Financial Regulatory Forum

New U.S. prosecution easing on marijuana does not cut laundering risk for banks, sources say

By Brett Wolf, Compliance Complete

NEW YORK, Sept. 6 (Thomson Reuters Accelus) - A Justice Department memorandum circulated last week that gave U.S. states leeway to experiment with pot legalization failed to address the provision of financial services to marijuana dispensaries, which suggests the Obama administration still is not prepared to allow money from state-recognized pot sales to flow into banks and other financial institutions, money-laundering policy experts said.

“The Justice Department could have gone the next step and at least applied its new standards to financial transactions that derive from medical marijuana proceeds. That at least would have been an attempt to take the burden away from the financial services community to make some very difficult determinations,” said Peter Djinis, a former regulatory policy official with the U.S. Treasury Department’s anti-money laundering unit, the Financial Crimes Enforcement Network (FinCEN).  (more…)

U.S. financial regulation has gaps in risk oversight, insurance, infrastructure, global stability board finds

By Nick Paraskeva, Compliance Complete contributing author

NEW YORK, Sept 3. (Thomson Reuters Accelus) – A Financial Stability Board (FSB) peer review of U.S. regulation found gaps in oversight of systemic risk, insurance firms and financial infrastructure.

The report called on the United States to develop the Treasury-led oversight council into a “systematic, analytical and transparent macroprudential framework” that better coordinates the work of its member regulators. The 10 agency heads in Financial Stability Oversight Council have not always seen eye to eye. (more…)

Cybersecurity should be a compliance issue, says expert

By Emmanuel Olaoye, Compliance Complete

WASHINGTON, Aug. 27 (Thomson Reuters Accelus) – In March this year, a group of Islamic hackers announced that they were launching the latest phase of their denial of service attacks against the largest U.S. banks. The group, which called itself the Izz ad-Din al-Qassam Cyber Fighters, targeted the websites of banks including Bank of America, Wells Fargo, and PNC Bank.

Within days, customers of those banks were complaining of difficulties in accessing the institution’s websites. (more…)

U.S. regulators urge firms to improve business continuity and disaster recovery plans

By Stuart Gittleman, Compliance Complete

NEW YORK, Aug.21 (Thomson Reuters Accelus) – Futures and securities firms should review their industry-wide and internal business continuity and disaster recovery plans to improve responsiveness to significant disruptions and reduce recovery time, their regulators said Friday in a staff advisory.

U.S. regulators have been particularly concerned over how financial firms plan for disasters since the attacks of September 11, 2001, and through the President’s Working Group on Financial Markets during the administration of George W. Bush urged the industry to strengthen its defenses. The concerns have included flooding following Hurricane Katrina and the threat of an influenza pandemic, and are growing. (more…)

Brokers face a fight asking the SEC to end exchanges’ SRO structure

By Nick Paraskeva, Compliance Complete contributing author

NEW YORK, Aug. 14 (Thomson Reuters Accelus) - Wall Street has asked regulators to consider ending the special supervisory status given to exchanges, saying that new technology such as dark pools and algorithmic trading has led to broker-dealers directly competing with exchanges for market share.

The exchanges have countered that market dispersion hurts investors, and are seeking regulatory protection from high frequency trading, and the Securities and Exchange Commission, which oversees both brokers and exchanges, is in the middle. (more…)

Cybersecurity and the board: avoiding personal liability — Part III of III: Policies and procedures

By Steven L. Caponi, Thomson Reuters Accelus contributing author

NEW YORK, Aug. 8 (Thomson Reuters Accelus) - In the previous two installments of this series (Part I and Part II), we discussed the fiduciary obligation of officers/directors to proactively address cyber security and the legal basis for holding them personally liable if they fail to do so. This third and final article explores the more difficult task of deciding which best practices directors should consider adopting. Because each enterprise faces unique challenges, this process requires that directors understand their company’s cyber security risk profile and the options available for mitigating the risk.

When deciding which policies or procedures to adopt, boards should consider how their decisions will be viewed after an incident occurs. Following a loss or serious data breach, the various interested parties – stockholders, regulators, customers, politicians, media, and courts – will seek to assign blame. This chorus of finger pointers will inevitably be looking through the distorted lens of hindsight. Directors will not be accorded the benefit of the doubt, the presumption of good faith will be thrown out the window, and a conscientious cost-benefit analysis will be characterized as a deliberate decision to sacrifice data security on the altar of corporate profits. (more…)

Cybersecurity and the board of directors: avoiding personal liability — Part II of III

By Steven L. Caponi, Compliance Complete contributing author

NEW YORK, Aug. 6 (Thomson Reuters Accelus) - The first article in this three-part series discussed how legal principles governing directors’ fiduciary duties may be applied to cybersecurity and the risks posed by cyber attacks. To summarize, Delaware’s corporate law places an affirmative obligation on fiduciaries to keep informed of serious risks facing the enterprise. The failure to exercise appropriate oversight in the face of known risks constitutes a breach of the duty of loyalty, a breach that cannot be exculpated under 8 Del. C. §102(b)(7).

In Part II of this series, we explore the “red flags” placing directors on notice of their obligation to proactively manage cyber security risks, and that expose a complacent board to costly litigation and the specter of personal liability. When evaluating whether a particular issue warrants board consideration, directors and officers should look at the nature of the risk, its potential impact on the company, and the extent to which the risk is foreseeable.  (more…)

Cybersecurity and the board of directors: avoiding personal liability – Part I of III

By Steven L. Caponi, Contributing author for Compliance Complete

NEW YORK, July 25 (Thomson Reuters Accelus) - The likelihood of a cybersecurity breach hitting one’s company in the near future is as certain as will be the resulting drop in shareholder value, finger pointing, fines, regulatory headaches and civil litigation alleging the board was asleep at the wheel in the face of a known danger. In a letter to the Chairman of the Securities and Exchange Commission from five U.S. senators, including Commerce committee Chairman Jay Rockefeller, the Senators noted:

“Every day, malicious actors attack and disrupt computer networks to steal valuable trade secrets, intellectual property, and financial and confidential information, causing significant damage to the United States Government, our citizens, our business, and our country.”  (more…)

Cybersecurity in Canada: Finance industry, government seek ways to share data

By Daniel Seleanu, Compliance Complete

TORONTO/NEW YORK, July 18 (Thomson Reuters Accelus) - More cooperation with government intelligence agencies would improve the Canadian financial industry’s cyber security capabilities, regulatory and industry experts told Thomson Reuters. Financial institutions have deployed defences, but face considerable threat from cyber-criminals intent on committing fraud, stealing sensitive information, and disrupting their networks.

To mitigate those risks, security and financial experts have called for an enhanced information-sharing system that would allow firms to provide detailed cyber-attack statistics to the government in exchange for intelligence on emergent threats and mitigation strategies. To date, attempts to establish such a system have had little result.  (more…)

U.S. regulators’ Basel III rules package signals intent to maintain momentum in big-bank reforms

By Bora Yagiz

NEW YORK, July 17 (Thomson Reuters Accelus) - In a move considered to be the most complete overhaul of U.S. bank capital standards since Basel I in 1988, three U.S. banking regulators (the Federal Reserve Board, Office of Comptroller of the Currency, and Federal Deposit Insurance Corporation) have finalized the three Basel III-related notices of proposed rulemaking (NPRs) from 2012 on capital rules.

Collectively, the rules raise capital ratios, expand the base of assets for risk-based capital calculations, make changes to the methodology for calculation of credit risk weightings for banking and trading book assets and put emphasis on a stricter definition of capital, especially with regards to common equity Tier 1 (CET1) capital, the highest quality of equity. Higher quality of equity is perceived to provide a better safety net for the financial system in economic downturns, but this safety comes with a higher cost of business for the banks. Simply put, money kept as capital is not invested.  (more…)

  •