Category Archives: FinTech

FinCEN Proposes Comprehensive Updates to AML/CFT Program Rules

by David Sewell and Nathaniel Balk

From left to right: David Sewell and Nathaniel Balk. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

On June 28, 2024, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a proposed rule (the Proposed Rule) to update anti-money laundering (AML) and countering the financing of terrorism (CFT) compliance obligations to reflect revisions to the Bank Secrecy Act (BSA) contained in the Anti-Money Laundering Act of 2020 (AML Act).[1]

FinCEN’s release marks the latest step in the ongoing implementation of the AML Act, which adopted the most significant revisions to the U.S. AML/CFT framework since the adoption of the USA PATRIOT Act in 2001. Although the Proposed Rule in large part clarifies, streamlines, and updates existing regulations, it includes several provisions that materially change AML/CFT compliance obligations for many financial institutions, including most notably a mandatory risk assessment process.

Below, we briefly summarize the Proposed Rule, including its scope, requirements, and potential implications, and highlight open questions and next steps.

Continue reading →

EU Digital Operational Resilience Act (“DORA”): Incident and Cyber Threat Reporting and Considerations for Incident Response Plans

by Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso

Left to right: Robert Maddox, Stephanie Thomas, Annabella M. Waszkiewicz, and Michiko Wongso (photos courtesy of Debevoise & Plimpton LLP)

With the EU Digital Operational Resilience Act (“DORA”) implementation deadline set for January 2025, many financial services firms are spending 2024 preparing for the new regime. Amongst many operational resilience and management oversight requirements, DORA will require covered entities to monitor for, identify, and classify Information and Communications Technology (“ICT”)-related incidents (“incidents”) and cyber threats and report them under certain circumstances to regulators, clients, and the public.

In this post, we take a closer look at DORA’s ICT-related incident and cyber threat reporting obligations (which can require notifications as fast as four hours) and how covered entities can prepare to address them within their existing incident response plans (“IRPs”).

For a more general overview of DORA’s requirements, please see our previous blog post here, along with our coverage of management obligations for covered entities under DORA and how DORA will impact fund managers and the insurance sector in Europe.

Continue reading →

Second Circuit: Crypto Exchange Binance Subject to U.S. Securities Laws to Avoid a Regulatory Vacuum

by David Livshiz, Timothy Howard, Andrew Gladstein, Peter Linken, Jacob Johnston, and Seve Kale

Left to right: David Livshiz, Timothy Howard, Andrew Gladstein, Peter Linken, and Seve Kale (photos courtesy of authors)

A recent Second Circuit decision underscores that decentralized crypto exchanges with no claimed “home” jurisdiction face a substantial likelihood of exposure to U.S. securities laws. In Williams v. Binance, 96 F.4th 129 (2d Cir. 2024), the Second Circuit held plaintiffs adequately alleged crypto token purchases made on Binance’s trading platform by U.S. persons were domestic transactions and subject to U.S. securities laws on two independent grounds. First, it was plausible that plaintiffs’ purchase orders were matched with sellers on servers located in the U.S. Second, Binance’s Terms of Use stated orders became irrevocable once they were sent to Binance, which the plaintiffs alleged occurred from their homes in the United States. The Court’s extraterritoriality analysis focused on Binance’s express disclaimer of a physical presence or geographical headquarters and the inapplicability of any other country’s securities regime. These factors created the possibility of a regulatory vacuum absent imposition of U.S. securities laws. Underscoring this point, the Court reasoned that “[e]ven if the Binance exchange lacks a physical location, the answer to where [it matches transactions] cannot be ‘nowhere.’” Williams, 96 F.4th at 138.

It will take years before the full implications of Williams become clear; but what is already clear is that U.S. courts are likely to be skeptical of corporate structures that appear to leave a company immune from litigation anywhere. This skepticism is particularly relevant to crypto exchanges and other decentralized actors, which may not have or maintain a traditional “home” jurisdiction or base. Such decentralized actors may wish to consider taking steps to reduce the risk of exposure to U.S. securities laws, including affirmatively establishing a domicile outside the U.S. by opening a non-U.S. office or otherwise formally submitting to regulation by another nation, using servers data centers, and other computer network infrastructure outside of the United States, and drafting terms of service or other contractual agreements to provide that transactions become irrevocable in a location outside the U.S.

Continue reading →

FinCEN and SEC Move Closer to New AML Requirements for Investment Advisers & ERAs

by Joel M. Cohen, Claudette Druehl, Marietou Diouf, Tami Stark, Prat Vallabhaneni, and Robert DeNault

Top: Joel M. Cohen, Claudette Druehl, and Marietou Diouf
Bottom: Tami Stark, Prat Vallabhaneni, and Robert DeNault
(Photos courtesy of White & Case LLP)

On May 13, 2024, FinCEN and the SEC jointly proposed a new rule that would require SEC-registered investment advisers and exempt reporting advisers to maintain written customer identification programs (CIPs). The new rule supplements a proposal in February to impose requirements on investment advisers similar to those that have existed for broker-dealers since 2001, as a means to address illicit finance and national security threats in the asset management industry.

For investment advisers who do not currently have an AML/CFT program, this compliance obligation will create a large shift in the way they operate. This will require significant legal time and attention, but it will be time well spent considering potential regulatory exposure and likely indemnification obligations which flow through commercial agreements in favor of counterparties.

Continue reading →

Crypto Experts React to Recent SDNY Ethereum Fraud Indictment

The NYU Law Program on Corporate Compliance and Enforcement (PCCE) is following the U.S. Attorney’s Office for the Southern District of New York’s recent indictment of two individuals for allegedly attacking and stealing $25 million from the Ethereum blockchain. The indictment in the case, United States v. Peraire-Bueno, 24 Cr. 293 (SDNY), is available here. Below, several crypto experts and former prosecutors provide their reactions to the case.

Left to right: Maria Vullo, Daniel Payne, Elizabeth Roper, Usman Sheikh, Justin Herring, and Robertson Park (photos courtesy of the authors)

Continue reading →

AI for IAs: How Artificial Intelligence Will Impact Investment Advisers

by Michael McDonald

Photo courtesy of Davis Wright Tremaine LLP

The use of artificial intelligence and machine learning technology solutions (“AI”) is becoming increasingly common in all industries, including the registered investment adviser (“RIA”) space. A recent survey by AI platform Totumai and market research firm 8 Acre Perspective found that 12% of RIAs currently use AI technology in their businesses and 48% plan to use the technology at some point, which means there is a realistic expectation that 60% of RIAs will be using AI in the near future. Among other use-cases, AI has the potential to be used by RIAs for portfolio management, customer service, compliance, investor communications, and fraud detection. While regulators are not likely to prohibit the use of AI in the industry, they are likely to closely monitor and regulate specific applications and use cases which is why it is essential for RIAs to understand these emerging rules and regulatory frameworks so they can appropriately leverage the many benefits of AI while ensuring their business remains compliant with these new rules of the road. DWT has recently launched a series of webinars entitled, “AI Across All Industries” available here, that has gone in-depth on the legal issues surrounding the use of AI.

Continue reading →

Wachtell Publishes Financial Institutions M&A Guide for 2024

Editor’s Note: This post contains excerpts from Wachtell, Lipton, Rosen & Katz’s Guide: “Financial Institutions M&A 2024: Seizing Opportunities, Navigating Pitfalls,” the full version of which is available here.

by Ed Herlihy, Richard Kim, Nick Demmo, David Shapiro, Matt Guest, Mark Veblen, Brandon Price, and Jake Kling

Top left to right: Ed Herlihy, Richard Kim, Nick Demmo, and David Shapiro
Bottom left to right: Matt Guest, Mark Veblen, Brandon Price, and Jake Kling
(Photos courtesy of Wachtell, Lipton, Rosen & Katz)

KEY TRENDS IN FINANCIAL INSTITUTIONS M&A DURING 2023

I. M&A FALLS FOR A SECOND CONSECUTIVE YEAR OWING TO GEOPOLITICAL, MACROECONOMIC AND REGULATORY FACTORS

Financial institutions M&A fell for the second year in a row in 2023. Like most other sectors of the economy, financial institutions faced significant M&A headwinds during the year, including geopolitical instability, elevated inflation, high interest rates, challenging and often volatile equity markets, enhanced antitrust risks and uncertainty, and recessionary fears that softened only towards the end of the year.

Continue reading →

With The Fintech Sector’s Return to Explosive Growth, Here Are Top U.S. Legal Issues to Watch

by Jamillia Ferris, Vinita Kailasanath, Christine Lyon, Jan Rybnicek, and David Sewell

Left to right: Jamillia Ferris, Vinita Kailasanath, Christine Lyon, Jan Rybnicek, and David Sewell (photos courtesy of Freshfields Bruckhaus Deringer LLP)

Freshfields recently hosted a U.S. Fintech Hot Topics Webinar to highlight on-the-ground insights from our Antitrust and Competition, Data Privacy and Security, Financial Services Regulatory, and Transactional teams. The fintech sector has recently seen a return to explosive growth and is expected to continue growing rapidly notwithstanding regulatory and economic headwinds. Our top takeaways from the panel discussion are below, and the full recording is available here.

Continue reading →

Blockchain Analytics: A Reliable Use of Artificial Intelligence for Crime Detection and Legal Compliance

by Sujit Raman and Thomas Armstrong

From left to right: Sujit Raman and Thomas Armstrong. (Photos courtesy of authors).

Everyone these days is talking about artificial intelligence and how to use it responsibly. Among law enforcement and compliance professionals, discussions around the responsible use of AI are nothing new. Even so, recent advances in machine learning have turbocharged AI’s transformative potential in detecting, preventing, and—in a particular sense—even predicting illicit activity. These advances are especially notable in the field of blockchain analytics: the process of associating digital asset wallets to real-world entities.

In a recent, pathbreaking opinion and order, U.S. District Judge Randolph Moss rejected a criminal defendant’s challenge to the government’s evidentiary use of blockchain analytics to link him to illicit financial activity.[1] Many courts—including, just a few days ago, a U.S. district court in Massachusetts[2]—have relied on the validity of blockchain analytics when taking pre-trial actions like issuing seizure orders and authorizing arrest warrants; Judge Moss’s opinion is the first trial court examination of this powerful analytic capability. Taken together, this growing body of legal authority forcefully affirms the reliability—and therefore admissibility in court—of evidence derived from such analytics.

Continue reading →

Creating A European Union-Wide Anti-Money Laundering/Counter Financing of Terrorism Regime (Part II): Changes in Anti-Money Laundering Rules

by Jonathan J. Rusch

Photo courtesy of the author

As part of its continuing efforts to strengthen the capacity and capability of the European Union (EU) to combat money laundering and terrorism financing[1], on January 18, 2024 the Council of the European Union announced that it and the European Parliament had found a provisional agreement on parts of the anti-money laundering and countering the financing of terrorism (AML/CFT) package to protect EU citizens and the EU’s financial system.

This provisional agreement is intended to accomplish two fundamental objectives: (1) to transfer all AML/CFT rules applying to the private sector to a new regulation; and (2) in doing so, for the first time to make those rules more stringent and harmonize them “exhaustively”, in order to close possible loopholes that criminals use to launder illicit proceeds or finance terrorist activities through the financial system.[2]

The first post in this series covered the provisional agreement relating to the creation and operation of a new EU-wide anti-money laundering authority (AMLA).[3] This post will summarize and comment on the extensive and detailed provisions of this provisional agreement with regard to two elements: (1) the new AML regulation[4]; and (2) a new AML/CFT directive (to be designated by the EU as the “Sixth Anti-Money Laundering Directive”) that would establish the mechanisms that EU Member States should put in place for AML/CFT purposes and repeal the EU’s 2015 Fourth AML Directive.[5]

Continue reading →