Quarterly Regulatory and Legal Update for E-Commerce, E-Banking, and Blockchain

Wilson Sonsini Goodrich & Rosati

Wilson Sonsini Goodrich & Rosati

Q1 2019

This Quarterly Update highlights certain notable developments during Q1 2019 in consumer-facing areas of e-commerce, e-banking and blockchain. This update is particularly focused on consumer-level regulatory activities of the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC), but also addresses relevant developments from other governmental agencies and from the industry.

Topics covered in this Q1 2019 update:

Consumer Financial Protection Bureau (CFPB)
  1. An annual report on Fair Debt Collection Practices Act (FDCPA) issued jointly by the CFPB and the FTC for unlawful debt collection practices highlights enforcement focus areas in the debt collection space.
  2. The CFPB released its Supervisory Highlights focused on automobile loan servicing, deposits, mortgage servicing, and remittances. CFPB's examination findings should be helpful for entities updating their compliance programs in these areas.
Federal Trade Commission (FTC)
  1. The FTC negotiated a $35 million settlement with Office Depot and with an Office Depot technical support vendor for a consumer sales program. In discussing the settlement, the FTC issued a number of helpful compliance guidelines to business-to-consumer (B2C) companies.
  2. The FTC issued its 2018 Annual Highlights report, outlining some of its regulatory activities in 2018. This report shows that the FTC focused substantial enforcement resources in the areas of money remittance, payday lending, background screening, children's privacy, video social networking, advertising, the new Consumer Review Fairness Act, and charities.
  3. Testifying before a House Oversight and Reform Subcommittee, the FTC described its role in overseeing the data security practices of Consumer Reporting Agencies (CRAs). The FTC seeks to obtain civil penalty authority for violations of the Gramm-Leach-Bliley (GLB) Act and would like Congress to pass additional data security legislation.
  4. The FTC seeks to examine the privacy and data management practices of broadband providers and has requested consumer-related data from some major telecom providers. The information sought by the FTC is comprehensive and deserves some thought because it may be a template for future similar orders addressed at other industry segments, including omnicommerce, banking, SaaS, and cloud providers.
  5. An FTC case against a sweepstakes scam highlights the broad international regulatory footprint of U.S. agencies and the close collaboration between agencies focused on consumer protection in various countries.
Electronic Banking
  1. Large U.S. banks with consumer finance focus passed their Dodd-Frank Stress Tests with high marks. This inspires confidence in the current U.S. financial system. But consider also new data released by the Federal Reserve Bank of New York, which shows a record number of auto loans that have entered serious delinquency.
  2. The Federal Reserve Board has issued updated information about its methodology and models for the federal Dodd-Frank Act Stress Test (DFAST) program. This will be helpful to financial institutions as they assess and refine their DFAST compliance programs.
Electronic Commerce


Data Monetization

  1. A report published by Sonecon LLC and sponsored by Future Majority looked at the consumer data industry, and estimated the value of personal data monetized in a number of digital industries. The value of personal data in U.S. digital advertising in 2018 was estimated to be ~$57.7 billion, and growing fast. While already impressive, the figures shown in the study probably vastly understate the total value of consumer data.
  2. The U.S. Commodity Futures Trading Commission (CFTC) knows the value of data, and seeks to become a "Quantitative Regulator." It is also about to get easier for the industry to work with the CFTC on R&D and joint technology projects.
Blockchain, Cryptocurrencies, and Cryptographic Tokens
  1. Blockchain spending is expected to increase worldwide from $2.1 billion in 2018 to $9.7 billion in 2021, according to a report issued by the International Data Corporation (IDC). The top industries in terms of blockchain spending will be the financial sector and the banking industry, with particular focus on regulatory compliance, cross-border payments and settlements, custody and asset tracking, and trade finance and post-trade/transaction settlements.
  2. Blockchain data availability could help U.S. regulators manage the next financial crisis better, according to CFTC Chairman J. Christopher Giancarlo.
  3. The price volatility of bitcoin may decrease if regulated trading in bitcoin futures becomes a bitcoin pricing driver, according to the CFTC.

Q1 2019 Topics in Detail:

1. Consumer Financial Protection Bureau (CFPB) Updates

  1. The FTC and CFPB issued their annual report to Congress on the administration of the Fair Debt Collection Practices Act (FDCPA) focused on unlawful debt collection practices. In the report, the FTC states that it filed or resolved a total of seven cases against 52 defendants, and obtained more than $58.9 million in judgments. The FTC also banned 32 companies and individuals that engaged in serious and repeated law violations from ever working in debt collection again. The FTC returned $853,715 to consumers who lost money to two phantom debt collection operations previously stopped by the FTC.
    1. In the report, the CFPB states its intent to issue a Notice of Proposed Rulemaking on debt collection that will address issues ranging from communication practices to consumer disclosures. The CFPB highlights in the report that it handled approximately 81,500 debt collection complaints related to first-party (creditors collecting on their own debts) and third-party collections. The CFPB also states that collection is among the most prevalent topics of consumer complaints about financial products or services received by the CFPB.
    2. The FTC and the Bureau share enforcement responsibilities under the FDCPA. In February 2019, the Agencies reauthorized their memorandum of understanding (MOU) that continues coordination between the agencies in enforcement, sharing of supervisory information and consumer complaints, and collaboration on consumer education.

      The report and MOU can be found here: https://files.consumerfinance.gov/f/documents/cfpb_fdcpa_annual-report-congress_03-2019.pdf,

  2. The CFPB released its 18th edition of Supervisory Highlights, which focuses on automobile loan servicing, deposits, mortgage servicing, and remittances. This report covers supervision activities generally completed between June 2018 and November 2018 and includes examination findings. Under Dodd-Frank, CFPB is authorized to supervise banks and credit unions with more than $10 billion in assets, as well as certain nonbanks. A few highlights from the report:
    1. The CFPB continued to examine auto loan servicing activities, primarily to assess whether servicers have engaged in unfair, deceptive, or abusive acts or practices (UDAAPs) prohibited by the Consumer Financial Protection Act of 2010 (CFPA). Recent auto loan servicing examinations identified unfair acts or practices related to collecting incorrectly calculated deficiency balances. Recent examinations have also identified deceptive acts or practices related to representations on deficiency balance notices.
    2. The CFPB continued to examine mortgage servicers, including servicers of manufactured home loans and reverse mortgage loans. Recent examinations identified unfair acts or practices for charging consumers unauthorized amounts, deceptive acts or practices for misrepresenting aspects of private mortgage insurance cancellation, violation(s) of Regulation X loss mitigation requirements, and potentially misleading statements to successors-in-interest on reverse mortgages. Regulation X requires servicers to exercise "reasonable diligence" in obtaining documents and information to complete a loss mitigation application, which may include promptly contacting the applicant to obtain the missing information; or, if the servicer has offered a short-term payment forbearance program based upon an evaluation of an incomplete application, actions like notifying the borrower about the option to complete the application to receive a full evaluation.
    3. The CFPB also continued to examine banks and nonbanks for compliance with Regulation E, Subpart B (Remittance Rule) and UDAAP. Examiners found that one or more supervised entities violated the error resolution provisions of the Remittance Rule by failing to refund fees and, as allowed by law, taxes, to consumers when remitted funds were made available to designated recipients later than the date of availability stated in the institution's remittance disclosures and the delay was not due to one of the four exceptions specified in the Rule. A remittance transfer provider's failure to make funds available to a designated recipient by the date of availability stated in the disclosures constitutes an error under the Remittance Rule, unless the delay was of the result of one of the four exceptions described in 12 CFR 1005.33(a)(1)(iv). Upon notice from a consumer of the delayed availability of funds, a remittance transfer provider must either refund the sender the amount of funds provided by the sender in connection with the remittance transfer which was not properly transmitted or the amount appropriate to resolve the error, or make available to the designated recipient the amount appropriate to resolve the error at no additional cost to the sender or the designated recipient.

      See more information at https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-18_032019.pdf.

2. Federal Trade Commission (FTC) Updates

  1. Office Depot and a technical support vendor agreed to pay $35 million to settle FTC allegations. Office Depot and Support.com used PC Health Check, a software program, as a sales tool to convince consumers to purchase tech repair services from Office Depot and OfficeMax, Inc., which merged in 2013. The FTC alleged that Office Depot and its vendor Support.com configured the PC Health Check software to report that the scan had found malware symptoms or infections regardless of whether the computer was infected. After displaying the results of the scan, the program also displayed a "view recommendation" button with a detailed description of the tech services consumers were encouraged to purchase. The FTC's guidelines to other tech companies include the following:
    1. Even if a company is careful to substantiate its product claims, what about its service promises? Under Unfair or Deceptive Acts or Practices (UDAP), technical support and product service programs also need appropriate proof to back up consumer representations.
    2. Fear-mongering shouldn't be a sales strategy. When a company sends alarmist messages to a consumer, a consumer's understandable response is to reach for the wallet, especially when the warning is about complicated equipment that consumers are not in a position to repair them. For many consumers, computer security concerns fall into that category. The FTC is warning that it is unwise for companies to exploit consumer fears falsely for their own economic benefit.
    3. The FTC is asking companies to monitor employee feedback and to take employee concerns about internal business practices seriously. In the Office Depot case, the company ignored specific employee concerns that the software was incorrectly identifying virus infections on consumer computers. The FTC's message is that by responding to internal early warnings, tech companies may be able to prevent a more serious predicament.
    4. Additionally, we always advise tech companies and financial institutions to monitor their customer support complaints for common trends and systemic issues. If tech companies and financial institutions do not address those consumer complaints early, the FTC or CFPB may call next.

      See more information here: https://www.ftc.gov/news-events/blogs/business-blog/2019/03/office-depot-supportcom-pay-35-million-falsely-claiming-scan?utm_source=govdelivery and the original complaint here: https://www.ftc.gov/system/files/documents/cases/office_depot_complaint_3-27-19.pdf.

  2. In March 2019, the FTC issued its 2018 Annual Highlights publication outlining some of its regulatory activities in 2018. On the consumer protection front, the FTC and the DOJ obtained a $125 million settlement with MoneyGram for not addressing fraud sufficiently to avoid scams impacting people who wired money through MoneyGram. Other major enforcement actions that resulted in large fines focused on payday lending, background screening, children's privacy, video social networking, advertising, the first violation of the Consumer Review Fairness Act, and charities that falsely claimed to help veterans. The figure below shows a detailed view of the FTC's enforcement activities in the consumer protection space.

    The full report is available here: https://www.ftc.gov/system/files/documents/reports/annual-highlights-2018/2018_annual_highlights_report.pdf.

  3. Testifying before a House Oversight and Reform Subcommittee, the FTC described its role in overseeing the data security practices of Consumer Reporting Agencies (CRAs) on March 26, 2019. A few highlights from the testimony delivered by Bureau of Consumer Protection Director Andrew Smith:
    1. The FTC has been focused on enforcing UDAP and the Fair Credit Reporting Act (FCRA), and the FTC's Safeguards Rule since 2001;
    2. The FTC seeks to obtain civil penalty authority for violations of the Gramm-Leach-Bliley (GLB) Act, whose Safeguards Rule requires some non-bank financial institutions, including CRAs, to safeguard nonpublic personal information. The FTC believes that the Safeguards Rule would give the FTC a practical enforcement tool that would benefit consumers.
    3. The FTC would like to see Congress pass additional data security legislation to provide the Agency additional tools such as civil penalty authority, jurisdiction over common carriers and non-profits, and targeted rulemaking authority under the Administrative Procedure Act, the testimony explains.
    4. The FTC continues to engage with the industry and consumers closely by providing businesses with guidance on emerging cybersecurity threats, helping businesses protect the data in their care and understand what practices may violate applicable laws, and educating consumers on data security (e.g., tax identity theft, phishing scams, tips on buying internet-connected smart toys, and the aftermath of data breaches).

      The full report is available at https://www.ftc.gov/system/files/documents/public_statements/

  4. The FTC seeks to examine the privacy and data management practices of broadband providers. On March 26, 2019, the FTC issued orders requesting information from seven U.S. internet broadband providers and related entities to examine how broadband companies collect, retain, use, and disclose information about consumers and their devices. The orders were sent to: AT&T Inc., AT&T Mobility LLC, Comcast Cable Communications doing business as Xfinity, Google Fiber Inc., T-Mobile US Inc., Verizon Communications Inc., and Cellco Partnership doing business as Verizon Wireless. The information sought by the FTC is comprehensive and deserves some thought because these requests may be a template for future similar orders addressed at other industry segments, including omnicommerce, e-banking, wireless and wireline telecommunications, SaaS and cloud providers. The information requested by the FTC includes the following:
    1. Any program or service that collects, transmits, receives, stores, maintains, uses, or discloses personal information about consumers
    2. Ad services, including whether the ad services rely on information about users and their devices from third parties
    3. Categories of personal information collected about consumers or their devices, together with purposes, use cases, collection techniques, and sources
    4. how personal information is combined with other types of information about consumers and their devices
    5. Data retention programs
    6. Disclosure of personal data to third parties
    7. Practices around anonymized data
    8. Consumer notices and disclosures
    9. Consumer consents
    10. Consumer access and correction of personal data

      The order template is available at https://www.ftc.gov/system/files/attachments/press-releases/ftc-seeks-examine-privacy-practices-broadband-providers/isp_privacy_model_order.pdf?utm_source=govdelivery.

  5. FTC case against a sweepstakes scam highlights broad international collaboration among regulators. In a settlement with the operators of the sweepstakes scam, the FTC is collecting $30 million in cash and assets, and the operators will be permanently banned from the prize promotion business.
    1. The settlement with the FTC and the state of Missouri requires the defendants to turn over more than $21 million in cash, as well as two luxury vacation homes, a yacht, a Bentley automobile, and other personal property. The case represents the largest forfeiture the FTC has ever obtained in a case against a sweepstakes scam, and the proceeds will be used to refund money to victims.
    2. The complaint charged certain individuals and corporations under their control with sending tens of millions of deceptive personalized mailers to consumers around the world since 2013. The defendants' mailers falsely told recipients they had won or were likely to win a substantial cash prize, as much as $2 million, in exchange for a fee ranging from $9.00 to $139.99. Some of the defendants' mailers included notices, such as "Congratulations, You Have Just Won $1,230,946.00." Other mailers invited recipients to play "games of skill," without clearly and conspicuously disclosing the total fees that the recipient would have to pay to play, or that the final round of the game involved a complex mathematical puzzle that few people, if any, could solve. Many consumers, including seniors, paid the defendants several times before realizing they had been scammed.
    3. The FTC received assistance from the U.K. National Trading Standards Scams Team, the U.S. Postal Inspection Service, the Canadian Anti-Fraud Centre, the Better Business Bureau of Greater Kansas City, the Kansas Attorney General's Office, and the Utah Attorney General's Office. To facilitate cooperation with the U.K. National Trading Standards Scams Team, the FTC relied on key provisions of the U.S. SAFE WEB Act, which allows the FTC to share information with foreign counterparts to combat deceptive and unfair practices that cross national borders. This highlights the broad international regulatory footprint of U.S. agencies and the close collaboration between agencies focused on consumer protection across international borders.

      The Stipulated Order is available here: https://www.ftc.gov/system/files/documents/cases/172_3133_next-gen_stipulated_order_3-7-19.pdf.

3. Electronic Banking (E-Banking)

  1. U.S. banks with large consumer finance practices pass Dodd-Frank Stress Test by federal regulators with high marks. As another indicator that the financial industry is on solid footing after the structural regulatory reforms implemented over the past 10-plus years, the Federal Reserve Board and the Federal Deposit Insurance Corporation completed an evaluation of the 2017 resolution plans for 14 domestic banking organizations that have significant consumer-level activities without identifying any deficiencies or shortcomings. Resolution plans, known as "living wills," must describe a firm's strategy for rapid and orderly resolution under bankruptcy in the event of material financial distress or failure of the firm. Resolution plans are a requirement implemented by the Dodd-Frank Act. The banks evaluated included Ally Financial Inc., American Express Company, Capital One Financial Corporation, Discover Financial Services, Fifth Third Bancorp, KeyCorp, and U.S. Bancorp.
    1. But when evaluating the consumer lending segment, note also new consumer lending data released by the Federal Reserve Bank of New York in February 2019, which notes that the overall performance of auto loans has been slowly worsening, despite an increasing share of prime loans in the stock. The percent of auto loans that are in serious delinquency (90+ days delinquent) in the fourth quarter of 2018 increased to 2.4 percent, substantially above the low of 1.5 percent seen in 2012. And while overall delinquency rates remain below 2010 peak levels, there were over seven million Americans with auto loans that were 90 or more days delinquent at the end of 2018. This is a historical record, more than a million above the level reached at the end of 2010.

      More information about the federal Dodd-Frank Stress Test results is available here: https://www.fdic.gov/news/news/press/2019/pr19027.html?source=govdelivery&utm_medium=email&utm_source=govdelivery.

      Lending data released by the Federal Reserve Bank of New York is available here: https://libertystreeteconomics.newyorkfed.org/2019/02/just-released-auto-loans-in-high-gear.html.

  2. Updated information about the methodology and models for the federal Dodd-Frank Act Stress Test (DFAST) program. On March 28, 2019, the Federal Reserve Board (FRB) released a document providing additional information on its stress testing program, which will be helpful to financial institutions as they assess and refine their compliance programs. The FRB carries out its supervisory stress test program pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act), as amended by the Economic Growth, Regulatory Relief, and Consumer Protection Act, as well as the FRB's rules. The supervisory stress test serves to inform the FRB, firms, and the general public of how firms' capital ratios might change under a hypothetical set of stressful economic conditions developed by the FRB. This release followed an announcement in February that the FRB had finalized changes intended to increase the transparency of its stress tests without compromising its ability to test the resiliency of the nation's largest banks.
    1. Stress tests ensure that banks have adequate capital to absorb losses and retain their ability to lend to households and businesses even in a severe recession. The Dodd-Frank Act Stress Test (DFAST) is one component of the FRB's stress testing program, along with the Comprehensive Capital Analysis and Review (CCAR), which evaluates the capital planning processes and capital adequacy of the largest bank holding companies. The FRB's release is a comprehensive analysis covering the following topics:
    2. FRB's approach to supervisory model development and validation, which provides an overview of the general approach to supervisory model development and validation in stress testing
    3. Overview of modeling framework, which summarizes the supervisory modeling framework and methodology employed by the FRB
    4. Descriptions of supervisory models, which address various FRB supervisory stress test models
    5. Modeled loss rates, which contain additional disclosures for certain material portfolios, including modeled loss rates on pools of loans and loss rates associated with portfolios of hypothetical loans
    6. A comprehensive list of supervisory model changes effective in DFAST 2019.

      See the full report at https://www.federalreserve.gov/publications/files/2019-march-supervisory-stress-test-methodology.pdf.

4. Electronic Commerce (E-Commerce) and Data Monetization

  1. Data monetization in omnicommerce and banking. During the past five-plus years, the convergence of web technology, mobile apps, and cloud platforms with large data processing and storage capabilities have enabled fast scaling of B2C business models. In turn, large scale, consumer-facing platforms have enabled real-time collection of consumer data, including commercial transactions, lifestyle, and biometric data. In the e-commerce space in particular, consumer transactional data has become a key driver of revenue and business models, including product placement and recommendations, advertising, loyalty programs, and Data-as-a-Service (DaaS) feeds. A report published by Sonecon LLC and sponsored by Future Majority looked at the consumer data industry and business models, and estimated a number of metrics. Here are a few notable highlights:
    1. The value of personal data used in U.S. digital advertising in 2018 was around $57.7 billion and is growing fast.
    2. To estimate the value of personal data, the authors of the study relied on a 2018 study that analyzed data from AdChoices, and which found that the cost of ads not based on personal data was 52 percent lower than the cost of comparable ads informed by personal data.
    3. The study identified six top companies involved in data monetization in the advertising space, and together they accounted for around 70 percent of the total digital advertising revenue in the U.S. surveyed by the study.
    4. The value of personal data in the advertising space grew significantly between 2016 and 2018. Among the companies identified above, Amazon's data business grew the fastest (311.6 percent).
    5. It is interesting to note that the "Other" segment tracked by the study showed a growth rate of 55.7 percent, which is higher than the growth rate of many top brand names involved in data monetization, and this confirms that data monetization is now underpinning a wide range of business models across the whole B2C space, with many companies involved in data collection, management, security, compliance, and monetization.
    6. The value of the personal information sold by data brokers was around $14.8 billion, and is growing slower than the digital advertising monetization segment.
    This study confirms that data monetization is a major driver of economic activity across most sectors of the digital economy. In fact, while already impressive, the figures shown in the study probably vastly understate the total value of consumer data: beyond the value reflected directly in advertising revenue, data monetization permeates most aspects of many successful business models in e-commerce and e-banking, including loyalty programs, cross-selling of products and services and cross-referral relationships, behavioral sales targeting, and customer retention and revenue churn management.

    See the full study here: https://assets.futuremajority.org/uploads/report-for-future-majority-on-the-value-of-people-s-personal-data-shapiro-aneja-march-8-2019.pdf.

  2. The CFTC knows the value of data. Also, it is about to get easier for the industry to work with the CFTC. On March 6, 2019, CFTC Chairman J. Christopher Giancarlo spoke at the 4th Annual DC Blockchain Summit. Chairman Giancarlo focused on the current technological innovation in the Financial space and summarized the CFTC's approach to fintech innovation and modern market regulation through four fundamental principles: 1) Adopting an exponential growth mindset, 2) Creating an internal fintech stakeholder, 3) Becoming a quantitative regulator, and 4) Embracing market-based solutions. A few key takeaways:
    1. This is a good time for the industry to engage with the CFTC and drive technology and business models in predictable and sustainable directions. Chairman Giancarlo's remarks suggest that the CFTC seeks to engage with the industry and learn where the industry is pushing the envelope, but has been unable to engage directly in R&D and commercial projects with the industry given regulatory holdbacks. According to Chairman Giancarlo, "… CFTC lacks the legal authority to partner and collaborate with outside entities engaging directly with FinTech and innovation within a research and testing environment, including when the CFTC receives something of value absent a formal procurement." But legislation introduced in last Congress by Representative Austin Scott (R-GA Eighth District) would provide such authority. Commercial enterprises should soon be able to engage directly with the CFTC's internal fintech stakeholder, the LabCFTC, to learn, educate, and help shape the future of regulatory oversight.
    2. It's all about the data. During the past few years, the e-commerce and e-banking industries have increasingly focused on data as an enabler of growth and profit generator. The CFPB clearly understands the value of data and seeks to become a "Quantitative Regulator" by engaging in "robust data collection, automated data analytics, and artificial intelligence deployment." This creates unique opportunities for companies focusing on data, data analytics and data management, including blockchain and conventional database platforms. Someone at the CFTC may want to talk to you if your company can help the CFTC with market intelligence, trade surveillance and oversight, and calibration of policy prescriptions. In the end, the CFTC's goals will be to conduct independent market data analysis across disparate data sources, be less reliant on delegation to SROs and major market intermediaries, and access in real time information found in decentralized, economic blockchains and networks.

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.

5. Blockchain, Cryptocurrencies, and Cryptographic Tokens

  1. Blockchain spending is expected to increase worldwide from around $2.1 billion in 2018 to $9.7 billion in 2021, led by the financial sector and banking industry, according to a report issued by the International Data Corporation (IDC) on March 4, 2019.
    1. Blockchain spending will be led by the financial sector ($754 million in 2018), driven largely by rapid adoption in the banking industry. The distribution and services sector ($510 million in 2018) will see strong investments from the retail and professional services industries, while the manufacturing and resources sector ($448 million in 2018) will be driven by the discrete and process manufacturing industries. In the U.S., the distribution and services sector will see the largest blockchain investments.
    2. Within the financial sector, regulatory compliance, cross-border payments and settlements, custody and asset tracking, and trade finance and post-trade/transaction settlements are expected to be the leading blockchain use cases. In the distribution and services sector and the manufacturing and resources sectors, the leading use cases include asset/goods management and lot lineage/provenance.

      Please see more details from the IDC at https://www.idc.com/getdoc.jsp?containerId=prUS44898819.

  2. Blockchain data availability could help U.S. regulators manage better the next financial crisis better.
    1. On March 6, 2019, CFTC Chairman J. Christopher Giancarlo spoke at the 4th Annual DC Blockchain Summit and noted that he was serving as a senior executive of one of the world's major trading platforms for credit default swaps (CDS) in the fall of 2008, when the financial collapse occurred. Chairman Giancarlo was at the epicenter of systemic risk, and according to him, "Panic was in the air and tension was on our broking floor trying to maintain orderly markets. I remember a call from a U.S. bank regulator asking about CDS trading exposure of several major banks, including Lehman Brothers. In fact, trading conditions were deteriorating by the hour. It was clear that the regulator had little means, short of telephone calls, to read all the danger signals that the CDS markets were broadcasting."
    2. Chairman Giancarlo thinks that the transparency and real-time data access made possible by blockchain could have helped manage the financial crisis better: "[I]imagine what a difference it would have made a decade ago on the eve of the financial crisis if regulators had access to the real-time trading ledgers of large Wall Street banks, rather than trying to assemble piecemeal data to recreate complex, individual trading portfolios."..."Imagine if, instead of having to call around to brokerage firms like mine searching for market information, prudential regulators had access then to a 'golden record' of the real-time ledgers of all regulated trading participants."..."In short, what a difference it would have made a decade ago if [b]lockchain technology had been the informational foundation of Wall Street's derivatives exposures. At a minimum, it would certainly have allowed for far prompter, better-informed, and more calibrated regulatory intervention instead of the disorganized response that unfortunately ensued."

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.

  3. Is the bitcoin price volatility decreasing? Allegations of bitcoin price manipulation are not new and have been under investigation by regulatory agencies, and a recent presentation made by Bitwise Asset Management to the U.S. Securities and Exchange Commission (SEC) on March 19, 2019 further suggested that a vast majority of the daily bitcoin reported trading volume is fake and/or non-economic wash trading. Nevertheless, a recent speech from the CFTC makes a strong argument that the price volatility of bitcoin may decrease as regulated trading in bitcoin futures appears to become a driver for bitcoin pricing.
    1. A speech from Chairman Giancarlo on March 6, 2019 pointed out a correlation between the price of bitcoin and the launch of regulated bitcoin futures. After allowing the launch of bitcoin futures incorporating certain risk mitigating elements (e.g., higher margin requirements and contract sizes), Chairman Giancarlo noted that the price of bitcoin was reduced from around $19,000 to less than $10,000 within months. Seeking an explanation for that correlation, Chairman Giancarlo referenced a 2018 economic letter from the Federal Reserve Bank of San Francisco which advanced the following possible answer: "perhaps… futures allowed for the first accessible way to speculate against the price of the asset." According to Chairman Giancarlo, "markets allow actors to meet and reach price equilibrium on the value of an asset and/or transfer risk. In the case of [b]itcoin, I would posit that the decrease in prices has helped end a speculative bubble and perhaps allow this novel technology and asset class quieter time to continue to develop from a technological and adoption sense."
    2. While Bitwise's analysis showing that the price of bitcoin is actively manipulated may be true, we also note Chairman Giancarlo's confidence that risk transfer markets driven by sophisticated institutional investors can make informed assessments regarding the value of bitcoin and the need to offset price or volatility risk. Consequently, we could expect that such investors are indeed sufficiently sophisticated to assess the current and future expected price impact of market manipulation, and therefore the price of bitcoin should self-correct better than in the past to reach more rational equilibriums. It is impossible to know where the price of bitcoin and other cryptocurrencies are going next, but the bitcoin futures market coupled with Chairman Giancarlo's confidence in the efficiency of markets suggest that we should see less price volatility in the absence of material factors that are not anticipated by sophisticated traders of futures.

      Read more at https://www.cftc.gov/PressRoom/SpeechesTestimony/opagiancarlo66.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Wilson Sonsini Goodrich & Rosati | Attorney Advertising

Written by:

Wilson Sonsini Goodrich & Rosati

Wilson Sonsini Goodrich & Rosati on:

Readers' Choice 2017
Reporters on Deadline

Related Case Law

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.