As financial services firms increasingly turn to artificial intelligence (AI), banking regulators warn that despite their astonishing capabilities, these tools must be relied upon with caution.

Last week, the Board of Governors of the Federal Reserve (the Fed) held a virtual AI Academic Symposium to explore the application of AI in the financial services industry. Governor Lael Brainard explained that “particularly as financial services become more digitized and shift to web-based platforms,” a steadily growing number of financial institutions have relied on machine learning to detect fraud, evaluate credit, and aid in operational risk management, among many other functions.[i]

In the AI world, “machine learning” refers to a model that processes complex data sets and automatically recognizes patterns and relationships, which are in turn used to make predictions and draw conclusions.[ii] “Alternative data” is information that is not traditionally used in a particular decision-making process but that populates machine learning algorithms in AI-based systems and thus fuels their outputs.[iii]

Machine learning and alternative data have special utility in the consumer lending context, where these AI applications allow financial firms to determine the creditworthiness of prospective borrowers who lack credit history.[iv] Using alternative data such as the consumer’s education, job function, property ownership, address stability, rent payment history, and even internet browser history and behavioral information–among many other data–financial institutions aim to expand the availability of affordable credit to so-called “credit invisibles” or “unscorables.”[v]

Yet, as Brainard cautioned last week, machine-learning AI models can be so complex that even their developers lack visibility into how the models actually classify and process what could amount to thousands of nonlinear data elements.[vi] This obscuring of AI models’ internal logic, known as the “black box” problem, raises questions about the reliability and ethics of AI decision-making.[vii]

When using AI machine learning to evaluate access to credit, “the opaque and complex data interactions relied upon by AI could result in discrimination by race, or even lead to digital redlining, if not intentionally designed to address this risk.”[viii] This can happen, for example, when intricate data interactions containing historical information such as educational background and internet browsing habits become proxies for race, gender, and other protected characteristics–“leading to biased algorithms that discriminate.”[ix]

Consumer protection laws, among other aspects of the existing regulatory framework, cover AI-related credit decision-making activities to some extent. Still, in light of the rising complexity of AI systems and their potentially inequitable consequences, AI-focused legal reforms may be needed. At this time, to help ensure that financial services are prepared to manage these risks, the Fed has called on stakeholders–from financial services firms to consumer advocates and civil rights organizations as well as other businesses and the general public–to provide input on responsible AI use.[x]

[i] Lael Brainard, Governor, Bd. of Governors of the Fed. Reserve Sys., AI Academic Symposium: Supporting Responsible Use of AI and Equitable Outcomes in Financial Services (Jan. 12, 2021), available at

[ii] Pratin Vallabhaneni and Margaux Curie, “Leveraging AI and Alternative Data in Credit Underwriting: Fair Lending Considerations for Fintechs,” 23 No. 4 Fintech L. Rep. NL 1 (2020).

[iii] Id.

[iv] Id.; Brainard, supra n. 1.

[v] Vallabhaneni and Margaux Curie, supra n.2; Kathleen Ryan, “The Big Brain in the Black Box,” Am. Bar Assoc. (May 2020),

[vi] Brainard, supra n.1; Ryan, supra n.5.

[vii] Brainard, supra n.1; Ryan, supra n.5.

[viii] Brainard, supra n.1.

[ix] Id. (citing Carol A. Evans and Westra Miller, “From Catalogs to Clicks: The Fair Lending Implications of Targeted, Internet Marketing,” Consumer Compliance Outlook (2019)).

[x] Id.

In the wake of the Great Financial Crisis, global financial markets got their first experience of negative interest rates, something classical economists had long thought to be unworkable if not impossible. On April 20, concerns surrounding the effects of the COVID-19 crisis introduced investors to another negative first: crude oil prices.

On July 9, investors brought a class action complaint [1] alleging violations of Section 6b(e)(3) of the Commodity Exchange Act (CEA) [2] and its implementing regulations at 17 C.F.R. Sec. 180.1, which extended the prohibition on untrue statements or omissions of material fact from equity markets to the markets for futures, options, and other derivatives, by brokerage TD Ameritrade, Inc., and its derivatives-focused subsidiary Thinkorswim.

Intraday chart of the price of the May 2020 WTI crude futures contract on April 20, 2020 (Bloomberg), as set forth in the complaint.

To be clear, this was not a situation where you could pull up to the pump, fill up, and pocket some cash for doing so. The negative prices occurred in the commodity futures market, where investors enter into contracts to take delivery of a given amount of a commodity on a certain date. In this instance, the market was West Texas Intermediate (WTI) crude oil, which is oil that is produced all over the United States and Canada and transferred by pipeline to a massive hub storage and distribution facility in Cushing, Oklahoma.

The relevant futures contract stipulated that buyers would have to take delivery in May 2020, and April 20 was the final day that investors who did not (or in the case of the vast majority of investors, could not) take physical delivery of crude oil to sell out their positions. Over the course of the day, the price of the May 2020 WTI Crude contract fell steadily from its prior closing price of $18.27 per barrel, eventually falling as low as -$40.32 and closing at -$13.10, effectively requiring investors to pay $13.10 to avoid taking delivery of the crude oil.

The complaint alleged that Defendants’ risk disclosures made false and misleading statements and omissions regarding “multiple, robust risk management” processes that Plaintiff investors relied on, when in fact, Defendants’ systems could not accept or process transaction orders with negative prices, despite warnings in the prior weeks from the Chicago Mercantile Exchange, where the WTI futures contracts trade, that negative prices were possible. [3]

The complaint also claimed that Defendants failed to act properly when liquidating Plaintiffs’ positions because Defendants did not automatically close out the positions when the contract price fell to $0, the point beyond which investors would not be able to execute trades on their own.

On December 17, 2020, the Court issued a decision [4] disagreeing with Plaintiff and dismissing the complaint. The Court held that Plaintiff failed to adequately plead scienter. More notably, the Court held that the complaint failed to allege that Plaintiff attempted to place a trade at a negative price, which rendered insufficient  the complaint’s allegations of a false statement or omission (due to lack of standing), reliance, and loss causation insufficient.

The Court went on to point out that Plaintiff’s account agreement granted Defendants “sole discretion” when liquidating positions where a client’s position had fallen in value, creating margin deficiencies, as they had in this instance.

Because the Court also granted TD Ameritrade’s request to compel arbitration, we may not have the benefit of a ruling on a second amended complaint. However, as we previously noted in our discussion of the dismissal in Kirschner v. JPMorgan, the recent trend of making increasingly complex securities and derivatives available to a broader population of the investing public may continue to generate litigation.


[1] Lindstrom v. TD Ameritrade, Inc., No. 1:20-cv-04028 (N.D. Ill.).

[2] 7 U.S.C. §§ 9 et seq.

[3] See, e.g., Chicago Mercantile Exch., Advisory 20-152, “CME Clearing Plan to Address the Potential of a Negative Underlying in Certain Energy Options Contracts” (Apr. 8, 2020), available at 

[4] Lindstrom, No. 1:20-cv-04028, Dkt. No. 52 (Dec. 17, 2020).

In 2020, the Financial Industry Regulatory Authority Inc. (FINRA) settled alleged rule violations with various large investment firms, including Merrill Lynch, Citigroup Global Markets Inc. (CGMI), Transamerica Financial Advisors, Inc. (TFA), and RBC Capital Markets, LLC (RBC), with the majority of the Letters of Acceptance, Waiver, and Consent in those matters being signed in just the past two months. What is notable is not that these firms were found to have violated FINRA’s rules but rather that the firms received what appeared to be significant credit for their “extraordinary cooperation” in identifying the disclosure violations, taking measures to correct them, and then reporting them to FINRA, all prior to detection or intervention by FINRA. Their actions mitigated whatever typical sanctions FINRA would assess for those rule violations.

FINRA provides credit for extraordinary cooperation. The organization has laid out what it deems to constitute extraordinary cooperation–i.e., proactive steps a member organization can take, both prior to and after FINRA intervention, that can reduce or completely eliminate sanctions that would otherwise be assessed for offending conduct–in a series of regulatory guidances, most recently in Regulatory Notice 19-23:

  1. Identifying and taking steps to correct deficient procedures and systems.
  2. Providing restitution to customers.
  3. Self-reporting violations.
  4. Providing substantial assistance to FINRA investigations.

The extraordinary cooperation credit can take many forms; if, for example, a problem has been fully remediated, FINRA may conclude that no enforcement action is necessary. In other matters, even if enforcement action is taken, the sanctions may be reduced–be it a reduced fine, formal discipline without a fine, or even FINRA forgoing an undertaking (such as requiring a member to hire an independent consultant to oversee the member’s operations) that might have otherwise been imposed. Whether credit is awarded depends on the specific facts of each case.

In Merrill Lynch’s case, the company engaged an outside consultant to identify customers who did not receive appropriate rebates and fee waivers, and it proactively made restitution to those individuals. The matter was resolved without a fine. TFA likewise was able to avoid a fine for its rule violations. TFA engaged an outside consultant to help identify customers who received misstatements about investment opportunities in 529 plans and provided FINRA with detailed information about the challenges associated with collecting and assessing 529 plan data. As for RBC, the company proactively discovered supervisory deficiencies in connection with its 529 plan offerings, revised its systems, and engaged an outside consultant to formulate an action plan to provide customers with restitution. The company received credit for its efforts. And CGMI received a corresponding credit for taking measures to identify and correct various disclosure violations and was also commended for offering substantial assistance to FINRA in investigating those violations by maintaining open, transparent lines of communication with the organization throughout the process and providing access to documents and information.

Whether or not to self-report is a fact-specific inquiry and should be guided by legal counsel familiar with the business and regulatory history of the firm. However, in order to be in a position to take advantage of the extraordinary cooperation credit, member firms should develop an internal system of guidelines providing for periodic self-audits to identify potential rule violations and internal procedures for reporting (internally) a suspected FINRA violation. It also bears mentioning that efforts to conceal misconduct, on the other hand, can cause FINRA to impose strict penalties for violations and should be discouraged.

A putative consumer class action filed in California state court on Friday the 18th against Petco Animal Supplies Stores Inc. (Petco) and its wholly owned subsidiary PupBox Inc. (PupBox) alleges that between February and August an “unauthorized plugin” on the PupBox website caused the personal and credit card information of approximately 30,000 consumers to be stolen by an unauthorized third party. The complaint asserts, on information and belief, that the cyberattack resulted from the defendants’ failure to encrypt payment card data (PCD) at the point of sale and/or that the defendants “failed to install updates, patches, and malware protection or to install them in a timely manner to protect against a data security breach; and/or failed to provide sufficient control employee credentials and access to computer systems to prevent a security breach and/or theft of PCD.” The complaint further alleges that although Petco first learned of the cyberattack in early August, PupBox customers were not notified of the breach until October, creating a two-month lag during which class members could have attempted to mitigate the damage caused by the breach. The lawsuit alleges violations of the Washington State Consumer Protection Act, the California Unfair Competition Law, the California Consumer Records Act, and common law claims for negligence, negligence per se, breach of implied contract, and unjust enrichment.

Data breaches can be costly to companies in more ways than one. In addition to having to hire a forensic investigator to investigate the breach, companies risk reputational damage, contractual disputes, class action litigation, and potential regulatory investigations. For those financial companies regulated by the federal Gramm-Leach-Bliley Act’s Safeguards Rule or the data security provisions of New York’s Department of Financial Services, their responsibility to secure sensitive information extends to their affiliates and service providers as well.

While cyber insurance policies can provide an array of coverages and are a must-have, preparation is your best defense against a cyberattack. Many financial companies are required to create and maintain an information security program as well as a safeguard compliance program. All companies should be updating software security patches at the first opportunity and actively monitoring their systems for signs of unauthorized intrusions such as phishing exploits that inadvertently reveal passwords or other sensitive information. Sensitive data should be retained for only as long as necessary and stored in an encrypted database with limited access. Contracts with service providers should mandate strong data security practices as well. The time and effort expended on data protection have proven to be well worth the investment.

Senator Paul S. Sarbanes passed away peacefully on the evening of December 6, 2020, according to a statement released by the office of his son, U.S. Representative John Sarbanes (D-Md.).1

Sarbanes will be best remembered by most Americans for the landmark Sarbanes-Oxley Act of 2002,2 which sought to improve transparency and accountability for publicly traded companies in the wake of the accounting scandal that led to the largest bankruptcy to date of Enron Corporation in 2001.

He was then-ranking member of the Senate Banking, Housing and Urban Affairs Committee, and Sarbanes’ draft legislation gained bipartisan committee approval just days prior to the revelation of a $3.8 billion accounting fraud by WorldCom, which led to that company’s bankruptcy, eclipsing Enron’s. The draft was approved by the Senate in a 97-0 vote, and the final legislation was approved by overwhelming majorities in both houses: 423-3 in the House and 99-0 in the Senate.3

Among numerous improvements to financial reporting and accountability, the Sarbanes-Oxley Act created the Public Company Accounting Oversight Board, which brought independent oversight to auditors for the first time and established pay clawbacks4 and prison sentences5 for securities fraud by managers and investment advisors.

A graduate of Princeton University and Harvard Law School, Sarbanes served as a clerk with the 4th Circuit Court of Appeals and was an accomplished lawyer prior to entering politics. He served his home state of Maryland in the state legislature between 1967 and 1971 before being elected to the U.S. House of Representatives. In 1976, he was elected to represent Maryland in the Senate, a position he would hold for five terms until his retirement in 2007.

Sarbanes is survived by his three children: Michael, Janet, and John, who has served as the representative from Maryland’s 3rd District since 2006.

[1] Congressman John Sarbanes Announces the Passing of Senator Paul Sarbanes.

[2] 116 Stat. 745.

[3] Final Vote Results of Roll Call 348; Roll Call Vote 107th Congress – 2nd Session.

[4] MiMedx Plans to Claw Back Pay From Ex-CEO and Other Bosses.

[5] Raleigh Investment Advisor Sentenced to 40 Years for Orchestrating Ponzi Scheme, Obstructing the SEC, and Committing Aggravated Identity Theft.

A recent alert by Jamie Gottlieb Furia in Lowenstein Sandler’s White Collar Criminal Defense practice discusses the jury’s verdict against two former MiMedx Group Inc. executives for their involvement in an alleged fraud scheme. The three-week trial before U.S. District Judge Jed Rakoff marked the first white-collar jury trial in the Southern District of New York since March, when the COVID-19 pandemic began. Read the alert here.

In the most recent development in Cohen v. Capital One Funding LLC [1], a case seeking to certify a class asserting that New York State’s usury laws can apply to securitized credit card debts, Capital One-affiliated defendants have prevailed in their efforts to have the claims dismissed.  Plaintiffs sought to apply New York’s statutory caps on interest charges of 16 percent (civil) [2] and 25 percent (criminal) [3] to interest payments on credit cards issued by ex-New York banks (in this case, Virginia) but bundled into asset-backed securities held by New York trusts.

As we noted previously, the dispute turns on the application of a 2015 decision by the U.S. Court of Appeals for the Second Circuit, [4] in which that Court held that a purchaser of a bank loan was governed by the New York limits because it was neither a national bank itself nor acting on behalf of a national bank.  As a result, applying New York’s usury limits did not “significantly interfere” with the activities of a national bank, the seller. The significant interference standard was first articulated by the Supreme Court in Marquette Nat. Bank v. First of Omaha Svc. Corp. [5] applying the National Banking Act of 1864 (“NBA”), which preempts state usury laws with respect to national banks.

Plaintiffs argued that because defendants are not national banks and do not exercise national banking authority, Madden is dispositive and New York’s usury limits apply to their debts.

The District Court disagreed, holding Plaintiff’s claims to be preempted by the NBA, focusing on the distinction between the role of the parties in Cohen and Madden:

Although Defendants are not national banks, the Amended Complaint and documents on which it relies clearly show that Defendants were either subsidiaries of Capital One … or else carrying out Capital One’s business. [6]

Analyzing Madden, the District Court pointed out the distinction that it found crucial:

Capital One’s role as ABS sponsor and servicer, and retention of ownership and control over the underlying credit card loans … is not analogous to Madden, where [the banks] severed their contractual ties to plaintiff’s debt. [7]

The District Court found support for this position in Madden itself, where the Second Circuit explicitly conditioned the circumstances in which a non-bank can avail itself of NBA protections:

The [Second Circuit] observed that, although NBA preemption was available to non-national bank entities where the application of state law risked significantly interfering with a national bank’s powers, it had usually been in circumstances where the non-bank entity “acted on behalf of a national bank in carrying out the national bank’s business.” Madden, 786 F.3d at 251. That was not the case with Midland and its affiliate, which were acting “solely on their own behalves, as the owners of the debt,” and not on behalf of [banks]. [8]

The Second Circuit will likely have an opportunity to revisit its decision in Madden as Plaintiffs have appealed the District Court’s dismissal. [9]

[1] Cohen v. Capital One Funding LLC, No. 19-cv-03479 (E.D.N.Y.).

[2] N.Y. Gen. Oblig. Law § 5–501; N.Y. Banking Law § 14-a.

[3] N.Y. Penal Law § 190.40.

[4] Madden v. Midland Funding, LLC, 786 F.3d 246 (2d Cir. 2015).

[5] 439 U.S. 299, 313 (1978).

[6] Cohen, slip op. at 31 (emphasis added; quotation omitted).

[7] Id. at 35.

[8] Id. at 34.

[9] Cohen v. Capital One Funding, LLC, No. 20-3690 (2nd Cir.).

Last week, Judge Naomi Buchwald of the Southern District of New York provided final approval of a nearly $22 million settlement between a class of indirect investors and five Wall Street banks that the plaintiff investors accused of manipulating the London Interbank Offered Rate (LIBOR) in violation of the Sherman Act. The plaintiffs are over-the-counter (OTC) investors who indirectly interacted with the defendant banks via interest rate swaps and other transactions. These plaintiffs made purchases from other banks that are not defendants in the case; the five settling defendants are JPMorgan, Citibank, Bank of America, HSBC, and Barclays. The suit is one of many filed after Barclays admitted in 2012 that it had manipulated LIBOR.

LIBOR is a benchmark that is designed to reflect the cost of borrowing funds in the market and is applied to many types of financial instruments, including futures, swaps, options, and bonds. It is also referenced by consumer lending products such as mortgages, credit cards, and student loans. The alleged LIBOR manipulation had a widespread impact on global markets and consumers, including government entities and not-for-profit organizations.

Plaintiffs alleged that the defendants, who are members of a panel assembled by a bank trade association to calculate a daily interest rate benchmark, conspired to submit artificial, depressed rates from August 2007 to May 2010. They claim that the defendant banks instructed LIBOR rate submitters to artificially lower their LIBOR submissions in order to avoid the appearance that the banks were in financial difficulty. Also, plaintiffs allege that the defendants’ traders asked LIBOR rate submitters to adjust the submissions to benefit the traders’ positions. Plaintiffs claimed that their positions in various financial instruments were negatively affected by this manipulation of LIBOR, in violation of the Sherman Act.

Under the terms of the settlement agreement, Citi must pay approximately $7 million, HSBC must pay $4.75 million, and JPMorgan and Bank of America must each pay approximately $5 million. Barclays will “substantially” assist the plaintiffs in ongoing related litigation against other banks, providing proffers, documents, and testimony to the plaintiffs, instead of making any payment. The other four defendants also agreed to provide “significant” cooperation to the plaintiffs in their continued litigation.

The case is In re: Libor-based Financial Instruments Antitrust Litigation, index number 1:11-md-02262, pending in the U.S. District Court for the Southern District of New York.

In a previous post, we discussed Kirschner v. JPMorgan Chase Bank,[1] an action in which the trustee of bankrupt Millennium Labs brought state law securities fraud claims on behalf of a group of “approximately 400 mutual funds, pension funds, universities, [CLO]s and other institutional investors,” against banks that organized a $1.765 billion syndicated loan.

The threshold issue faced by the court was whether an investor’s share of a syndicated loan qualifies as a “security” for the purposes of state securities laws. Federal courts have previously held that syndicated loan interests do not qualify as securities for purposes of federal securities fraud claims.[2]

The trustee in Kirschner urged the court to embrace an inclusive view of the definition of securities when applying the test originally set forth by the Supreme Court in Reves v. Ernst & Young, specifically in light of the possibility that an instrument can be deemed a security based on “the reasonable expectations of the investing public”:[3]

“Whatever similarities early generations of syndicated bank loans once shared with traditional commercial lending, the Note offering mirrored a high yield bond issuance.”[4]

The court, in its decision of May 22, 2020, took a less expansive view, observing that:

“[T]he Credit Agreement and [Confidential Information Memorandum] would lead a reasonable investor to believe that the Notes constitute loans, and not securities. For example, the Credit Agreement repeatedly refers to the underlying transaction documents as ‘loan documents,’ and the words ‘loan’ and ‘lender’ are used consistently, instead of terms such as ‘investor.’”[5]

Notably, the court premised its decision in part on the sophistication of the investors, concluding:

“[I]t would have been reasonable for these sophisticated institutional buyers to believe that they were lending money, with all of the risks that may entail, and without the disclosure and other protections associated with the issuance of securities.”[6]

The prevailing trend in capital markets is for increasingly sophisticated instruments to be made available to ever-broader groups of investors. Where the public once had limited—if any—access to short selling, short-term trading, and complex equity option strategies, all of these have become feasible for individual investors in recent years. Access to participation in syndicated lending may follow the same route, and this may eventually require courts to revisit the scope of investor protections available.

For now, the court has extended its deadline for counsel to the trustee to file its motion and supporting papers to amend the complaint through July 31, 2020.[7]

The case is Kirschner v. JPMorgan Chase Bank, N.A., No. 17-cv-06334-PGG (S.D.N.Y.).

[1] Kirschner v. JPMorgan Chase Bank, N.A., No. 17-cv-06334-PGG (S.D.N.Y.).

[2] Banco Espanol de Credito v. Pacific National Bank, 973 F.2d 51 (2d Cir. 1992).

[3] 494 U.S. 56, 66 (1990) (“The Court will consider instruments to be ‘securities’ on the basis of such public expectations, even where an economic analysis of the circumstances of the particular transaction might suggest that the instruments are not ‘securities’ as used in that transaction.”)

[4] Kirschner, ECF No. 81 at 17.

[5] Kirschner, ECF No. 119 at 18-19.

[6] Id. at 22.

[7] Kirschner, ECF No. 127.

As cryptocurrency and blockchain technology have expanded, so too have regulatory scrutiny and ensuing litigation. The lack of a uniformly applicable regulatory framework–particularly regarding whether virtual currencies constitute securities subject to the federal securities laws and registration requirements–has led to confusion and uncertainty. Recently filed “fintech” actions are poised to establish precedent in this novel legal landscape.

The Securities and Exchange Commission (SEC) Enforcement Division’s recently created cyber unit investigated and recommended the commission bring charges in several cases in 2019 involving blockchain technology and digital assets. In June 2019, the SEC filed its first contested litigation against a digital asset issuer, alleging violations of federal registration requirements.[2] In the complaint, the SEC alleges that between May and September 2017, Kik Interactive Inc. offered and sold one trillion digital tokens for approximately $100 million but failed to file a registration statement with the SEC for its offer and sale of securities.[3] The main issue the Kik court is expected to address is whether an initial coin offering (ICO) is a securities offering subject to the registration requirements of the Securities Act of 1933.

In October 2019, the SEC obtained a temporary restraining order in the U.S. District Court for the Southern District of New York, preventing Telegram Group Inc. and its wholly owned subsidiary TON Issuer Inc. (together, Telegram) from making a $1.7 billion digital token offering without filing a registration statement.[4] Telegram agreed to postpone its offer and sale of tokens until after a court hearing scheduled for Feb. 18 and 19 on the SEC’s request for a preliminary injunction to prevent the offering. Telegram has contested the SEC’s theory that its tokens constitute securities, alleging it does not intend to offer them through an ICO but instead plans to sell through private agreements, which are exempt from registration requirements.

The ultimate determinations by the Southern District of New York–the federal court in Manhattan hearing both of these cases–are expected to shed light on the status of cryptocurrency offerings, but it remains to be seen whether any bright-line rules will be established.

[1] Securities and Exchange Commission’s Division of Enforcement 2019 Annual Report at 12.

[2] The case is SEC v. Kik Interactive Inc., No. 19-cv-5244 (SDNY).

[3] SEC v. Kik Interactive Inc. Complaint at ¶¶ 1, 18.

[4] The case is SEC v. Telegram Group LLC et al, No. 19-cv-9439 (SDNY).