Category Archives: Financial Institutions

FinCEN Adopts Rule Extending AML/CFT Requirements to RIAs and ERAs, Further Increasing Regulatory Obligations on Investment Advisers

by David Sewell, Timothy Clark, Ivet Bell, David Nicolardi, and Nathaniel Balk

Left to Right: David Sewell, Timothy Clark, Ivet Bell, David Nicolardi, and Nathaniel Balk (photos courtesy of authors)

On August 28, 2024, the Financial Crimes Enforcement Network (FinCEN) adopted a final rule that extends anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to certain types of investment advisers (the Final Rule), and delegates to the U.S. Securities and Exchange Commission (SEC) the authority to examine investment advisers’ compliance with these obligations.[1] The Final Rule ends a long-running debate over whether to subject investment advisers to AML/CFT obligations after multiple prior proposals to do so had stalled.

The Final Rule imports standards and requirements that will be familiar to investment advisers affiliated with financial institutions already subject to AML/CFT obligations, but may be new to smaller and independent investment advisers. For these entities, the compliance uplift required could be substantial.

Continue reading →

Treasury’s Report on AI (Part 2) – Managing AI-Specific Cybersecurity Risks in the Financial Sector

by Avi Gesser, Erez Liebermann, Matt Kelly, Jackie Dorward, and Joshua A. Goland

Top: Avi Gesser, Erez Liebermann, and Matt Kelly. Bottom: Jackie Dorward and Joshua A. Goland (Photos courtesy of Debevoise & Plimpton LLP)

This is the second post in the two-part Debevoise Data Blog series covering the U.S. Treasury Department’s report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”).

In Part 1, we addressed the Report’s coverage of the state of AI regulation and best practices recommendations for AI risk management and governance. In Part 2, we review the Report’s assessment of AI-enhanced cybersecurity risks, as well as the risks of attacks against AI systems, and offer guidance on how financial institutions can respond to both types of risks.

Continue reading →

FinCEN Proposes Comprehensive Updates to AML/CFT Program Rules

by David Sewell and Nathaniel Balk

From left to right: David Sewell and Nathaniel Balk. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

On June 28, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a proposed rule (the Proposed Rule) to update anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to reflect revisions to the Bank Secrecy Act (BSA) contained in the Anti-Money Laundering Act of 2020 (AML Act).[1]

FinCEN’s release marks the latest step in the ongoing implementation of the AML Act, which adopted the most significant revisions to the U.S. AML/CFT framework since the adoption of the USA PATRIOT Act in 2001. Although the Proposed Rule in large part clarifies, streamlines, and updates existing regulations, it includes several provisions that materially change AML/CFT compliance obligations for many financial institutions, including most notably a mandatory risk assessment process.

Below, we briefly summarize the Proposed Rule, including its scope, requirements, and potential implications, and highlight open questions and next steps.

Continue reading →

Biden Administration Releases Proposed Rule on Outbound Investments in China

by Paul D. Marquardt and Kendall Howell

From left to right: Paul D. Marquardt and Kendall Howell (Photos courtesy of Davis Polk & Wardwell LLP)

The Biden administration released its proposed rule that would establish a regulatory framework for outbound investments in China, following its advanced notice of proposed rulemaking released last August.

On June 21, 2024, the U.S. Department of the Treasury (Treasury) released its long-awaited notice of proposed rulemaking that would impose controls on outbound investments in China (the Proposed Rule). The Proposed Rule follows Treasury’s advanced notice of proposed rulemaking (the ANPRM) released in August 2023 (discussed in this client update) and implements the Biden administration’s Executive Order 14105 (the Executive Order), which proposed a high-level framework to mitigate the risks to U.S. national security interests stemming from U.S. outbound investments in “countries of concern” (currently only China). Like the Executive Order and ANPRM, the Proposed Rule reflects an effort by the Biden administration to adopt a “narrow and targeted” program and is in large part directed at the “intangible benefits” of U.S. investment (e.g., management expertise, prestige, and know-how), rather than capital alone.[1]

Continue reading →

Supreme Court Punches SEC APs Right in the Seventh Amendment

by Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, Robert B. Kaplan, Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Arian M. June, and Robert B. Kaplan. Bottom left to right: Julie M. Riewe, Kristin A. Snyder, and Jonathan R. Tuttle. (Photos courtesy of Debevoise & Plimpton LLP)

Recently, in a long-awaited ruling with significant implications for the securities industry and administrative agencies more generally, the U.S. Supreme Court affirmed the Fifth Circuit’s decision in Jarkesy v. SEC, holding that the Seventh Amendment right to a jury trial precluded the U.S. Securities and Exchange Commission (the “SEC”) from pursuing monetary penalties for securities fraud violations through in-house administrative adjudications. The key takeaways are:

The Court’s ruling was limited to securities fraud claims, but other SEC claims seeking legal remedies may be impacted, as well as claims by other federal agencies that may have been adjudicated in-house previously.
We expect that the SEC will continue its practice of bringing new enforcement actions in district court, except when a claim only is available in the administrative forum.
Because of the majority decision’s focus on fraud’s common-law roots, the decision raises questions about whether the SEC may bring negligence-based or strict liability claims seeking penalties administratively.
The Court did not resolve other constitutional questions concerning the SEC’s administrative law judges, including whether the SEC’s use of administrative proceedings violates the non-delegation doctrine and whether the SEC’s administrative law judges are unconstitutionally protected from removal in violation of Article III.
We anticipate additional litigation regarding these unresolved issues.

Continue reading →

EU Digital Operational Resilience Act (“DORA”): Incident and Cyber Threat Reporting and Considerations for Incident Response Plans

by Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso

Left to right: Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso (photos courtesy of Debevoise & Plimpton LLP)

With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain circumstances to regulators, clients, and the public.

In this post, we take a closer look at DORA’s ICT-related incident and cyber threat reporting obligations (which can require notifications as fast as four hours) and how covered entities can prepare to address them within their existing incident response plans (“IRPs”).

For a more general overview of DORA’s requirements, please see our previous blog post here, along with our coverage of management obligations for covered entities under DORA and how DORA will impact fund managers and the insurance sector in Europe.

Continue reading →

FinCEN and SEC Move Closer to New AML Requirements for Investment Advisers & ERAs

by Joel M. Cohen, Claudette Druehl, Marietou Diouf, Tami Stark, Prat Vallabhaneni, and Robert DeNault

Top: Joel M. Cohen, Claudette Druehl, and Marietou Diouf
Bottom: Tami Stark, Prat Vallabhaneni, and Robert DeNault
(Photos courtesy of White & Case LLP)

On May 13, 2024, FinCEN and the SEC jointly proposed a new rule that would require SEC-registered investment advisers and exempt reporting advisers to maintain written customer identification programs (CIPs). The new rule supplements a proposal in February to impose requirements on investment advisers similar to those that have existed for broker-dealers since 2001, as a means to address illicit finance and national security threats in the asset management industry.

For investment advisers who do not currently have an AML/CFT program, this compliance obligation will create a large shift in the way they operate. This will require significant legal time and attention, but it will be time well spent considering potential regulatory exposure and likely indemnification obligations which flow through commercial agreements in favor of counterparties.

Continue reading →

Crypto Experts React to Recent SDNY Ethereum Fraud Indictment

The NYU Law Program on Corporate Compliance and Enforcement (PCCE) is following the U.S. Attorney’s Office for the Southern District of New York’s recent indictment of two individuals for allegedly attacking and stealing $25 million from the Ethereum blockchain. The indictment in the case, United States v. Peraire-Bueno, 24 Cr. 293 (SDNY), is available here. Below, several crypto experts and former prosecutors provide their reactions to the case.

Left to right: Maria Vullo, Daniel Payne, Elizabeth Roper, Usman Sheikh, Justin Herring, and Robertson Park (photos courtesy of the authors)

Continue reading →

New U.S. Law Extends Statute of Limitations for Sanctions Violations and Enhances Regulatory and Enforcement Focus on National Security Priorities

by Anthony Lewis, Eric Kadel Jr., Sharon Cohen Levin, Craig Jones, Adam Szubin, Amanda Houle, and Bailey Springer

Top: Anthony Lewis, Eric Kadel Jr., and Sharon Cohen Levin
Bottom: Craig Jones, Adam Szubin, and Amanda Houle
(Photos courtesy of Sullivan & Cromwell LLP)

Statute Doubles the Statute of Limitations for Sanctions Violations, Expands the Scope of Sanctions Programs, and Focuses on China’s Technology Procurement, Iranian Petroleum Trafficking, and Fentanyl Production

Summary

On April 24, President Biden signed into law H.R. 815, a sweeping national security legislative package that—in addition to providing foreign aid funding for Ukraine, Israel, and Taiwan—includes the 21st Century Peace Through Strength Act, which contains a number of provisions implementing the Biden administration’s national security priorities. As summarized below, provisions of the Act align with U.S. authorities’ continued focus on China and emphasis on sanctions enforcement. In particular, the Act:

Doubles the statute of limitations for civil and criminal violations of U.S. sanctions programs from five to 10 years—raising questions about retroactive application of the statute and whether authorities will amend current rules on corporate record-keeping practices;
Requires additional agency reports to Congress, reflecting a focus on U.S. investments in, and supply-chain contributions to, the development of sensitive technologies used by China—a topic that has likewise been the recent focus of the Department of Justice and the Department of Commerce;
Targets the Chinese government’s alleged evasion of U.S. sanctions on Iranian petroleum products and involvement in related financial transactions by directing the imposition of sanctions; and
Directs the President to impose sanctions aimed at curbing China’s alleged involvement in fentanyl trafficking and calls for forthcoming guidance for financial institutions in filing related SARs.

Continue reading →

AI for IAs: How Artificial Intelligence Will Impact Investment Advisers

by Michael McDonald

Photo courtesy of Davis Wright Tremaine LLP

The use of artificial intelligence and machine learning technology solutions (“AI”) is becoming increasingly common in all industries, including the registered investment adviser (“RIA”) space. A recent survey by AI platform Totumai and market research firm 8 Acre Perspective found that 12% of RIAs currently use AI technology in their businesses and 48% plan to use the technology at some point, which means there is a realistic expectation that 60% of RIAs will be using AI in the near future. Among other use-cases, AI has the potential to be used by RIAs for portfolio management, customer service, compliance, investor communications, and fraud detection. While regulators are not likely to prohibit the use of AI in the industry, they are likely to closely monitor and regulate specific applications and use cases which is why it is essential for RIAs to understand these emerging rules and regulatory frameworks so they can appropriately leverage the many benefits of AI while ensuring their business remains compliant with these new rules of the road. DWT has recently launched a series of webinars entitled, “AI Across All Industries” available here, that has gone in-depth on the legal issues surrounding the use of AI.

Continue reading →