These are some of the compliance-related stories that recently caught my attention.
The Federal Courts Are Running An Online Scam by Seamus Hughes in Politico
But I’m here to tell you that PACER—Public Access to Court Electronic Records—is a judicially approved scam. The very name is misleading: Limiting the public’s access by charging hefty fees, it has been a scam since it was launched and, barring significant structural changes, will be a scam forever.
https://www.politico.com/magazine/story/2019/03/20/pacer-court-records-225821
The U.S. federal court system rakes in about $145 million annually to grant access to records that, by all rights, belong to the public. For such an exorbitant price—it can cost hundreds of dollars a year to keep up with an ongoing criminal case—you might think the courts would at least make it easy to access basic documents. But you’d be wrong.
Cyber Breach Disclosures: A Mess by Matt Kelly in Radical Compliance
Craving more information about how companies are disclosing cybersecurity breaches? Audit Analytics has a new report examining what publicly traded firms have been reporting in SEC filings — and you won’t get much guidance there, because those disclosures vary so widely.
http://www.radicalcompliance.com/2019/03/20/cyber-breach-disclosures-total-mess/
The Weakness in Two-Factor Authentication—Your Lost Phone Policy by Avi Gesser, John R. Kapp, and Michelle Adler in NYU Law’s Compliance & Enforcement
Hackers always look for the weak link, and they have learned to get around MFA by exploiting gaps in companies’ lost phone protocols. They do this by calling the IT help desk, saying they are employees who have lost their phone, so they can’t use the MFA app to login, and they have some emergency that requires them to get immediate access to the network.
https://wp.nyu.edu/compliance_enforcement/2019/03/18/the-weakness-in-two-factor-authentication-your-lost-phone-policy/
SEC Ends 2018 Signaling Its Approach to Regulating the Cryptocurrency Markets from Latham & Watkins
These orders — one against a token exchange, two against token issuers, and two against promoters — clarify the SEC’s approach for:
-Determining whether token transactions constitute unregistered securities offerings or unregistered broker-dealer or exchange activity
– Resolving unregistered token offerings
The Commission’s recent actions also signal the potential next frontier for SEC enforcement as the new year begins.
https://www.lw.com/thoughtLeadership/lw–sec-signals-its-approach-to-regulating-the-cryptocurrency-markets
The SEC, Compliance, Tone at the Top and Volkswagen by T. Gorman in SEC Actions
VW did have compliance systems. During his rise through the ranks the CEO was at one point in charge of Quality Assurance as well as head of Technical Development. Even after becoming CEO he continued to focus on the technical details of the vehicles as illustrated by photos in the complaint. Yet the scheme launched and continued. The failure of compliance here traces directly to the top. Under the circumstances here the “tone at the top” appears to have focused on something other than compliance.
http://www.secactions.com/the-sec-compliance-tone-at-the-top-and-volkswagen/
LIBOR, Again (Sorry!) by Rick Jones in Crunched Credit
A couple things are, at this point, clear. The Secured Overnight Financing Rate (SOFR) is a lock for the new and improved LIBOR. We are going to have a wide range of complex, often subjective triggers prompting the switch out of LIBOR, and regrettably, we are going to have a waterfall of prospective alternate SOFR rates to choose from when we switch. It’s pretty clear that when 2022 rolls around, we’re not going to have a single trigger or a single, easily understood, alternative rate. What we need is broadly agreed, clear, bright lined rules as to the date on which we switch rate and clear bright lined rules on what the index will be. We’re not getting it.
https://www.crunchedcredit.com/2019/03/articles/libor/libor-again-sorry