A White Collar Criminal Defense alert by Rachel Maimin, Kathleen McGee, and Carly Coleman discusses the $105 million settlement that New York State and New York City recently received from a hedge fund manager accused of evading tax liability.  This settlement results from a qui tam suit filed in 2018 under the New York False Claims Act, which permits a whistleblower to receive a significant portion of any recovery.  Read the alert here.

On February 16, Judge Furman of the Southern District of New York handed down a ruling in In re Citibank August 11, 2020 Wire Transfers concluding that Citibank could not recover $900 million inadvertently wired to lenders.

The entire 105-page decision[1] is a fascinating read, describing a near-perfect storm of convoluted financial arrangements, technological limitations, and all-too-understandable human error that culminated in the following screen shot from Citibank’s internal system:[2]

The premise was that the user needed to direct a principal payment to an internal Citibank account rather than out of the bank to the lenders, while allowing the payment of interest to leave the bank. To make this adjustment, the user clearly directs “PRINCIPAL” to an “Internal G[eneral] L[edger]” account, directing the system to “Overwrite [the] default settlement instruction.” In fact, to accomplish the intended redirection, the user also needed to select the “FRONT” and “FUND” lines. Without those cryptic additions, the full amount of all principal and interest, approximately $900 million, was inadvertently deposited in lender accounts.

The decision also offers an important and detailed discussion of New York’s discharge-for-value law. The court drew on the formulation from the leading Court of Appeals decision on the topic:

“When a beneficiary receives money to which it is entitled and has no knowledge that the money was erroneously wired, the beneficiary should not have to wonder whether it may retain the funds; rather, such a beneficiary should be able to consider the transfer of funds as a final and complete transaction, not subject to revocation.”[3]

The court, in deciding that the erroneously paid lenders were not, in fact, on notice that the payment was in error, specifically pointed to the Bloomberg Terminal chat functions, in which the hedge fund lenders ruthlessly skewered the Citibank employees … but only after Citibank asked that the funds be returned. The court reproduced some of the “quite colorful” comments, including:

“I feel really bad for the person that fat fingered a $900mm erroneous payment. Not a great career move” and “How was work today honey? It was ok, except I accidentally sent $900mm out to people who weren’t supposed to have it”[4]

Ultimately, however, one salient takeaway is inescapable: syndicated lending may, at times, look like investing in securities, but it is quite different.

Syndicated loans are not considered securities, and the loan is not based on a registration statement and prospectus but rather on a confidential information memorandum (CIM). Notably, statements in the CIM are not covered by state or federal securities laws.

Additionally, in the event a bond is to be retired early, the bondholder would expect to receive a notice that the bond is being called or, for bonds without call features, an offer to repurchase the bond at the prevailing market price (or perhaps at a premium). In the absence of these types of communications, the lender could arguably be considered to be put on notice that something was amiss should the entire outstanding principal and interest be returned prior to the bond’s maturity.

With a syndicated loan, there are generally no such formalities required. Consequently, in In re Citibank, there was no reason for lenders to imagine that they were receiving anything other than what they were due.

The case is In re Citibank August 11, 2020 Wire Transfers, No. 1:20-cv-06539-JFM (S.D.N.Y.). We expect to revisit this matter after an appeal.

[1] In re Citibank August 11, 2020 Wire Transfers, dkt. no. 243 (Feb. 16, 2021) (“In re Citibank”).

[2] Id. at 13.

[3] Banque Worms v. Bank Am. Int’l, 570 N.E.2d 189, 196 (1991).

[4] In re Citibank at 73.

Earlier this month, the Eleventh Circuit, in Tsao v. Captiva MVP Restaurant Partners, LLC, No. 18-14959, 2021 WL 381948 (11th Cir. Feb. 4, 2021), affirmed the dismissal of a class-action lawsuit brought on behalf of patrons of a restaurant chain, holding that data breach victims must show more than a heightened risk of future injury or costs incurred to mitigate potential harm in order to establish Article III standing.

The plaintiff in Tsao alleged that a data breach targeted at a restaurant chain’s point-of-sale system revealed class members’ credit and debit card information, exposing class members to identity theft and fraud.

Relying on the Supreme Court’s decision in Clapper v. Amnesty Int’l USA, 568 U.S. 398 (2013) and the Eleventh Circuit’s ruling in Muransky v. Godiva Chocolatier, Inc., 979 F.3d 917 (11th Cir. 2020), the court held that a plaintiff alleging a threat of future harm “does not have Article III standing unless the hypothetical harm alleged is either ‘certainly impending’ or there is a ‘substantial risk’ of such a harm.” Moreover, the court held, a plaintiff cannot “conjure standing” by inflicting harm on itself to mitigate the alleged risk, such as by spending time and resources canceling credit cards, resulting in temporary loss of use of the canceled cards and lost cash back or reward points. Applying this standard, the court found that plaintiff had failed to establish that the threat of future harm was “certainly impending” or that there was a “substantial risk” of such harm, and that he could not “manufacture standing” by incurring costs to mitigate a “non-imminent harm.”

In so holding, the Eleventh Circuit sided with the Second, Third, Fourth, and Eighth Circuits–all of which have declined to find standing based on an increased risk of identity theft and the cost of measures taken to protect against it. While the Tsao decision doesn’t resolve the circuit split, it provides additional protection to companies in the Eleventh Circuit that take steps to promptly alert their customers of data breaches. The Tsao decision is also likely to factor into the Equifax appeal, brought on behalf of a handful of objectors to the class settlement arising out of the 2017 data breach at Equifax–one of the largest ever, which is currently scheduled for oral argument before the Eleventh Circuit on April 20.

Last March, The New York Times reported that Senate Majority Leader Mitch McConnell had been “quietly making overtures” to older Republican-nominated judges to encourage them to retire so that then-President Trump could fill their vacancies before the end of his term. After the 2020 presidential election, the Los Angeles Times reported that, reciprocally, some federal judges had been deliberately delaying their retirements in the hope that a different president would be able to nominate their successors.

In the three weeks since President Biden’s inauguration, 28 federal judges have announced that they are retiring or transitioning to “senior status”–a form of semi-retirement available to more senior judges in which they can reduce their caseload or be more selective in the types of cases they accept, and that opens up their seat as vacant.

The recent retirement announcements include some jurists who are well known within the financial services industry:

  • Robert A. Katzmann has served on the Second Circuit since 1999 and was its Chief Judge from 2013 to 2020. The day after President Biden’s inauguration, NYU Law announced that Judge Katzmann was taking senior status and joining the NYU Law faculty. Among his many decisions in over two decades on the bench, Judge Katzmann wrote the seminal majority opinion in United States v. Martoma, which defined the personal benefit element of insider trading.
  • Denny Chin, who served as a district judge in the Southern District of New York from 1994 until 2010, when President Obama elevated him to the Second Circuit, will take senior status in June. Judge Chin is perhaps best known for presiding over the prosecution of Bernie Madoff, whom he sentenced to a prison term of 150 years. Judge Chin also granted summary judgment to dispose of a copyright class action that would have prevented Google from scanning tens of millions of books into a digital library.
  • Outside New York, Dan Aaron Polster, a federal district judge in Cleveland, has risen to national prominence as the judge presiding over the multidistrict litigation arising from opiate litigation in federal courts. He previously presided over a securities fraud action against Cliffs Natural Resources Inc., which resulted in an $84 million class settlement. Judge Polster took senior status on January 31.

In addition to those who have already announced their retirement, many judges with heavy footprints in capital markets litigation either are or will become eligible for retirement on pension or senior status within the next four years, should they so choose. These include, among many others, First Circuit Judge William J. Kayatta Jr.; Second Circuit Judges Jose A. Cabranes, Rosemary S. Pooler, and Susan L. Carney; Seventh Circuit Chief Judge Diane Wood and Judges Frank Easterbrook and David F. Hamilton; and Ninth Circuit Chief Judge Sidney Thomas.

These resignations are not likely to result in a sea change in the federal courts’ political composition. But the displacement of older voices with newer and often more ideological jurists may have a significant impact on capital markets litigation for decades to come.

President Biden has not yet announced any judicial nominations.

A complete list of retiring federal judges is available at the website of the Administrative Office of the U.S. Courts

As financial services firms increasingly turn to artificial intelligence (AI), banking regulators warn that despite their astonishing capabilities, these tools must be relied upon with caution.

Last week, the Board of Governors of the Federal Reserve (the Fed) held a virtual AI Academic Symposium to explore the application of AI in the financial services industry. Governor Lael Brainard explained that “particularly as financial services become more digitized and shift to web-based platforms,” a steadily growing number of financial institutions have relied on machine learning to detect fraud, evaluate credit, and aid in operational risk management, among many other functions.[i]

In the AI world, “machine learning” refers to a model that processes complex data sets and automatically recognizes patterns and relationships, which are in turn used to make predictions and draw conclusions.[ii] “Alternative data” is information that is not traditionally used in a particular decision-making process but that populates machine learning algorithms in AI-based systems and thus fuels their outputs.[iii]

Machine learning and alternative data have special utility in the consumer lending context, where these AI applications allow financial firms to determine the creditworthiness of prospective borrowers who lack credit history.[iv] Using alternative data such as the consumer’s education, job function, property ownership, address stability, rent payment history, and even internet browser history and behavioral information–among many other data–financial institutions aim to expand the availability of affordable credit to so-called “credit invisibles” or “unscorables.”[v]

Yet, as Brainard cautioned last week, machine-learning AI models can be so complex that even their developers lack visibility into how the models actually classify and process what could amount to thousands of nonlinear data elements.[vi] This obscuring of AI models’ internal logic, known as the “black box” problem, raises questions about the reliability and ethics of AI decision-making.[vii]

When using AI machine learning to evaluate access to credit, “the opaque and complex data interactions relied upon by AI could result in discrimination by race, or even lead to digital redlining, if not intentionally designed to address this risk.”[viii] This can happen, for example, when intricate data interactions containing historical information such as educational background and internet browsing habits become proxies for race, gender, and other protected characteristics–“leading to biased algorithms that discriminate.”[ix]

Consumer protection laws, among other aspects of the existing regulatory framework, cover AI-related credit decision-making activities to some extent. Still, in light of the rising complexity of AI systems and their potentially inequitable consequences, AI-focused legal reforms may be needed. At this time, to help ensure that financial services are prepared to manage these risks, the Fed has called on stakeholders–from financial services firms to consumer advocates and civil rights organizations as well as other businesses and the general public–to provide input on responsible AI use.[x]

[i] Lael Brainard, Governor, Bd. of Governors of the Fed. Reserve Sys., AI Academic Symposium: Supporting Responsible Use of AI and Equitable Outcomes in Financial Services (Jan. 12, 2021), available at https://www.federalreserve.gov/newsevents/speech/brainard20210112a.htm.

[ii] Pratin Vallabhaneni and Margaux Curie, “Leveraging AI and Alternative Data in Credit Underwriting: Fair Lending Considerations for Fintechs,” 23 No. 4 Fintech L. Rep. NL 1 (2020).

[iii] Id.

[iv] Id.; Brainard, supra n. 1.

[v] Vallabhaneni and Margaux Curie, supra n.2; Kathleen Ryan, “The Big Brain in the Black Box,” Am. Bar Assoc. (May 2020), https://bankingjournal.aba.com/2020/05/the-big-brain-in-the-black-box/.

[vi] Brainard, supra n.1; Ryan, supra n.5.

[vii] Brainard, supra n.1; Ryan, supra n.5.

[viii] Brainard, supra n.1.

[ix] Id. (citing Carol A. Evans and Westra Miller, “From Catalogs to Clicks: The Fair Lending Implications of Targeted, Internet Marketing,” Consumer Compliance Outlook (2019)).

[x] Id.

In the wake of the Great Financial Crisis, global financial markets got their first experience of negative interest rates, something classical economists had long thought to be unworkable if not impossible. On April 20, concerns surrounding the effects of the COVID-19 crisis introduced investors to another negative first: crude oil prices.

On July 9, investors brought a class action complaint [1] alleging violations of Section 6b(e)(3) of the Commodity Exchange Act (CEA) [2] and its implementing regulations at 17 C.F.R. Sec. 180.1, which extended the prohibition on untrue statements or omissions of material fact from equity markets to the markets for futures, options, and other derivatives, by brokerage TD Ameritrade, Inc., and its derivatives-focused subsidiary Thinkorswim.

Intraday chart of the price of the May 2020 WTI crude futures contract on April 20, 2020 (Bloomberg), as set forth in the complaint.

To be clear, this was not a situation where you could pull up to the pump, fill up, and pocket some cash for doing so. The negative prices occurred in the commodity futures market, where investors enter into contracts to take delivery of a given amount of a commodity on a certain date. In this instance, the market was West Texas Intermediate (WTI) crude oil, which is oil that is produced all over the United States and Canada and transferred by pipeline to a massive hub storage and distribution facility in Cushing, Oklahoma.

The relevant futures contract stipulated that buyers would have to take delivery in May 2020, and April 20 was the final day that investors who did not (or in the case of the vast majority of investors, could not) take physical delivery of crude oil to sell out their positions. Over the course of the day, the price of the May 2020 WTI Crude contract fell steadily from its prior closing price of $18.27 per barrel, eventually falling as low as -$40.32 and closing at -$13.10, effectively requiring investors to pay $13.10 to avoid taking delivery of the crude oil.

The complaint alleged that Defendants’ risk disclosures made false and misleading statements and omissions regarding “multiple, robust risk management” processes that Plaintiff investors relied on, when in fact, Defendants’ systems could not accept or process transaction orders with negative prices, despite warnings in the prior weeks from the Chicago Mercantile Exchange, where the WTI futures contracts trade, that negative prices were possible. [3]

The complaint also claimed that Defendants failed to act properly when liquidating Plaintiffs’ positions because Defendants did not automatically close out the positions when the contract price fell to $0, the point beyond which investors would not be able to execute trades on their own.

On December 17, 2020, the Court issued a decision [4] disagreeing with Plaintiff and dismissing the complaint. The Court held that Plaintiff failed to adequately plead scienter. More notably, the Court held that the complaint failed to allege that Plaintiff attempted to place a trade at a negative price, which rendered insufficient  the complaint’s allegations of a false statement or omission (due to lack of standing), reliance, and loss causation insufficient.

The Court went on to point out that Plaintiff’s account agreement granted Defendants “sole discretion” when liquidating positions where a client’s position had fallen in value, creating margin deficiencies, as they had in this instance.

Because the Court also granted TD Ameritrade’s request to compel arbitration, we may not have the benefit of a ruling on a second amended complaint. However, as we previously noted in our discussion of the dismissal in Kirschner v. JPMorgan, the recent trend of making increasingly complex securities and derivatives available to a broader population of the investing public may continue to generate litigation.


[1] Lindstrom v. TD Ameritrade, Inc., No. 1:20-cv-04028 (N.D. Ill.).

[2] 7 U.S.C. §§ 9 et seq.

[3] See, e.g., Chicago Mercantile Exch., Advisory 20-152, “CME Clearing Plan to Address the Potential of a Negative Underlying in Certain Energy Options Contracts” (Apr. 8, 2020), available at https://www.capitalmarketslitigation.com/2020/07/kirschner-v-jpmorgan-chase-bank-case-update/ 

[4] Lindstrom, No. 1:20-cv-04028, Dkt. No. 52 (Dec. 17, 2020).

In 2020, the Financial Industry Regulatory Authority Inc. (FINRA) settled alleged rule violations with various large investment firms, including Merrill Lynch, Citigroup Global Markets Inc. (CGMI), Transamerica Financial Advisors, Inc. (TFA), and RBC Capital Markets, LLC (RBC), with the majority of the Letters of Acceptance, Waiver, and Consent in those matters being signed in just the past two months. What is notable is not that these firms were found to have violated FINRA’s rules but rather that the firms received what appeared to be significant credit for their “extraordinary cooperation” in identifying the disclosure violations, taking measures to correct them, and then reporting them to FINRA, all prior to detection or intervention by FINRA. Their actions mitigated whatever typical sanctions FINRA would assess for those rule violations.

FINRA provides credit for extraordinary cooperation. The organization has laid out what it deems to constitute extraordinary cooperation–i.e., proactive steps a member organization can take, both prior to and after FINRA intervention, that can reduce or completely eliminate sanctions that would otherwise be assessed for offending conduct–in a series of regulatory guidances, most recently in Regulatory Notice 19-23:

  1. Identifying and taking steps to correct deficient procedures and systems.
  2. Providing restitution to customers.
  3. Self-reporting violations.
  4. Providing substantial assistance to FINRA investigations.

The extraordinary cooperation credit can take many forms; if, for example, a problem has been fully remediated, FINRA may conclude that no enforcement action is necessary. In other matters, even if enforcement action is taken, the sanctions may be reduced–be it a reduced fine, formal discipline without a fine, or even FINRA forgoing an undertaking (such as requiring a member to hire an independent consultant to oversee the member’s operations) that might have otherwise been imposed. Whether credit is awarded depends on the specific facts of each case.

In Merrill Lynch’s case, the company engaged an outside consultant to identify customers who did not receive appropriate rebates and fee waivers, and it proactively made restitution to those individuals. The matter was resolved without a fine. TFA likewise was able to avoid a fine for its rule violations. TFA engaged an outside consultant to help identify customers who received misstatements about investment opportunities in 529 plans and provided FINRA with detailed information about the challenges associated with collecting and assessing 529 plan data. As for RBC, the company proactively discovered supervisory deficiencies in connection with its 529 plan offerings, revised its systems, and engaged an outside consultant to formulate an action plan to provide customers with restitution. The company received credit for its efforts. And CGMI received a corresponding credit for taking measures to identify and correct various disclosure violations and was also commended for offering substantial assistance to FINRA in investigating those violations by maintaining open, transparent lines of communication with the organization throughout the process and providing access to documents and information.

Whether or not to self-report is a fact-specific inquiry and should be guided by legal counsel familiar with the business and regulatory history of the firm. However, in order to be in a position to take advantage of the extraordinary cooperation credit, member firms should develop an internal system of guidelines providing for periodic self-audits to identify potential rule violations and internal procedures for reporting (internally) a suspected FINRA violation. It also bears mentioning that efforts to conceal misconduct, on the other hand, can cause FINRA to impose strict penalties for violations and should be discouraged.

A putative consumer class action filed in California state court on Friday the 18th against Petco Animal Supplies Stores Inc. (Petco) and its wholly owned subsidiary PupBox Inc. (PupBox) alleges that between February and August an “unauthorized plugin” on the PupBox website caused the personal and credit card information of approximately 30,000 consumers to be stolen by an unauthorized third party. The complaint asserts, on information and belief, that the cyberattack resulted from the defendants’ failure to encrypt payment card data (PCD) at the point of sale and/or that the defendants “failed to install updates, patches, and malware protection or to install them in a timely manner to protect against a data security breach; and/or failed to provide sufficient control employee credentials and access to computer systems to prevent a security breach and/or theft of PCD.” The complaint further alleges that although Petco first learned of the cyberattack in early August, PupBox customers were not notified of the breach until October, creating a two-month lag during which class members could have attempted to mitigate the damage caused by the breach. The lawsuit alleges violations of the Washington State Consumer Protection Act, the California Unfair Competition Law, the California Consumer Records Act, and common law claims for negligence, negligence per se, breach of implied contract, and unjust enrichment.

Data breaches can be costly to companies in more ways than one. In addition to having to hire a forensic investigator to investigate the breach, companies risk reputational damage, contractual disputes, class action litigation, and potential regulatory investigations. For those financial companies regulated by the federal Gramm-Leach-Bliley Act’s Safeguards Rule or the data security provisions of New York’s Department of Financial Services, their responsibility to secure sensitive information extends to their affiliates and service providers as well.

While cyber insurance policies can provide an array of coverages and are a must-have, preparation is your best defense against a cyberattack. Many financial companies are required to create and maintain an information security program as well as a safeguard compliance program. All companies should be updating software security patches at the first opportunity and actively monitoring their systems for signs of unauthorized intrusions such as phishing exploits that inadvertently reveal passwords or other sensitive information. Sensitive data should be retained for only as long as necessary and stored in an encrypted database with limited access. Contracts with service providers should mandate strong data security practices as well. The time and effort expended on data protection have proven to be well worth the investment.

Senator Paul S. Sarbanes passed away peacefully on the evening of December 6, 2020, according to a statement released by the office of his son, U.S. Representative John Sarbanes (D-Md.).1

Sarbanes will be best remembered by most Americans for the landmark Sarbanes-Oxley Act of 2002,2 which sought to improve transparency and accountability for publicly traded companies in the wake of the accounting scandal that led to the largest bankruptcy to date of Enron Corporation in 2001.

He was then-ranking member of the Senate Banking, Housing and Urban Affairs Committee, and Sarbanes’ draft legislation gained bipartisan committee approval just days prior to the revelation of a $3.8 billion accounting fraud by WorldCom, which led to that company’s bankruptcy, eclipsing Enron’s. The draft was approved by the Senate in a 97-0 vote, and the final legislation was approved by overwhelming majorities in both houses: 423-3 in the House and 99-0 in the Senate.3

Among numerous improvements to financial reporting and accountability, the Sarbanes-Oxley Act created the Public Company Accounting Oversight Board, which brought independent oversight to auditors for the first time and established pay clawbacks4 and prison sentences5 for securities fraud by managers and investment advisors.

A graduate of Princeton University and Harvard Law School, Sarbanes served as a clerk with the 4th Circuit Court of Appeals and was an accomplished lawyer prior to entering politics. He served his home state of Maryland in the state legislature between 1967 and 1971 before being elected to the U.S. House of Representatives. In 1976, he was elected to represent Maryland in the Senate, a position he would hold for five terms until his retirement in 2007.

Sarbanes is survived by his three children: Michael, Janet, and John, who has served as the representative from Maryland’s 3rd District since 2006.

[1] Congressman John Sarbanes Announces the Passing of Senator Paul Sarbanes.

[2] 116 Stat. 745.

[3] Final Vote Results of Roll Call 348; Roll Call Vote 107th Congress – 2nd Session.

[4] MiMedx Plans to Claw Back Pay From Ex-CEO and Other Bosses.

[5] Raleigh Investment Advisor Sentenced to 40 Years for Orchestrating Ponzi Scheme, Obstructing the SEC, and Committing Aggravated Identity Theft.

A recent alert by Jamie Gottlieb Furia in Lowenstein Sandler’s White Collar Criminal Defense practice discusses the jury’s verdict against two former MiMedx Group Inc. executives for their involvement in an alleged fraud scheme. The three-week trial before U.S. District Judge Jed Rakoff marked the first white-collar jury trial in the Southern District of New York since March, when the COVID-19 pandemic began. Read the alert here.