Skip to content
Time to Update Risk Assessments & Training

This Report is filled with developments you should consider for updating your outreach, training and risk assessments. We hope this will help you get ready for the 2nd half of 2021!


Custody and anti-manipulation controls remain important for compliance programs and risk assessment priorities particularly as SEC resistance to digital assets continues.

A recent SEC Staff Statement is another negative signal for crypto. Read the latest May Statement Investing Bitcoin Futures Market

SEC continues its focus on whether digital assets are properly registered securities; it charges BitConnect for its $2 billion lending program of alleged unregistered securities.

Insider Trading Bill proposed to create a statutory ban on insider trading that also addresses more contemporary fraud – use of MNPI by hacking or theft when there is no breach of a fiduciary duty.

Weeks after the Colonial Pipeline hack, CNA, one of the largest insurance companies disclosed that it paid $40 million in ransom after it was locked out of its network. Perhaps not coincidently, CNA itself is an insurer of cyber insurance.

Institute for Security & Technology Ransomware Task Force presented a report to the Biden Administration just days before the Colonial hack. The report offers 48 suggestions to increase cybersecurity & some sobering statistics you should feel free to use in your training.
  • 21 Days-Average downtime due to ransomware attacks;
  • 287 Days – Average days it takes a business to fully recover after an  attack
  • $350 Million -Victims paid a ransom in 2020
  • $312,493 – Average ransom payment in 2020
  • 2,400 – U.S. Governments, healthcare facilities and schools were victims of ransomware in 2020


Signals for SEC Priorities Continue. On May 6, Chair Gensler testified before the House Committee on Financial Services. Gensler’s testimony indicates the SEC priorities & therefore adjustments for your inherent ratings in your risk assessments such as: gamification to induce trading, payment for order flow and equity market structure. The new Chair indicated that a report is forthcoming.

In testimony a few weeks later, SEC Chair Gensler indicated the regulatory agenda may include testing private fund controls and disclosures, proxy voting changes, ESG claims and crypto assets. May 26 Gensler Testimony

Portfolio Managers & CRO Charged by SEC.  SEC filed a civil action against investment management firm LJM and two of its portfolio managers for fraudulently misleading investors and its Board about the level of risk in its portfolios resulting in $1 billion trading loss. This case also involved personal liability for the chief risk officer who separately settled the claims and is now barred from the industry.

Another Failure to File SAR Case – In the Matter of GWFS Equities, Inc. (May 12, 2021). Over a three-year time period, the firm allegedly failed to detect and report efforts by bad actors to gain access to its processes through the use of improperly obtained PII. During this time, the firm failed to file SARs relating to 130 bad actor attempts.  In another 279 instances, the firm filed SARs, but omitted material information. The firm consented to a cease and desist order, and agreed to pay $1.5 million penalty. This is a good case to add to your annual AML training.

Financial Materiality & ESG – SEC Commissioner Allison Herren Lee made significant remarks in a speech titled Living in a Material World: Myths and Misconceptions about Materiality” Her remarks focused on the definition of material disclosure standards and whether non-financial or quantitative factors can be material. She refuted the idea that climate and ESG are matters of social or political concerns and not material to investment or voting concerns. Also read the Executive Order to understand this evolving issue and efforts to determine the financial impact of climate change risks. May 20 Executive Order.

June 2, the SEC announced more than $23 million in whistleblower claims.  This is a good reminder to refresh your self-reporting and escalation incentives. It’s costly if your compliance program does not effectively encourage reporting.

Guest Column

by Courtney Lang
ESG is Changing Governance

In case you missed it, stakeholders brought landmark changes to the oil and gas extraction and production industry at the end of last month. ExxonMobil, Chevron, and Royal Dutch Shell were affected by growing climate concerns amongst shareholders and governments.

After decades of climate disinformation campaigns and unsatisfactory responses to shareholder questions about stranded asset risk, climate risk, and its place in the transition to the low carbon economy, Exxon’s day of reckoning came on May 26th during its annual shareholder meeting. I watched with delight as the company lost two board seats to a small, activist hedge fund, Engine No. 1. My feeling of schadenfreude increased last week, when it was announced that a third Engine No. 1-nominated board member preliminarily won the shareholder vote that was previously too close to call.  If these election results are finalized, Engine No.1-backed board members will make up 25% of Exxon’s 12-member board despite the small activist investor owning only 0.02% of Exxon’s shares. To accomplish this feat, Engine No. 1 was supported by large institutional investors in Exxon such as CalPERS, CalSTRS, the New York State Common Retirement Fund, BlackRock, and Vanguard. Hopefully this coup will drive material changes to Exxon’s core business strategies including shifting to renewable energy and decreased anti-climate lobbying. Furthermore, I am skeptically optimistic that other boards will see this as a wakeup call that maintaining the status quo may cost them their board seats.

Meanwhile at Chevron, shareholders voted 61% in favor of the proposal to cut Scope 3 carbon emissions but missed the majority vote by 2% on shareholder proposals to limit lobbying and to report material risks to business posed by Biden’s and the EU’s Net Zero plans.

On the same day, a Dutch court ruled that Royal Dutch Shell must decrease its 2019-level greenhouse gas emissions 45% by 2030 on the grounds that contributing to global climate change violates human rights. I agree wholeheartedly.