Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Compliance, Securities and Commodities

SEC 2021 National Exam Program Examination Priorities

On March 3, 2021, the Securities and Exchange Commission’s Division of Examinations (EXAMS) (formerly the Office of Compliance Inspections and Examinations (OCIE) released its 2021 examination priorities.

Notably, while the majority of the examination priorities echo OCIE priorities from prior years, this year’s EXAMS priorities include a greater focus on climate-related risk and environmental, social, and governance (ESG) matters. This is consistent with the Commission’s increased emphasis on ESG matters in other contexts, as well as that of other regulators. This year’s priorities also include examinations relating to Regulation Best Interest (Reg BI) compliance, considerations relating to the impacts of the COVID-19 pandemic and a continued focus on complex products.

EXAMS’s leadership also calls out its newly operational Event and Emerging Risks Examination Team (EERT), which is tasked with enhancing the Division’s ability to identify and tackle emerging and exigent risks as they arise.

The examination priorities are organized around largely perennial themes, and we discuss each such theme below.

Continue Reading

Financial Institution Regulation

Budget Launches Taskforce to Uncover Exploitation of the UK Government’s COVID-19 Financial Rescue Schemes

In today’s budget, UK Chancellor Rishi Sunak announced a £100 million Taskforce to scrutinise claims made under business support schemes designed to help companies and workers navigate their way through the economic impact of the COVID-19 pandemic. The Taxpayer Protection Taskforce will be examining claims made honestly but in error as well as those made fraudulently.

The UK Government’s package of COVID-19 support schemes are credited with saving millions of jobs and keeping many businesses viable. However, auditors and Members of Parliament have been quick to point out that weak safeguards left the schemes vulnerable to exploitation.

Continue Reading

Fraud, Deception and False Claims, Securities and Commodities

Responses Matter: Securities Fraud Sentence Shows the Value of a Sound Response to a Government Investigation

It’s an old lesson in government investigations, but one worth repeating. Conduct during an investigation can matter as much as the conduct under investigation – sometimes even more.

High-profile prosecutions of the past have shown the severe consequences of mistakes in responding to government investigations. Martha Stewart went to prison not for insider trading but for how she responded to an insider trading investigation. Barry Bonds was convicted not for steroid use, but for how he responded to a steroids investigation.

Continue Reading

Compliance, Enforcement and Prosecution Policy and Trends, Securities and Commodities

CFPB’s “Change of Direction” After One Month: New Goals, More Attorneys

In the month since he became Acting Director of the Consumer Financial Protection Bureau, David Uejio has implemented a “change of direction” at the agency, making sweeping announcements on a weekly basis.

Read our complete commentary on McGuireWoods’ Consumer FinSights blog, which assesses where the CFPB stands after the Biden administration’s first month and the likely changes to come.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

DOJ Indictment Highlights Methods Utilized by State Sponsored Cybercriminal Organization to Attack Major Industry and Government Entities

For the third time in less than a month, the United States Department of Justice (DOJ) announced a major enforcement action against an international cybercriminal organization that infiltrated public and private computer networks, fundamentally compromised these systems, and sought to obtain over a billion dollars from this illicit access. This past week’s indictment, which was obtained by the United States Attorney’s Office for the Central District of California, is particularly notable in that it: (1) shines a spotlight on the operations of a decade-long effort by a North Korean state sponsored cybercriminal organization to inflict monetary and reputational harm on targeted government agencies and contractors, financial institutions, cryptocurrency platforms, online casinos and entertainment industry companies; and (2) and highlights the broad array of methods utilized by this organization to evade network cybersecurity protections, exploit computer networks, and steal intellectual property and corporate secrets, while also conducting cyber-extortions, ransomware attacks, and cyber-enabled heists of bank-held funds, ATMs, and cryptocurrency. The threat posed by this organization is sufficiently acute that the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) simultaneously released a joint advisory addressing one of the organization’s most invasive tools, the Applejeus malware, that has been used to conduct large-scale cyber-intrusions, including in this case.

Continue Reading

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

CISA, FBI, and Treasury Issue Guidance on State Sponsored Cryptocurrency Malware Targeting Financial Institutions and Cryptocurrency Exchanges

This past week the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury) released a joint advisory report on HIDDEN COBRA—the cyber threat to cryptocurrency posed by North Korea—and provided mitigation recommendations for addressing this ongoing threat. This report was issued in conjunction with the unsealing of a wide-ranging indictment by the United States Attorney’s Office for the Central District of California that charged three North Korean hackers for their participation in a broad criminal conspiracy to conduct destructive cyberattacks that targeted the financial and entertainment industries, government contractors, and government agencies, including the U.S. Departments of State and Defense.

Continue Reading

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

Analysis of the DOJ’s 2020 FCA Statistics and the Trends Therein

The U.S. Department of Justice (DOJ) recently issued its annual press release summarizing fraud-related recoveries from False Claims Act (FCA) matters in the prior fiscal year. While the headline number for FY 2020 of $2.2 billion in settlements and judgments involving fraud and false claims against the government is down about $900 million from the average annual recoveries over the prior three years, a deeper look at the underlying statistics and macro trends suggests an upswing in False Claims Act matters, particularly non qui tam (whistleblower) cases, and suggests that an increase in government fraud-related recoveries are likely in future years.

Continue Reading

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

DOJ Accelerates Enforcement Efforts Against Cybercriminals Who Engage in Ransomware Attacks

On successive days last week, the Department of Justice (DOJ) unveiled enforcement actions against international cybercriminal organizations that utilized ransomware to infect computer systems and then extort payment, often in the form of cryptocurrency, from victims worldwide.  First, the Criminal Division’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Office for the Middle District of Florida announced the unsealing of charges against a Canadian national for his alleged involvement in the ransomware scheme known as NetWalker that generated tens of millions of dollars from businesses, public entities, and individuals whose computer databases were encrypted and rendered useless, pending satisfaction of a ransom demand.  The following day, the U.S. Attorney’s Office for the Middle District of North Carolina and the Criminal Division’s Computer Crime and Intellectual Property Section revealed their participation in a multinational enforcement operation that disrupted and dismantled Emotet, a botnet that utilized malware, including ransomware, to target critical infrastructure in the United States and abroad.  These actions highlight U.S. law enforcement’s increased focus on preventing ransomware attacks, which in the future will rely on both traditional collaboration among international law enforcement agencies and reporting from private entities over which the government exercises regulatory control.

Continue Reading

Fraud, Deception and False Claims, Uncategorized

With Fraud Against UK Businesses at Epidemic Levels, Businesses Need to Know How to Protect Themselves

Fraud has reached epidemic levels in the UK and should be seen as a national security issue, says think tank the Royal United Services Institute (RUSI) in a paper published last week[1]. It is the crime to which UK citizens are most likely to fall victim[2]. Its impact on the private sector has consequences for both the stability of individual companies and the broader reputation of the UK as a place to do business.

85% of reported fraud in 2019/2020 was cyber enabled[3] fraud[4]. With limited in person interaction due to the pandemic, and increasing levels of remote working, this figure is expected to increase in the coming year. Cyber fraud is a constantly evolving area with perpetrators adapting their methods as new technologies become available. Common examples of cybercrime are denial of service (DoS), botnet, phishing, and ransomware attacks. Continue Reading

Compliance, Enforcement and Prosecution Policy and Trends, Securities and Commodities

Consolidated Financial Account Reports and Use of Vendors: FINRA Continues Regulatory Scrutiny – What’s Old is New


Consolidated financial account reports can offer a broad – all-encompassing — view of customers’ investments regardless of where the assets are held and may even include non-securities assets. Customers often demand them and firms and financial advisers provide them. FINRA has had these types of communications to customers on its radar screen for years.

Equally, on FINRA’s radar screen for years has been the need to supervise regulatory functions outsourced to third party vendors. FINRA has frequently reminded firms that outsourcing regulatory functions does not relieve the firm of its compliance obligations and that firms must supervise the outsourced activity.

Continue Reading

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.