5 Common Legal Claims: How RIAs Can Protect Themselves

As fiduciaries, Registered Investment Advisors (RIAs) must, at all times, serve the best interest of their clients and cannot place their own interests ahead of the interests of their clients. These obligations generally fall into two broad categories commonly referred to as the duty of care and duty of loyalty.

The Duty of Care requires an investment adviser to provide investment advice in the best interest of its client, based on the client’s objectives. The Duty of Loyalty requires RIAs to eliminate or disclose any possible conflict of interest involving themselves, their advice or their client.

In one way or another, most legal claims against RIAs stem from these two duties that serve as the underpinning of the profession. The Securities and Exchange Commission (SEC) recovered its largest amount of damages in fiscal year 2022 with RIAs and investment companies targeted for the most actions taken.

Clear communications and concise policies can help your firm prevent and mitigate the five most common legal claims against RIAs:

Breach of Fiduciary Duty

This is what happens when RIAs fail to exercise their responsibility to safeguard a client’s best interests. And it can be career-ending. It could come at the cost of a professional license in addition to financial damages.

The easiest way to mitigate any potential exposure is to be transparent. Make sure you disclose any possible conflicts of interest. Be crystal clear with your investment advice. Translate industry jargon into layman’s terms so your clients understand what is being said.

Working with an attorney on a new policy that prohibits self-dealing would be a good start.

Last year, the SEC ordered a dually registered RIA and broker-dealer to repay more than $800,000 to harmed clients for breach of fiduciary duty.

The SEC found the RIA did not adequately disclose conflicts regarding compensation that it received from the client investments, as well as a breach of its duty to provide best execution when it opted for a more expensive class of mutual funds when classes of more favorable value were available. In addition, the RIA failed to implement compliance policies and procedures designed to prevent such violations.


Simply put, negligence means carelessness, while gross negligence means recklessness on a bigger scale of damages.

As a fiduciary, you have responsibilities. In other words, your clients expect you to perform your duties in a manner that doesn’t harm their financial interests.

Last year, a federal court in Massachusetts ruled against an investment advisor who defrauded two advisory clients when he recommended that they invest in a scam investment abroad. The SEC’s complaint alleged that the investment advisor ignored and failed to disclose warnings from two banks in Turkey that the opportunity was probably a scam. The court ordered the advisor to pay more than $500,000 in damages.

RIAs should work with an attorney to draft disclaimers that can help mitigate errors. Each state has differing laws on negligence and award amounts, so make sure your disclaimers comply with your state’s laws to ensure they are enforceable.

Cyber Security Failures

Protecting your clients from cyber security breaches means being proactive.

The SEC continues to add more consumer protections, which will make your research and planning more valuable to your business. In March, for example, the SEC proposed amending Regulation S-P to require “covered institutions”—including RIAs—to provide notice within 30 days to investors affected by certain types of data breaches. The original regulation, which was adopted in 2000, simply required investment professionals to notify their clients about how they use their financial information.

Creating policies and procedures is the best way to start building the framework for a program that will better protect all stakeholders. Written policies and procedures will ensure your IT team is protected because they will know how to safeguard the data, prepare for possible cyber attacks and how to best respond. Because technology connects all of us, the same standard should be used with all your vendors’ IT programs. Do they have similar polices in place? Ultimately, you will be responsible.

Ongoing stress-testing your systems will provide another layer of protection to your firm. Hire a company that will send fake “scam” emails to your employees and turn it into a teachable moment.

Remember when your bosses sent you emails asking you to buy them gift cards on behalf of the company—with the promise of being reimbursed? (They really didn’t.)

Failure to Disclose

Be transparent with your clients about matters that involve your financial relationships with vendors and investments. More specifically, make sure you state the details about how you are compensated when it involves your client recommendations.

In 2020, the SEC sued an investment advisory firm for defrauding its clients by failing to disclose financial conflicts of interest when recommending investments. The agency alleged the advisory firm recommended their client invest $16 million in four private real estate investment funds without disclosing their fund managers received $1 million from the funds, as well as incentives to keep their money invested. For two of the four funds, the undisclosed financial arrangement resulted in reduced returns.

Any client grievance—written or verbal—should be taken seriously, which would reduce the odds of the complaint becoming a docket item. The matter should be taken directly to your in-house compliance officer or attorney if you have outside counsel. Acknowledge receipt of the complaint to your client and provide a timetable for an outcome.

If the investigation has merit, the compliance officer should immediately contact an attorney, who can draft a legally binding agreement for resolution.

Making Up Unsubstantiated Claims

When it comes to attracting new clients, the truth is your friend.

Research your own investment history to ensure that you can substantiate every claim. If a specific fund has yielded 50% annual returns in the past, then that is something you can talk about—but stay away from what is possible in a perfect world.

Last year, the SEC filed a civil action against former investment advisors for alleged participation in a Ponzi scheme that raised more than $110 million from more than 400 advisors. The defendants received undisclosed compensation from the investment fund, which was recommended based on unsubstantiated claims.

When it comes to the five most common legal claims against RIAs, say what you mean and mean what you say. It will go a long way toward protecting your book of business.

(Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)


Regulation Could Pave the Way for Blockchain Settlement of Securities Transactions

While the U.S. ponders crypto and blockchain regulation, large institutional investors are building the infrastructure necessary to handle the possible private and sub-chain transaction methods likely coming with Web 3.0. Legislation is desperately needed to give certainty to entrepreneurs and large institutions planning for the block sub-chain and to the crypto industry generally. One likely outcome is the movement towards using blockchain technology to “settle” securities transactions. This is occurring now but may become widespread in the near future. With a traditional securities trade, settlement can take days, creating market and operational risk. With blockchain settlement, the settlement is instantaneous. For securities trades to be settled, the transaction information (transfer of ownership or payment) needs to be recorded in the blockchain. Investors communicate information to a peer-to-peer network. Thus, much of the risk is eliminated. Many large institutions are working on systems that would allow for such settlement techniques.

Regulation of blockchain would do a great deal to accelerate the growth of the industry, and provide legal security for its use. An article published by the DTCC titled “Will Blockchain Revolutionize Clearance and Settlement” provides a succinct overview of the history of the current clearing and settlement system.[1] Regulation is particularly needed to overcome some of the hurdles of blockchain settlement. The current clearing and settlement system for securities trading can be traced back to the 14th century when double-entry ledgers were invented.[2] The creation of the double-entry ledger revolutionized trading in Europe due to the ability to record multi-party transactions occurring over a span of time and across countries in a central location.[3] Decentralized, multilateral clearing continued for more than 300 years and was utilized by groups such as the London Clearing Club, the London and Amsterdam stock exchanges, and the Chicago Board of Trade.[4] As the trading volume and the number of counterparties increased, clearing started to become centralized.[5]

Moreover, prior to 1892, every exchange of cash for shares on the New York Stock Exchange (“NYSE”) had to be paid in full, with cash or a loan secured by the shares acquired in the transaction.[6] However, this system did not provide enough security to money markets and the banking system, which could be severely stressed during market volatility and surging trade volumes.[7] Thus, in 1892 the NYSE created the New York Stock Exchange Clearing House (“NYSE Clearing House”), which was later replaced by the Stock Clearing Corporation in 1920.[8] The NYSE Clearing House net down obligations on a member-by-member and security-by-security basis.[9] To resolve this, regulators and the U.S. securities industry created The Depository Trust Corporation (“DTC”), a central securities depository for storing all stock certificates traded in the U.S. market.[10] Over time, nearly all certificates were converted into electronic form, greatly streamlining the trading process and reducing the burden on the clearing and settlement system.[11] Moreover, the NYSE Clearing House was merged with Amex and NASDAQ clearing functions, culminating in the National Securities Clearing Corporation (“NSCC”).[12] This integration further reduced payment and transfer activity volume by enabling multilateral netting across the entire U.S. equity market.[13] In an effort to streamline the clearing process further, the DTC and NSCC were consolidated into The Depository Trust & Clearing Corporation.[14] Thus, clearing and settlement were able to take place in a single, vertically integrated entity.[15]

Blockchain can bring significant record-keeping improvements to the securities industry, but blockchain settlement only works if the settlement process is better regulated. Thanks to the self-enforcing contracts, blockchain technology could be the next step in the evolution of the clearing and settlement. As stated above, this would make settlement instantaneous, negating the need to post collateral, which would free up capital.[16] However, without regulation, this technology could require the U.S. market to be funded on a transaction-by-transaction basis, which would significantly hinder the liquidity and risk-mitigating benefits of the current system.[17] Further, the instantaneous settlement would prevent the ability to fund a trade on a secured basis because traders could only pledge transacted shares as collateral.[18] What this means is that all trades using blockchain must be prefunded and on an unsecured basis. This would severely limit market liquidity. Thus, regulation is necessary to allow the benefits of instantaneous blockchain settlement not to be overshadowed by the illiquidity effects of such settlement. If such creative regulation could be implemented, then blockchain for securities settlement can become widespread, creating the next evolution of securities trading.


[1] Will Blockchain Revolutionize Clearance and Settlement, DTCC (Mar. 10, 2021), https://www.dtcc.com/dtcc-connection/galleries/2021/march/10/will-blockchain-revolutionize-clearance-and-settlement.

[2] Id.

[3] DTCC, supra note 1.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] Id.

[12] Id.

[13] DTCC, supra note 1.

[14] Id.

[15] Id.

[16] Id.

[17] Id.

[18] Id.

Business Tax Records Here’s The Why and How of Documenting Shareholder Loans

Generally, the IRS accepts a taxpayer’s statement of taxable income simply by matching the taxpayer’s declarations in the return with the third party information the IRS has on file. Once that taxpayer is operating a business, however evaluation of the taxpayer’s income and expenses is largely on the honor system. That is, unless and until the taxpayer’s return is selected for examination by the IRS, the taxpayer’s assertions of business income and expenses are checked only, with few exceptions, by the taxpayer’s signature on the return averring the truth of the return under penalties of perjury.[1]  At that moment, Reg. §1.6001-1(a) changes its character from taxpayer shield to IRS sword. That regulation requires, in part, that taxpayers

keep such permanent books of account or records, including inventories, as are sufficient to establish the amount of gross income, deductions, credits, or other matters required to be shown by such person in any return of such tax or information.

Failure to keep suitable books of account exposes the taxpayer to both civil and criminal penalties.[2]  In situations where the taxpayer has no, or poor, business records, the IRS can use a number of indirect methods to determine income, one of the more common of which is examination of the taxpayer’s bank records.[3] It is worth noting here that the bank deposit analysis procedure is used by the IRS to establish income, but not deductible expenses.[4]

Hence, shareholders of closely held businesses whose records are incomplete often propound an alternative characterization of some of their records of bank deposits. These taxpayers, in an effort to avoid tax liability, sometimes claim that those deposits represent nontaxable loan proceeds from the business.[5]


[1] Notable business income reporting to the IRS includes, among others, the Form 1099 series, including the new protocols for Form 1099-K, Payment Card and Third-Party Network Transactions. Pursuant to the amendments made to the de minimis exception for third party settlement organizations (e.g., eBay, PayPal, Etsy, CashApp, Venmo), such organizations must now report at a threshold of $600. IRC §6050W(e). The IRS, recognizing the considerable and disruptive burden this 2021 change in the law imposes, has suspended its enforcement for the 2022 tax year. Notice 2023-10 (IRB 2023-3, January 17, 2023).

[2] IRC §6662 provides for an addition to tax of 20% of the amount of underpayment resulting from negligence or intentional disregard of rules or regulations. So, for example, a taxpayer who does not keep proper records and consequently underpays tax due can be assessed an additional tax equal to 20% of the associated underpayment. This additional amount is, legally, a tax and not merely a penalty, and therefore accrues its own penalties and interest for late payment.  Under the Spies doctrine, 317 U.S. 492, 499 (1943), failure to keep proper books and records, coupled with an intent to evade tax, can also result in criminal penalties. IRC §7203 provides that the failure to keep proper records can, in and of itself, constitute a criminal misdemeanor, or, if such failure is willful, a felony.

[3] See, Internal Revenue Manual §; Internal Revenue IRC§446(b); Nath v. Commissioner,  T.C. Memo 2023-22 (February 27, 2023); Cheam, et. al. v. Commissioner, T.C. Memo 2023-23 (February 27, 2023)

[4] Deductions from income are a matter of legislative grace and the burden for satisfactorily documenting deductible expenses lies squarely with the taxpayer. See, e.g. INDOPCO, Inc. v. Commissioner, 503 U.S. 79, 84 (1992); See also, Cohan v. Commissioner 39 F.2d 540 (2d Cir. 1930) (This case, still good law today, had as its plaintiff the famous actor, theatrical manager, and producer George M. Cohan, who, as reported in the case, kept no records associated with his claims for business expenses. Judge Learned Hand opined that the government’s proposition to treat the plaintiff as having had zero eligible expenses was possibly too draconian in the face of judicial confidence that he had some expenses. “Absolute certainty in such matters is usually impossible and is not necessary; the [government] should make as close an approximation as it can, bearing heavily if it chooses upon the taxpayer whose inexactitude is of his own making.” Cohan at 544; Price v. United States, 335 F.2d 671, 677 (5th Cir. 1964) (“the ‘bank deposits’ method assumes only that all money deposited in a taxpayer’s bank account during a given period constitutes taxable income.”)

[5] Loan proceeds, insofar as they are accompanied by an obligation to repay the loan, are not taxable income. See, e.g., Commissioner v. Tufts, 461 U.S. 300, 312 (1983); U.S. v. Kirby Lumber Co., 284 U.S. 1, 3 (1931). The taxpayer bears the burden of proving that bank deposits are non-taxable loan proceeds. Calhoun v. United States, 591 F.2d 1243, 1245 (9th Cir. 1978).

A business or individual tax return reports, in effect, two fundamental arithmetic issues — Income and Deductions (or Credits) — to arrive at taxable income.  The regulations require taxpayers to document both.[1] See my earlier article on some of the issues that arise in connection with insufficiently documented claims for deductions. Should the IRS elect, in the face of a taxpayer’s problematic record keeping, to measure income through a bank records analysis, the Service treats all of the bank deposits, less those that can be otherwise explained, such as transfers between accounts, as taxable income for purposes of determining any deficiency in tax paid unless the taxpayer is able to demonstrate to the contrary.[2]

Closely held businesses routinely transfer money to one or more of their shareholders, usually in the form of taxable dividends, but often as a loan, which must be paid back and so, therefore, is not taxable income to the shareholder receiving it.  The IRS has in place a two-step checklist its agents use to test a taxpayer’s claim that an otherwise unexplained bank deposit is a loan rather than taxable income:

  1. Verify that the interest rate equals at least the minimum Applicable Federal Rate pursuant to IRC 7872 [3]
  2. Determine whether the amounts advanced to the stockholder are bona fide loans or distributions of earnings and profits, which are taxable as dividends. This determination is based on the actions and intent of the parties at the time of the withdrawal and no single test or set formula can give a definite answer. Some of the factors to be considered include the following:
    1. Whether the amounts of the withdrawals are carried on the books as a loan receivable
    2. Whether the withdrawals were secured by collateral or accompanied by other indications of a bona fide loan, such as interest bearing notes and the observance of other ordinary loan formalities
    3. Whether both the stockholder and the corporation treat the withdrawals as indebtedness
    4. Whether interest is paid by the stockholder or charged by the corporation
    5. Whether the corporation had sufficient surplus to cover the withdrawals when they were made


[1] Reg. Section 1.6001-1(a); See also, IRC Section 6001(a).

[2] See, Whatley v. Commissioner, 24 F.3d 1119 (9th Cir. 1994) (memorandum) (“Because the IRS’s determination was based on a bank deposit analysis, the [taxpayers] could only meet their burden by showing that the deposits came from a nontaxable source.”) The IRS burden in supporting a statutory Notice of Deficiency (NOD) for unreported income varies among the Circuits. For example, the First, Fourth, Sixth, and Seventh Circuit Courts of Appeal generally place the burden of persuasion on the taxpayer to demonstrate that the NOD is without factual foundation, whereas the Second, Third, Fifth, Seventh, Eighth, Ninth, and Tenth Circuits generally require the government to produce at least some factual foundation for the NOD before proceeding against the taxpayer.

[3] While this part of the test, as recited in § (March 1, 2003) of the Internal Revenue Manual, does not appear relevant to the determination of whether funds deposited of record in a bank account represent a loan or taxable income, it does signal that, when the service identifies a loan transaction, it will look for the possibility of imputed income under IRC §7872.  That statute imputes to the lender an income tax on the difference in interest due, if a positive number, between the Applicable Federal Rate (AFR) (as minuend) and the interest rate applicable to the subject loan (as subtrahend).  While the intricacies of determining the correct AFR to apply to a given loan are beyond the scope of this note, it is sufficient here to observe that the courts frequently invoke the statutory language of “below market loan” while exploring market-based interest rates that prevailed at the time of the claimed loan transaction.  Rather, the statute provides, generally, that a shareholder demand loan is a below-market loan if interest is payable at a rate less than the AFR, while a term loan is a below-market loan if the amount loaned exceeds the present value of all payments due under the loan using as discount rate the appropriate AFR for the month the loan is made. IRC §7872(f)(2). The issue of the actual interest rate, then, is less of a test for the validity of a claim that certain proceeds represent a non-taxable loan than it is for the ancillary issue of the separate income tax that may be due on the associated interest. The absence of any interest charge for the putative loan is an indicium of the absence of intent to repay and, hence, does not serve the taxpayer’s burden of demonstrating the non-taxability of any corresponding bank deposits.

  1. Whether the stockholder had the ability and intended to make repayment with interest at the time of the withdrawal
  2. The presence or absence of a maturity date
  3. The corporation, though prosperous, has not distributed dividends.


Courts interpreting taxpayer claims of non-taxable loan proceeds appearing in their bank accounts seek objective evidence of the taxpayer’s intent that the money was intended as a loan. These elements are but a portion of a facts and circumstances test and vary from the more prescriptive tests of the IRM:


  1. The existence or non-existence of a debt instrument;
  2. Provisions for security, interest payments, and a fixed payment date;
  3. Whether or not repayments of the loan were made;
  4. The taxpayer’s ability to repay the loan;
  5. The borrower’s receipt of compensation; and
  6. The testimony of the taxpayer.[1]


Each of these elements is instructive for the practitioner.


First, the existence of a written instrument memorializing the loan is fundamental evidentiary element.  The terms of such an instrument should be both arms-length and established contemporaneously with the loan. [2]


Second, as with the first test, the ordinary elements of a business loan include the responsibility of the lender to secure repayment and a fixed (or fixable) maturity date for the loan. Indeed, the absence of a due date for payment renders the transaction little more than a transfer of cash.[3]


Evidence of the borrower’s ability to repay and, indeed, a history of repayment of the debt stand to corroborate the intent of the parties to the transaction to have made a loan, rather than a taxable transfer of funds.[4]


In circumstances where the putative borrower is an employee of a corporate entity that stands as lender, the taxpayer’s burden of demonstrating that bank deposits were non-taxable loans, rather than compensation for services, is particularly fraught. Where a taxpayer sits, in effect, on both sides of a transaction, it is harder to sustain that burden. In such a case, and absent sufficient evidence to overcome the presumption that the bank deposits represent taxable income, the court will presume payments received by an employee are taxable compensation.[5]


[1] See, Friedrich v. Commissioner, 925 F.2d 180, 182 (7th Cir. 1991) (affirming 52 T.C. Memo 1132 (July 31, 1989)); Matter of Uneco, Inc., 532 F.2d 1204, 1208 (8th Cir. 1976); In the Matter of Indian Lake Estates, Inc., 448 F.2d 574, 578-79 (5th Cir. 1971); Haber v. Commissioner, 52 T.C. 255 (1969), aff’d 422 F.2d 198 (5th Cir. 1970).

[2] See, Todd. V. Commissioner, 2011 T.C. Memo 123 (June 6, 2011) (a six month delay from the time of disbursement of the funds to the time of the execution of the promissory note, coupled with the failure of the parties to abide by the terms of the note rendered the promissory note of “little weight” in the view of the court).

[3] Not incidentally, under §3-108 of the Uniform Commercial Code, the absence of either a due date or provision that a debt instrument is payable on demand renders it non-negotiable, and, thereby, limits its value as an asset on the books of the lender.

[4] See, e,g, Fisher v. Commissioner, 54 T.C. 905, 911 (April 29, 1970) (“We think the conclusion is inescapable that there was no reasonable expectation, at the time the amounts in question were withdrawn from the corporation, that they would be repaid. Under all the circumstances it is our conclusion that there was no bona fide intention on the part of either the petitioner or the corporation that the amounts in question should be repaid. It should be added that, insofar as the record shows, no part of the withdrawals has been repaid and that, although the demand notes called for the payment of interest, no interest has ever been paid.”)

[5] See, Beaver v. Commissioner, 55 T.C. 85, 91 (October 20, 1970); Nath v. Commissioner, 2023 T.C. Memo 22 (February 27, 2023).

Finally, the courts receive self serving testimony from the taxpayer as to the taxpayer’s intent to treat the money received as a loan with due circumspection. In the same way, the taxpayer’s failure to introduce available witness testimony that would be expected to rebut the presumption of taxability is treated as, effectively, a concession that such witness would testify unfavorably to the taxpayer. [1]


In summary, once the IRS has determined that a taxpayer’s documentation is insufficient and elects to use bank records to establish income, the taxpayer’s burden in overcoming the resulting presumption that all of the deposits in the bank represent taxable income requires considerably more than the taxpayer’s mere assertion of the character of the deposited amounts.


Reliable, arm’s length documentation, that includes the ordinary components of debt instruments such as their contemporaneity with the distribution of the proceeds, maturity date, stated interest, and a repayment schedule is maxime res magni momentiare to courts evaluating the intent of the parties to treat the subject transaction as a loan. In addition, the credit environment, including the apparent ability of the ostensible borrower to repay the loan as agreed and the security given for the loan, actual repayment performance, and how well the facts and circumstances overcome a court’s inference that an employee of the lender likely received the money as a dividend or compensation, are all parts of the landscape that a practitioner advising someone operating a business that may lend its shareholders or employees money must consider.



[1] See, Friedrich, 185 F2d. at 185.

SEC Proposes Two New Cybersecurity Regulations

What You Need to Know


Summary of New Proposed Rule 10


Proposed Rule 10 would require all Market Entities (everyone but small broker-dealers) – referred to in the Rule as Covered Entities – to adopt written policies and procedures to address cybersecurity risks.  These written policies and procedures must include the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of the risk assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems and protect the Covered Entity’s information from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access the Covered Entity’s information systems;
  • Measures to detect, mitigate, and remediate any cybersecurity threats and vulnerabilities with respect to the Covered Entity’s information systems; and
  • Measures to detect, respond to, and recover from a cybersecurity incident and procedures to create written documentation of any cybersecurity incident and the response to and recovery from the incident.[1]

Proposed Rule 10 would also require immediate written electronic notice of a significant cybersecurity incident to the SEC and the filing of a new form SCIR.  The SCIR form would gather information about the significant cybersecurity incident and the Covered Entity’s efforts to respond to and recover from the incident.

Finally, the proposal would require Covered Entities to publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year on Part II of proposed Form SCIR. A Covered Entity would need to file the form with the SEC and post it on its website. Covered Entities that are carrying or introducing broker-dealers would also need to provide the form to customers at account opening, when information on the form is updated, and annually.

Summary of Proposed Amendments to Regulation S-P

The second proposed rule would amend Regulation S-P covering almost all Market Entities to create additional protections for customer information and create a federal minimum standard for data breach regulations.  The proposed amendments would require covered institutions to adopt an incident response program as part of their written policies and procedures under the safeguards rule. The proposal would require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, include procedures to assess the nature and scope of any such incident, and contain and control such incidents. The proposal would also apply certain requirements related to incident response to covered institutions’ relationships with third-party service providers.

The proposed amendments would require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide the notice as soon as practicable, but not later than 30 days after a covered institution becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. A covered institution would not need to provide the notification if the covered institution determines that the sensitive customer information was not actually and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience.

Additionally, the proposed amendments would enhance customer notification by:

  • Expanding the safeguards and disposal rules to cover “customer information,” a new defined term referring to a record containing “nonpublic personal information,” a term already in use for other components of Regulation S-P, about a customer of a financial institution. The proposed amendments would therefore apply both rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from a third-party financial institution about customers of that financial institution;
  • Requiring covered institutions to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • Conforming Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the 2015 Fixing America’s Surface Transportation Act, which would provide that covered institutions are not required to deliver an annual privacy notice if certain conditions are satisfied; and
  • Extending the safeguards rule to transfer agents registered with the Commission or another appropriate regulatory agency. In addition, the proposed amendments would extend the disposal rule from covering only transfer agents registered with the Commission to also transfer agents registered with another appropriate regulatory agency.

What You Need to Know Right Now


First – the proposed cybersecurity regulations are not yet final.  Market Entities have the opportunity to comment on the proposals.  This is a chance for Market Entities to influence the future of cybersecurity in the industry.  Some of the concerns raised by the SEC include conflict with state data breach laws.  Mark T. Uyeda, an SEC Commissioner, noted:


“lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”


These are just a few of the many topics that the SEC has opened for comments.  Numerous other issues exist.  The attorneys at Pastore LLC are highly skilled in both the financial sector and cybersecurity.  Pastore LLC can help you draft and file comments before the proposals become final.  Comments are due 60 days after the proposed rules appear in the Federal Register, which is expected to occur in the next 4 weeks.


Second – it is inevitable that some form of cybersecurity enhancement rules will be enacted in the near future.  Now is the time to start planning compliance.  The attorneys at Pastore LLC can assist you in formatting written policies and procedures.  Pastore LLC attorneys are creative and understand the overall data privacy, data breach and cybersecurity landscape.  Pastore LLC attorneys can work with internal compliance and legal departments to develop the best plan for a Market Entity’s needs.


Don’t wait!  Change is coming and Market Entities need to plan for the future regulations now.  Pastore LLC can help.

[1] Fact Sheet – Addressing Cybersecurity Risk to the U.S. Securities Markets.

SEC Examination Priorities 2023 Review

The SEC’s Division of Examinations (“EXAMS”) has published its priorities for 2023. EXAMS is responsible for overseeing registered investment advisers, exempt reporting advisers, broker-dealers and other SEC-regulated entities. Understanding the publication will help examined practitioners prepare themselves for the future and avoid unexpected noncompliance.

EXAMS articulated the priorities to promote their four primary goals: (1) promote compliance; (2) prevent fraud; (3) monitor risk and (4) inform policy. Each area of focus should support these “four pillars.”

  1. Recently Adopted Rules

Marketing Rule (Advisers Act Rule 206(4)-1)

Registered investment advisers (“RIAs”) must adopt and implement written policies and procedures that prevent violations. They must also be able to demonstrate that they had a reasonable basis for believing the material facts they put forth.

Derivatives Rule (Investment Company Act Rule 15f-4)

Funds must adopt and implement policies and procedures to manage their derivatives risks and prevent violations. This should include a risk management program, board oversight and complete and accurate disclosures.

Fair Valuation Rule (Investment Company Act Fair Valuation Rule 2a-5)

Funds must properly oversee the determinations of fair value and comply with policies and procedures of reporting and recordkeeping. EXAMS will also specifically look for adjustments to valuation methodologies.

  1. Private Funds

RIAs to private funds should be aware of (1) conflicts of interest; (2) calculations and allocation of fees and expenses; (3) the Marketing Rule; (4) use of alternative data (Advisers Act Section 204A); and (5) the Custody Rule (Advisers Act Rule 206(4)-2).

EXAMS notes that private funds exhibiting any of these specific risk characteristics will receive heightened scrutiny:

  • Highly-leveraged
  • Managed side-by-side with BDCs
  • Use of affiliated companies and advisery personnel to provide services to clients
  • Holding certain hard-to-value investments, such as crypto and real estate
  • Invested in or sponsor Special Purpose Acquisition Companies (SPACs)
  • Involvement in adviser-led restructurings
  1. Standards of Conduct

Broker-dealers and RIAs servicing retail investors must prioritize the investor’s best interest ahead of the firm’s or professional’s interests. Carefully manage, and fully disclose, conflicts of interest. Special attention is paid to more complex investment products and advice or recommendations given to certain vulnerable investors. EXAMS notes they will be looking for inappropriate attempts to waive or limit standards of conduct, such as hedge clauses. Lastly, ensure compliance with Form CRS (Client or Customer Relationship Summary).

  1. Environment, Social and Governance (ESG) Investments

Investments and strategies bearing the Environment, Social and Governance (ESG) label will be scrutinized to ensure they operate as set forth in disclosures. Any recommendations of such products for retail investors must be in the investor’s best interest.

  1. Informational Security and Operational Resiliency

Broker-dealers and RIAs must plan and act to safeguard against cyberattacks and other disruptions. EXAMS specifically notes the cybersecurity vulnerabilities associated with third-party vendors. They also note the need to consider climate-related risks.

  1. Crypto Assets and Emerging Financial Technology

New or never before examined registrants interacting with crypto-related assets should prepare for examination. EXAMS will specifically look for adequate standards of care and routine review, update and enhancement of compliance, disclosure and risk management practices. Firms employing digital engagement practices will also receive more scrutiny.

  1. Investment Advisers and Investment Companies

EXAMS will examine RIAs’ operations and compliance practices. Accuracy of regulatory filings is key and EXAMS expects consideration of current market factors in the related valuations. EXAMS will pay special attention to RIAs’ fee calculations and alternative revenue streams.

Exams emphasizes the fiduciary obligations of RIAs to registered investment companies. Funds with these specific characteristics will receive heightened scrutiny:

  • Turnkey funds
  • Mutual funds that converted to ETFs
  • Non-transparent ETFs
  • Loan-focused funds
  • Medium and small fund complexes that have experienced excessive staff attrition
  • Volatility-linked ETFs
  • Single-stock ETFs
  • New, unexamined or not recently examined investment companies
  1. Broker Dealers

EXAMS will focus on broker-dealers’ compliance and supervisory programs, including those for electronic communications and recording those communications. EXAMS note special interest in issues specific to equities, fixed income securities, over-the-counter securities and microcap securities.

  1. Clearing Agencies

Registered clearing agencies should emphasize procedures for risk management including maintaining sufficient financial resources, protecting against credit risks, managing member defaults and managing operational and other risks.

  1. Regulation SCI

EXAMS will focus on the security and reliability of certain technological trading platforms.

  1. Anti-Money Laundering

Firms must establish appropriate customer identification programs and satisfy their SAR filing obligations. EXAMS will examine for full compliance with the Bank Secrecy Act.

  1. Discontinuation of LIBOR

EXAMS notes the potential disruption that discontinuation of the London Interbank Offered Rate happening in mid-2023 may cause. EXAMS will assess whether broker-dealers and RIAs are prepared for the transition.

3 Ways Crypto Prepares for Looming Regulation

Uncle Sam is taking “internet money” seriously.

As a result, elected officials are spending more time talking about crypto.

Do you know what that means? Regulation will follow the buzz.

In an interview with Yahoo!, U.S. Rep. Jim Himes (D-Conn.) characterized the current crypto climate as a showdown with Securities Exchange Commission Chairman Gary Gensler: “We’re sort of in a vapor lock around this issue of the registration of entities, exchanges, etcetera with Gary Gensler at the SEC saying, ‘I don’t need more statute. I’ve got all the law I need. What I need is for people to comply.’ And, of course, many people are saying, ‘Well, we don’t agree with that, and we are not going to comply’. So that suggests we are going to need to figure out whether additional statute is necessary, and Gary Gensler is wrong or whether Gary Gensler just needs to do a lot more enforcement to get people to see his point of view, that they should be registering under existing law.”

To make things more interesting, former SEC Chair Jay Clayton disagrees with Gensler’s stance, asking the agency to provide guidance on the custody of tokenized assets. In an op-ed piece, Clayton said the SEC should take the next step and present guidelines for crypto assets.

In the meantime, Gensler has embraced regulation through enforcement. He firmly believes the existing security laws on the books are fine for crypto.

So, what’s the play?

Here are three moves that will help small/midsize crypto companies prepare for looming regulation:

Register With The SEC

There remains a cavalier mindset about crypto. And that needs to change.

Crypto is not like going outside and throwing the frisbee, even though there is social media chatter about “going to the moon.” It is not fun and games; Crypto is an actual financial asset that has value. The notion that crypto is a novel, foreign idea wrapped in technology needs to give way to reality.

To protect your company, now is the time to register with the SEC. Long-awaited regulation for cryptocurrency is on the horizon. It is better to prepare now to fit into the current scheme than sit on the sidelines.

Do not wait for the government’s final verdict. Err on the side of caution. It is better to fill out more paperwork and “over-comply” than wait one year later to have the Securities Exchange Commission come knocking. When the agency files a complaint against your company, your reputation could take a hit—along with a hefty legal bill.

Eliminate ‘Dirty’ Money

Part of crypto’s allure is its anonymity, which could make it a prime vehicle for fraudulent activity that includes funding for terrorism. The government will soon introduce regulations that strongly encourage crypto companies to have anti-money laundering programs in place.

No matter how small your company is, you will need to have a designated compliance officer on the payroll. This person can perform other duties, but they must have the title. They also must maintain written policies and procedures. The anti-money laundering plan should be well thought out and detailed, not a two-page report. Ideally, your compliance officer would have the proper credentials, such as the ALMA designation, and appropriate experience. Each organization involved in a chain of transactions involving “dirty money” is accountable.

Sens. Elizabeth Warren (D-Mass.) and Roger Marshall (R-Kan.) have introduced The Digital Asset Anti-Money Laundering Act of 2022, which extends the Bank Secrecy Act. The objective is to subject crypto companies to the same rules as banks and broker-dealers. The bill would address a gap with digital wallets and prohibit financial institutions from transacting with forms of technology that enhances anonymity. Last summer, the currency-mixer Tornado Cash was sanctioned by the U.S. Department of Treasury, alleging money laundering activity with North Korea.

Add A Layer of Governance

Governance is a big part of compliance.

Board members can play a pivotal role. You will need seasoned professionals in many areas, ranging from marketing to technology. Make sure you have board members with deep experience in finance, compliance and internal controls.

Know Your Customer (“KYC”) is a process that identifies your customers and their activities. From a corporate level, do you have the entity’s EIN, articles of incorporation and financial statements? For individual investors, should you recommend a volatile asset to an investor in her 90s? What’s the rest of the story? What are the procedures to address these situations?

Back in 2019, the Commodities Futures Trading Commission, Financial Crimes Enforcement Network and SEC classified crypto exchanges as money service businesses (MSBs), which means they must follow the Bank Secrecy Act of 1970, as well as the anti-money laundering and KYC rules.

While your staff manages the day-to-day operations, your board members can still be part of the mix. Give them oversight of key committees, such as risk and compliance, to provide another layer of review, which would protect the firm.

(Tyler Rutherford is an associate attorney at Pastore with expertise in regulatory compliance, contract law and corporate law. He represents a wide range of clients, including crypto and blockchain companies.)

M&A Success: 4 Ways Companies Sidestep Regulatory, Emotional Challenges

On paper, mergers and acquisitions look thrilling.

Diversification. Expansion. Cost savings and larger margins—in less time with fewer dollars.

The promise of M&A can be intoxicating. But here’s a sobering thought: 70% to 90% of mergers fail, according to the Harvard Business Review.

For enterprise companies, regulatory hurdles can knock down the pending merger. Reuters reports that the U.S. Justice Department and Federal Trade Commission have attempted to stop more than 20 mergers since January 2021.

For small to mid-size firms, lack of preparation and purpose may kill the deal.

In theory, it’s a common belief that integration will decide which acquisitions move forward. But in practice, people are behind the numbers and processes.

Regardless of size, here are four ways to dramatically increase your chances at M&A success:


  1. Begin at The End

Clarity is a great place to start.

Why are you pursuing a merger? This answer should serve as the North Star because it will impact everything that follows in the process. While proper planning will be important, anticipation will be mission critical.

To advance the deal, think about the company’s building blocks in terms of resources and processes. Those two elements yield value and profit. Developing a clear understanding of these variables will allow you to promote and defend the deal—or arrive at better terms.

How would the pending merger impact the marketplace? How would the acquisition improve your company’s performance? Asking the tough, specific questions internally about what the end result will look like will help you anticipate opportunities to address. In M&A deals, being strategic means beginning at the end because it will ensure that every step along the way is tied to the desired outcome.


  1. Eliminate Emotion


Your exit strategy should be mapped out during the prep stage. This scenario represents the bare-minimum that you will accept in a negotiated agreement. Otherwise, you will walk.

This simple tactic removes emotion from the deal. Typically, negotiations that drag on tend to motivate players to hang on to finalize the deal for the wrong reasons, which may not be a logical fit with your original plan.

As part of a more logical approach, you should develop a list of specific commitments that you could offer to regulators, or the other party. These commitments should be specific, measurable, attainable and have a realistic time frame. Creating this list in advance will allow you to run the numbers and determine which items you can concede in the most cost-effective manner.

Game Theory is a normal part of negotiations, which is a dance that revolves around give and take. Make sure you understand the value of each move before you take it.


  1. Build Trust


Trust is a special kind of currency leveraged during M&A negotiations. So, spend it wisely.

Open communications will go a long way toward building a relationship with the other side. From the very beginning, you will need to provide prompt, purposeful and intelligent responses. Delaying a request could stir skepticism and trigger an unfavorable outcome. It’s not uncommon for parties to walk away at the onset if they have a bad “feeling,” which is often created from poor communications.

Anticipating inquiries is also imperative. As part of your preparation, you will need to envision the possible questions and pain points in advance so you can quickly provide an advantageous solution.

To continue building trust—it’s a process—you will need timely financial statements, including monthly, quarterly and annual statements, to show them that your financial house is in order. The worst thing that can happen is that they see something that surprises them.

Establishing open communications, built on transparency and honesty, is invaluable. In part, that means timely responses and organized financials.


  1. Stack the Deck


Take it from someone who played in the NFL, the teams with the best players tend to win.

In the M&A game, assemble a winning team of experts to increase your chances for success. A tax advisor and business consultant should be on the list and at least one consultant should be familiar with valuing companies in the target industry.

You will also need internal stakeholders, such as your chief finance officer and controller, to be part of your team. These employees, along with the chief operating officer, will be responsible for telling and supporting the story.

And your attorney will bring it all together and keep it moving along.

Collectively, your team will be accountable for building good faith and goodwill throughout the process. They will amplify the positive and address the challenging items directly to bolster the relationships that get the deal done.

Amid the columns of numbers strewn across spreadsheets, you will always find people.

To close your next M&A deal, start there to seal success.


(Paul Fenaroli is an Associate Attorney at Pastore. His practice focuses primarily on corporate law, contract law, employment law and regulatory compliance involving M&A activities.)


FTX’s Bankruptcy Shines Light on Selling Trade Claims

In the wake of FTX’s downfall and bankruptcy filing, more crypto companies are expected to file for bankruptcy.[1] With a tumultuous year in the crypto world, creditors have been left with billions of dollars worth of claims. Unfortunately, bankruptcy proceedings can take years to resolve, thus leaving a creditor in a state of limbo and waiting to learn what portion of its claim will be paid out. As a result of this uncertainty, creditors may wish to consider selling their claims.[2] By selling a claim, a creditor can receive an upfront payment for the claim instead of monitoring the debtor’s bankruptcy case for years. Reconciling and distributing claims in the bankruptcy process is notoriously slow, particularly for very large debtors such as FTX.

Unlike stocks, bankruptcy claims are not sold or traded on the New York Stock Exchange. Instead, creditors must sell their claims through individually negotiated assignment agreements.[3] While there are no standardized forms for claim assignments, creditors tend to use assignment agreements that contain universally accepted terms in addition to negotiating the details, such as whether the buyer can force the creditor to repurchase the claim. Conveniently, creditors do not need to disclose the purchase price or other details of the assignment in the bankruptcy process.

While the prospect of quickly monetizing a claim may be enticing to a creditor, a creditor should consult an attorney to ensure that risks, such as the purchase price being returned to the buyer if the claim’s validity is questioned, are considered and mitigated. We are confident a market for FTX bankruptcy claims will emerge over the next 60 days.

[1] MacKenzie Sigalos and Rohan Goswami, Crypto firm BlockFi files for bankruptcy as FTX fallout spreads, CNBC (Nov. 28, 2022), https://www.cnbc.com/2022/11/28/blockfi-files-for-bankruptcy-as-ftx-fallout-spreads.html.

[2] Bruce S. Nathan and Scott Cargill, A Primer on Selling Bankruptcy Trade Claims, Business Credit (Feb. 2021), https://www.lowenstein.com/media/6418/nathanpluscargill-a-primer-on-selling-bankruptcy-trade-claims-business-credit-22021.pdf.

[3] Bankruptcy Claims Trading: What is it? How do I maximize my returns?, Nossaman (Mar. 25, 2010), https://www.nossaman.com/newsroom-insights-bankruptcy-claims-trading-what-how-do-i.

Opportunity for U.S. Backed Digital Currency

Cryptocurrency (“Crypto”) is an easily accessible digital asset used for financial transactions.[1] Crypto has become a source of payment on virtual platforms and utilizes blockchain technology.[2] While digital transactions eliminate the need for intermediaries such as banks, credit card companies, or third-party payment processors, it is an unregulated and volatile field.[3] The recent events with FTX highlight this issue.

The use of Crypto rose globally at an unprecedented rate during the COVID-19 pandemic.[4] Developing countries in particular accounted for 15 of the top 20 economies in 2021 using Crypto.[5] One of the most notable countries attempting to adopt Crypto is El Salvador. In 2021, El Salvador became the first country in the world to recognize Bitcoin as legal tender.[6] As such, El Salvador attempted to turn an impoverished area around the Conchagua volcano into a Bitcoin City.[7] The President of El Salvador, Nayib Bukele, hoped to create a futuristic metropolis from Crypto using the Conchagua volcano as a geothermal plant.[8] Unfortunately, President Bukele invested $100 million of government funds into Bitcoin when prices peaked, which led to a further debt crisis in El Salvador. One of the issues El Salvador and other developing countries have run into with the use of Crypto as legal tender is the volatility of the market. Since 2021, Bitcoin has dropped 61%, and El Salvador is likely to default on its debts in the next few years due to the dramatic drop in value.[9] The price of Crypto is open to fluctuation, fraud, and tax evasion due to the lack of regulation and backing by a central bank or government.[10]

One solution that has been proposed to bring stability to the Crypto market is a Central Bank Digital Currency (“CBDC”), which is a digital token, similar to Crypto, issued by a central bank. In the United States, the digital form of the token would be the equivalent of the U.S. dollar.[11] President Biden and the Federal Reserve are evaluating the creation of a U.S. CBDC and how it would work alongside the existing form of physical currency.[12]

The benefits of a U.S.-issued CBDC include privacy-protected digital currency, improvements to cross-border payments, and support to the U.S. dollar’s international role.[13] A U.S. CBDC would offer access to digital money that is free from credit and liquidity risks, unlike money held in a traditional bank.[14] Currently, Federal Reserve notes are the only central bank money available to the public. The use of a CBDC would provide a cheaper, faster form of transferring money and bring people who do not have bank accounts into the financial market.[15]

The dollar is the world’s most widely used currency for payments and investment.[16] A CBDC would expand the U.S. economy by creating a financial market with the global use of a CBDC.[17] Recently, China introduced its own CBDC, which may decrease the demand for the U.S. dollar abroad. The creation of a U.S. CBDC would allow competition on a global scale with China and other countries that have developed a digital currency backed by their central bank.[18]

Despite the benefits to the U.S. consumer and the global financial system, a U.S. CBDC has several issues. Many Americans actively use and prefer cash.[19] Additionally, there are privacy issues with digital currency. A Federal Reserve-backed CBDC system would allow the central bank to see every user transaction.[20] Additionally, banks have questioned the legal authority of the Federal Reserve to issue a digital currency without authorization from Congress.[21]

The White House, the Office of Science and Technology Policy, and the National Science Foundation continue to work on the National Digital Assets Research and Development Agenda.[22] The Executive Branch has placed a high priority on advancing research concerning Crypto and how it could provide financial inclusion and equity to Americans.[23]  While the benefits of a U.S. CBDC are plentiful, there are many moving parts to the initiation of a central bank backed digital currency in the United States. However, even with the lack of regulation and its volatile nature, Crypto is not going away. Crypto provides businesses and consumers with easily transferable, convenient, less expensive means of transferring money.[24] A U.S. backed stable coin may provide such stability. Clearly, the U.S. would not want the European Union or another Western power to issue such a coin and undermine the U.S. leadership in global currencies.


[1] Molly Mastantuono, Cryptocurrency 101: A Guide to Digital Dollars (Dec. 17, 2021), https://www.bentley.edu/news/cryptocurrency-101-guide-digital-dollars.

[2] Id.

[3] Id.

[4] UN trade body calls for halting cryptocurrency rise in developing countries, United Nations (Aug. 10, 2022), https://news.un.org/en/story/2022/08/1124362.

[5] Id.

[6] Joe Hernandez, El Salvador Just Became The First Country To Accept Bitcoin As Legal Tender, NPR (Sept. 7, 2021), https://www.npr.org/2021/09/07/1034838909/bitcoin-el-salvador-legal-tender-official-currency-cryptocurrency.

[7] Zeke Faux, El Salvador’s $300 Million Bitcoin ‘Revolution’ Is Failing Miserably (Nov. 4, 2022), https://www.bloomberg.com/news/features/2022-11-04/el-salvador-s-bitcoin-revolution-is-failing-badly.

[8] Id.

[9] Id.

[10] UN trade body calls for halting cryptocurrency rise in developing countries, supra note 4.

[11] Dr. Alondra Nelson, Alexander Macgillivray, Nik Marda, Technical Possibilities for a U.S. Central Bank Digital Currency (Sept. 16, 2022), https://www.whitehouse.gov/ostp/news-updates/2022/09/16/technical-possibilities-for-a-u-s-central-bank-digital-currency/.

[12] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, Board of Governors of the Federal Reserve System (Jan. 2022), https://www.federalreserve.gov/publications/files/money-and-payments-20220120.pdf.

[13] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[14] Id.

[15] Andrew Ackerman, What is a Central Bank Digital Currency and Should the U.S. Issue it? (May 26, 2022), https://www.wsj.com/articles/should-the-u-s-issue-a-digital-dollar-which-could-compete-with-crypto-assets-11646921329.

[16] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[17] Id.

[18] Boucher, supra note 16.

[19] Andrew Ackerman, Fed Launches Review of Possible Central Bank Digital Currency (Jan. 20, 2022), https://www.wsj.com/articles/fed-launches-review-of-possible-central-bank-digital-currency-11642706158

[20] Id.

[21] Id.

[22] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[23] Id.

[24] Shobhit Seth, What is a Central Bank Digital Currency (CBDC)?, Mar. 9, 2022, https://www.investopedia.com/terms/c/central-bank-digital-currency-cbdc.asp.

Pastore partner recieves recognition by the American Lawyer and Martindale-Hubbell

Joseph Pastore, the chairman of Pastore LLC, has been named a 2023 Top Rate litigator nationally by the American Lawyer and has received recognition as 2023 AV Preeminent from Martindale- Hubbell. Both publications evaluate attorneys from around the country using independent criteria.