This edition is a round-up of anti-fraud and data protection developments. Please let us know if you have questions or comments.
Interesting diverse opinions from U.S. regulators regarding blockchain and cryptocurrency
In what some call a landmark speech, the Federal Reserve’s vice chair for Supervision Randal Quarles argues that stablecoins “could encourage [international] use of the dollar by making cross-border payments faster and cheaper, and it potentially could be deployed much faster and with fewer downsides” than a central bank digital currency (CBDC).
Crypto remains a priority for regulators as FINCEN hires another expert with prosecution experience.
Fighting Deceptive Cookie Practices. The European Center for Digital Rights (aka NOYB) is threatening to file formal complaints against companies across the EU/EEA who use deceptive cookie practices. This is a good reminder to review your cookie practices, particularly if you have EU/EEA clients. Below is a summary of the types of practices to audit for and avoid.
- Type A—No “reject” option on the first layer.
- Type B—Pre-ticked boxes on second layer.
- Type C—Deceptive link design.
- Types D and E—Deceptive button colors and contrast.
- Type H—Legitimate interest claimed.
- Type I—Inaccurate classification of cookies.
- Type K—Not as easy to withdraw as to give consent.
Global Cyber Standards and Due Diligence is Changing. China’s cybersecurity regulator launched data-security reviews of apps operated by two U.S.-listed tech companies, days after announcing a similar probe into Didi Global Inc. The latest action is a reminder of the importance of self-assessments and reviews before any such regulatory scrutiny.
More State Privacy legislation. Colorado is the newest state with comprehensive privacy legislation: The Colorado Privacy Act (CPA) was adopted in July with similar provisions to GDPR including opt out provisions, data controller and processor obligations and data contract requirements. Effective in 2023, the CPA applies to those who do business in Colorado as well as to those who operate outside of Colorado, if their products or services intentionally target Colorado residents. There are carve outs, so compliance officers should coordinate with the privacy officer, CISO and CTO as needed to assess a strategy for compliance.
EU Proposes New Regulatory Agency. The EU will reportedly increase anti-fraud and AML enforcement of crypto currencies. New EU Anti-Money Laundering Authority
ESG Disclosure Resource. UK Financial Conduct Authority recently released an ESG disclosure consultant paper. It is a helpful resource for compliance officers 1) considering their own climate disclosure compliance programs, 2) tracking evolving standards under the proposed new handbook and 3) reviewing responses to requests for proposal (RFP) for UK prospects.
Reminder to Reconcile Investment Adviser Fees & Agreements. SEC v. Elstun. In the complaint, the SEC alleges violations of Advisers Act Sections 206(1), 206(2), 206(4) and 204 related to various fee discrepancies including charging a higher percentage fee than agreed in contracts and charging advisory for non-advisory accounts.