Author Archives: Seth Massey

CFTC and FinCEN Impose $100 Million Penalty on BitMEX

by H. Christopher Boehning, Walter Brown, Jessica S. Carey, Manuel S. Frey, Michael E. Gertzman, Mark F. Mendelsohn, Rachel Fiorill, Jacobus J. Schutte, and Bailey K. Williams

On August 10, 2021 the Commodity Futures Trading Commission (CFTC) and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) announced $100 million in civil money penalties against BitMEX, a convertible virtual currency (CVC) derivatives exchange, for violations of the Currency Exchange Act (CEA) and the Bank Secrecy Act (BSA).[i] This was FinCEN’s first enforcement action against a futures commission merchant (FCM), and the latest in a series of regulatory enforcement actions in the cryptocurrency space. Continue reading →

OFAC Enforcement Action Against U.S. Payments Company Shows the Importance of Robust Sanctioned Person and Location Screening

by Jessica S. Carey, Christopher D. Frey, Michael E. Gertzman, Roberto J. Gonzalez, Brad S. Karp, Richard S. Elliott, Rachel Fiorill, and Joshua R. Thompson

On July 23, 2021, the U.S. Department of the Treasury’s Office of Assets Control (“OFAC”) announced a $1,400,301 settlement agreement with a New York-based online money transmitter and provider of prepaid access, Payoneer Inc. (“Payoneer”), to resolve 2,260 apparent violations of multiple OFAC sanctions programs.[1] OFAC determined that Payoneer’s sanctions compliance program—in particular its sanctioned person and location screening procedures—had several deficiencies that allowed persons located in sanctioned jurisdictions and persons on OFAC’s Specially Designation Nationals and Blocked Persons List (the “SDN List”) to engage in approximately $802,117 worth of transactions via Payoneer’s services. Continue reading →

A New Variation in SEC Insider Trading Enforcement

by John Savarese and Wayne Carlin

Earlier this week, the SEC filed a complaint in the Northern District of California alleging insider-trading charges that may signal a more aggressive approach to enforcement under the agency’s new leadership. In SEC v. Panuwat (PDF: 326 KB), the SEC charged a corporate executive who learned about an impending acquisition of his employer and then traded in the securities of an unrelated company in the same industry that he anticipated would materially increase in price when his employer’s acquisition was publicly announced. Continue reading →

SEC Levies $1 Million Penalty for Allegedly Misleading Cybersecurity Incident Disclosures

by Jeremy Feigelson, Avi Gesser, Paul Rodel, Joshua Samit, Charu Chandrasekhar, and Corey Goldstein

The U.S. Securities and Exchange Commission this week took the rare step of penalizing a company for its allegedly poor disclosure of a cyber incident. The SEC announced a $1 million civil penalty against Pearson plc (“Pearson”), a London-based educational publishing company that is a U.S. securities issuer. The penalty resolves charges that Pearson misled investors related to a 2018 data breach. Continue reading →

The Supreme Court TransUnion Case: Part 2—What It Means for Efforts to Defeat Class Certification?

by Mark P. Goodman, Maura Kathleen Monaghan, Jim Pastore, Jacob W. Stahl, and Adam Aukland-Peck

This is Part 2 of a two-part article on the recent U.S. Supreme Court TransUnion decision. In Part 1, we discussed the implications of the decision for standing in cyber cases. Continue reading →

The Biden White House Ramps up Antitrust Enforcement and Reform

by Ann O’Leary, Tom Perrelli, Katie Johnson, Sarah Norman, Phil Sailer, Laurel Raymond

I. Introduction

On July 9, 2021, President Biden signed Executive Order 14036, “Promoting Competition in the American Economy”[1] (the “EO”). The sweeping competition EO, coupled with six competition bills[2] advanced by a bipartisan vote of the House Judiciary Committee in June, signals a sustained focus on competition policy from both the White House and Congress, and that focus is set to only intensify over the next year in the lead up to the midterms. Continue reading →

The Colorado Privacy Act: Enactment of Comprehensive U.S. State Consumer Privacy Laws Continues

by Ryan T. Bergsieker, Sarah E. Erickson, Lisa V. Zivkovic, and Eric M. Hornbeck

On July 7, 2021, Colorado Governor Jared Polis signed into law the Colorado Privacy Act (“CPA”), making Colorado the third state to pass comprehensive consumer privacy legislation, following California and Virginia. Continue reading →

SEC Fires Shot Across the Bow of SPACs

by Mark Schonfeld, Evan M. D’Amico, Thomas J. Kim, Jonathan Whalen, Tina Samanta, and Timothy Zimmerman

On July 13, 2021, the Securities and Exchange Commission (“SEC”) announced a partially settled enforcement action against a Special Purpose Acquisition Company (“SPAC”), the SPAC sponsor and the CEO of the SPAC, as well as the proposed merger target and the former CEO of the target for misstatements in a registration statement and amendments concerning the target’s technology and business risks.[1] As of the date of the enforcement action, the registration statement had not been declared effective and the proxy statement/prospectus had not been mailed to the SPAC shareholders. This action is notable because the allegations against the SPAC, its sponsor and its CEO are premised on a purported negligent deficiency in their due diligence, which failed to uncover alleged misrepresentations and omissions by the target and its former CEO. This action has important implications for SPACs, their sponsors and executives for their diligence on proposed acquisition targets. Continue reading →

EDPB Issues New Guidance on Storing Credit Card Data for Future Purchases

by Christian F. McDermott, Calum Docherty, and Victoria Wan

Online shopping has boomed in recent years. In 2020, the European statistics agency Eurostat estimated that 7 out of 10 internet users made online purchases within a 12 month period. The European Central Bank found that the total number of non-cash payments in the euro area increased by 8.1% in 2019 (the last year statistics are available) year-on-year with a total value of €162 trillion, which included 45 billion transactions processed by retail payment systems worth €35 trillion. This growth has likely surged during the COVID-19 pandemic, when many consumers turned to e-commerce.

The opportunities for retailers also present data protection risks. On 19 May 2021 the European Data Protection Board (EDPB) adopted Recommendations 02/2021 on the legal basis for the storage of credit card data for the sole purpose of facilitating further online transactions (the Recommendations) to address the vast data processing operations behind these transactions. The Recommendations focus on when and how online retailers can store a customer’s credit card data after a sale or transaction for the sole purpose of facilitating future purchases by that customer. The EDPB has expressly excluded from the scope of the Recommendations the storage of credit card data in relation to ongoing contracts, such as for subscription services, and the activities of payment institutions operating in online stores. The Recommendations only reference credit cards and not payment cards more generally (such as debit cards, prepaid cards, etc.). It is unclear whether the EDPB might have similar expectations of online retailers that store other payment card or direct debit data for the same purposes. Continue reading →

The Supreme Court TransUnion Case Part 1 – What it Means for Standing in Cyber Cases

by Avi Gesser and Johanna N. Skrzypczyk

This is Part 1 of a two-part article on the recent U.S. Supreme Court TransUnion decision. In Part 2, we will discuss the implications of the decision for efforts to defeat class certification. Continue reading →

Compliance and Enforcement