On August 30, the SEC announced that a whistleblower will receive more than $22 million for providing the SEC with a “detailed tip and extensive assistance” to help the agency uncover “well-hidden” securities fraud at the whistleblower’s company. The $22 million-plus award is the second largest SEC whistleblower award, following a $30 million award in September 2014. The SEC began the whistleblower program in 2011 and announced its first award in August 2012. Since then, the agency’s program has surpassed $100 million in total money awarded. More than 14,000 whistleblower tips have been submitted to the Whistleblower Office, with a total of 33 whistleblowers receiving monetary awards.
On September 6, FinCEN issued advisory bulletin FIN-2016-A003 notifying financial institutions of a growing number of e-mail compromise schemes, in which criminals misappropriate funds by deceiving financial institutions and their customers into conducting wire transfers. The advisory summarizes the three main stages of email compromise schemes, which involve impersonating victims to submit seemingly legitimate transactions instructions: (i) compromising victim information and e-mail accounts, whereby criminals access an e-mail account via social engineering or computer intrusion techniques; (ii) transmitting fraudulent transaction instructions, whereby criminals use stolen e-mail account information to send financial institutions fraudulent wire transfer instructions; and (iii) executing unauthorized transactions, whereby the fraudulent wire transfer instructions direct the financial institution to deposit the transfers to the criminals’ domestic or foreign banks. The advisory further warned of two prevalent email compromise schemes: i) Business E-mail Compromise (BEC), which targets commercial customers of financial institutions; and (ii) E-mail Account Compromise (EAC), which targets personal bank accounts. When conducting a BEC scheme, criminals will impersonate company employees, a company supplier, or a company executive to “authorize or order payment through seemingly legitimate internal e-mails.” EAC schemes, however, target individuals conducting large transactions through financial institutions, lending entities, real estate companies, and law firms. Developed in coordination with the FBI and the U.S. Secret Service, the advisory provides red flags for financial institutions to use to identify and prevent BEC and EAC e-mail fraud schemes.
State AGs Urge Card Companies to Advance Consumer Protection by Implementing Chip and PIN Technology
On November 16, nine state attorneys general sent a letter urging leading card brands to expedite the implementation of chip and PIN technology in the United States. The letter summarizes research connected to recent data breaches, stating “individuals whose credit or debit cards were breached in the past year were nearly three times more likely to be an identity fraud victim.” Addressing concern that PIN technology would be burdensome or confusing to consumers, the AGs maintain that many consumers are accustomed to financial transactions that rely on PIN technology, such as transactions involving debit cards, and point to a November 2014 poll that indicated cardholders were supportive of chip and PIN technology. The AGs emphasize that PIN technology is “nothing new” and is considered the “gold standard” for payment card security, noting that countries around the world have seen a dramatic decrease in fraud since implementing the technology. Finally, while the letter stresses that chip and PIN technology would better protect both consumers and businesses from data breaches, it does not suggest that the technology be legally mandated at the federal or state level: “[T]his letter calls upon you as good corporate citizens to voluntarily expedite the implementation of existing technology that offers the most substantial security benefits, and to continue to adapt and improve security as quickly as possible as technology advances.”
On February 12, seven industry trade associations co-authored a letter to Congress regarding anticipated data breach legislation. The letter urges Congress to protect its constituents from the impact of identity theft and financial fraud resulting from data breaches by (i) considering a national data security and breach standard; (ii) recognizing the existing fraud protection standards (e.g., HIPAA and GLBA) and having them serve as a model for sectors where there are none; and (iii) encouraging shared responsibility between entities, including costs. The letter is the latest effort among the industry to lobby Congress in passing legislation to combat increasing data breaches and fraud.
On November 10, 2014, the Supreme Court denied Douglas Whitman’s petition for a writ of certiorari in Whitman v. United States, No. 14-29; Justice Antonin Scalia, joined by Justice Clarence Thomas, issued a brief statement specifically highlighting their view of the role that the doctrine of lenity should play in the interpretation of criminal statutes. Whitman asked the high court to review his 2012 conviction for securities fraud and conspiracy under the Securities Exchange Act of 1934. The Second Circuit appeared to defer to the SEC’s interpretation of ambiguous language in the Act—according to Justice Scalia, such an approach would disregard the “many cases . . . holding that, if a law has both criminal and civil applications, the rule of lenity governs its interpretation in both settings.” Justice Scalia further noted that it was the exclusive province of the legislature to create criminal laws, and to defer to the SEC’s interpretation of a criminal statute would “upend ordinary principles of interpretation.” Justice Scalia’s approach may indicate potential adjustments in the ongoing effort to strike the right balance between the due process rights of targets of enforcement actions to know what the law prohibits, and deference to enforcement agencies to interpret federal statutes flexibly. BuckleySandler discussed the tension between lenity and Chevron deference earlier this year in a January 16 article, Lenity, Chevron Deference, and Consumer Protection Laws.