Regulatory Updates
In mid-February, the FTC announced a proposed settlement to resolve allegations that security software company Avast unfairly sold consumers’ granular and re-identifiable browsing information. This was after Avast informed consumers that its software would protect their privacy and that any disclosure of their browsing information would only be in aggregate and anonymous form.
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.
From January 2018 to present, MMA failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules governing outside business activities (OBAs). During this period, the firm failed to evaluate and document its evaluation of OBAs disclosed by its registered representatives as required by FINRA Rule 3270.
In a February 6, 2024 release, the Securities and Exchange Commission (SEC) adopted two new rules - Rules 3a5-4 and 3a44-2 - that expand the definition of “dealer” and “government securities dealer” under the Securities Exchange Act of 1934 (Exchange Act), requiring registration by market participants that take on significant liquidity-providing roles.
Last year, the U.S. Securities and Exchange Commission (SEC) proposed ambitious rules relating to artificial intelligence (AI) that have drawn significant commentary and criticism. While it is unlikely that any changes in the law are imminent, other initiatives by the SEC indicate that it is not willing to wait for those changes before addressing AI-related problems and risks it perceives.
While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR.
Yesterday, the Financial Crimes Enforcement Network (FinCEN) published a proposal in the Federal Register to enact a federal standard for anti-money laundering (AML) and combating financing of terrorism (CFT) programs on U.S. Securities and Exchange Commission (SEC)-registered investment advisors (RIAs) as well as exempt reporting advisors (ERAs).
In a significant ruling on February 9, 2024, the California Court of Appeal reversed a trial court judgment that had stayed enforcement of California Consumer Privacy Act (CCPA) regulations. This decision will make certain CCPA regulations, which a court order had previously stayed, become immediately effective once again.
The firm’s reviews of customer execution quality failed to meet the reasonable diligence standard of FINRA Rule 5310 and the “regular and rigorous” review requirements of FINRA Rule 5310.09 from January 2014 to 2023. The firm neither admitted nor denied FINRA’s findings in resolving the matter.
The firm failed to establish and maintain a supervisory system reasonably designed to safeguard customer records and information in violation of Rule 30(a) of Regulation S-P.
The firm failed to establish and maintain a supervisory system. It failed to establish, maintain, and enforce written procedures reasonably designed to comply with the firm’s obligation to monitor transmittals of customer funds to third parties.
The firm failed to establish and maintain a supervisory system, including written procedures, to comply with the firm’s obligation to review correspondence and internal communications.
