The U.S. Securities and Exchange commission announced last week that global banks Barclays and Credit Suisse would pay a record total of more than $154 million to settle allegations over “dark pool” trading. In other recent GRC news, retailers continue to face EMV chip hurdles months after new payment card standards went into effect; and the U.S. and European Union have reached a data transfer agreement.
Barclays and Credit Suisse settle ‘dark pool’ cases
Last week, Barclays PLC and Credit Suisse Group AG agreed to pay a total of $154.3 million to settle federal and state charges that the global banks misled investors with “dark pools,” or private trading platforms where exchanges are not visible to other traders until they are executed. The two settlements are the largest fines ever paid associated with cases that involve dark pool trading, according to a statement by the SEC.
Both banks were charged with misinforming its investors about how their exchanges were monitored in these private venues. Barclays didn’t convey enough information to its clients about how it policed its dark pool’s high-frequency trading, while Credit Suisse did not disclose to investors that the bank systematically prioritized routing orders to its dark pool trading platforms over other venues, according to the SEC’s statement.
“The SEC will continue to shed light on dark pools to better protect investors,” SEC chairperson Mary Jo White said in the statement. New York Attorney General Eric Schneiderman also said at a press conference that his office will continue ongoing investigations into dark pools.
Retailers face EMV chip challenges
On October 1, 2015, new payment standards went into effect requiring retailers to process payment cards embedded with an EMV chip to help reduce the risk of payment data being stolen. It also shifted risk from banks to retailers: The new rules state that merchants who failed to set up chip-enabled terminals could be liable for fraudulent transactions.
Greg Buzek, president of retail consultancy IHL Services, wrote in a blog post that only 8.5% of merchants are currently equipped to process the chip cards. Buzek added that the EMV mandate “forces a tax” on retailers because it slows transaction times and does not validate whether the chip card user is the legitimate owner of the card, which “does absolutely nothing for online or mobile fraud,” he wrote.
Furthermore, IHL’s research found that retailers are getting charged for fraudulent transactions due to lost and stolen cards, which, according to the new EMV guidelines, they should not be liable for. This has spurred retailers to create audit trails to protect themselves from these inappropriate charges, making them even more of a target for data breaches and theft, Buzek argued.
U.S. and E.U. authorities reach data transfer deal
Authorities from the E.U. and U.S. have reached an agreement to remove data transfer restrictions for European and U.S. companies. The deal will replace safe harbor, the former agreement between the U.S. Department of Commerce and the EU that had allowed over 4,000 companies to bypass EU data transfer rules and move EU citizens’ personal data across the Atlantic. This framework was struck down last year because of U.S. surveillance concerns.
The agreement would prevent legal action against companies, according to EU regulators. Sources told Reuters that the agreement would include more robust oversight of companies’ compliance of EU data protection laws, and that the U.S. access to EU citizens’ data would be subject to limitations.