Pastore’s Managing Partner Leads Discussion with Congressman Jim Himes

On September 23, the Connecticut Crypto Forum (the “Forum”) held an event at the University of Connecticut at Stamford. The Forum connects large and sophisticated capital pools with leading players and thinkers across the crypto, defi and Web 3.0 markets to strengthen investor knowledge, understanding and skill. Pastore LLC is proudly a Founder and Sponsor of the Connecticut Crypto Forum. The Forum’s September 23 event was an invite-only session.

In the first half of the event, a panel of speakers discussed the current maturity of the crypto and blockchain markets.  The panel addressed the current challenges facing the evolving asset class and concluded that crypto/blockchain assets are still “metaphorically” in their teenage years. The asset class still is characterized by volatility. Moreover, the panelists noted the time of hyper valuation of projects in the industry is over. What follows now is a time of acquisitions. Many companies and projects will likely fail, but the ones with worthwhile technology that lack sufficient cashflows to continue operation will likely be consolidated within larger players and ultimately be poised to make the industry more efficient. However, the panelists agreed that the industry’s best days are ahead of it.

During the second half of the event, Pastore LLC’s Managing Partner, Christopher Kelly, led a discussion with Congressman Jim Himes, an emerging leader in the crypto/blockchain industry on Capitol Hill. Congressman Himes noted the significant attention that crypto and blockchain assets have received in Congress. He noted that he is working with other members of Congress on legislation concerning the industry.

When a member of the crowd asked what should businesses do considering the lack of legal and regulatory clarity surrounding crypto assets, Mr. Kelly gave a poignant response: Don’t be afraid, be transparent and work with counsel to navigate the murky regulatory waters. Pastore, as a thought leader in the field, is positioned to help businesses and individuals plan a path forward despite the uncertainty.

 

SEC Proposes Change to Cybersecurity Reporting Requirements for Public Companies

With the threat of irrevocable reputational harm and damage to consumer trust brought on by data breaches to public companies, the United States Security and Exchange Commission (“SEC”) recently proposed new cybersecurity reporting requirements. In March, SEC Chair Gary Gensler noted these new amendments will, “strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.”[1] If the proposed amendments pass, it would impose new requirements on board of directors, including management reporting, organization, and board composition.[2]

The proposals aim to promote incident disclosure and increase risk management, strategy, and governance disclosure of data breaches.[3] One amendment would require a company to notify shareholders and the SEC within four business days when a material cybersecurity incident occurs.[4] The SEC would also require standardized disclosure of a company’s cybersecurity risk management and strategy, management’s role in implementing cybersecurity policies, and the board of directors’ cybersecurity expertise.[5]

As the SEC signals the necessity of new disclosure policies, companies should assess their current cyber reporting practices and procedures. The proposals aim to bridge the gap between business executives and security executives to ensure cybersecurity is included in their everyday business conversations and reporting practices.[6] In preparation of these proposals, companies can educate their board on their policies and procedures regarding cyber security risks. It is no longer the sole job of the chief information security officer to translate technology risk to business risk.[7]

[1] SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, SEC (Mar. 9, 2022), https://www.sec.gov/news/press-release/2022-39

[2] Id.

[3]  Public Company Cybersecurity, Proposed Rules, https://www.sec.gov/files/33-11038-fact-sheet.pdf (last visited Sep. 22, 2022).

[4] Id.

[5] Id.

[6] Insight Report, World Economic Forum Global Cybersecurity Outlook (January 2022), https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf.

[7] Bob Ackerman, New SEC Cybersecurity Reporting Requirements: Three Things Companies Need To Do Now, Forbes (May 25, 2022) https://www.forbes.com/sites/forbesfinancecouncil/2022/05/25/new-sec-cybersecurity-reporting-requirements-three-things-companies-need-to-do-now/?sh=2d78e01e6f05.

New York State Department of Financial Services Issues Consent Order Against Robinhood Crypto, LLC

As interest in cryptocurrencies (“crypto”) continues to rise, businesses and investors are left wondering what regulations they must follow. While a broad regulatory framework is still nonexistent for the crypto industry, the New York State Department of Financial Services (“DFS”) recently imposed a $30 million fine on Robinhood Crypto, LLC (“Robinhood”), a wholly-owned crypto trading unit of Robinhood Markets Incorporated, for failing to comply with New York anti-money laundering (“AML”) and cybersecurity regulations.[1] This is the first time DFS has taken enforcement action against a crypto company. In making the announcement, the Superintendent of DFS, Adrienne Harris, stated, “[a]ll virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies.”[2] Superintendent Harris made it clear that while this may be the first such action against a crypto company, it will not be the last.[3] DFS expects crypto companies to invest in compliance programs like traditional financial institutions.

In the DFS Consent Order, DFS took issue with several aspects of Robinhood’s compliance program[4] Specifically, Robinhood failed to devote sufficient funds and resources to its compliance program,[5] its Chief Compliance Officer lacked “commensurate experience to oversee a compliance program such as [Robinhood’s]” and did not participate adequately in the implementation of Robinhood’s automate software compliance program, [6] and Robinhood overly relied on the compliance program of its parent and affiliate despite those compliance programs were not compliant with New York State’s regulations.[7] Moreover, Robinhood failed to adequately evaluate “potentially suspicious transactions in order to determine whether a [Suspicious Activity Report] should be filed.”[8] DFS noted that as of October 26, 2020, Robinhood had a backlog of 4,378 potentially suspicious transaction alerts.[9]

While Robinhood may have had a compliance program on paper, DFS made it clear that it is focused on the execution of such programs. One thing is clear: the DFS Consent Order indicates that regulatory and enforcement agencies are starting to take action against the crypto industry. Common sense, sound legal advice, and diligence will help any business or investor navigate this market as state and federal agencies begin to enforce traditional financial services regulations on the industry.

[1] In the Matter of Robinhood Crypto, LLC, Dep’t of Fin. Servs. (Aug. 1, 2022), https://www.dfs.ny.gov/system/files/documents/2022/08/ea20220801_robinhood.pdf.

[2] DFS Superintendent Harris Announces $30 Million Penalty on Robinhood Crypto for Significant Anti-Money Laundering, Cybersecurity & Consumer Protection Violations, Dep’t of Fin. Servs., https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202208021 (last visited Sept. 19, 2022).

[3] Id.

[4] Id.

[5] Id. at ¶¶ 36-41.

[6] Id. at ¶ 36.

[7] Id. at ¶ 6.

[8] Id. at ¶ 37.

[9] Id.

Pastore Advises Private Equity Fund in Connection with Continuing Proceedings as a Result of $1 Billion Portfolio Sale

Pastore LLC continues to advise a large private equity general partner in connection with the sale by one of its sub funds of a substantial portion of its automotive dealership portfolio. Pastore LLC has advised the client on multiple issues with the sale, and most recently, on escrow issues arising from state regulatory matters as a result of the sale of a certain asset within the portfolio. The sale was subject to review by the state automotive regulator overseeing the transaction after one party to the transaction objected to the sale. After review, the state regulator has sided with the client and ordered the sale, but the challenging party has sought to appeal the order, placing barriers to the closing of the transaction.

https://www.autonews.com/dealers/subaru-dealership-gets-support-new-hampshire-board