The virtual currency market continues to grow, and this growth has fueled increased attention from retail investors and financial regulators. Financial institutions active in the virtual currency market have seen a trend towards increased regulatory oversight and the latest development imposes new client disclosure requirements upon certain companies.
The Securities and Exchange Commission (SEC) obtained a court order freezing more than $27 million in proceeds from alleged illegal distributions and sales of restricted shares of a public company , and charged the company, its CEO, and three other affiliated individuals on April 6, 2018. That same day, the Nasdaq Stock Market halted trading in the company’s stock.
The SEC’s complaint alleges that shortly after the company began trading on the Nasdaq Stock Market and announced the acquisition of a purported blockchain-empowered cryptocurrency business, its stock price rose dramatically until its market capitalization exceeded $3 billion. The SEC further alleges that the CEO and the three other individual defendants then illegally sold large blocks of their restricted shares to the public while the stock price was excessively elevated and that they collectively reaped more than $27 million in profits.
The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law (“Model Law”) in October 2017. The purpose of the Model Law is to establish standards for data security and the investigation of and notification to the Insurance Commissioner of a Cybersecurity Event, but is not intended to create a private right of action.
The Model Law is based largely on the New York Department of Financial Services’ Cybersecurity Regulations, 23 NYCRR 500 (“NYDFS Cyber Regulations”), which took effect on March 1, 2017.  In fact, a drafting note to the Model Law indicates that compliance with the NYDFS Cyber Regulations is intended to constitute compliance with the Model Law.
The Equifax breach affecting as many as 143 million U.S. consumers highlights the segmented legal landscape surrounding data security as well as the challenges of regulating it. News reports indicate that federal agencies, including the FTC, and a number of state Attorneys General either are or have been called to investigate Equifax and a number of class actions have already been filed.
Some commentators have suggested that the Equifax breach requires a regulatory response, but it is not clear that regulation would have prevented the breach.
The FTC reached a settlement with online tax preparation service TaxSlayer Online for allegedly violating the Gramm Leach Bliley Act’s (“GLBA”) Privacy Rule and Regulation P as well as the Safeguards Rule.
The Privacy Rule/Regulation P requires financial institutions to provide initial and annual notices to their customers informing them about what nonpublic personal information is shared with third parties. It also provides information about how consumers can opt out of certain information sharing. Both the FTC and the Consumer Financial Protection Bureau enforce the Privacy Rule.
The Safeguards Rule requires financial institutions to use reasonable procedures to safeguard their customers’ nonpublic information. The FTC enforces the Safeguards Rule.
© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.