Securities Industry Commentator by Bill Singer Esq

November 17, 2021









http://www.brokeandbroker.com/6170/finra-arbitration-default/
Here we are, 2021, and we're going to discuss a FINRA arbitration filed in 2015. We got an ex-husband, who was a stockbroker. We got his ex-wife, who filed the lawsuit. Comes 2017, and that one FINRA arbitration gets bifurcated into two separate matters. Then we got the casting of aspersions. Oh my. Then the claims in the first arbitration are dismissed as having being filed too late. In the second arbitration, the ex-wife wins by default, or so it seemed. On appeal to the courts, the judges weren't all that pleased with the lack of effective service upon the ex-husband. 

https://www.justice.gov/usao-cdca/pr/former-realtor-sentenced-4-years-federal-prison-running-nearly-4-million-fraud-scammed
After a three-day jury trial in the United States District Court for the Central District of California, Ernesto Diaz, 66, was convicted on one count of conspiracy, two counts of mail fraud affecting a financial institution, and one count of mail fraud; and he was acquitted on one mail fraud count. Prior to the trial, in 2012, Diaz had entered into a Plea Agreement whereby he pled guilty to a separate count of failure to appear in court while released on bond. After his plea, he fled to Mexico where he was a fugitive for seven years until the FBI arrested him in October 2019. In February 2020, a Superseding Indictment was filed against him citing the counts on which his jury trial was held. Diaz was sentenced to 48 months in prison and ordered to pay pay $3,061,159 in restitution. In 2015, Co-Defendant Maria Marcella Gonzalez pled guilty to making a false statement in a bankruptcy declaration, and she was sentenced to 70 months in prison .As alleged in part in the DOJ Release, from March 2010 to March 2011, Diaz and Gonzalez:          

ran a fraudulent mortgage-elimination program that operated in Montebello under the names "Crown Point Education Inc." and "Crown Point Inc." Diaz and Gonzalez advertised to distressed homeowners that the Crown Point program could eliminate whatever balance existed on their mortgages.

Several homeowners testified at trial that they had fallen behind on their mortgage payments during the financial crisis of 2007-08 because of workplace injuries, medical bills and other personal circumstances. In exchange, the homeowners paid Crown Point thousands of dollars for its services, typically with a partial payment demanded at the program's inception, followed by monthly fees.

Diaz and Gonzalez offered seminars describing the Crown Point program to prospective customers but refused to specify - citing the need to protect the company's proprietary information - how they purportedly eliminated existing mortgages.

At the seminars, Diaz and Gonzalez guaranteed that the Crown Point program would be successful and had cleared the mortgage problems of past customers. Diaz and Gonzalez also met personally with customers and prospective customers to make similar promises of success, assuage concerns of customers who had seen no signs of success, and demand additional payments. Diaz and Gonzalez often counseled customers to cease mortgage payments to their lenders altogether and to pay Crown Point instead.

After clients signed up for the program and paid a fee - usually $15,000 per property - Diaz and Gonzalez directed others to mail packets of information to the clients' lenders that falsely asserted that the client's mortgages were invalid and that mortgages would be extinguished if the lenders did not respond. Many of the mailed documents were notarized to create the appearance of legitimacy, at times using the notary stamp of Diaz's own sister without her knowledge or consent.

In fact, Crown Point had no success in eliminating customer mortgage debt and many customers - including Diaz's brother - lost their homes.

One integral part of the scheme involved the filing of unauthorized bankruptcy petitions to delay the foreclosure process, leaving victims with the impression that the Crown Point program was working and inducing them to continue making payments, but damaging clients' credit ratings in the process. 

https://www.justice.gov/opa/pr/56-million-seized-cryptocurrency-being-sold-first-step-compensate-victims-bitconnect-fraud
Glenn Arcaro pled guilty in the United States District Court for the Southern District of California to his participation in a conspiracy to defraud BitConnect investors. The Court granted DOJ the authority to liquidate about $56 million in seized fraud proceeds, which is the largest single recovery of a cryptocurrency fraud.  As alleged in part in the DOJ Release: 

With entry of the court's interlocutory sale order, the government will begin the process of seeking to make whole victims of the BitConnect scheme by selling the cryptocurrency and holding the proceeds in U.S. dollars. The government will maintain custody of the seized proceeds in cryptocurrency wallets and intends to use these funds to provide restitution to the victims pursuant to a future restitution order by the court at sentencing. 

All potential victims of the BitConnect scheme are encouraged to visit https://www.justice.gov/usao-sdca/us-v-glenn-arcaro-21cr02542-twr for information on rights they may possess as a victim, the opportunity to submit a victim impact statement, and to identify themselves as a potential victim.

https://www.justice.gov/usao-mdfl/pr/two-orlando-men-indicted-over-12-million-fraud
In an Indictment filed in the United States District Court for the Middle District of Florida
https://www.justice.gov/usao-mdfl/press-release/file/1448731/download, Orlando, Keith Ingersoll and James Adamczyk were each charged with one count of conspiracy to commit wire fraud, twenty counts of wire fraud, and nineteen counts of money laundering; and, further, Ingersoll was charged with one count of aggravated identity theft. As alleged in part in the DOJ Release:

[I]ngersoll, Adamczyk, and others obtained more than $12 million from a victim. Specifically, the conspirators falsely represented that the funds provided by the victim would be used as refundable deposits for specific real estate transactions, that they would be held in escrow by an attorney or by an attorney as an escrow agent and, that the funds would be returned to the victim upon request. In fact, the funds were sent to two conspirators who were not licensed attorneys: a suspended attorney and, after the suspended attorney died, Adamczyk.  Rather than retain the funds as had been promised, the suspended attorney and Adamczyk diverted portions of the funds for their own personal benefit and transferred other funds to Ingersoll.

As part of the conspiracy, Ingersoll, Adamczyk, and other conspirators provided the victim with real estate purchase contracts and other documents that were not executed by the owners of the properties but that contained forged signatures or were executed using the names of fictitious individuals and that falsely represented the entities that owned the properties. Ingersoll, Adamczyk, and other conspirators also falsely claimed that specific entities and individuals had expressed interest in purchasing the real estate but those potential buyers did not exist, had never been contacted about purchasing the real estate, or had declined to pursue a transaction. When the victim requested a return of some of the funds, Ingersoll and Adamczyk provided false excuses why the funds could not be returned, including false claims that Adamczyk was not allowed to leave Costa Rica due to having COVID-19 and that Adamczyk needed to be at the bank in person to return the funds to the victim. Ingersoll, Adamczyk, and other conspirators spent the proceeds received as a result of their fraud on themselves and for their own personal benefit, including for luxury car rentals, travel, and adult entertainment.

https://www.justice.gov/usao-sdny/pr/white-plains-investment-adviser-sentenced-63-months-federal-prison-embezzlement
Gregg Brie, 54, pled guilty in the United States District Court for the Southern District of New York to one count of wire fraud, and he was sentenced to 63 months in prison plus three years of supervised release, and ordered to pay $642,333.33 in forfeiture and restitution. As alleged in part in the DOJ Release:

BRIE embezzled funds from three victims, two of whom lived in his White Plains apartment complex.  He advised his first victim, a disabled man on a fixed income and confined to a wheelchair, to buy shares in Alaska Air Group, Inc.  Bank records show that this victim gave BRIE more than $480,000.  BRIE told his victim that he had opened accounts for him at a brokerage firm and that his stock had increased in value to approximately $8 million.  When the victim asked for his money, BRIE told him that his accounts were frozen because the stockbrokers had done something "sketchy" in order to buy the shares at a lower price.  When the victim attempted to contact the brokerage firm, BRIE told him that he would "murder [him]" if the victim attempted to contact the firm again.  BRIE repeated this threat at least two more times, noting that he meant his threats to be taken "literally, not metaphorically."

According to written loan agreements drafted by BRIE, the second victim made three loans to BRIE in a total amount of approximately $157,000 "for the purpose of producing and distributing a proprietary, composite unimold commode for use within indigent venues of the African nation of Uganda."  The third victim loaned $2,000 to BRIE on BRIE's representation that he was illiquid because he had put all of his cash into the unimold commode project.

The Federal Bureau of Investigation's ("FBI") analysis of bank accounts controlled by BRIE showed that BRIE spent the money he obtained from his victims primarily on credit cards and a Mercedes Benz lease.  The evidence showed that there was no brokerage account.

SEC Charges Additional Investment Adviser in Cherry Picking Scheme (SEC Release)
https://www.sec.gov/litigation/litreleases/2021/lr25265.htm
In an  Amended Complaint filed in the United States District Court for thge Southern District of Florida https://www.sec.gov/litigation/complaints/2021/comp25265.pdf, the SEC charged Lina Maria Garcia with violating Sections 17(a)(1) and (3) of the Securities Act, Section 10(b) of the Securities Exchange Act and Rules 10b-5(a) and (c) thereunder, and Sections 206(1) and 206(2) of the Investment Advisers Act of 1940; and, in the alternative, with aiding and abetting the other defendants' violations of these provisions, and seeks a permanent injunction, disgorgement, prejudgment interest, and civil penalties. As alleged in part in the SEC Release:

[G]arcia, who is the president and chief compliance officer of UCB Financial Advisers, worked with the other defendants to divert profitable trades to two accounts held by Sugranes's parents, and to saddle other clients with losing trades. The defendants allegedly used a single account to place trades without specifying the intended recipients of the securities at the time they placed the trades. As alleged, after defendants established a position, if the price of the securities increased during the trading day, the defendants usually closed out the position and allocated those profitable trades to the two accounts held by Sugranes's parents, who have been charged as relief defendants. Conversely, the complaint alleges that if the price of the securities decreased during the trading day, the defendants usually allocated the unprofitable trades to other client accounts. The amended complaint further alleges that Garcia and Sugranes are romantic partners who have lived together for several years and that since at least 2018, Sugranes has provided Garcia with approximately $200,000 in cash and a half interest in an $800,000 investment in a local business.

Remarks at the PepsiCo-PwC CPE Conference: Controlling Internal Controls by SEC Commissioner Caroline A. Crenshaw
https://www.sec.gov/news/speech/crenshaw-controlling-internal-controls-20211116

Thank you for the kind introduction Kevin [Gould]. It's a pleasure to be here today at the annual PepsiCo-PwC CPE conference, which I understand is a tradition going back 18 years now. I appreciate the opportunity to speak, and I look forward to answering your questions today. 

It's not often-even in this job-that I find myself speaking before such a large group of controllers, accountants and other finance professionals of public companies. And I welcome it because it means we can get a bit more technical and talk about financial reporting issues. I suspect many of you will not be surprised that Kevin and his team have shared with me that ESG is top of mind for this group.  I understand there is an interest in hearing what ESG means to the SEC and what ESG regulations are on the horizon. It's a big question, and spoiler alert - I cannot speak for the Commission and tell you what is to come. I have to caveat my statements today with the standard disclaimer that any views I express today are my own and do not reflect the views of my fellow Commissioners, the Commission or its staff. But I am an U.S. Army reservist, and the Soldier in me truly appreciates your commitment to readiness.  So even though I cannot speak for the Commission, today I will discuss how I have been thinking about ESG in the public issuer context.

I. ESG Risks Facing Today's Investors & Public Companies
ESG is not a monolithic concept. As you know, it generally refers to environmental, social and governance risks, and these are some of the most pressing issues companies are facing.  In March of this year, the Commission sought public comment on climate change disclosure.[1] We received hundreds of responses; many of which also addressed disclosures concerning other ESG risks. An overwhelming number of comment letters state that investors view ESG information as material to financial performance and that investors need consistent and reliable disclosures of ESG information to inform their investment decisions.[2] According to commenters, ESG related information helps investors assess the long-term sustainability or value of an investment.[3] And this makes sense if you think about the position investors are in today. Many Americans are no longer able to rely on defined-benefit retirement plans. They must, instead, rely on themselves in order to save for their children's education or for their own retirement.  And they must, in doing so, take on the risks associated with managing the money themselves.[4] Investors increasingly need to consider how companies will "weather" over a longer time horizon when making investment decisions.[5] That requires looking at the risks today's companies face and analyzing how these risks will impact future financial performance.

With ESG now front and center, the reliability of corporate ESG risk disclosures, and their potential impact on and connectivity to financial statements, is critical. As you know, corporate internal controls play a crucial role in ensuring such risk disclosures are consistent and reliable.  The term "internal accounting controls" refers to an organization's plan, methods, and procedures related to safeguarding a company's assets and ensuring the reliability of corporate financial records.[6] These controls broadly include systems designed to ensure transactions are authorized and recorded in a way that maintains accountability for assets and allows for financial statement preparation in conformity with GAAP.[7]  They also include procedures that control access to assets and the systems designed to test the effectiveness of internal controls.[8] The concept of accounting controls is intentionally broad, because a company's system for tracking its assets and recording transactions - regardless of their form - is vital to accurate financial reporting. And it is vital to identifying risks to the financial statements so leadership can manage them and prepare GAAP-compliant financial statements and disclosures accordingly. At the end of the day, management is responsible for establishing and maintaining an effective system of internal controls that reasonably safeguards corporate assets from risk.[9] So as you think about and discuss ESG risks during this conference, I encourage you to think about them in the context of your internal accounting controls and audit functions.[10]

II. Internal Accounting Controls and ESG Risks
To best serve their function, internal accounting controls must be dynamic enough to consider and respond to changes in the markets, such as those posed by ESG issues. Companies have to evolve over time because the market place is constantly changing in response to new developments and challenges. These changes can be prompted by new technology, developments in the global economy, or even by our planet. Change drives innovation for not just corporate America, but investors, consumers and citizens. Change can be a good thing. But as markets change, so do the risks that can impact a company's financial statements. Corporate internal accounting controls must evolve as well. Although these are relatively technical matters often thought of as within the remit of accounting and legal professionals of a specific company, I am regularly reminded that, in the aggregate, these details matter to all Americans.  These details impact the companies whose aggregate financial performance undergirds the retirement savings of tens of millions of workers, and retirees.

If we think back to when the American Institute of Certified Public Accountants (AICPA) first defined internal controls in 1949, I expect few companies were thinking about the specific ESG risks investors are focused on today. But, at that time, it was less common for supply chains to be disrupted by flooding, or wild fires, or ransomware attacks, or global pandemics,[11] as they are today.[12] Most, I suspect, did not contemplate that the majority of economic transactions would happen electronically rather than face-to-face, or the ubiquity of the computing hardware and related software that today informs every aspect of our personal and professional lives. We simply could not foresee that. At that time, the risk that a businesses' entire operations could be taken offline by a technological glitch - or a cyber-attack - did not exist.[13] And although I understand that companies have, for some time now, put processes in place to protect customer information from theft or to detect and protect against spoofing and malware, it's only more recently that companies are facing this frequency of ransomware attacks. And it's only recently that public companies are starting to hold corporate assets in the form of digital assets that are not necessarily custodied and controlled by a regulated bank or financial institution. 

Given all these changes, it is important to think about many risks.[14]  But there are a few specific ESG risks where internal corporate accounting controls play a critical role, and it is particularly important to assess whether these existing corporate internal accounting controls are sufficient to provide reasonable assurances that each business and its assets are, in fact, adequately controlled. [15]

A. Safeguarding Information and Systems
I'll start with cybersecurity, which can fall into the "S" or "G" bucket depending on the specific risk at issue. The Commission noted in a 2018 statement that "[c]ompanies today rely on digital technology to conduct their business operations and engage with their customers, business partners, and other constituencies. In a digitally connected world, cybersecurity presents ongoing risks and threats to our capital markets and to companies operating in all industries, including public companies regulated by the Commission."[16] Unfortunately, the gravity of the threat appears to have grown since the statement was issued - or at least evolved in light of the recent rise in ransomware attacks.[17] You may recall that earlier this year, a motor vehicles manufacturer suffered a nationwide IT infrastructure outage after a ransomware attack demanding payment of Bitcoin.[18] And those of you on the East Coast were likely impacted by the ransomware attack that took offline the computer systems that manage the gasoline pipeline system responsible for transporting around 45 percent of the East Coast's fuel supply.[19]

Cyber-intrusions are no longer limited to events that put sensitive information for sale on the dark web. Every day, companies' operations are disrupted and management must make difficult choices about how to respond, typically when faced with only expensive and unwelcome options.[20] It is understandable that investors might consider how companies manage the risk of cyber-intrusions when making investment decisions.

Turning back to internal controls, I'm particularly interested in understanding how public companies are responding to the various types of cybersecurity intrusions and attacks public issuers are facing, since these create threats to management's ability to safeguard the company's assets, in particular. Are companies evaluating authentication protocols and potential weaknesses in security frameworks? And what internal controls are in place to protect electronic systems from unauthorized access or to ensure financial transactions are processed as authorized and not diverted?  I am also thinking about whether it might make sense for companies have expertise at the management and board levels to evaluate the resources the company is putting into these controls, and to regularly brief the C-suite and board on internal controls testing and effectiveness. Otherwise, it could be hard to assess whether management truly has control over corporate assets.

For good reason, the Commission has brought enforcement actions when public companies and regulated entities have lacked adequate internal accounting controls, or made inadequate public disclosures concerning cyber-intrusions and related risks.  This is an area where I expect our Enforcement and Exams Divisions' staff would continue to pay attention.

B. Identifying and Measuring Climate Risk
In the world of ESG, I suspect climate change risk is an area you're thinking about as much as cyber.   It is on my mind too.  I would like to hear how public companies are assessing whether and how climate change risk impacts revenues and expenses, both now and in the foreseeable future. In particular, I am interested in understanding how companies are evaluating whether climate risk impacts their business. Some issues that I would think companies are considering as part of this process include whether assets are at risk of depreciating more quickly or becoming "stranded" in response to climate change; whether supply chain or transportation networks are at greater risk of being impacted by extreme weather events; or whether existing revenue streams depend on the status quo, such that new regulations pertaining to deforestation or carbon emission could potentially reduce income.[21] No matter where public companies come out on these topics - or how they assess climate risk - I would like to understand the underlying internal accounting controls that guide decision making.  On a related note, if climate change presents risks to a company, or at least requires disclosure, I'm interested in understanding how that company evaluates climate change risk. For example, do companies rely on third party service providers, and if so, do they evaluate the controls that the service providers have in place over information and disclose to investors the identity of the service provider, in the same way you disclose your auditors and underwriters?

I do not think I am alone in wanting to understand how companies are determining whether and how financial statements are impacted by climate change risk; how assumptions used to reach these determinations are set, tested, and reevaluated over time; and how any existing disclosures are being formulated. I have an open door policy and welcome input on these issues, and of course other issues as well. 

C. Safeguarding Digital Assets
Finally, I want to touch on one last fairly recent risk that potentially implicates governance issues. There are media reports that public companies are purchasing digital assets with corporate cash, or accepting digital assets as a form of payment.[22] Such decisions raise a whole new set of internal controls questions, including whether and what internal accounting controls are in place to safeguard those assets from unauthorized use or other custodial risks. It would seem beneficial for companies transacting in digital assets to consider instituting robust processes that validate custody, verify transactions and protect assets from ransomware events. Otherwise, it could be difficult to authorize and account for the transactions.[23] I think it is critical for companies to consider, among other things, whether the internal accounting controls frameworks safeguarding these assets are working, how they need to be modified from existing frameworks applied to transactions in fiat currencies, and what changes need to be implemented, if any.

III. Conclusion
The purpose of internal accounting controls is, and has always been, to provide for corporate and managerial control over a company's assets. It's about ensuring accountability to shareholders and building a foundation that reasonably assures that financial reporting and corporate disclosures are accurate and reliable. As businesses and transactions evolve, so too do the risks to corporate assets. It is for these reasons, among others, that I think of internal accounting controls when I think of ESG risks.

ESG risks serve as a good reminder of the need to be vigilant about regularly reexamining and reconsidering the risks to public companies and their financial statements. It is important, particularly for financial professionals, to identify and assess the ESG risks that might impact company or client, not just in this year, but in future reporting periods too. Of course, we all know that internal controls are only effective if they work, so it is also important to evaluate and test controls frameworks to ensure that they are adequately managing risk. As today's investors are evaluating how ESG risks might impact their investments in companies, I would not be surprised if they are also assessing corporate readiness to manage new and emerging risks.

Thank you for your time. I look forward to your questions.
= = = = =
 
[1] Allison Herren Lee, Acting Chair, Sec. & Exch. Comm'n, Public Input Welcomed on Climate Change Disclosures (Mar. 15, 2021).

[2] See, e.g., Gary Gensler, Chair, Sec. & Exch. Comm'n, Prepared Remarks Before the Principles for Responsible Investment "Climate and Global Financial Markets" Webinar ("More than 550 unique comment letters were submitted in response to my fellow Commissioner Allison Herren Lee's statement on climate disclosures in March. Three out of every four of these responses support mandatory climate disclosure rules.").

[3] See, e.g., BlackRock, Comment Letter on Climate Change Disclosures (June 11, 2021).

[4] See, e.g., John Broadbent, Michael Palumbo & Elizabeth Woodman, The Shift from Defined Benefit to Defined Contribution Pension Plans: Implications for Asset Allocation and Risk Management (Dec. 2006); Samuel Estreicher & Laurence Gold, The Shift from Defined Benefit Plans to Defined Contribution Plans, 11 Lewis & Clark L. Rev. 331 (2007). Of course, retail investors have several options. One can choose to work with a broker-dealer or investment adviser. And we have certain protections in place that govern those relationships. However, ultimately, retail investors have to make the decision on who they rely on to invest; how they engage the marketplace; and understand the trade-offs of those decisions, the related fee structures, conflicts of interest, and how their representatives are managing their money.

[5] See, e.g., supra note 3.

[6] See Securities Exchange Act of 1934 § 13(b)(2)(B); American Institute of Certified Public Accountants, Committee on Auditing Procedures, Statement on Auditing Standards, 001 320.01 (1973).

[7] While my remarks focus on management's responsibilities for effective internal accounting controls, management also is responsible for maintaining effective internal controls over financial reporting and disclosure controls and procedures.

[8] See American Institute of Certified Public Accountants, supra note 6.

[9]See Final Rule on Improper Influence on Conduct of Audits, Release No. 34-47890 (June 26, 2003); Sec. & Exch. Comm'n, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements (Oct. 16, 2018) [hereinafter 21(a) Report on Cyber-Related Frauds].

[10] My remarks today are focused on the importance of robust internal controls, but I would be remiss if I did not acknowledge the importance of high quality independent audits in increasing shareholder confidence in financial information. The Commission's Acting Chief Accountant Paul Munter recently addressed this topic in a thoughtful statement that is available on the Commission's website.

[11] See McKinsey, Risk, Resilience, and Rebalancing in Global Value Chains, McKinsey Global Institute (Aug. 6, 2020) (noting that the COVID pandemic has delivered one of the biggest broadest shocks to the global supply chain in recent memory but due to changes in the environment and global economy it is one of a series of disruptions).

[12] See, e.g., Amanda Little, Ida Piles on Climate Threat to U.S. Food, Wash. Post (Sept. 2, 2021) (describing Hurricane Ida's impact on agricultural product supply chains); Deborah Adam Kaplan, More Frequent, Severe Wildfires Threaten California's Growing Logistics Network, Supply Chain Dive (June 1, 2021) (noting the dramatic increase in wildfires in 2021 compared to previous fire seasons and the burdens put on transportation, inventory, and warehousing networks). 

[13] See Mike Isaac & Sheera Frenkel, Gone in Minutes, Out for Hours: Outage Shakes Facebooks, N.Y. Times (Oct. 4, 2021); infra notes 15-19.

[14] The full suite of ESG related risks is beyond the scope of these remarks, but I encourage anyone interested to look at the Climate Change Disclosure Request for Input and the responses elicited by it. See supra note 1, at Question # 15 (soliciting feedback on a broad range of ESG matters).

[15] See 21(a) Report on Cyber-Related Frauds, supra note 9, at 2 ("[a]s the Senate emphasized over four decades ago when passing these provisions, "[a] fundamental aspect of management's stewardship responsibility is to provide shareholders with reasonable assurances that the business is adequately controlled.").

[16] See Sec. & Exch. Comm'n, Statement and Guidance on Public Company Cybersecurity Disclosures at 2 (Feb. 26, 2018).

[17] See, e.g., Christian Cabaluna, Surge in Ransomware and 10 Biggest Attacks in 2021, ISACA Newsletter (Oct. 27, 2021); Lynsey Jeffery & Vingesh Ramachandran, Why Ransomware Attacks are on the Rise - and What Can Be Done to Stop Them, PBS (July 8, 2021).

[18] See Alicia Hope, Kia Motors America Suffers a $20 Million Suspected DoppelPaymer Ransomware Attack, CPO Magazine (Feb. 26, 2021).

[19] See William Turton & Kartikay Mehrotra, Hackers Breached Colonial Pipeline Using Compromised Password, Bloomberg (June 4, 2021).

[20] As just one example, Colonial Pipeline paid $5 million to regain access to its systems, and the Justice Department has recovered some but not all of the cryptocurrency that was used to pay the ransom. See Stephanie Kelly & Jessica Resnick-ault, One Password Allowed Hackers to Disrupt Colonial Pipeline, CEO Tells Senators, Reuters (June 8, 2021).

[21] See, e.g., Fin. Stability Bd., The Implications of Climate Change for Financial Stability (Nov. 23, 2020); McKinsey, Climate Risk and Response: Physical Hazards and Socioeconomic Impacts (Jan. 2020); Kristen Sullivan, Kyle Tanger & Michelle Bachir, Climate Change 101 for Business Leaders, Deloitte Article (Jan. 6, 2021).

[22] If you enter the phrases "public companies that own digital currency" or "public companies that accept Bitcoin for payment" in an Internet search engine, multiple websites and news media reports purport to provide the answers. I have no independent knowledge of underlying information, but am interested in thinking through the governance implications of these practices. See, e.g., Ty Haqqi, 15 Biggest Companies That Accept Bitcoin, Yahoo! (Feb. 18, 2021); Companies Now Hold over 1.6 Million Bitcoin, Almost 8% of Total Supply, Nasdaq (Aug. 25, 2021); Zahra Tayeb, More companies, including PayPal and Xbox are accepting bitcoin and other cryptocurrencies as payment. Others are weighing up their options, Business Insider (May 7, 2021); Andrew Lisa, 10 Major Companies That Accept Bitcoin, Yahoo (Aug. 25, 2021).

[23] There are many high-profile examples in which investors in digital assets have lost access to their funds due to problems at exchanges or service providers. See, e.g., Samuel Haig, QuadrigaCX Trustee Only Has $30M to Pay $171M Worth of Claims, Cointelegraph (Nov. 6, 2020); Ryan Browne, 'Accidental' Bug May Have Frozen $280 Million Worth of Digital Coin Ether in a Cryptocurrency Wallet, CNBC (Nov. 8, 2017). 

Two of Three FINRA Arbitrators Ironically Disappear In Unexplained Expungement Award (BrokeAndBroker.com Blog)
http://www.brokeandbroker.com/6169/finra-arbitration-expungement/
Yet another bit of dubious quality control arises with yet another FINRA published document. In today's iteration, we have an alleged customer complaint from someone who wasn't actually a customer when a questioned loan was extended to the financial advisor, who wasn't the non-customer's advisor at the time that the loan in question arose. And as if all of that tortured was and was not was or wasn't enough, we have a three-arbitrator Panel declining to issue a so-called Explained Decision, which turns out to be a petard on which the arbitrators themselves get hoisted. Although the Panel of three arbitrators purportedly heard the case, oddly, inexplicably, one, and only one arbitrator, made mandatory findings, which not only seems in contravention of FINRA's Code of Arbitration Procedure but, how ironic, isn't explained in the Award.

DreamFunded Dream Faded At FINRA And SEC Declines to Stay Expulsions and Bars (BrokeAndBroker.com Blog)
http://www.brokeandbroker.com/6168/dreamfunded-finra-crowdfunding-sec/
There was a time, not many years ago, when crowdfunding was all the rage and the JOBS Act was supposed to democratize Wall Street. Desperate or naïve entrepreneurs looking to raise modest amounts of capital were attracted by the promise that their ventures would be posted on a crowdfunding website. Except, as industry veterans knew, the investors with the real cash don't waste time on crowdfunding websites. As such, after the crowdfunding sites collected their fees, more often than not, the listings sat, barely getting nibbles, wasting away. Worse, many of the offers for funding proved to be scams and frauds. Some folks raised money and launched their business -- that's great. If the laws had been better drafted, if the sector had been better policed, then we might have realized the vision. In the end it was just another one of those things that fizzled out without much notice or fanfare. And so we move on to the next flash in the pan. NFTs anyone?