Last updated on June 18, 2020
Regulatory enforcement empowered by Whistleblowers
The two U.S. regulators SEC and CFTC have announced recently that they have paid out a total of $610 million to whistleblowers since the introduction of their respective whistleblower programs. These whistleblower programs, which are based on the Dodd-Frank Wall Street Reform and Consumer Protection Act, provide for whistleblowers to receive money from the regulators for information that leads to successful enforcement actions resulting in the imposition of monetary sanctions.
Whistleblowers are entitled to awards ranging from 10 to 30 percent of the monetary sanctions collected. Since 2011, whistleblower tips have enabled the SEC to recovery $1 billion in financial penalties from wrongdoers.
Regulators act as investors’ advocates
As a result of these whistleblower programs, insiders such as employees, partners, or co-owners are financially motivated to report information about violations of the law, fraud to investors, or securities fraud. This, in turn, is in the very best interest of shareholders, stakeholders, and client-victims.
With the help of motivated whistleblowers, regulators are forced and empowered to act against wrongdoers. The U.S. regulators themselves file lawsuits and fraud complaints and take direct action against suspected perpetrators. Moreover, whistleblowers are protected by law, e.g. their identity must not be disclosed retaliation by employers against them is prohibited.
Overall, these whistleblower programs have an effect that is good for the health of the financial markets. With this effect, scams can be countered preventively, but also in law enforcement.An effect that also fights cybercrime and scams.
Cozy European Regulators
In the EU there is no central regulatory authority with competence over all jurisdictions and/or regulatory regimes of its member states. There is also no such thing as a supranational (federal) Regulatory Rulebook and certainly no whistleblower program with financial incentives for whistleblowers and regulators.
Definitely, there is a dangerous lack of the scope of action in the European regulatory scene compared to the US regulatory regime. There is no motivation for insiders to report securities fraud, financial cybercrime, or regulatory violations. The EU regulators, therefore, lack both the pressure to act and the information to act at all. As a result, the EU financial market regulators appear to be toothless and cozy. As a result, European consumers and retail investors are helplessly exposed to scammers and cybercriminals.
With the Brexit, the EU also loses the UK FCA, which used to be one of the most active and aggressive regulators in the EU. The German BaFin, the Austrian FMA as well as their fellow regulators in Estonia, Bulgaria, or Hungaria are harmless to the point of gross negligence regarding investor protection and financial market security.
Lonely EU Victims
Retail investors are exposed to much higher risk in the EU than in the US, not because Americans are nicer and less criminal, but because regulators in the EU do not see themselves as advocates for retail investors. Even in the case of proven and/or publicly disclosed offences, the respective victims must sue at their own expense and risk. This costs a lot of money and requires a lot of experience. The scammers and cybercriminals know this too.
A common financial market with license passporting is a great thing, really, but without efficient supervision, it is an extremely dangerous environment for retail investors while it’s a great opportunity for scammers. Retail investors and victims are rather lonely in the EU.
The CySEC Issue
The Cypriot CySEC is a special case within the EU regulatory scene. It is an open secret that especially Israeli but also Russian financial “entrepreneurs” have a close relationship with the CySEC. As recently seen in the case of Rodeler, F1Markets, or Hoch Capital, the CySEC either does not act at all or only with delay on offenses of their protégés. In this case, only after two other EU regulators barred CySEC-regulated entities and brands for their respective jurisdictions, CySEC felt forced to take action. Insiders have long been aware of the real situation with Rodeler et al and CySEC received many victims notifications and whistleblower messages. In the worst case, fines are imposed that are ridiculous. In many cases, the CySEC acts like an anti-thesis for efficient compliance watchdog approach and investor protection.
Thus Cyprus and CySEC have indeed made themselves part of the threat to the EU small investors.
EU Politicians and regulators still have a long way to go on the road to a digital post-COVID-19 society, for example, to ensure that the now promoted home office environment does not become a single cybercrime disaster.