U.S. securities enforcement authorities are sharpening their focus on deceptive and unsafe practices in an attempt to identify fraud before it leads to blowups that are too big to control
After the sudden collapse of top crypto exchange FTX, which was presumed to be “doing things right,” regulators are looking harder at whether enough effective controls are in place to prevent fraud. Even before the rapid demise FTX, agency enforcers were recognizing the need to update their strategies to keep up with the velocity of digital fraud. Lawmakers who have asked regulators why they failed to head off the recent disaster were told the same.
Broader crackdown in unregulated spaces
In the year ahead, regulators are expected to crack down more forcefully on firms in many emerging sectors that have overlooked compliance. The FTX case showed the danger that can emerge practically overnight in an opaque market that lacks oversight. The enforcement focus will hit a wide range of complex, illiquid products and financial services where less transparent practices pose hidden risk to investors.
The FTX collapse has marked a turning point. Even crypto-friendly lawmakers and consumer advocates now want stronger enforcement against bad actors to restore trust. In fact, consumer advocates have railed against new rules that could be seen as legitimizing the novel products as mainstream investments.
Dennis Kelleher, head of the Better Markets advocacy group, said regulators came “perilously close” to allowing crypto firms to clear their own trades, adding that the FTX collapse showed that such “carve outs” sought by crypto firms posed risk to investors. Investigators blamed the FTX failure largely on a lack of securities-industry style internal oversight.
FTX gives enforcement a green light
When agency chiefs asserted that they had the rules to act against the unregulated, offshore FTX, and lawmakers called for more proactive enforcement, it was seen as a green light for enforcement authorities to go forward with actions against anyone who puts U.S. investors at risk.
The Securities and Exchange Commission’s (SEC’s) enforcement strategy has targeted gatekeepers who enable or ignore fraud; and SEC Chairman Gary Gensler in December issued a stern warning to lawyers and compliance units against helping crypto-clients or their advisory firms evade securities laws.
The FTX investigation showed the importance of uncovering data that points to hidden practices that can harm investors. Investigators alleged that they found a “smoking gun” showing fraud inside the crypto firm in “a few lines of computer code” an engineer wrote that automatically siphoned customer funds to the FTX trading subsidiary. Further, the agency’s broad sweep of Wall Street firms’ electronic communications practices, which resulted in $2 billion in fines last year continues.
Locating hidden fraud
A recent study led by a University of Toronto professor found that only one-third of frauds at public companies are ever discovered. The study concluded fraud is “like an iceberg, with significant undetected fraud beneath the surface.”
The problem of hidden fraud has become more challenging as new technology accelerates illicit exploits. By leveraging financial technology tools, firms can often grow so quickly that compliance controls can’t keep up, said Federico Baradello, chief executive officer of merger and acquisition adviser Finalis.
Whether by design or sloppiness, he said, FTX grew from startup to a $37 billion enterprise without putting controls in place. Investigators found important documents carried on “scraps of papers” that founder Sam Bankman-Fried had stuffed in his pockets. An SEC examiner in San Francisco in post-FTX inspections found investment advisers and hedge funds that allowed partners to keep encryption keys to company assets on their personal electronic devices.
The Consumer Financial Protection Bureau became an early mover among agencies in initiatives to examine and take action against “black box” applications that hide abusive practices. The agency has also launched initiatives and begun investigations of Big Tech firms and online lenders over the past year for algorithmic abuses. Its moves could foreshadow similar strategies at other agencies with regard to unregulated financial-services sectors.
The SEC itself has spent much of the past two years going through a massive rulemaking process to update regulations to reflect vast change in the way financial markets work. Chairman Gensler has largely focused on sectors where technology has reduced transparency as trade volume moved away from “lit” markets. With more visibility, more enforcement actions are expected.
In monitoring a much larger regulatory footprint, SEC enforcement will have new technology to monitor for abuse. The SEC in December disclosed the first major enforcement action using the Consolidated Audit Trail, which vastly expands the surveillance footprint for enforcement.
Regulators using new tech tools
In its 2023 Report on FINRA’s Examination & Risk Monitoring Program, the Financial Industry Regulatory Authority highlighted as priorities enforcement actions that target manipulative trading and financial crime that come from “insights originating in our market surveillance activities,” said Greg Ruppert, FINRA executive vice president for member supervision.
The new year began with a technology-related enforcement action by the U.S. Department of Justice (DOJ) that reflected increased cooperation among agencies and other countries in solving complex crimes like crypto that operated offshore. The DOJ arrested Anatoly Legkodymov, the Russian owner of a crypto currency exchange Bitzlato Ltd., charging him with operating a money transmitting business that failed to meet “regulatory safeguards, including anti-money laundering requirements.”
It marked the first action in a multi-agency cyber- and crypto-crime unit that U.S. Attorney Breon Peace for the Eastern District of New York said was just starting to produce results using sophisticated technology “at a pace that matches the tempo of the criminals we pursue.”
The velocity of fraud has pushed this change, and so the need to work cross-agency and cross-border have become more critical. Just as important, the effort to target safeguard controls at fintech firms. Lisa O. Monaco, Deputy U.S. Attorney General, said firms themselves can become targets if they “fail to implement safeguards required by U.S. law, safeguards that enable law enforcement to detect and to investigate financial crimes.”