Securities Law

Cracking the Code: Navigating New SEC Rules Governing Cybersecurity Disclosure

Noah Schottenbauer, MJLST Staffer

In response to the dramatic impact cybersecurity incidents have on investors through the decline of stock value and sizeable costs to companies in rectifying breaches,  the SEC adopted new rules governing cybersecurity-related disclosures for public companies, covering both the disclosure of individual cybersecurity incidents as well as periodic disclosures of a company’s procedures to assess, identify, and manage material cybersecurity risks, management’s role in assessing and managing cybersecurity risks, and the board of directors’ oversight of cybersecurity risks.[1]

Before evaluating the specifics of the new SEC cybersecurity disclosure requirements, it is important to understand why information about cybersecurity incidents is important to investors. In recent years, data breaches have led to an average decline in stock value of 7.5% amongst publicly traded companies, with impacts being felt long after the date of the breach, as demonstrated by companies experiencing a significant data breach underperforming the NASDAQ by an average of 8.6% after one year.[2] One of the forces driving this decline in stock value is the immense costs associated with rectifying a data breach for the affected company. In 2022, the average cost of a data breach for U.S. companies was $9.44 million, drawn from ransom payments, disruptions in business operations, legal and audit fees, and other associated expenses.[3]

Summary Of Required Disclosures

  • Material Cybersecurity Incidents (Form 8-K, Item 1.05)

Amendments to Item 1.05 of Form 8-K require that reporting companies disclose any cybersecurity incident deemed to be material.[4] When making such disclosures, companies are required to “describe the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.”[5]

So, what is a material cybersecurity incident? The SEC defines cybersecurity incident as “an unauthorized occurrence . . . on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein.”[6]

The definition of material, on the other hand, lacks the same degree of clarity. Based on context offered by the SEC through the rulemaking process, material is to be used in a way that is consistent with other securities laws.[7] Under this standard, information, or, in this case, a cybersecurity incident, would be considered material if “there is a substantial likelihood that a reasonable shareholder would consider it important.”[8] This determination is made based on a “delicate assessment of the inferences a ‘reasonable shareholder’ would draw from a given set of facts and the significance of those inferences to him.”[9] Even with this added context, what characteristics of a cybersecurity incident make it material remain unclear, but considering the fact that the rules are being implemented with the intent of protecting investor interests, the safest course of action would be to disclose a cybersecurity incident when in doubt of its materiality.[10]

It is important to note that this disclosure mandate is not limited to incidents that occur within the company’s own systems. If a material cybersecurity incident happens on third-party systems that a company utilizes, that too must be disclosed.[11] However, in these situations, companies are only expected to disclose information that is readily accessible, meaning they are not required to go beyond their “regular channels of communication” to gather pertinent information.[12]

Regarding the mechanics of the disclosure, the SEC stipulates that companies must file an Item 1.05 of Form 8-K within four business days of determining that a cybersecurity incident is material.[13] However, delaying disclosure may be allowed in limited circumstances where the United States Attorney General determines that immediate disclosure may seriously threaten national security or public safety.[14]

If there are any changes in the initially-disclosed information or if new material information is discovered that was not available at the time of the first disclosure, registrants are obligated to update their disclosure by filing an amended Form 8-K, ensuring that all relevant information related to the cybersecurity incident is available to the public and stakeholders.[15]

  • Risk Management & Strategy (Regulation S-K, Item 106(b))

Under amendments to Item 106(b) of Regulation S-K, reporting companies are obligated to describe their  “processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats in sufficient detail for a reasonable investor to understand those processes.”[16] When detailing these processes, companies must specifically address three primary points. First, they need to indicate how and if the cybersecurity processes described in Item 106(b) fall under the company’s overarching risk management system or procedures. Second, companies must clarify whether they involve assessors, consultants, auditors, or other third-party entities in relation to these cybersecurity processes. Third,  they must describe if they possess methods to monitor and access significant risks stemming from cybersecurity threats when availing the services of any third-party providers.[17]

In addition to the three enumerated elements under Item 106(b), companies are expected to furnish additional information to ensure a comprehensive understanding of their cybersecurity procedures for potential investors. This supplementary disclosure should encompass “whatever information is necessary, based on their facts and circumstances, for a reasonable investor to understand their cybersecurity processes.”[18] While companies are mandated to reveal if they collaborate with third-party service providers concerning their cybersecurity procedures, they are not required to disclose the specific names of these providers or offer a detailed description of the services these third-party entities provide, thus striking a balance between transparency and confidentiality and ensuring that investors have adequate information.[19]

  • Governance (Regulation S-K, Item 106(c))

Amendments to Regulation S-K, Item 106(c) require that companies: (1) describe the board’s oversight of the risks emanating from cybersecurity threats, and (2) characterize management’s role in both assessing and managing material risks arising from such threats.[20]

When detailing management’s role concerning these cybersecurity threats, there are a number of issues that should be addressed. First, companies should clarify which specific management positions or committees are entrusted with the responsibility of assessing and managing these risks. Additionally, the expertise of these designated individuals or groups should be outlined in such detail as necessary to comprehensively describe the nature of their expertise. Second, a description of the processes these entities employ to stay informed about, and to monitor, the prevention, detection, mitigation, and remediation of cybersecurity incidents should be included. Third, companies should indicate if and how these individuals or committees convey information about such risks to the board of directors or potentially to a designated committee or subcommittee of the board.[21]

The disclosures required under Item 106(c) are aimed at balancing investor accessibility to information with the company’s ability to maintain autonomy in determining cybersecurity practices in the context of organizational structure; therefore, disclosures do not need to be overly detailed.[22]

  • Foreign Private Issuers (Form 6-K & Form 20-F)

The rules addressed above only apply to domestic companies, but the SEC imposed parallel cybersecurity disclosure requirements for foreign private issuers under Form 6-K (incident reporting) and Form 20-K (periodic reporting).[23]

Key Dates

The SEC’s final rules are effective as of September 5, 2023, but the Form 8-K and Regulation S-K reporting requirements have yet to take effect. The key compliance dates for each are as follows:

  • Form 8-K Item 1.05(a) Incident Reporting – December 18, 2023
  • Regulation S-K Periodic Reporting – Fiscal years ending on or after December 15, 2023

Smaller reporting companies are provided with an extra 180 days to comply with Form 8-K Item 1.05. Under this grant, small companies will be expected to begin incident reporting on June 15, 2024. No such extension was granted to smaller reporting companies with regard to Regulation S-K Periodic Reporting.[24]

Potential Impact On Cybersecurity Policy

The actual impact of the SEC’s new disclosure requirements will likely remain unclear for some time, yet the regulations compel companies to adopt a greater sense of discipline and transparency in their cybersecurity practices. Although the primary intent of these rules is investor protection, they may also influence how companies formulate their cybersecurity strategies, given the requirement to discuss such policies in their annual disclosures. This heightened level of accountability, regarding defensive measures and risk management strategies in response to cybersecurity threats, may encourage companies to implement more robust cybersecurity practices or, at the very least, ensure that cybersecurity becomes a regular topic of discussion amongst senior leadership. Consequently, the SEC’s initiative may serve as a catalyst for strengthening cybersecurity policies within corporate entities, while also providing investors with essential information for making informed decisions in the marketplace.

Further Information

The overview of the new SEC rules governing cybersecurity disclosures provided above is precisely that: an overview. For more information regarding the requirements and applicability of these rules please refer to the official rules and the SEC website.

Notes

[1] Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, Exchange Act Release No. 33-11216, Exchange Act Release No. 34-97989 (July 26, 2023) [hereinafter Final Rule Release], https://www.sec.gov/files/rules/final/2023/33-11216.pdf.

[2] Keman Huang et al., The Devastating Business Impact of a Cyber Breach, Harv. Bus Rev., May 4, 2023, https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach.

[3] Id.

[4] Final Rule Release, supra note 1, at 12

[5] Id. at 49.

[6] Id. at 76.

[7] Id. at 14.

[8] TSC Indus. v. Northway, 426 U.S. 438, 449 (1976).

[9] Id. at 450.

[10] Id. at 448.

[11] Final Rule Release, supra note 1, at 30.

[12] Id. at 31.

[13] Id. at 32.

[14] Id. at 28.

[15] Id. at 50–51.

[16] Id. at 61.

[17] Id. at 63.

[18] Id.

[19] Id. at 60.

[20] Id. at 12.

[21] Id. at 70.

[22] Id.

[23] Id. at 12.

[24] Id. at 107.


Whistleblowers Reveals…—How Can the Legal System Protect and Encourage Whistleblowing?

Vivian Lin, MJLST Staffer

In July 2022, Twitter’s former head of security, Peiter Zatko, filed a 200+ page complaint with Congress and several federal agencies, disclosing Twitter’s potential major security problems that pose a threat to its users and national security.[1] Though it is still unclear whether  these allegations were confirmed, the disclosure drew significant attention because of data privacy implications and calls for whistleblower protection. Whistleblowers play an important role in detecting major issues in corporations and the government. A 2007 survey reported that in private companies, professional auditors were only able to detect 19% of instances of fraud but whistleblowers were able to expose 43% of incidents.[2]In fact, this recent Twitter scandal, along with Facebook’s online safety scandal in 2021[3] and the famous national security scandal disclosed by Edward Snowden, were all revealed by inside whistleblowers. Without these disclosures, the public may never learn of incidents that involve their personal information and security.

An Overview of the U.S. Whistleblower Protection Regulations

Whistleblower laws aim to protect individuals who report illegal or unethical activities in their workplace or government agency. The primary federal law protecting whistleblowers is the Whistleblower Protection Act (WPA), passed in 1989. The WPA provides protections for federal employees who report violations such as  gross mismanagement, gross waste of funds, abuse of authority, or dangers to public health or safety.[4]

In addition to the WPA, there are other federal laws that provide industry specific whistleblower protections in private sectors. For example, the Sarbanes-Oxley Act (SOX) was enacted in response to the corporate accounting scandals of the early 2000s. It requires public companies to establish and maintain internal controls to ensure the accuracy of their financial statements. Whistleblowers who report violations of securities law can receive protection against retaliation, including reinstatement, back pay, and special damages. To further encourage more whistleblowers to come forward with potential securities violations, Congress passed the Dodd-Frank           Wall Street Reform and Consumer Protection Act (Dodd-Frank) in 2010 which provides incentives and additional protections for whistleblowers. The Securities and Exchange Commission (SEC) established its whistleblower protection program under Dodd-Frank to award qualified whistleblowers for their tips that lead to a successful SEC sanction. Finally, the False Claims Act (FCA) allows individuals to file lawsuits on behalf of the government against entities that have committed fraud against the government. Whistleblowers who report fraud under the FCA can receive a percentage of the amount recovered by the government. In general, these laws give protections for whistleblowers in the private corporate setting, providing anti-retaliation protection and incentives for reporting violations.

Concerns Involved in Whistleblowing and Related Laws

While whistleblower laws in the United States provide important protections for individuals who speak out against illegal or unethical activities, there are still risks associated with whistleblowing. Even with the anti-retaliation provisions, whistleblowers still face retaliation from their employer, such as demotion or termination, and may face difficulties finding new employment in their field. For example, a 2011 report indicated that while the percentage of employees who noticed wrongdoings at their workplaces decreased from the 1992 survey, about one-third of those who called out wrongdoings and were identified as whistleblowers experienced retaliation in the form of threats and/or reprisals.[5]

Besides the fear of retaliation, another concern is the low success rate under the WPA when whistleblowers step up to make a claim. A 2015 research analyzed 151 cases where employees sought protection under the WPA and found that 79% of the cases were found in favor of the federal government.[6] Such a low success rate, in addition to potential retaliation, likely discourages employees from disclosing when they identify wrongdoings at their workplace.

A third problem with the current whistleblowing law is that financial incentives do not work as effectively as expected and might negatively impact corporate governance. From the incentives perspective, bounty hunting might actually discourage whistleblowers when not used well. For example, Dodd-Frank provides monetary rewards for people who report financial fraud that will allow the SEC impose a more than $1 million sanction on the violator, but if an employee discovers a wrongdoing that will not lead to a sanction over $1 million, a study shows that the employee will be less likely to report it timely.[7] From a corporate governance perspective, a potential whistleblower might turn to a regulatory agency for the reward rather than reporting it to the company’s internal compliance program, providing the company with the opportunity to do the right thing.[8]

Potential Changes 

There are several ways in which the current whistleblower regulations can improve. First, to encourage employees to stand up and identify wrongdoings at the workplace, the SEC’s whistleblower protection program should exclude the $1 million threshold requirement for any potential reward. Those who notice illegal behaviors that might not result in a $1 million sanction should also receive a reward if they report the potential risks.[9] Second, to deter retaliation, compensation for retaliation should be proportionate to the severity of the wrongdoing uncovered.[10] Currently, statutes mostly offer backpay, front pay, reinstatement, etc. as compensation for retaliation, while receiving punitive damages beyond that is rare. This mechanism does not recognize the public interest in retaliation cases—the public benefits from the whistleblower’s act while she risks retaliation. Finally, bounty programs might not be the right approach given that many whistleblowers are motivated more by their own moral calling rather than money. Perhaps a robust system ensuring whistleblower’s reports be thoroughly investigated and building stronger protections  from retaliation would work better than bounty programs.

In conclusion, whistleblowers play a crucial role in exposing illegal and unethical activities within organizations and government agencies. While current U.S. whistleblower protection regulations offer some safeguards, there are still shortcomings that may discourage employees from reporting wrongdoings. Improving whistleblower protections against retaliation, expanding rewards to include a wider range of disclosures, and refining the approach to investigations are essential steps to strengthen the system. By ensuring that their disclosures are thoroughly investigated and their lives are not severely impacted, we can encourage more whistleblowers to come forward with useful information which will better protect the public interest and maintain a higher standard of transparency, accountability, and corporate governance in the society.

Notes

[1] Donie O’Sullivan et al., Ex-Twitter Exec Blows The Whistle, Alleging Reckless and Negligent Cybersecurity Policies, CNN (Aug. 24, 2022, 5:59 AM EDT), https://edition.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html.

[2] Kai-D. Bussmann, Economic Crime: People, Culture, and Controls 10 (2007).

[3] Ryan Mac & Cecilia Kang, Whistle-Blower Says Facebook ‘Chooses Profits Over Safety’, N.Y. Times (Oct. 3, 2021), https://www.nytimes.com/2021/10/03/technology/whistle-blower-facebook-frances-haugen.html.

[4] Whistleblower Protection, Office of Inspector General, https://www.oig.dhs.gov/whistleblower-protection#:~:text=The%20Whistleblower%20Protection%20Act%20 (last accessed: Mar. 5, 2023).

[5] U.S. Merit Systems Protection Board, Blowing the Whistle: Barriers to Federal Employees Making Disclosures 27 (2011).

[6] Shelley L. Peffer et al., Whistle Where You Work? The Ineffectiveness of the Federal Whistleblower Protection Act of 1989 and the Promise of the Whistleblower Protection Enhancement Act of 2012, 35 Review of Public Personnel Administration 70 (2015).

[7] Leslie Berger, et al., Hijacking the Moral Imperative: How Financial Incentives Can Discourage Whistleblower Reporting. 36 AUDITING: A Journal of Practice & Theory 1 (2017).

[8] Matt A. Vega, Beyond Incentives: Making Corporate Whistleblowing Moral in the New Era of Dodd- Frank Act “Bounty Hunting”, 45 Conn. L. Rev. 483.

[9] Geoffrey C. Rapp, Mutiny by the Bounties? The Attempt to Reform Wall Street by the New Whistleblower Provisions of the Dodd-Frank Act, 2012 B.Y.U.L. Rev. 73.

[10] David Kwok, The Public Wrong of Whistleblower Retaliation, 96 Hastings L.J. 1225.


New Congressional Bill to Fuel the Crypto Winter?

Shawn Zhang, MJLST Staffer

Cryptocurrency has experienced rapid growth over the past few years. Retail investors rushed into this market in hopes of amassing wealth. However, the current price of Bitcoin is sitting at roughly 30% of the all-time high. Investors dub this current state of the market as the “Crypto Winter”, where the entire crypto market is underperforming. This term signifies the current negative sentiment held by a large portion of the market towards cryptocurrency.

Cryptocurrency is a relatively new class of assets, bearing similarities to both currency and securities. Regulators are not quite sure of how to regulate this volatile market, and with the lack of regulations investors are more prone to risk. Nevertheless, legislators are still seeking to protect retail investors and the general public from risky investments, as they did with the 1933 Securities Act and 1934 Securities Exchange Act. The question is how? Well, the answer may be The Lummis-Gillibrand Responsible Financial Innovation Act which has recently been introduced into Congress. This bill seeks to “provide for responsible financial innovation and to bring digital assets within the regulatory perimeter.” If passed, this bill would address those concerns investors currently have with investing in the volatile crypto market.

Summary of the Bill

This legislation would set up the regulatory landscape by granting the Commodity Futures Trading Commission (CFTC) exclusive jurisdiction over digital assets, subject to several exclusions. One of the exclusions being that when the asset is deemed a security, the Securities and Exchange Commission (SEC) will gain jurisdiction and providers of digital asset services will then be required to provide disclosures. The bill would also require the Internal Revenue Service to issue regulations clarifying issues of digital assets and eliminate capital gains taxes through a de minimis exclusion for cryptocurrencies used to buy up to $200 of goods and services per transaction. Moreover, it would also allow crypto miners to defer income taxes on digital assets earned while mining or staking until they dispose of the assets.

Commodity vs Security

So, what’s the difference between CFTC and SEC? The CFTC governs commodities and derivatives market transactions, while the SEC governs securities. The key difference that these classifications make are the laws under which they operate. The CFTC was created under the 1936 Commodities Exchange Act, while the SEC was created under the 1933 Securities Act and 1934 Securities Exchange Act. Hence, giving the CFTC primary jurisdiction means that cryptocurrency will primarily be governed under the 1936 Commodity Exchange Act. The biggest advantage (or what one may think of as a disadvantage) of this Act is that commodities are generally more lightly regulated than securities. Under the 33’ act and 34’ act, securities are thoroughly regulated via disclosures and reports to protect the public. Issuers of securities must comply with a large set of regulations (which is why IPOs are expensive). This could be a win for crypto, as crypto was intended to be “decentralized” rather than heavily regulated. Though having some regulations may help invoke public trust in this class of assets and potentially increase the total number of investors, which may be a bigger win.

The question ends up being what level of regulation and protection is appropriate? On the one hand, applying heavy handed regulations may not be effective, and in fact might encourage black market activity. This may lead to tech savvy investors detaching their real life identity from the world of crypto and using their money elsewhere through the blockchain networks. On the other hand, investors hate uncertainty. Markets react badly when there is “fear, uncertainty, and doubt.” By solidifying the jurisdiction of CFTC on cryptocurrency, both investors and issuers may feel more at ease rather than wonder what regulations they must follow. As a comparison, oil, gold, and futures are also regulated by the CFTC rather than the SEC, and they seem to be doing fine on the exchanges.

Tax Clarifications & Incentives

Clarifications are always welcome in the complex world of federal taxes. Uncertainty can result in investors avoiding a class of assets purely due to the complexity of its tax consequences. Moreover, investors may be unexpectedly hit with a tax bill that was different from what they expected due to ambiguity or lack of clarity in the statutes. Thus, clarifications under the proposed Act would likely make lives easier for investors in this space.

Tax often incentivizes certain investor actions. For example, capital gains tax incentivizes investors to hold their investments for longer than a year in order to reduce their taxes. Tax incentives also often have policy rationales behind them, like the capital gain tax incentive aims to promote long term investment rather than short term speculation. This indirectly protects investors from short term fluctuations in the market, and also keeps more money in the economy for longer.

The proposed Act would eliminate capital gains tax for crypto used to purchase goods and services up to $200. That’s $200 of untaxed money that could be spent without increasing an investor’s tax liability. This would likely encourage people to conduct at least some transactions in crypto, and thus further legitimize the asset class. People often doubt the real world use of cryptocurrencies, but if this Act can encourage people to utilize and accept cryptocurrencies in everyday transactions, it may increase confidence in the asset class.

Conclusion

The Lummis-Gillibrand Responsible Financial Innovation Act could be a big step towards further adoption and legitimization of crypto. Congress giving primary jurisdiction to the CFTC is likely the better choice, as it strikes a balance between protecting consumers while not having too much regulation. Regardless of whether this will have a positive impact on the current market or not, Congress is at least finally signaling that they do see Crypto as a legitimate class of asset.


A Solution Enabled by the Conflict in Ukraine, Cryptocurrency Regulation, and the Energy Crisis Could Address All Three Issues

Chase Webber, MJLST Staffer

This post focuses on two political questions reinvigorated by Vladimir Putin’s invasion of Ukraine: the energy crisis and the increasing popularity and potential for blockchain technology such as cryptocurrency (“crypto”).  The two biggest debates regarding blockchain may be its extraordinarily high use of energy and the need for regulation.  The emergency of the Ukraine invasion presents a unique opportunity for political, crypto, and energy issues to synergize – each with solutions and positive influence for the others.

This post will compare shortcomings in pursuits for environmentalism and decentralization.  Next, explain how a recent executive order is an important turning point towards developing sufficient peer-to-peer technology for effective decentralization.  Finally, suggest that a theoretical decentralized society may be more well-equipped to address the critical issues of global politics, economy, and energy use, and potentially others.

 

Relationship # 1: The Invasion and The Energy Crisis

Responding to the invasion, the U.S. and other countries have sanctioned Russia in ways that are devastating Russia’s economy, including by restricting the international sale of Russian oil.  This has dramatic implications for the interconnected global economy.  Russia is the second-largest oil exporter; cutting Russia out of the picture sends painful ripples across our global dependency on fossil fuel.

Without “beating a dead dinosaur” … the energy crisis, in a nutshell, is that (a) excessive fossil fuel consumption causes irreparable harm to the environment, and (b) our thirst for fossil fuel is unsustainable, our demand exceeds the supply and the supply’s ability to replenish, so we will eventually run out.  Both issues suggest finding ways to lower energy consumption and implement alternative, sustainable sources of energy.

Experts suggest innovation for these ends is easier than deployment of solutions.  In other words, we may be capable of fixing these problems, but, as a planet, we just don’t want it badly enough yet, notwithstanding some regulatory attempts to limit consumption or incentivize sustainability.  If the irreparable harm reaches a sufficiently catastrophic level, or if the well finally runs dry, it will require – not merely suggest – a global reorganization via energy use and consumption.

The energy void created by removing Russian supply from the global economy may sufficiently mimic the well running dry.  The well may not really be dry, but it would feel like it.  This could provide sufficient incentive to implement that global energy reset, viz., planet-wide lifestyle changes for existing without fossil fuel reliance, for which conservationists have been begging for decades.

The invasion moves the clock forward on the (hopefully) inevitable deployment of green innovation that would naturally occur as soon as we can’t use fossil fuels even if we still want to.

 

Relationship # 2: The Invasion and Crypto   

Crypto was surprisingly not useful for avoiding economic sanctions, although it was designed to resist government regulation and control (for better or for worse).  Blockchain-based crypto transactions are supposedly “peer-to-peer,” requiring no government or private intermediaries.  Other blockchain features include a permanent record of transactions and the possibility of pseudonymity.  Once assets are in crypto form, they are safer than traditional currency – users can generally transfer them to each other, even internationally, without possibility of seizure, theft, taxation, or regulation.

(The New York Times’ Latecomer’s Guide to Crypto and the “Learn” tab on Coinbase.com are great resources for quickly building a basic understanding of this increasingly pervasive technology.)

However, crypto is weak where the blockchain realm meets the physical realm.  While the blockchain itself is safe and secure from theft, a user’s “key” may be lost or stolen from her possession.  Peer-to-peer transactions themselves lack intermediaries, but hosts are required for users to access and use blockchain technology.  Crypto itself is not taxed or regulated, but exchanging digital assets – e.g., buying bitcoin with US dollars – are taxed as a property acquisition and regulated by the Security Exchange Commission (SEC).  Smart contract agreements flounder where real-world verification, adjudication, or common-sense is needed.

This is bad news for sanctioned Russian oligarchs because they cannot get assets “into” or “out of” crypto without consequence.  It is better news for Ukraine, where the borderless-ness and “trust” of crypto transaction eases international transmittal of relief assets and ensures legitimate receipt.

The prospect of crypto being used to circumvent U.S. sanctions brought crypto into the federal spotlight as a matter of national security.  President Biden’s Executive Order (EO) 14067 of March 9, 2022 offers an important turning point for blockchain: when the US government began to direct innovation and government control.  Previously, discussions of whether recognition and control of crypto would threaten innovation, or a failure to do so would weaken government influence, had become a stalemate in regulatory discussion. The EO seems to have taken advantage of the Ukraine invasion to side-step the stagnant congressional debates.

Many had recognized crypto’s potential, but most seemed to wait out the unregulated and mystical prospect of decentralized finance until it became less risky.  Crypto is the modern equivalent of private-issued currencies, which were common during the Free Banking Era, before national banks were established at the end of the Civil War.  They were notoriously unreliable.  Only the SEC had been giving crypto plenty of attention, until (and especially) more recently, when the general public noticed how profitable bitcoin became despite its volatility.

EO 14067’s policy reasoning includes crypto user protection, stability of the financial system, national security (e.g., Russia’s potential for skirting sanctions), preventing crime enablement (viz., modern equivalents to The Silk Road dark web), global competition, and, generally, federal recognition and support for blockchain innovation.  The president asked for research of blockchain technology from departments of Treasury, Defense, Commerce, Labor, Energy, Homeland Security, the Consumer Financial Protection Bureau (CFPB), Federal Trade Commission (FTC), SEC, Commodity Futures Trading Commission (CFTC), Environmental Protection Agency (EPA), and a handful of other federal agencies.

While promoting security and a general understanding of blockchain’s potential uses and feasibility, the order also proposes Central Bank Digital Currencies (CBDC).  CBDCs are FedCoins – a stablecoin issued by the government instead of by private entities.  Stablecoins (e.g., Tether) are a type of crypto whose value is backed by the US Dollar, whereas privately issued crypto (e.g., Bitcoin, Ether) are more volatile because their value is backed by practically nothing.  So, unlike Tether, a privately issued stablecoin, CBDCs would be crypto issued and controlled by the U.S. Treasury.

Imagine CBDCs as a dollar bill made of blockchain technology instead of paper.  A future “cash transaction” could feel more like using Venmo, but without the intermediary host, Venmo.

 

Relationship # 3: Crypto and Energy

Without getting into too many more details, blockchain technology, on which crypto is based, requires an enormous amount of energy-consuming computing power.

Blockchain is a decentralized “distributed ledger technology.” The permanent recordings of transactions are stored and verifiable at every “node” – the computer in front of you could be a node – instead of in a centralized database.  In contrast, the post you are now reading is not decentralized; it is “located” in a UMN database somewhere, not in your computer’s hard drive.  Even a shared Google Doc is in a Google database, not in each of the contributor’s computers.  In a distributed system, if one node changes its version of the distributed ledger, some of the other nodes verify the change.  If the change represents a valid transaction, the change is applied to all versions at each node, if not, the change is rejected, and the ledger remains intact.

These repeated verifications give blockchain its core features, but also require a significant amount of energy.

For most of the history of computers, computing innovation has focused primarily on function, especially increased speed.  Computer processing power eventually became sufficiently fast that, in the last twenty-ish years, computing innovation began to focus on achieving the same speed using less energy and/or with more affordability.  Automotive innovation experienced a similar shift on a different timeline.

Blockchain will likely undergo the same evolution.  First, innovators will focus on function and standardization.  Despite the popularity, this technology still lacks in these areas.  Crypto assets have sometimes disappeared into thin air due to faulty coding or have been siphoned off by anonymous users who found loopholes in the software.  Others, who became interested in crypto during November 2021, after hearing that Ether had increased in value by 989% that year and the crypto market was then worth over $3 trillion, may have been surprised when the value nearly halved by February.

Second, and it if it is a profitable investment – or incentivized by future regulations resulting from EO14067 – innovators will focus on reducing the processing power required for maintaining a distributed ledger.

 

Decentralization, and Other Fanciful Policies

Decentralization and green tech share the same fundamental problem.  The ideas are compelling and revolutionary.  However, their underlying philosophy does not yet match our underlying policy.  In some ways, they are still too revolutionary because, in this author’s opinion, they will require either a complete change in infrastructure or significantly more creativity to be effective.  Neither of these requirements are possible without sufficient policy incentive.  Without the incentive, the ideas are innovative, but not yet truly disruptive.

Using Coinbase on an iPhone to execute a crypto transaction is to “decentralization” what driving a Tesla running on coal-sourced electricity is to “environmentalism.”  They are merely trendy and well-intentioned.  Tesla solves one problem – automotive transportation without gasoline – while creating another – a corresponding demand for electricity – because it relies on existing infrastructure.  Similarly, crypto cannot survive without centralization.  Nor should it, according to the SEC, who has been fighting to regulate privately issued crypto for years.

At first glance, EO 14067 seems to be the nail in the coffin for decentralization.  Proponents designed crypto after the 2008 housing market crash specifically hoping to avoid federal involvement in transactions.  Purists, especially during The Digital Revolution in the 90s, hoped peer-to-peer technology like blockchain (although it did not exist at that time) would eventually replace government institutions entirely – summarized in the term, “code is law.”  This has marked the tension between crypto innovators and regulators, each finding the other uncooperative with its goals.

However, some, such as Kevin Werbach, a prominent blockchain scholar, suggest that peer-to-peer technology and traditional legal institutions need not be mutually exclusive.  Each offers unique elements of “trust,” and each has its weaknesses.  Naturally, the cooperation of novel technologies and existing legal and financial structures can mean mutual benefit.  The SEC seems to share a similarly cooperative perspective, but distinguished, importantly, by the expectation that crypto will succumb to the existing financial infrastructure.  Werbach praises EO 14067, Biden’s request that the “alphabet soup” of federal agencies investigate, regulate, and implement blockchain, as the awaited opportunity for government and innovation to join forces.

The EPA is one of the agencies engaged by the EO.  Pushing for more energy efficient methods of implementing blockchain technology will be as essential as the other stated policies of national security, global competition, and user friendliness.  If the well runs dry, as discussed above, blockchain use will stall, as long as blockchain requires huge amounts of energy.  Alternatively, if energy efficiency can be attained preemptively, the result of ongoing blockchain innovation could play a unique role in addressing climate change and other political issues, viz., decentralization.

In her book, Smart Citizens, Smarter State: The Technologies of Expertise and the Future of Governing, Beth Simone Noveck suggests an innovative philosophy for future democracies could use peer-to-peer technology to gather wide-spread public expertise for addressing complex issues.  We have outgrown the use of “government bureaucracies that are supposed to solve critical problems on their own”; by analogy, we are only using part of our available brainpower.  More recently, Decentralization: Technology’s Impact on Organizational and Societal Structure, by local scholars Wulf Kaal and Craig Calcaterra, further suggests ways of deploying decentralization concepts.

Decentralized autonomous organizations (“DAOs”) are created with use of smart contracts, a blockchain-based technology, to implement more effectively democratic means of consensus and information sharing.  However, DAOs are still precarious.  Many of these have failed because of exploitation, hacks, fraud, sporadic participation, and, most importantly, lack of central leadership.  Remember, central leadership is exactly what DAOs and other decentralized proposals seek to avoid.  Ironically, in existing DAOs, without regulatory leadership, small, centralized groups of insiders tend to hold all the cards.

Some claim that federal regulation of DAOs could provide transparency and disclosure standards, authentication and background checks, and other means of structural support.  The SEC blocked American CryptoFed, the first “legally sanctioned” DAO, in the state of Wyoming.  Following the recent EO, the SEC’s position may shift.

 

Mutual Opportunity

To summarize:  The invasion of Ukraine may provide the necessary incentive for actuating decentralized or environmentalist ideologies.  EO 14067 initiates federal regulatory structure for crypto and researching blockchain implementation in the U.S.  The result could facilitate eventual decentralized and energy-conscious systems which, in turn, could facilitate resolutions to grave impending climate change troubles.  Furthermore, a new tool for gathering public consensus and expertise could shed new light on other political issues, foreign and domestic.

This sounds suspiciously like, “idea/product X will end climate change, all political disagreements, (solve world hunger?) and create global utopia,” and we all know better than to trust such assertions.

It does sound like it, but Noveck and Kaal & Calcaterra both say no, decentralization will not solve all our problems, nor does it seek to.  Instead, decentralization offers to make us, as a coordinated society, significantly more efficient problem solvers.  A decentralized organizational structure hopes to allow humans to react and adapt to situations more naturally, the way other living organisms adapt to changing environments.  We will always have problems.  Centralization, proponents argue, is no longer the best means of obtaining solutions.

In other words, one hopes that addressing critical issues in the future – like potential military conflict, economic concerns, and global warming – will not be exasperated or limited by the very structures with which we seek to devise and implement a resolution.


Corporate Cheat Codes: When Does Video Game Hype Become Securities Fraud?

By: Alex Karnopp

As production consolidates around a few key players, larger economic growth in the video game industry masks underlying corporate concerns of securities fraud. Last year, the video game industry reached an important milestone, earning the title of “world’s favorite form of entertainment.” In 2017, the video game industry generated $108.1 billion, more than TV, movies, and music. While other entertainment industries saw revenue decline, the game industry increased 10.7%. This drastic jump in revenue has made investors happy. In 2017, most companies producing hardware or software for the industry easily beat the broader market. NVIDIA, a popular graphic card producer, jumped up 80% over the year. Nintendo, similarly, saw an 86% increase. Even more drastically, Take-Two Interactive shot up 117%.

Red flags in the industry, however, indicate changes are needed to sustain growth. For one, production costs and technological innovations hinder profitability as games take longer and cost more to bring to market. Making matters worse, game fatigue remains high, meaning an audience remains focused on a game only for a small window. High development risk has led to a pattern of mergers and acquisitions – large, publicly traded companies either acquire publishing rights or development teams altogether to diversify holdings and increase profitability.

This consolidation has had interesting impacts on video game development. Publicly traded companies face tremendous pressure from investors to uphold profitability – to the frustration of developers. Developers are constantly faced with unrealistic deadlines from executives looking to maximize profit, ultimately leading to the release of low-quality games. As large game publishers learn to deal with the interplay between profit and content, they may also face legal consequences.

What may seem like “corporate optimism” to some, looks more like fraudulent misstatements to investors. In 2014, the “disastrous launch” of Battlefield 4 (which was rushed to hit the release of the PS4 and Xbox One) sent Electronic Art’s stock plummeting. As both executives and producers claimed the title would be a success, investors brought lawsuits, claiming they relied on these false statements. Similarly, the recent split between developer Bungie and Activision has led to rumors of lawsuits. Constant frustrations over sales and content finally led to a split, dropping Activision stock by more than 10%. Investors claim Activision committed federal securities law by failing to “disclose that the termination of Activision-Blizzard and Bungie Inc.’s partnership … was imminent.” As large, publicly traded publishers begin dealing with the effects of a consolidated market on content and profits, it will be interesting how courts interpret executive actions trying to mitigate missteps.


Tesla: Can the Electric Car Company Overcome Its CEO’s Erratic (and Sometimes Illegal) Behavior?

Joe Hallman, MJLST Staffer 

Elon Musk, the ingenious and at times controversial CEO of Tesla, Inc., has been a fixture in the national news cycle of late with many questioning his erratic behavior. Musk has garnered negative attention recently for incidents ranging from publicly smoking marijuana to hurling wild accusations against critics on Twitter. However, Musk’s most significant faux pas in recent months was likely a tweet that resulted in him being charged with securities fraud by the Securities and Exchange Commission (“SEC”).

On August 7, 2018, Musk tweeted “Am considering taking Tesla private at $420. Funding secured.” The SEC sued Musk in federal court on September 27 for misleading investors with his tweet. Musk settled with the SEC two days later on September 29. The terms of the settlement required Musk to pay a $20 million personal fine and step down as chairman for three years, although he was allowed to remain CEO of the company. Although not charged with fraud, Tesla also settled with the SEC for $20 million.

Tesla’s stock price plummeted shortly after the SEC’s lawsuit was filed. Tesla shares were trading at about $305 prior to the lawsuit and on September 28, the day after the SEC filed suit, Tesla’s shares dropped to about $269. However, after that initial dip Tesla’s stock rebounded, eventually closing at $341.06 on November 6.

Many have questioned Tesla’s viability as a company over the years and it has been a common short sell among investors. However, considering Musk’s curious recent behavior, the stock price has been resilient. Meanwhile, on October 24, Tesla released its 2018 third-quarter earnings report showing surprise profits and positive cash flow. The earnings report is good news for shareholders who eagerly wait to see if Musk’s electric car company can eventually turn the corner and achieve a significantly higher market cap as Musk has promised.

Although Tesla seems to have been largely unaffected by the SEC’s lawsuit and other strange behavior by Musk, other top executives of publicly traded companies will likely take notice and learn from Tesla’s tumultuous past few months. Going forward, I would expect CEO’s of high-profile companies like Tesla to be careful about Twitter usage and seek to avoid negative attention in the press.


Apple Inc. Under Continued Scrutiny After iPhone Throttling Admission

MJLST Staffer, Alex Eschenroeder

While innovative tech companies typically receive widespread attention for increasing the speed and performance of a given device, Apple Inc. has received attention in the past few weeks for exactly the opposite reason. Apple’s actions have caught the attention of consumers and consumer advocates around the world, and recently, they have caught the attention of the US Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) as well.

 

The action at issue is Apple’s intentional throttling, or slowing down, of iPhone performance. Apple apologized for its intentional throttling on December 28, 2017, in reaction to building pressure from “users and tech analysts” who noticed iPhone slowdowns. In its apology message, Apple focused on the risk of unexpected phone shutdowns resulting from the fact that “[a] chemically aged battery also becomes less capable of delivering peak energy loads, especially in a low state of charge.” Apple asserted that it addressed this risk by delivering an iOS (iPhone operating system) update that “dynamically manages the maximum performance of some system components when needed to prevent a shutdown.” In addition to providing its explanation behind the throttling in its message, Apple announced a fifty dollar discount for iPhone battery replacements. However, replacement availability has been limited, and the discount has not stopped investigations and inquiries from multiple parties.

 

Shortly after Apple’s admission, consumer and watchdog groups in France, Italy, and China, submitted questions to Apple. The French consumer group, “Stop Programmed Obsolescence,” filed a complaint in December alleging “that Apple pressures customers to buy new phones by timing the release of new models with operating system upgrades that cause older ones to perform less well.” This complaint sparked an investigation by the Paris prosecutor’s office. Another source of questioning has been from within the US Senate, as South Dakota Senator John Thune wrote a letter to Apple CEO Tim Cook that “pressed Apple for answers to a series of questions about how the company decided to throttle back iPhone processing performance in phones with older batteries.”

 

In addition to these sources of pressure, the latest major development is that the SEC and DOJ have initiated their own probes. Both the SEC and the DOJ declined to comment about their investigations. Further, “Apple acknowledged in a statement that it is responding to questions from some government agencies, though it declined to disclose which agencies or any details regarding the questions.” Thus, very little is known at this point about the substance of the investigations. Current speculation includes that, in this type of case, “the SEC could try to fault a public company for failing to make timely disclosures about material information that would affect the stock price.”

 

While a more superficial investigation is possible, it would likely leave critical questions unaddressed. Some questions I would like to vent to Apple are as follows: If Apple’s battery issues cause peak energy load delivery problems primarily in a low state of charge, why does the dynamic management system coded into iOS slow down app launch times even at or near full charge? If the iOS update manages max performance of system components when needed to prevent a shutdown, does that mean a phone that takes longer to launch any given app on any given launch is constantly at risk for shutting down? What would it mean when Apple releases code to deactivate throttling and an iPhone with previously slow app launch times doesn’t turn off immediately? How many other devices does Apple throttling apply to, and when might Apple admit to them? Looking at you, Apple Watch.

 

These questions are not expertly devised, but they represent a reality that Apple will have to grapple with in the coming months: when so many people use your product frequently, there are mountains of user experiences that could be referenced to throw any “explanation” into question. These experiences may help to debunk any likely stories that vary significantly from the truth.


Initial Coin Offerings: Buyer Beware

Kevin Cunningham, MJLST Staffer

 

Initial Coin Offerings, also known as ICOs or token sales, have become a new trend for startup companies raising capital using cryptocurrency and blockchain technology. ICOs are conducted online where purchasers use virtual currencies, like bitcoin or ether, or a flat currency, like the U.S. dollar, to pay for a new virtual coin or token created by the company looking to raise money. Promoters usually tell purchasers that the capital raised from the sales will be used to fund development of a digital platform, software, or other project and that the newly created virtual coin may be used to access the platform, use the software, or otherwise participate in the project. The companies that issue ICOs typically promote the offering through its own website or through various online blockchain and virtual currency forums. Some initial sellers may lead buyers of the virtual coins to expect a return on their investment or to participate in a share of the returns provided by the project. After the coins or tokens are issued, they may be resold to others in a secondary market.

 

Depending on the circumstances of each ICO, the virtual coins or tokens that are offered or sold may be considered to be securities. If they are classifiable as securities, the offer and sale of the coins or tokens are subject to the federal securities laws. In July 2017, the Securities Exchange Commission (SEC) issued a Report of Investigation under Section 21(a) of the Securities Exchange Act of 1934 stressing that any ICO that meets the definition of a security in the United States is required to comply with the federal securities law, regardless of whether the securities are purchased with virtual currencies or distributed with blockchain technology.

 

Since the SEC issued its July Report regarding ICOs, the Commission has charged two companies with defrauding investors. In the pair of ICOs purportedly backed by investments in real estate and diamonds, the SEC alleged that the owner of the companies, Maksim Zaslavskly, sold unregistered securities. In one instance, the SEC alleges that, despite the representations to investors of Diamond Reserve Club, Zaslavskly had not purchased any diamonds nor engaged in any business operations.

 

Issues with Initial Coin Offerings continue as the Tezos Foundation was hit with its second class-action lawsuit over its Initial Coin Offering after an ICO contributor alleged breaches of securities laws. The two cases have been filed in the California Superior Court in San Francisco and United States District Court in Florida. The Tezos ICO raised over $232 million just months ago and plaintiffs in the suit say that they have not received the promised tokens. Infighting amongst the owners of the company has led to a significant setback in the venture, which aims to create a computerized network for transactions using blockchain technology. The lawsuit alleges that contributors to the fundraiser were not told that it could take more than three years to purchase the ledger for the project’s source code. Additionally, the plaintiffs allege that the time frame was not disclosed to investors despite it being a material fact.

 

It is likely that many issuers of virtual coins and tokens will have a hard time convincing the SEC and other regulators that its coin is a merely a utility rather than a security. For many of the firms, including Diamond Reserve Club, the problem is that the tokens they are selling for the projects only exist on paper, and so they have no other function than to bring in money. Likewise, most investors currently buy tokens not for their utility, but because they are betting that on an increase in the value of the virtual currency. It seems that this will not be an issue that will be resolved quickly and it is likely that heightened regulatory scrutiny will come due to the continuing claims against ICOs for companies like Tezos.


Why Equity-Based Crowdfunding Is Not Flourishing? — A Comparison Between the US and the UK

Tianxiang Zhou, MJLST Editor

While donation-based crowdfunding (giving money to enterprises or organizations they want to support) is flourishing on online platforms in the US, the equity-based crowdfunding (funding startup enterprises or organizations in return for equity) under the JOBS Act is still staggering as the requirements are proving impractical for most entrepreneurs.

Donation-based crowdfunding is dominating the major crowdfunding websites like Indiegogo, Kickstarter, etc. In March, 2017, Facebook announced that it will introduce a crowdfunding feature that will help users back causes such as education, medical needs, pet medical, crisis relief, personal emergencies and funerals. However, this new crowdfunding feature from Facebook has nothing to do with equity-based crowdfunding; it is only used for donation-based crowdfunding. As for the platforms specialized in crowdfunding,  equity-based crowdfunding projects are difficult to find. If you visit Kickstarter or Indiegogo, most of the crowdfunding projects that appear on the webpages are donation-based crowdfunding project. As of April 2, 2017, there are only four active crowdfunding opportunities appearing on the Indiegogo website that are available for investors. The website stated that “more than 200 (equity-based) projects funded in the past.” (The writer cannot find an equity-based crowdfunding opportunity on Kickstarter or a section to search equity-based crowdfunding opportunities.)

The reason why equity-based crowdfunding is not flourishing is easily apparent. As one article points out, the statutory requirements for Crowdfunding under the JOBS Act “effectively weigh it down to the point of making the crowdfunding exemption utterly useless.” The problems associated with obtaining funding for small businesses that the JOBS Act aims to resolve are still there with crowdfunding: for example, the crowdfunding must be done through a registered broker-dealer and the issuer have to file various disclosure statement including financial statement and annual reports. For smaller businesses, the costs to prepare such reports could be heavily burdensome for the business at their early stage.

Compared to crowdfunding requirements in the US, the UK rules are much easier for issuers to comply with. Financial Conduct Authority (FCA) introduced a set of regulations for the peer-to-peer sector in 2014. Before this, the P2P sector did not fall under any regulatory regime. After 2014, the UK government requires platforms to be licensed or to have regulated activities managed by authorized parties. If an investor is deemed a “non-sophisticated” investor constraints are placed on how much they are permitted to invest, in that they must not invest more than 10% of their net investable assets in investments sold via what are called investment-based crowdfunding platforms. Though the rules require communication of the offers and the language and clarity of description used to describe these offers and the awareness of the risk associated with them, much fewer disclosure obligations are required for the issuers such as the filing requirements of annual reports and financial statement.

As a result, the crowdfunding market in the UK is characterized as “less by exchanges that resemble charity, gift giving, and retail, and more by those of financial market exchange” compared with the US. On the UK-based crowdfunding website Crowdcude, there are 14 opening opportunities for investors as of April 2, 17, and there were 494 projects funded. In comparison, the US-based crowdfunding giant Indiegogo’s statement that “more than 200 projects funded in the past” is not very impressive considering the difference between the sizes of the UK’s economy and the US’ economy.

While entrepreneurs in the US are facing many obstacles in funding through equity-based crowdfunding, the UK crowdfunding websites are now providing more equity-based opportunities to the investors, and sometimes even more effective than government-lead programs. The Crowd Data Center publicized a report stating that seed crowdfunding in the UK is more effective in delivering 40% more funding in 2016 than the UK government funded Startup Loans scheme.

As for the concern that the equity-based fraud funding involves too much risk for “unsophisticated investors,” articles pointed out that in countries like UK and Australia where lightly regulated equity crowdfunding platforms welcomed all investors, there is “hardly any instances of fraud.” While the equity-crowdfunding JOBS Act has not failed to prove its efficiency, state laws are devising more options for the issuers with restrictions of SEC Rule 147. (see more from 1000 Days Late & $1 Million Short: The Rise and Rise of Intrastate Equity Crowdfunding). At the same time, the FCA stated that it will also revisit the rules on crowdfunding. It would be interesting to see how the crowdfunding rules will evolve in the future.


A New Option for Investors Warry of High Frequency Trading

Spencer Caldwell-McMillan, MJLST Staffer

In his recent paper, The Law and Ethics of High Frequency Trading, which was published in the Minnesota Journal of Law, Science, and Technology Issue 17, Volume 1, Steven McNamara examined the cost and benefits of a high frequency trading (HFT) on stock exchanges. He observed that problematic practices such as flash orders and colocation can provide HFT firms with asymmetrical information compared to retail or even sophisticated institutional investors.

In June, a new type of exchange was approved by the Securities and Exchange Commission (SEC). IEX Group Inc. was granted exchange status from the SEC. Before this designation the firm was handling less than 2% of all equity trades, with this new designation the exchange is likely to see volume increase as orders are routed to the exchange. IEX uses 38 miles of looped fiber optic cable to combat some of the information asymmetry that HFT firms exploit. IEX uses this coil to slow incoming orders down by about 350 microseconds. This is roughly half the time a baseball makes contact with a baseball bat. While this may seem like an insignificant amount of time, the proposal proved extremely controversial. The SEC asked for five revisions to IEX application and released the decision at 8 PM on a Friday.

This speed bump serves two purposes: to stop HFT firms from taking advantage of stale prices found on IEX orders and to prevent them from removing liquidity on other exchanges so that IEX’s customer are unable to fill their orders. Critics of this system claim that the speed bump violates rules that requires exchanges to fulfill orders at the best price. However, IEX pushes back on these points to arrangements like colocation that allows firms to pay for faster access to markets by buying space on the servers of the stock exchanges. These policies allow HFT firms to get information faster than even the most sophisticated investors because of their proximity to the data. IEX began operations as an exchange in August and time will tell whether it can generate profits without compromising their pro-investor stance.

This debate is likely to continue long after public attention has faded from HFT. Institutional investors are the most likely beneficiaries of these changes, in fact, in a letter to the SEC the Teacher Retirement System of Texas, claimed that using IEX to process trades could save the fund millions of dollars a year. More recently, Chicago Stock Exchange has submitted a proposal to include a similar speed bump on its exchange. Taken together these two exchanges would represent a small fraction of the order volume being processed by U.S. exchanges but these changes could have a lasting impact if they drive institutional investors to change their trading behavior.