor Management:
  • Training
  • Incident Response

Getting Ready for Round Two

The 2014 Risk Alert includes an appendix with sample list of information that OCIE may review in conducting examinations regarding cybersecurity matters. To prepare for the OCIE’s next round of cybersecurity examinations, BDs and IAs should review the 2014 Risk Alert, assess their response to a second document request, gather information on the basic cybersecurity controls outlined in the NIST Framework and, to the extent necessary, adopt written policies and procedures for data privacy and information security training. Cybersecurity training materials should be tailored for specific job functions (e.g., front office, operations, and compliance and risk functions) and designed to encourage good cyber hygiene. Furthermore, BDs and IAs should establish policies and procedures for responding to cyber incidents with a detailed response plan. Cyber incident response plans should assign specific roles to each function, assess system vulnerabilities and include business continuity plans. Firms should also expect the OCIE to request other information regarding cybersecurity preparedness, including participation in information-sharing networks, such as the Financial Services Information Sharing and Analysis Center.