Practical GuidanceFree Trial
Learn More AboutPractical Guidance
ACCORDING TO ONE MEASURE, RECENT WORLD EVENTS have financial professionals unnerved. Forty-five percent of those surveyed by the Depository Trust & Clearing Corporation (DTCC) say the probability of a “high-impact event” to the global financial system in the next 12 months has increased. Risk managers are even more pessimistic, with 61% believing that the likelihood of a high-impact event has increased.
The survey is based on the r esponses of 400 risk managers and other legal, compliance, technology, and operational professionals working in the financial servic es industry, including banks, brokerage firms, clearing firms, and money managers.
Cyber risk is the number one concern, with 37% mentioning it as the single biggest threat to the broader economy. The rest of the top five concerns are geopolitical risk, the impact of new regulations, an economic slowdown outside the European Union and United States, and Federal Reserve monetary policy. Respondents also widely cited macroeconomic concerns, including the risks of decreasing liquidity and a global slowdown in economic activity, both in the United States and abroad. Seventy-two percent of respondents said they have increased the amount of resources dedicated to identifying, monitoring, and mitigating systemic risks over the past year. Nearly two in three professionals characterized their firm’s ability to identify, assess, and manage emerging risks as “developing,” while 34% said it was “mature.”
The DTCC survey can be found at http://www.dtcc.com/news/2015/december/01/financial-services-firms-believeprobability-of-a-high-impact-event-has-increased.
Pratt’s Bank Law & Regulatory Report, Volume 50, No. 1*
THE SECURITIES AND EXCHANGE Commission announced its Office of Compliance Inspections and Examinations’ (OCIE) 2016 priorities. New areas of focus include liquidity controls, public pension advisers, product promotion, and two popular investment products: exchange traded funds and variable annuities. The priorities also reflect a continuing focus on protecting investors in ongoing risk areas such as cybersecurity, microcap fraud, fee selection, and reverse churning.
“These new areas of focus are extremely important to investors and financial institutions across the spectrum,” said SEC Chair Mary Jo White. “Through information sharing and conducting comprehensive examinations, OCIE continues to promote compliance with the federal securities laws to better protect investors and our markets.”
The 2016 examination priorities address issues across a variety of financial institutions, including investment advisers, investment companies, broker-dealers, transfer agents, clearing agencies, and national securities exchanges.
“For the last four years, OCIE’s transparency and information sharing has helped inform the industry,” said OCIE Director Marc Wyatt. “We hope that registrants will use this information to inform the evaluation of their own compliance programs in these key areas.”
Pratt’s Bank Law & Regulatory Report, Volume 50, No. 2*
ON THE HEELS OF THE RECENT terrorist attacks in Paris and San Bernardino, EEOC Chair Jenny R. Yang recently issued a statement to “Address Workplace Discrimination Against Individuals Who Are, or Are Perceived to Be, Muslim or Middle Eastern.” Along with the statement, the EEOC released two “resource documents” to provide guidance to employees and employers on how to handle workplace situations involving discrimination against individuals who are, or are perceived to be, Muslim or Middle Eastern. The FAQs and answers are provided separately for employers and employees.
The EEOC reiterates some wellestablished, common sense concepts. For instance, employers may not refuse to hire someone because of his or her religion, national origin, race, or color. In an example the EEOC uses, an employer appeared “startled” when a new employee showed up for work wearing a hijab. The Commission explains in its release that refusing to hire a person because of his or her religion or national origin is unlawful, period. Even if the employer reacted as he or she did because o f concerns about how customers would react, that would be no saving gr ace. In another example, the EEOC encourages employees to review company anti-harassment and anti-retaliation procedures following terrorist events so that watercooler talk does not cross the line (and can be properly addressed if it does). On the employer side, the EEOC documents remind employers to prevent discrimination in employment decisions. The Commission suggests that companies remind managers and staff “that discrimination based on religion or national origin is no t tolerated by the company in any aspect of employment, including hiring. Employers may decide to train or retrain all employees who conduct hiring and issue or reissue hiring standards that emphasize objective, job-related criteria.”
In a scenario on harassment, the EEOC offers a reminder to employers: “Managers and supervisors who learn about objectionable workplace conduct based on religion or national origin [or other forms of discrimination] are responsible for promptly taking steps to correct the conduct by anyone under their control.” Employers should respond with appropriate disciplinary action following investigations.
Further, “[c]lear and effective policies prohibiting ethnic and religious slurs, or other related offensive conduct, are important to prevent harassment. Confidential complaint mechanisms for promptly reporting harassment are critical, and these policies should be written to encourage people to come forward. When harassment is reported, the focus should be on action to end the harassment and correct its effects on the complaining employee. Corrective action could include counseling, a warning, or more severe discipline for the harasser.” And, on background investigations, the EEOC reminds employers that they should apply “the same pre-employment security checks that apply to other applicants for the same position.”
Bender’s Labor & Employment Bulletin, Volume 16, Issue 2*
THE FINAL RULE THE FEDERAL RESERVE BOARD APPROVED to clarify its procedures for emergency lending under section 13(3) of the Federal Reserve Act includes several key changes to the proposed rule the Fed published almost two years earlier.
The Dodd-Frank Act amended section 13(3) to limit the Fed’s emergency lending authority to broad-based programs and facilities that relieve liquidity pressures in financial markets. Dodd-Frank removed the general authority to lend to an individual, partnership, or corporation and replaced that general authority with the limited authority to extend emergency credit only to participants in a program or facility with broad-based eligibility designed for the purpose of providing liquidity to the financial system.
Dodd-Frank prohibits lending under section 13(3) to insolvent borrowers and requires the Board to establish policies and procedures that assign a value to all collateral for an emergency loan and that are designed to ensure that the collateral is sufficient to protect taxpayers from losses. It also provides that a program or facility may not be established without the prior approval of the Secretary of the Treasury.
In addition to adopting all of the limitations and revisions required by the Dodd-Frank Act, the Fed’s final rule does the following to respond to criticism of the proposal:
The final rule also clarifies that, if a company or its representative is found to have made a knowing material misrepresentation regarding its solvency in obtaining emergency credit, the credit plus all applicable interest, fees, and penalties will become immediately due and payable, and the Fed will refer the matter to the relevant law enforcement authorities.
“The ability to engage in emergency lending through broad-based facilities to ensure liquidity in the financial system is a critical tool for responding to broad and unusual market stresses,” Fed Chair Janet Yellen said at the FRB meeting.
ALTHOUGH MANY U.S. BANKS WILL have replaced hundreds of millions of traditional credit and debit cards with new EMV chip payment cards that offer enhanced security, the FBI warned law enforcement, merchants, and the general public that no one technology eliminates fraud, and cybercriminals will continue to look for opportunities to steal payment information.
“Currently, not all EMV cards are issued to consumers with the PIN capability and not all merchant PoS terminals can accept PIN entry,” the FBI noted. “EMV transactions at chip PoS terminals provide more security of consumers’ personal data than magnetic strip PoS transactions. In addition, EMV card transactions transmit data between the merchant and the issuing bank with a special code that is unique to each individual transaction. This provides the cardholder greater security and makes the EMV card less vulnerable to criminal activity while the data is transmitted from the chip enabled PoS to the issuing bank.”
The FBI warned consumers that “an EMV chip does not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant, referred to as a card-not-present transaction. Additionally, the data on the magnetic strip of an EMV card can still be stolen if the merchant has not upgraded to an EMV terminal and it becomes infected with datacapturing malware.”
The FBI encouraged merchants to handle the EMV card and its data with the same security precautions they use for standard credit cards.
“Merchants handling sales over the telephone or via the Internet are encouraged to adopt additional security measures to ensure the authenticity of cards used for transactions,” the FBI said. “At a minimum, merchants should use secure servers and payment links for all Internet transactions with credit and debit cards, and information should be encrypted, if possible, to avert hackers from compromising card information provided by consumers. Credit card information taken over the telephone or through online means should be protected by the retailer to include encrypting digital information and securely disposing written credit card information.”
Two days before the FBI issued its warning, TCM Bank President and CEO Paul Weston told the House Small Business Committee that EMV cards are not a panacea for all types of payment card fraud.
Weston, who was testifying for the Independent Community Bankers of America, said additional layers of security are needed to better mitigate fraud. Multiple layers of security technologies, such as end-to-end encryption and tokenization, are needed to protect cardholder information in transit and to secure online transactions, Weston said.
“Until this layered approach can be fully implemented, consumers should know that banks comply with significant legal and regulatory requirements and are subject to rigorous examination and supervision of their data security practices and procedures,” Weston said. “We believe that similar standards should apply to all industries that handle sensitive financial information.”
The ICBA pointed out that under new rules that went into effect October 1, “liability for fraudulent transactions sits with the party—retailer or bank—that has not invested in chip technology. When both parties are either compliant or noncompliant, pre-Oct. 1 liability rules prevail, in which case banks will continue to bear the financial responsibility for fraud losses.”
Pratt’s Bank Law & Regulatory Report, Volume 49, No. 11*
THE SECURITIES AND EXCHANGE COMMISSION SAW A significant increase in whistleblower award claims in Fiscal Year 2015 according to the 2015 Annual Report to Congress on the SEC’s Dodd-Frank Whistleblower Program, released by the SEC.
The Dodd-Frank Act amended the Securities Exchange Act of 1934 by, among other things, adding Section 21F (Securities Whistleblower Incentives and Protection). Section 21F directs the Commission to make monetary awards to eligible individuals who voluntarily provide original information that leads to successful Commission enforcement actions resulting in monetary sanctions over $1 million and successful related actions.
The Commission’s Whistleblower Office (OWB) received more than 120 whistleblower award claims in FY 2015, representing a significant increase compared to prior years. “We believe this uptick in whistleblower award claims is attributable to the increased public awareness of the SEC’s whistleblower program and in response to the tens of millions of dollars that have been paid to whistleblowers under the program,” the SEC said.
OWB also saw substantial growth in the number of whistleblower tips. In FY 2015, the SEC received nearly 4,000 whistleblower tips, a 30% increase over the number of tips received in FY 2012, the first year for which the Commission had full-year data.
Pratt’s Bank Law & Regulatory Report, Volume 49, No. 12*
COMPANIES THAT OPERATE IN THE “sharing economy” (i.e., firms that provide services ranging from on-demand transportation to food delivery, maid service, grocery shopping, and errand running) could suffer a major setback to their business models if courts rule that their workers are employees and not independent contractors. In lawsuits filed against popular “ridesharing” services Uber and Lyft, drivers allege, among other things, that the companies have misclassified them as independent contractors instead of employees. These actions seek to recover back wages, benefits, and other provisions such as reimbursement for gas and mileage required for employees under California law.
Under California law, the question of whether a worker is an employee or an independent contractor is a fact-specific inquiry based on a number of factors— primarily whether the employer has the right to control the actions of the worker. A recent decision by the Ninth Circuit Court of Appeals in Alexander v. FedEx Ground Package Systems, 765 F.3d 981 (9th Cir. 2014), in which the court determined that FedEx drivers were employees who had been misclassified as independent contractors, could spell out enormous liabilities for the ridesharing companies if the courts conclude that ridesharing drivers are also employees.
In states with strict wage and overtime laws, a legal ruling that ridesharing drivers are employees would open the companies up to a host of legal liabilities. For example, in California alone this could include nonpayment of minimum wage, overtime, mileage, and required benefits, such as workers’ compensation; failure to reimburse drivers for costs related to use of their personal vehicles; violations of wage statement and other employer document requirements; Private Attorneys General Act (PAGA) penalties; and more.
Despite expected revenues of up to $10 billion in 2015, a ruling in favor of an employer-employee relationship would create devastating financial liabilities for these companies and could threaten the companies’ business models altogether. Stay tuned for more updates as the cases unfold.
Excerpt from Bender’s Labor & Employment Bulletin, Volume 15, Issue 12*
THE FEDERAL TRADE COMMISSION APPROVED FINAL amendments to its Telemarketing Sales Rule (TSR), including a change intended to help protect consumers from fraud by prohibiting four discrete types of payment methods favored by con artists and scammers: remotely created checks (RCCs), remotely created payment orders (RCPOs), money transfers, and cash reload mechanisms.
“Con artists like payments that are tough to trace and hard for people to reverse,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s new telemarketing rules ban payment methods that scammers like, but honest telemarketers don’t use.”
The TSR amendments also bar telemarketers from receiving payments through traditional “cash-to-cash” money transfers— provided by companies like MoneyGram, Western Union, and RIA; prohibit telemarketers from accepting as payment “cash reload” mechanisms—such as MoneyPak, Vanilla Reload, or Reloadit packs used to add funds to existing prepaid cards; and update several provisions related to the National Do Not Call (DNC) Registry.
Commissioner Maureen Ohlhausen dissented in part. She argued in a dissenting statement that the amendments do not satisfy the third prong of the unfairness analysis in section 5(n) of the FTC Act, which requires the FTC to balance consumer injury against countervailing benefits to consumers or competition. “Although the record shows there is consumer injury from the use of novel payment methods in telemarketing fraud, it is not clear that this injury likely outweighs the countervailing benefits to consumers and competition of permitting novel payments methods,” Ohlhausen said.
THE ENERGY DEPARTMENT HAS AGREED TO INVEST MORE than $34 million in two projects that, it said, will improve the protection of the U.S. electric grid and oil and natural gas infrastructure from cyber threats. The University of Arkansas and the University of Illinois will assemble teams with expertise in power systems engineering and the computer science of cybersecurity to develop new technologies that will help protect energy delivery systems that control the physical processes that result in the delivery of continuous and reliable power.
Under the Academic Collaboration for Cybersecurity of Energy Delivery Systems Research and Development for the Energy Sector Funding Opportunity Announcement, the Universities of Arkansas and Illinois and their partners will engage with utilities and suppliers of energy delivery systems and components from early research through the eventual transition for use by the energy sector. Lessons learned from these research and development efforts will be shared through academic outreach to ensure that the technical knowledge also transitions to the energy sector, the DOE said.
The DOE awarded over $34 million to the following two projects:
Since 2010, the Office of Electricity Delivery and Energy Reliability has invested more than $150 million in cybersecurity research, development, and demonstration projects that are led by industry, universities, and national labs.
Pratt’s Energy Law Report, Volume 16, Issue 1*
*Copyright © 2016. Matthew Bender & Company, Inc., a member of the LexisNexis Group. All rights reserved. Materials reproduced from Pratt’s Energy Law Report, Bender’s Labor & Employment Bulletin and Pratt’s Bank Law & Regulatory Report with permission of Matthew Bender & Company, Inc. No part of this document may be copied, photocopied, reproduced, translated or reduced to any electronic medium or machine readable form, in whole or in part, without prior written consent of Matthew Bender & Company, Inc.