Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends

U.S. Supreme Court Indirectly Limits Important Component of DOJ’s FCPA Pilot Program

ForeignCorruptPracticesAct91089734_jpg On June 5, 2017, the U.S. Supreme Court unanimously held in Kokesh v. Securities and Exchange Commission, No. 16-529, that the SEC may not reach beyond the general five year statute of limitations period in order to obtain “ill-gotten gains,” a remedy known as disgorgement. Although the case did not involve a Foreign Corrupt Practices Act (“FCPA”) enforcement action, it nonetheless has important implications for FCPA enforcement and importantly, the DOJ’s recently-renewed Pilot Program.

Prior to this case, lower federal appeals courts had been divided over whether the five-year time limit applied to not only civil penalties, but also to the equitable remedy of disgorgement through which the government also seeks all of the funds obtained as a result of a party’s alleged misconduct. Thus, in some jurisdictions disgorgement proved an important tool for the government in cases involving aged conduct.

The five year statute of limitations at issue in Kokesh is a general one that applies in FCPA civil enforcement actions as well as in the securities laws underlying Kokesh. Indeed, the parties’ briefing in the case referenced the large amounts of disgorgement in FCPA cases and that disgorgement in FCPA cases often goes directly to the U.S. Treasury and not to any victims as they may be difficult to ascertain in the FCPA context.

In holding that the statute of limitations applies to disgorgement, the Supreme Court affected a critical component of the DOJ’s FCPA Pilot Program. DOJ guidance expressly requires that to be eligible for the Program’s main benefit of mitigation credit, a company must disgorge all profits resulting from the FCPA violation. Accordingly, published declinations pursuant to the Program have indicated substantial disgorgements.

It will be informative to monitor any change in DOJ’s approach to the Pilot Program following Kokesh. Potential effects include DOJ seeking to have parties agree to waive the statute of limitations as a condition of their participation in the Pilot Program or requesting full disgorgement to obtain cooperation credit, or a possible reluctance of private parties whose conduct occurred primarily outside of the statute of limitations to engage in the Pilot Program.

Enforcement and Prosecution Policy and Trends, Securities and Commodities

U.S. Supreme Court Rules Time Limits Apply to SEC Disgorgement Orders

780536984A unanimous United States Supreme Court held Monday, in Kokesh v. Securities and Exchange Commission, that the five-year statute of limitations under 28 U.S.C. § 2462 applies to disgorgement sought by the Securities and Exchange Commission. Previously, the Circuits had been split on this issue.

The issue in Kokesh was straightforward. Kokesh appealed a trial court judgment ordering disgorgement of nearly $35 million for conduct between 1995 and 2009. Kokesh argued that this disgorgement award was in the nature of a penalty or forfeiture, and thus subject to the five-year statute of limitations under § 2462.

Conversely, the SEC maintained that disgorgement, by its nature, is not a punitive remedy. Rather, because disgorgement is merely a remedy that prevents offenders from reaping ill-gotten gains, the SEC argued it is not subject to § 2462’s five-year statute of limitations.

The Court, however, in a unanimous opinion authored by Justice Sonia Sotomayor, disagreed with the SEC. It held that disgorgement “bears all the hallmarks of a penalty: It is imposed as a consequence of violating a public law and it is intended to deter, not to compensate.” Thus, “[t]he 5-year statute of limitations in § 2462 therefore applies when the SEC seeks disgorgement.”

This is the second time since 2013 that the Supreme Court has narrowed the SEC’s ability to obtain monetary relief in enforcement actions. In Gabelli v. SEC, the Court held that the SEC cannot use the “discovery rule” to extend the statute of limitations for civil penalties, though the Gabelli court expressly declined to address whether the statute of limitations under § 2462 applied to disgorgement.  Kokesh has now answered that question.

As disgorgement is a routine remedy for the SEC staff, the Court’s ruling will substantially impact the damages the SEC can obtain in investigations involving long-running conduct, like the conduct in Kokesh. For others subject to investigation, however, it may represent a pyrrhic victory, as the SEC staff may become even more aggressive in its use of tolling agreements, now with an eye towards extending the statutes of limitations for both liability and damages. Indeed, the SEC staff may seek tolling agreements at ever earlier stages of an investigation, including at the very outset of an investigation. Finally, the staff will may become less flexible with deadlines and requests for extensions, as it seeks to hasten the resolution of investigations in light of this newfound limitation.

Financial Institution Regulation, Securities and Commodities

SEC Issues Guidance in Wake of WannaCry Ransomware Attack

binarydataOn Friday, May 12, the WannaCry ransomware attack struck hundreds of thousands of users across the globe, causing major disruptions in private and public networks. The attack, which encrypts a user’s files and holds them for ransom, may infect a computer without any action taken by the user.  With similar attacks expected, and as we have previously discussed, businesses would be well served to proactively take steps to protect themselves from WannaCry and other malicious cyberattacks.

On the heels of yet another high profile cyberattack, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued an alert to broker-dealers, investment advisers, and investment companies warning them of WannaCry and reminding them of the importance of addressing cybersecurity issues to protect investors and clients.  Regulated entities are required by Regulation S-P, 17 C.F.R. § 248.30(a), to adopt written policies and procedures (administrative as well as technical) to safeguard the personally identifiable information of their investors, clients, and customers.  The regulation requires that these procedures be reasonably designed to protect against anticipated cyber threats and unauthorized access to or use of customer records or information.

In 2015, OCIE launched its cybersecurity examination initiative, and the SEC’s Division of Investment Management and FINRA simultaneously offered guidance to regulated entities on cybersecurity.  The OCIE alert serves as a reminder to regulated entities of their obligation to safeguard client data.  In conducting a recent examination of 75 SEC registered broker-dealers, investment advisers, and investment companies, OCIE found that 26% of investment advisers and investment companies surveyed did not conduct periodic risk assessments of critical systems to identify cybersecurity threats, and 57% of investment advisers and investment companies did not conduct penetration tests and vulnerability scans on critical systems.  Broker-dealers fared better, with only a 5% deficiency rate in both categories.

Both the SEC and FINRA have made enforcement of cybersecurity issues a focus, and recent SEC enforcement actions demonstrate its willingness to pursue firms that have suffered from cyberattacks and that lacked policies and procedures that the SEC deemed to be “reasonably designed” to safeguard customer information.  For example, R.T. Jones Capital Equities Management recently settled a cease-and-desist proceeding after an unauthorized, unknown intruder gained access to the personally identifiable information of over 100,000 individuals.  This breach cost R.T. Jones a $75,000 civil monetary penalty.

The WannaCry attacks and OCIE’s alert should serve as a reminder that regulators are watching how broker-dealers and other regulated entities safeguard customer data.  For a regulated entity, crafting effective cybersecurity policies and procedures is essential not only to preventing harmful and embarrassing attacks, but also to prevent a potentially costly regulatory action.  As a regulatory compliance matter, these policies and procedures are more than an IT policy and require scrutiny from well-advised in-house counsel.

Financial Institution Regulation, Securities and Commodities

FINRA President and CEO Robert Cook discusses FINRA360 and Consolidating Enforcement Divisions

On May 17, 2017, at the annual FINRA conference in Washington D.C., FINRA President and CEO Robert Cook discussed the recently-launched FINRA360 initiative: a top-to-bottom review of FINRA’s operations and organization.  Cook recognized that 2017 marks FINRA’s  ten-year anniversary since its “successful” but “complicated” merger of the National Association of Securities Dealers (NASD) and the regulatory arm of the New York Stock Exchange (NYSE).  He stated that, for the first time since its inception, FINRA now has occasion to conduct a “comprehensive, organization-wide self-assessment and improvement initiative.”

As part of FINRA360, Cook has been on what he dubbed a “listening tour.”  During the listening tour, Cook has met with member firms, investors, and others from inside and outside the brokerage industry.  He has also participated in a “continuing series of small member roundtables across the country,” gaining a great deal of useful feedback regarding how FINRA can improve.  As a result of the listening tour, Cook learned that FINRA should be asking itself the following three “key” questions:

  • Are our policies and programs focusing on the right issues, establishing the right standards, and dedicating resources to the right areas to best protect investors and market integrity while promoting healthy and vibrant capital markets?
  • Is our organization and operation optimally organized and managed to be the most effective and efficient self-regulatory organization that it can be?
  • Are we facilitating a constructive dialogue with members, investors, and other stakeholders to better understand their perspectives and develop an effective regulatory framework that is fully informed by the expertise and practical knowledge of its stakeholders?

CEO Cook provided a “concrete” example of a proposed improvement arising out of the FINRA360 initiative: consolidating FINRA’s enforcement programs.  He explained that FINRA has an enforcement program in its “member regulation group” and another in its “market regulation group.” He stated that, during the listening tour, he learned that stakeholders encounter these groups as “two different regulators.”  As a result, FINRA is trying determining whether these operations should be (1) “more coordinated” or (2) combined into one.  FINRA is weighing the pros and cons of each approach.

Consolidating the Member Regulation and Market Regulation groups would have significant effects.  As background, FINRA’s Member Regulation department examines firms and its employees to ensure compliance with its rules, as well as those of the SEC and the Municipal Securities Rulemaking Board.   FINRA’s Market Regulation department, on the other hand, oversees and regulates over-the-counter (OTC) trading of exchange-listed and non-exchange listed securities.

Be on the lookout for any FINRA notices requesting comments related to the FINRA360 initiative.


The CFPB’s Alternative Data RFI: Making Your Response Count

The Consumer Financial Protection Bureau (CFPB) recently issued a Request for Information (RFI) Regarding Use of Alternative Data and Modeling Techniques in the Credit Process, available here.  The deadline for response is May 19.  This post will provide practical advice on how to submit an effective RFI response.

binarydataThe RFI is the latest in a line of communications by the CFPB and other federal regulators showing interest in innovation and technology.  For example, last year, the Treasury Department conducted its own RFI on Marketplace Lending, and the Federal Trade Commission held a public workshop on Big Data.  Both projects culminated in agency reports covering developments on each of those issues and opining on related regulatory considerations.  The CFPB’s RFI is likely to follow a similar path.

The RFI consists of a preamble describing alternative data and models, and setting out some potential risks and benefits of each.  It then raises 20 questions of varying complexity.  In order to increase the chance that your response will garner attention and have a true impact, take the following issues into account:

  1. Consider Your True Audience

The RFI provides a rare public avenue to engage not just with the CFPB, but also with the wide range of stakeholders that are likely to closely monitor the responses.  This includes other state and federal regulators, legislators, media outlets, competitors, venture capital firms, and, indeed, anyone who may have an interest in the future of alternative data regulation.  As a result, the RFI is an opportunity for companies who use or would like to use alternative data and alternative models to make the best case for why such use should be encouraged, and how the CFPB may best do that.  For this reason, to the extent that you think there are specific steps that the CFPB or other regulators should take in this area, draft those suggested steps as specifically as possible.  You never know – your suggestions could well make their way into a congressional letter to a regulator.

  1. Choose Your Focus

The RFI is designed to reach a broad range of potential responders.  Thus, few entities will have relevant information to provide on all of the questions.  In order to make your response more impactful, consider the areas where you think you can provide the most in-depth or unique perspective.  Think of it as your competitive advantage vis-a-vis your fellow responders.  Once you decide where you can add the most value, group your responses into coherent themes that map onto the themes covered in the RFI.  Structuring your response into easy-to-follow sections will make it more likely that those skimming responses for a particular topic will stop on yours.

  1. Give Concrete Success Stories

One of the issues raised by the RFI is whether alternative data and models can increase responsible access to credit for underserved consumers.  This is an issue on which the CFPB has consistently focused, and which is likely to drive much of the thinking on their future approach.  With that in mind, consider whether you may be able to provide any specific data or examples of how your company’s use of alternative data has or could help you provide more credit or credit on better terms to consumers, particularly to those whom you might not have been able to reach otherwise.  The most useful examples would be those that provide side-by-side comparisons of traditional and new methods, such as comparisons of the results of traditional underwriting versus underwriting using alternative data.

  1. Highlight Any Examples Self-Regulation

The RFI makes clear the CFPB’s concern that the use of alternative data could raise potential fair lending and other compliance issues.  Some of the questions ask about companies’ practices in addressing these risks.  This is perhaps one of the most important sections of the RFI, because identifying for the CFPB what companies are currently doing to prevent risk to consumers will make it more likely that any future guidance will take those practices into account.  For example, if you have a process for vetting variables to ensure that they don’t raise any discrimination concerns, you should highlight that process or at least its existence.  Similarly, if you have taken steps to ensure that your compliance team is actively contributing to the decision-making on the use of alternative data and models, discussing those steps might also be useful.

  1. Make Your Wish List, but Check it Twice

One potential benefit of the RFI is that it allows you to alert the CFPB to particular areas where the lack of regulatory guidance is inhibiting innovation.  In fact, the RFI asks about “specific challenges or uncertainties” that companies face in complying with particular regulations.  Therefore, to the extent that you have unanswered questions about how the CFPB would apply a particular law to alternative data or models, you could raise that here.  As noted above, this information will be relevant not just to the CFPB but also to legislators or others who may be in a position to encourage the CFPB to provide further guidance.  However, in raising these issues, you need to be careful what you wish for.  The CFPB could respond to requests for guidance in ways that would create additional burdens on industry.  Thus, when you raise an area of uncertainty, it would be wise to consider outlining how you think that uncertainty would best be resolved in a way that encourages innovation while also protecting consumers.

  1. Call a Lifeline

McGuireWoods is helping a number of entities prepare responses to this RFI.  Our lawyers have first-hand experience on these issues and can help you determine the best approach to your particular response.  If you’d like to discuss how McGuireWoods might be able to assist you, reach out to the author, Alexandra Villarreal O’Rourke, co-lead of the firm’s FinTech Industry Group, at ao’ or 704-373-4632.

Immigration and Worksite Enforcement

H-1B Employers Face Increased Site Visits

Employers using the H-1B visa program should take note as additional site visits may be on the horizon.  U.S. Citizenship and Immigration Services (“UPassport-map-thumb-220x146-218SCIS”), part of the Department of Homeland Security, recently announced a new targeted approach to detect H-1B visa fraud and abuse and increased site visits of H-1B employers.

In selecting worksite visits, USCIS will focus on H-1B cases where:

  • USCIS cannot confirm the employer’s business information through commercially available data;
  • There is a high ratio of H-1B employees as compared to U.S. workers (as defined by statute); or
  • H-1B employees work off-site at another company or organization’s location.

Employers who may fall into one of these categories, as well as employers with onsite contractors, should be prepared for worksite visits and additional questions from USCIS.  USCIS may refer cases of suspected fraud or abuse to Immigration and Customs Enforcement (ICE) for additional investigation.  For more information on USCIS’s newly announced measures, click here.

McGuireWoods routinely advises on immigration and worksite enforcement issues, and can assist companies in responding to site visits.  Contact our experienced immigration attorneys to address your company’s questions or concerns.

Financial Institution Regulation

CFPB Fails to State Case Against Payment Processor

77006468.jpegThe United States District Court for the District of North Dakota recently dismissed the Consumer Financial Protection Bureau’s (CFPB) complaint against a payment processor, Intercept, in a case McGuireWoods has been monitoring.  The Court held that the CFPB failed to adequately plead an unfair, deceptive, or abusive act or practice under the Consumer Financial Protection Act (CFPA).  According to the Court, the CFPB failed to show that Intercept violated any industry standards, injured any consumers, interfered with consumers’ ability to understand the terms of their dealings with Intercept’s clients, or took unlawful advantage of consumers.

In CFPB v. Intercept Corp., the CFPB alleged that Intercept violated the CFPA by failing to heed warnings from banks and consumers, failing to monitor and respond to high return rates, and failing to investigate red flags when vetting its clients.  The Court’s decision hinged on whether the CFPB alleged facts sufficient to meet the definition of “unfair” and “abusive” acts in the CFPA.  According to the CFPA, an act is “unfair” if it substantially injures consumers, or is likely to do so, and the injury is not outweighed by countervailing benefits to consumers.  An act is “abusive” if it interferes with a consumer’s ability to understand the terms of a consumer financial product or takes unreasonable advantage of a consumer’s lack of understanding.

The CFPB’s complaint failed for a lack of detail.  As the Court explained:  “A close review of the complaint yields a conclusion that the complaint does not contain sufficient factual allegations to back up its conclusory statements regarding Intercept’s allegedly unlawful acts or omissions.”  The Court summed up the paucity of detail in the CFPB’s complaint:  “The Complaint simply does not sufficiently identify particular clients whose actions provided ‘red flags’ to Intercept or how Intercept’s failure to act upon those ‘red flags’ caused harm or was likely to cause harm to any identified consumer or group of consumers.”

We previously wrote about the broader implications of the CFPB’s case against Intercept, specifically the issues raised in briefs filed by Intercept and the Third Party Payment Processors Association (“TPPPA”) in support of the motion to dismiss.  We highlighted two issues in particular implicated by the Court’s order:  (1) whether unfair acts and practices under the CFPA required direct interaction with consumers; and (2) whether unfair acts and practices had to be predicated on underlying rules violations.  While the Court’s order dismissing the CFPB’s complaint does not tackle these issues head-on, it provides some guidance and indicates that in suits against payment processors the CFPB must do more than simply allege that a payment processor harmed consumers.

On the question of whether violations of the CFPA require direct interactions with consumers, the court’s opinion is a mixed bag.  Intercept and the TPPPA both argued that payment processors are not “covered persons” within the meaning of the CFPA because they do not offer services directly to consumers.  The Court tacitly rejected the argument that payment processors can never be considered “covered persons” under the CFPA, finding that the CFPB alleged sufficient facts that if proven would support a finding that Intercept was a “covered person.”  But the Court’s holding demonstrates that the CFPB must do more than merely allege that a payment processor’s conduct harmed a consumer.  According to the Court, the CFPB must allege harm to an “identified consumer or group of consumers.”  The nature of payment processors’ business, which is inherently not consumer-facing, could render proving harm to particular consumers difficult.

The Court likewise did not definitively hold that the unfair acts or practices under the CFPA must be predicated on violations of underlying rules or regulations, but its holding does signal that the CFPB cannot merely allege the existence of industry rules and standards in order to state a claim.  Rather, the CFPB must allege facts showing that a defendant’s conduct violated those rules.  This requirement comports with the TPPPA’s concern that absent a requirement of a rule violation, payment processors could be liable for conduct that “was not unlawful or forbidden by the rules in place at the time of the alleged conduct.”

What’s next?  The Court dismissed the CFPB’s complaint without prejudice, meaning that the CFPB can attempt to re-plead its complaint with sufficient detail.  But the Court’s order teaches that sufficient detail in this case requires a showing that Intercept violated a particular rule that harmed an identifiable group of consumers.  If future courts follow the district court of North Dakota’s lead and find that payment processors can be liable under the FCPA, they should impose, at a bare minimum, the same standards exacted by the North Dakota court in dismissing the CFPB’s complaint against Intercept.  Otherwise, the CFPB could pull within its purview companies that have no direct contact with consumers, whose actions do not harm consumers, and whose actions did not violate any established standard or rule.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

President’s Proposed Budget Increases Healthcare Fraud Enforcement Funding

iStock_000004688619Medium-thumb-225x149-186.jpgMuch of the discussion surrounding President Trump’s 2018 budget blueprint has focused on cuts, but one proposed budget increase shows the new administration is likely to continue focusing on healthcare fraud enforcement.  Among cuts of approximately 18% to the budget of the Department of Health and Human Services (HHS), the president’s budget proposes $70 million in additional funding for the Health Care Fraud and Abuse Control program (HCFAC), a more than 10% increase.

HCFAC is jointly directed by the Secretary of HHS and the Attorney General and is supervised by the HHS Office of Inspector General.  The program coordinates federal, state, and local healthcare fraud enforcement efforts.  According to the president’s budget, the HCFAC program returns more than $5 in fraud recovery for every dollar spent.

The increase in HCFAC funds suggests that the new administration will not deemphasize healthcare fraud investigations and prosecutions, despite new HHS Secretary, and physician, Tom Price’s statement at his confirmation hearing that healthcare fraud enforcement should focus on truly bad actors and focus less on scrutinizing the medical necessity of treatments.  Compliance should thus remain a priority for all healthcare providers and fraud investigations are likely to continue to be a top concern.  Secretary Price also spoke in favor of using data analysis to scrutinize payments for red flags before they are made, as opposed to the government’s traditional practice of investigating suspicious cases long after payment has been made. Such analysis, already used by the government, may raise the immediacy and importance of compliance for providers.  Data analysis may also mean that more healthcare fraud is first identified by the government, decreasing the importance of whistleblowers bringing qui tam suits.

Although there is no prospect of the president’s budget blueprint becoming law in the immediate future and any enacted budget is likely to face significant changes, the funding increase for HCFAC shows that, despite the new administration, healthcare fraud is likely to continue to be a major priority of government regulators and prosecutors.

Anti-Money Laundering, Enforcement and Prosecution Policy and Trends, Securities and Commodities

SEC Opens Cease-and-Desist Order Proceeding against Broker-Dealer and Chief Compliance / AML Officer

Government-Regulatory-and-Criminal-Investigations.jpgAs we have highlighted in prior posts, regulators of financial institutions, including FinCEN, FINRA and SEC, have increasingly brought actions to bring organizations – and individuals – into compliance with AML / BSA obligations.  This enforcement activity is consistent with FinCEN’s August 2014 Advisory, now nearly three years old, emphasizing the idea that U.S. financial institutions must promote a culture of compliance, one that does not allow the pursuit of profits to overshadow obligations prescribed by applicable laws.

The latest example of an enforcement action against both involves a New York broker-dealer and its chief compliance / AML officer.   The SEC initiated cease-and-desist proceedings (Complaint) against Windsor Street Capital, L.P. and its chief compliance officer.   In the Complaint, the SEC alleges violations of the Securities Act of 1933 and Securities Exchange Act of 1934, stemming from the “unregistered sale of hundreds of millions of penny stock shares.”  (¶ 3.)  The SEC further alleges that the broker-dealer failed to file suspicious activity reports with FinCEN.  (¶ 4.)  As a result of these violations, the firm recognized nearly $500,000 in commissions and fees.”  (¶ 5.)  Finally, the CCO was allegedly personally responsible for “monitoring customer transactions for suspicious activity and ensuring the firm’s compliance with SAR reporting requirements,” a task he failed to fulfill.  (¶ 6.)

The Complaint cites broker-dealers’ requirements under the BSA regulations (31 C.F.R. § 1023.320) and the obligation under the Exchange Act (Rule 17a-8) to comply with the SAR rule promulgated by FinCEN.  The Complaint also points to the firm’s and the CCO’s awareness of these obligations, both through their internal written AML program (¶ 15), and January 2009 FINRA guidance for broker-dealers titled “‘Unregistered Sales of Registered Securities,’ which lists many of the same red flags listed in the AML Program.”  According to the Complaint, the firm ignored these red flags when they permitted customer transactions to occur without filing SARs.  (¶¶ 15, 17, 21.)

Key Take-Aways:

  •  Profits cannot come at the expense of compliance.  As we have seen more frequently over the last several years, financial regulators are exhibiting a willingness to bring actions against individuals, not just companies.  This individual risk should embolden CCOs and others in compliance oversight roles to request and receive sufficient resources reasonably necessary to discharge their responsibilities.
  • Written AML programs must be current and reasonably designed to address risk.  The regulations require the creation of a written AML policy tailored to the company and reasonably designed to achieve compliance with applicable laws.  (31 C.F.R. §§ 1023.200-220.)  The policy should include a clear protocol for identifying red flags, escalation of the issues to senior management, resolution and documentation.  It is important that these programs be maintained continually and reflect the collective experience of the enterprise.  As demonstrated with this case, regulators will look at the written compliance program as putting an entity (or individual) on notice of the required conduct under the law.
  • Most importantly, the written AML program must be followed.  It would be a challenge for any enterprise to contradict (or ignore) its written AML policies.  Follow-through with execution is imperative to avoid significant – potentially criminal – consequences, enhanced regulator scrutiny, reputational harm and business disruption.





Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Fraud, Deception and False Claims

Will 2017 Be the Year of Insider Trading Reform?

iStock_000004688619Medium1For several years running, insider trading has been among the most high-profile enforcement priorities for both DOJ and the SEC. Unlike most federal criminal law, insider trading remains undefined by statute, having instead been largely judge-made. Unsurprisingly, since the explosion of enforcement actions began, prosecutors and defendants have both pushed the courts to clarify (or even re-define) the boundaries of the law. Despite several recent rulings, however, the law remains complex and ambiguous.

In its December 2014 ruling in United States v. Newman, the Second Circuit significantly altered the landscape for insider trading prosecutions. Newman held that a tippee who trades on insider information must know that the tipper received a “personal benefit” to be liable for insider trading. The decision went further, though, in suggesting that the personal benefit must have pecuniary value. Several months later, in United States v. Salman, the Ninth Circuit rejected such a narrow definition of “personal benefit.” In December 2016, the Supreme Court unanimously sided with the Ninth Circuit holding that the personal benefit test is met when the tipper “makes a gift of confidential information to a trading relative or friend.” Nonetheless, Justice Alito’s opinion left significant questions unanswered – and the central holding of Newman unaltered.

Last week, in a speech to the Securities Bar, Judge Jed Rakoff – who authored the Ninth Circuit’s Salman opinion and has presided over several high-profile insider trading trials – urged lawmakers to take up insider trading legislation. In particular, Judge Rakoff argued that a broad prohibition similar to the European Union’s laws would benefit both the markets and the courts. As it turns out, there may now be a window for Congress to take up such legislation. Shortly before Judge Rakoff’s remarks, House Judiciary Committee Chairman Bob Goodlatte announced the committee’s agenda for the 115th Congress. Rep. Goodlatte observed that he and Ranking Member John Conyers were “committed to passing bipartisan criminal justice reform.” Rep. Goodlatte considered it “imperative [to] continually examine federal criminal laws” in conjunction with this effort. Although past Congressional efforts to codify insider trading laws have failed, Goodlatte’s remarks suggest that there may be an opportunity to try again. And some observers are optimistic that a reform bill could pass this year.

What might such a reform bill look like? Judge Rakoff spoke approvingly of the EU’s approach that focuses on equal access to market information rather than U.S. law’s focus on the insider’s fiduciary duty. Specifically, the EU prohibits anyone from trading on information “that person knows, or ought to have known, [is] insider information.” Thus, the focus is on the information itself, rather than the source. Such an approach would eliminate disputes over the “personal benefit” test. It would also reverse Newman’s requirement that the tippee know of the tipper’s benefit. While the question of whether a trader “should have known” a tip to be insider information might be problematic, the insider trading statute – like other federal statutes – could define knowledge to include deliberate indifference or reckless disregard.

A uniform federal standard could bring much needed certainty to the law. Markets would benefit from a definition that protects equal access to market-moving information. Prosecutors would almost certainly be pleased with the expanded scope of proscribed conduct. And traders would have a clear, common-sense rule to guide their conduct.