I. Investment Advisers

A. Adherence to Fiduciary Standards of Conduct

• The Division will review advisers’ adherence to both the duty of care and duty of loyalty obligations (as defined under the Investment Advisers Act of 1940 and related rules). SEC+1
• Key focus areas:
  • The influence of advisers’ financial conflicts of interest on providing impartial advice. SEC
  • Whether advisers appropriately consider the relevant factors when recommending or providing advice, including: cost, investment product or strategy objectives and characteristics (e.g., liquidity, lock-up periods, volatility), the likely performance in varying market/economic conditions, time horizon, cost of exit. SEC
  • Whether advisers seek best execution (for client trades) with the goal of maximizing value for clients under the circumstances of the transaction. SEC
• Investment products/strategies flagged for special attention:
  • Alternative investments (e.g., private credit, private funds with long lock-ups). SEC+1
  • Complex investments (e.g., ETFs wrapping less liquid underlying strategies, option-based ETFs, leveraged/inverse ETFs). SEC+1
  • Products that carry higher investing costs (e.g., high commissions or higher investment expenses compared to similar products). SEC+1
• Advisers to specific investor groups or with particular business models:
  • Advisers recommending to older investors / those saving for retirement (and likely to have longer horizons, possibly less liquidity). psca.org+1
  • Advisers to newly launched private funds; advisers that have not previously advised private funds (looking at valuation, liquidity, fees, side letters, differential treatment of investors). SEC+1
  • Advisers that are dually registered as broker-dealers, or where an adviser uses third-parties to access client accounts (creating potential conflicts). SEC
  • Advisers that have recently merged or been acquired, where operational/compliance risks may increase. SEC

B. Effectiveness of Advisers’ Compliance Programs

• The SEC will review advisers’ compliance programs (policies, procedures) across core areas: marketing, valuation, trading, portfolio management, disclosures/filings, custody. SEC
• The inquiry will include whether the compliance policies/procedures are implemented and enforced, not just on paper. SEC
• Conflicts of interest: whether the disclosures address fee-related conflicts, particularly in connection with adviser compensation structures, account/product structuring. SEC
• Examinations may focus on advisers whose business models/operations are changing (e.g., offering new asset types, using new technology) to see whether the compliance programs remain appropriate. SEC

C. Never-Examined Advisers and Recently Registered Advisers

• The Division continues to prioritise examinations of advisers that have never been examined and those that are recently registered. SEC+1
• The rationale: to encourage the establishment and maintenance of robust compliance programs early in their lifecycle. SEC

II. Investment Companies (Mutual Funds, ETFs, etc)

• The SEC continues to prioritise examination of registered investment companies (“RICs”) because of their importance to retail investors and retirement-savings vehicles. SEC+1
• Typical examination scope: compliance programs, disclosures and filings (e.g., summary prospectus), governance practices. SEC
• Specific operational/strategic areas of focus:
  • Funds that participate in mergers or similar transactions — operational and compliance challenges associated with those. SEC
  • Funds employing ** less liquid or illiquid investments**, or complex strategies (for example closed-end funds, funds using leverage) — valuation, liquidity and conflict-of-interest issues. SEC+1
  • Funds with novel strategies or investments, including those with leverage vulnerabilities. SEC
• As with advisers, priority also given to funds that have never been examined or are newly registered. SEC

III. Broker-Dealers

A. Financial Responsibility and Customer Protection

• The SEC will examine broker-dealers for compliance with rules such as net capital, customer protection, liquidity and resiliency (especially with third-party vendors, cash-sweep programs, prime brokerage). SEC+1
• Focus on operational/compliance risks: e.g., vendor-risk management, counterparty risk, liquidity risk. SEC+1

B. Trading-Related Practices and Services

• Reviews will cover extended hours trading, municipal securities (including variable rate demand obligations/rate-reset VRDOs) and other fixed income trading practices. SEC
• Order routing and execution practices: best execution, pricing of illiquid instruments, alternative trading systems. SEC
• For example, whether broker-dealers appropriately rely on the bona fide market-making exception under Regulation SHO. SEC

C. Retail Sales Practices, Including Compliance with Regulation Best Interest (Reg BI)

• Broker-dealers will be examined for whether recommendations are in clients’ best interests (not placing broker’s interests ahead of the client’s) and whether disclosures (e.g., Form CRS) are appropriate. Stinson+1
• Particular focus: recommendations to older investors, those saving for retirement or college; product menus; limited product offerings; suitability in context of client’s background and investment objectives. psca.org+1

IV. Self-Regulatory Organisations (SROs) / Market Infrastructure

• The SEC will examine entities like national securities exchanges, clearing agencies, and entities subject to the Regulation Systems Compliance & Integrity (SCI) regime for compliance with rules, vendor/operational risk, incident-response, etc. SEC
• For designated systemically important clearing agencies: risk management, liquidity/default management, vendor/operations. SEC

V. Other Market Participants

• Municipal advisors: The Division will review whether they meet fiduciary duties to municipal entity clients (e.g., advice on pricing/methods of sale of municipal securities) and comply with core standards of conduct (e.g., Municipal Securities Rulemaking Board Rule G-42). SEC
• Transfer agents: Focus on processing of items/transfers, safeguarding funds/securities, record-keeping/retention, and compliance with amended Regulation S-P for covered institutions (incident response program, vendor oversight). SEC
• Funding portals: For entities operating as funding portals (under the Jumpstart Our Business Startups Act a/k/a “JOBS Act”), Examination will review arrangements with third-parties for investor funds, policy/procedure design, and once the compliance date hits, adequacy of incident-response, vendor oversight under Reg S-P. SEC
• Security-based swap dealers (SBSDs) and SBSEFs: The Division will focus on SBSDs for compliance with reporting obligations (e.g., under Regulation SBSR), margin/capital/segregation; SBSEFs will be examined for rules and internal procedures for trade monitoring, trade processing, participation oversight. SEC

VI. Risk Areas Impacting Various Market Participants (Cross-Cutting Risks)

A. Information Security & Operational Resiliency

• Cybersecurity remains a major priority: registrants’ ability to prevent interruptions, protect investor information and assets, governance practices, data loss prevention, access controls, incident-response (including ransomware). SEC+1
• Compliance with Regulations S-ID (identity theft) and S-P (safeguards rule, disposal rule, incident-response obligations) for covered institutions: ensuring policies/procedures for vendor oversight, incident response. SEC

B. Emerging Financial Technology

• Focus on registrants’ use of automated investment tools, AI, trading algorithms/platforms, and alternative data sources. SEC+1
• Key themes:
  • Whether representations about a firm’s AI capability are accurate.
  • Whether the records and disclosure are consistent with how the tools are used.
  • Whether the automated advice/recommendations align with investors’ profiles, strategies and regulatory obligations (especially for retail and older investors). AInvest+1

C. Regulation Systems Compliance & Integrity (SCI)

• For entities subject to the SCI regime: examinations will review incident-response programs, vendor risk, oversight of indirect systems, and whether confidence in market infrastructure (e.g., exchanges, clearing) is maintained. SEC

D. Anti-Money Laundering (AML)

• The Division will review whether broker-dealers and certain registered investment companies have AML programs appropriately tailored to their business, including: independent testing of the program; customer identification programs (including beneficial owner identification of legal-entity customers); suspicious-activity reporting; and sanctions compliance. SEC

VII. Compliance with New Rules and Regulatory Developments

• The 2026 priorities emphasise compliance with newer regulatory requirements, for example the 2024 amendments to Regulation S-P (privacy of consumer financial information and safeguarding customer information) which apply to investment advisers, investment companies, broker-dealers, transfer agents, funding portals. SEC
• Firms should monitor how changing market operations, product innovation, business model shifts, and technology use align with evolving expectations of the SEC’s examiner program (which uses risk-based strategies) rather than checking “off the list”. SEC

Key Implications for Firms

• Firms should review and update their conflict-of-interest frameworks, disclosures, compliance programs (especially for newer or alternative business lines).
• Firms offering products to older investors or retirement‐savers should pay particular attention to whether product recommendations align with investor objectives, risk tolerance, and cost/exit liquidity.
• Firms using alternative or illiquid strategies, private credit, ETFs with complex strategies, should examine their valuation, liquidity, fee, and disclosure practices in light of heightened scrutiny.
• Firms using AI/automation/trading algorithms must ensure their representations are accurate, oversight is in place, controls exist, and disclosures align.
• Firms acting as or relying on third-party vendors (custody, access, data, platforms) should ensure their vendor-risk management, incident response, cyber-security, identity-theft programs are robust and documented.
• Firms that are newly registered or have never been examined should treat this as an opportunity to build strong compliance programs rather than hope to avoid review.
• Firms should note that crypto/digital-asset specific language is less prominent in this year’s priorities (though not eliminated as an area of exam focus).* cryptoslate.com+1

* While the document does not highlight crypto as its own category, that does not mean crypto-related activity is exempt from review; rather, it’s subsumed under broader risk categories.

      I.            Background

First Trust has operated as a wholesale distributor of securities issued mainly by affiliated investment companies since 1991. It employs approximately 700 registered representatives across four branch offices nationwide.

   II.            The Violations: What Went Wrong?

A.    Unauthorized and Excessive Gifts

First Trust wholesalers routinely provided lavish perks that far exceeded FINRA’s annual $100 per person non-cash gift limit. These included:

• Multiple instances of courtside basketball tickets valued at around $3,200 per pair, given without an accompanying First Trust employee.
• Tickets to a Broadway musical costing more than $1,800, again without firm accompaniment.
• Bottles of alcohol priced at $400 or higher, given repeatedly to client representatives.
• Luxury suite tickets for NBA and NHL playoff and professional football games worth tens of thousands of dollars.

Additionally, one representative received over $31,000 in tickets and entertainment within 18 months, such as NBA All-Star game luxury suite access. Another was given more than $50,000 in gifts and entertainment over a four-year period, including meals, concerts, and golf outings, with seventeen events exceeding $21,000 in one year.

Furthermore, six wholesalers explicitly linked gifts to sales targets, such as promising hockey game tickets contingent on a broker selling $1 million in Unit Investment Trusts (UITs) or offering to pay for future events if sales goal of $1 million to $10 million were achieved.

These actions violate FINRA Rules 2341(l)(5) and 2010, which prohibit excessive gifts and sales-based inducements.

B.     Falsification of Expense Reports and Records

More than 40 expense reports were falsified involving more than $650,000. Violations included:

• Listing deceased or inactive individuals as attendees.
• Omitting actual attendees from reports to lower apparent costs.
• Coordinating false reports through private texts, evading firm surveillance.

Supervisors occasionally advised wholesalers on how to disguise true expenses, violating FINRA Rules 4511 and 2010, Section 17(a) of the Securities Exchange Act of 1934, and Exchange Act Rule 17a-3.

C.    Failure to Accurately Report to Client Firms

First Trust submitted at least 25 quarterly reports to client firms, understating or omitting non-cash perks benefits over $500,000, including a failure to report luxury suite tickets costing $20,000 for football games in late 2019. Despite improvements after October 2021, some omissions continued, violating FINRA Rule 2010.

D.    Lack of Adequate Supervision Supervisory Failures

Despite having written policies, First Trust failed to supervise the provision and reporting of non-cash compensation properly. The supervisory system relied on wholesalers’ unverified self-reporting and permitted modifying approved reports without internal checks. Notably, the firm failed to supervise Firm-paid tickets prior to October 2021, significantly compounding compliance failures.

These supervisory failures violated FINRA Rules 3110(a), 3110(b), and 2010.

III.            Remedial Actions Taken by First Trust

To address these issues, First Trust implemented several corrective measures, including:

• Establishing a dedicated compliance audit function reporting directly to executive management focused on non-cash compensation and sales practices.
• Enhancing tracking systems for event ticket distributions.
• Disciplining employees through suspensions without pay, fines, and increased supervision.

IV.            Sanctions and Undertakings

First Trust agreed to:

• A censure.
• A $10 million fine.
• An undertaking mandating the firm’s senior management, identified as a registered principal, to certify annually for three years that it complies with FINRA Rules 2010, 2341, 3110, and 4511 as well as Exchange Act 17(a) and Exchange Act Rule 17a-3.

The firm voluntarily waived any right to claim an inability to pay, now or at any time after the execution of this AWC, the monetary sanction imposed in this matter.

   V.            Why This Matters?

This case underscores the importance of ethical practices and cautious supervision in brokerage operations. It reflects FINRA’s dedication to protecting investors by holding firms accountable for improper gift and entertainment practices that may skew financial advice.

For firms operating in the securities industry, First Trust’s penalty is a stark reminder to maintain transparent records, enforce reasonable gift limits, and foster a culture of compliance to ensure trusted client relationships and market integrity. The statements in this blog post are allegations as set forth in the AWC.

Herskovits PLLC represents broker-dealer and registered persons in defense of FINRA investigations and disciplinary actions.  Feel free to contact us for a consultation at (12) 897-5410.

FINRA recently released Regulatory Notice 22-18, reminding firms about their obligation to supervise registered representatives to prevent falsification of digital signatures. FINRA’s guidance comes on the heels of multiple investigations concerning instances when registered representatives forged or falsified client signatures on account transfer documentation or on disclosure forms, “acknowledging a products alignment with the customer’s investment objective and risk tolerance . . . .”

FINRA’s notice explains the varied methods used to forge or falsify electronic signatures and how firms can thwart such forgeries or detect them after the fact. Generally, electronic signatures have an audit trail with identifying information such as the recipient’s IP address and e-mail address. Financial advisors have been admonished for sending documents to their personal e-mail addresses or to an assistant to sign the documents themselves. Firms also found instances where documents were sent to an IP address that was the same as the registered representative or that was inconsistent with the customer address on file. Sometimes representatives sent e-mails to the e-mail address associated with an outside business activity. FINRA’s guidance recommends that firms review correspondence to look for these red flags.

FINRA reports that, in some cases, administrative staff raised issues to management about pressure by representatives to manipulate the digital signature process. FINRA encourages training for such staff to encourage them to resists such pressure.

FINRA noted that some firms use an authentication process that asks the customers to answer certain questions to authenticate their signatures. The problem, however, is that representatives have been able to circumvent this process because they have enough information about the customer to answer the questions themselves. FINRA warns firms from relying solely on such authentication processes for supervision.

Of course, FINRA’s position and guidance make sense when a registered representative is trying to deceive their customer. FINRA, however, states that, “[f]orgery occurs when one person signs or affixes, or causes to be signed or affixed, another person’s name or initials on a document without the other person’s prior permission.” FINRA goes on to state that forgery is a violation of FINRA Rule 2010. FINRA’s definition of forgery does always line up with state law. For example, in New York and New Jersey, the crime of forgery requires an intent to defraud. The Model Penal Code adopted by many states also requires an intent to defraud or injure to establish forgery. So if a representative electronically signs a customer’s document solely for the customer’s convenience they have not committed forgery. For example, imagine that a customer mails a check to fund their account but forgets to endorse it. The registered representative decides to sign the customer’s name and deposit the check to avoid any delay in getting the money into the account. The registered representative is not guilty of forgery but we know that FINRA still deems this a violation of FINRA Rule 2010.

FINRA also states that it is only forgery when done “without the other person’s permission.” Is FINRA saying that a registered representative can sign a document on behalf of a customer, electronically or otherwise, if they have the customer’s permission? That seems doubtful. As a practical matter, every firm likely has a policy against letting registered representatives sign documents even with a client permission so it is not a wise thing to do. A violation of a firm policy, however, is not necessarily a violation of FINRA Rule 2010. “A FINRA Rule 2010 violation requires either bad faith or a breach of ethical norms in the industry. In the context of Rule 2010 violation, the SEC has defined bad faith as a dishonest belief or purpose, and unethical conduct as conduct inconsistent with the moral norms or standards of professional conduct.”[1] It would seem that when it comes to forgery and Rule 2010, FINRA should start differentiating between bad faith behavior designed to harm or deceive a customer and behavior that is solely to avoid inconveniencing a customer.

Herskovits PLLC has a nationwide practice defending against FINRA investigations and disciplinary proceedings. Feel free to contact us at (212) 897-5410.

[1] Dep’t of Market Reg. v. Paul C. Dotson, 2015 FINRA Discip. LEXIS 47, at *83 (OHO Aug. 7, 2015) citing Blair Alexander West, Exchange Act Release No. 74030, 2015 SEC LEXIS 102, at *20 (Jan. 9, 2015) and Edward S. Brokaw, Exchange Act Release No. 70883, 2013 SEC LEXIS 3583, at *33 (Nov. 15, 2013).

Most financial industry professionals are familiar with the prohibition on “selling away,” the somewhat ambiguous term contemplated by FINRA Rule 3280. FINRA Rule 3280 states that, “[n]o person associated with a member shall participate in any manner in a private securities transaction except in accordance with the requirements of this Rule.” Among other things, the Rule requires a financial advisor to provide written notice prior to participating in a private securities transaction even when the financial adviser receives no compensation.

While it is generally understood that FAs cannot sell securities to customers that are not offered by their broker-dealer without first receiving permission from the broker-dealer, much of the guidance around this rule focuses on what qualifies as a private securities transaction (a term that is arguably poorly defined in the Rule). Many financial advisers, however, are unaware of how broadly FINRA interprets what it means to “participate” in a private securities transaction.

FINRA recently made a determination (not yet publicly released) that a registered representative “participated” in a private securities transaction because he; a) set up a zoom conference call between the outside fund manager and the investor, b) forwarded the original offering materials to the investor, and c) forwarded amended offering materials approximately a year after the original investment.

To support the determination that this level of involvement constituted participation, FINRA’s Staff cited a footnote in a 21-year-old notice to members which states the following:

Associated persons are reminded that “participation” in a securities transaction includes not only making the sale, but referring customers, introducing customers to the issuer, arranging and/or participating in meetings between customers and the issuer, or receiving a referral or finder’s fee from the issuer.

NTM 01-79 n. 7.

FINRA’s Staff also cited In the Matter of the Application of Mark H. Love, Exchange Act Release No. 49248 (Feb 13, 2004). In Love, the financial adviser introduced several customers to the manager of a fund but the SEC found he did much more than just pass along a telephone number. “He effectively vouched” for the fund manager. Love told at least one client that he was personally interested in investing in the fund. Love also facilitated transfers of funds from his client’s brokerage accounts to the fund and when the fund became illiquid, Love interceded on his clients’ behalf.

The SEC in Love emphasized that the word “participate” should be read broadly. To support this, however, the Commission cited to two SEC actions involving reps who received compensation for referring customers to an outside investment. Thus, the question of their participation was never really in question at all.

Most interestingly, the SEC said the following:

we wish to emphasize that a broker who does nothing more than refer a customer to another investment opportunity should not ordinarily run afoul of Rule 3040 [now Rule 3280], where, as here, the broker becomes involved in a customer’s investment choice through a specific recommendation and by facilitating the mechanics of transactions, we believe that such participation fits within the broad range of behavior prohibited by Rule 3040.

(Emphasis added). This seems to directly contradict the footnote cited by FINRA in NTM 01-79 which states that merely “introducing customers to the issuer” could be deemed “participation.”

While the current guidance from regulators is far from clear, there are some common elements in instances in which regulators found that financial advisors violated FINRA Rule 3280 even when the financial advisors did not receive compensation or invest in the securities themselves. Here are some examples of actions that lead to a finding of “participation:” a) facilitating the investment by moving funds from the clients’ brokerage accounts or by delivering checks, b) delivering offering documents to or from the outside issuer, c) indicating that the adviser is interested in the investment, or d) acting as an intermediary between the issuer and the clients.

Ultimately, as in most compliance related matters, it always wise not to leave yourself at the mercy of how the regulators interpret a word such as “participate.” It is also wise not to take the SEC statement at face value that, “a broker who does nothing more than refer a customer to another investment opportunity should not ordinarily run afoul of Rule 3040.” Financial advisers should trust that FINRA will always find “something more” than a mere introduction and require disclosure of such introductions, in writing, to their firm.

Herskovits PLLC has a nationwide practice defending FINRA investigations and disciplinary proceedings. Feel free to contact us at (212)897-5410.

We are all painfully aware of the recent volatility in the markets, which has not gone unnoticed by the SEC. On March 14, 2022, the Staff of the Division of Trading and Markets stated that “broker-dealers should collect margin from counterparties to the fullest extent possible in accordance with any applicable regulatory and contractual requirements.” We shall see whether Wall Street acts upon the SEC’s guidance, and whether investors are caught flat-footed by stepped-up maintenance margin requirements.

Regulatory and Contractual Requirements

The regulatory requirements for margin are set forth in FINRA Rule 4210. Although the rule is lengthy, and incorporates other rules including Federal Reserve Board Regulation T, the essence of the rule allows a broker-dealer to lend a customer up to 50% of the total purchase price of an eligible stock. A margin call may be issued if the margin account falls beneath the maintenance margin requirements (generally 25% of the current market value of the securities in the account) or if the margin account falls below the firm’s “house” maintenance margin requirements (which can be substantially higher than 25%). Brokerage firms can, and often do, upwardly adjust “house” maintenance margin requirements if the firm has risk concerns relating to outstanding margin loans. Most margin account agreements specifically permit broker-dealers to increase maintenance margin requirements at the sole discretion of the firm. In light of the SEC’s recent guidance, it seems likely that broker-dealers will act upon its contractual rights and demand enlarged collateral from customers to protect its margin loans.

More Volatility Expected

A primary gauge of stock market volatility is the CBOE Volatility Index (VIX). The VIX volatility index measures how much volatility professional investors think the S&P 500 will experience over the coming month. The VIX index tracks volatility by analyzing trading in S&P 500 options. As a general proposition, a VIX index of 12 or lower is a period of low volatility and a VIX index of 20 or higher is abnormally high volatility. Currently, the VIX index currently sits at 31.04, which is approximately double where it sat in early January 2022.

Increase in FINRA Arbitration Claims?

Undoubtedly, any sizable increase maintenance margin requirements will trigger margin calls. That, coupled with abnormal market volatility, is a recipe for increased FINRA arbitration claims. Investors will point fingers at brokerage firms over suitability and brokerage firms will point fingers at investors for any unsecured debit balances.

Herskovits PLLC has a nationwide practice defending and prosecuting claims in FINRA arbitration. Feel free to call us for a consultation at (212) 897-5410.

A New York couple, Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, were recently arrested in connection with the theft of approximately 120,000 Bitcoin from the Bitfinex exchange in 2016. The couple was charged however, not with computer hacking and theft but of violating 18 U.S.C. § 1956(h) (Money Laundering Conspiracy) and 18 U.S.C. § 371 (Conspiracy to Defraud the United States).

Famously, in 2016 someone hacked into the Bitfinex platform and engaged in roughly 2000 unauthorized transactions by which they transferred the Bitcoin out of Bitfinex to a digital wallet. Maybe it was Lichenstien and Morgan maybe not. This is another example that shows that, despite the secure nature of the blockchain to prevent fraud and theft, any exchange where you can trade Bitcoin can be a weak link. The 2016 heist was the largest but there have been a string of Cryptocurrency thefts from trading platforms that are just increasing in number each year.

See https://techcrunch.com/2021/06/02/what-10m-in-daily-thefts-tells-us-about-crypto-security/

A Department of Justice press release quoted Deputy Attorney, General Lisa O, Monaco, regarding the arrest and seizure who stated, “[t]oday’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” Also quoted was Assistant Attorney General, Kenneth A. Polite Jr., who said, “[t]oday, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system.”

This is not the first time that the government has been able to track Bitcoin transactions back to criminals. Perhaps most famously, the government was able to track the Colonial Pipeline hackers/blackmailers, known as Darkside, who disabled the pipeline and then sought to be paid their ransom in Bitcoin. In that case, the FBI announced seizure of the Bitcoin in less than a month after the payment was made.

This most recent seizure is the largest in Bitcoin history but why did it take six years to catch Lichtenstein and Morgan? Also, if the couple stole $4.6 worth of Bitcoin and the government seized $3.5 billion, what happened to the other $1.1 billion? Is it waiting somewhere for the relatively young couple when they get out of jail?

The answer to the first question is likely that the delay was caused by the sheer amount of data that the government needs to sift through to track these transactions. On the one hand, every single transaction in the history of Bitcoin’s operations is on an open ledger that can be tracked. However, the ledger contains thousands upon thousands of transactions and the identity of the person behind each transaction is not part of the ledger. A reading of the government’s statement of facts shows the very complicated web that Lichtenstein and Morgan wove to try and launder their stash. To combat these schemes, the government has hired private contractors who have built analytics programs to track these transactions. It can be assumed that this capability has increased dramatically since 2016.

The answer to the second question is not apparent from the Department of Justice’s filings. There is no indication that the couple was able to launder and spend $1.1 billion. In fact, they resorted to converting some of the Bitcoin into a $500 Walmart gift card. That is not an easy way to spend over a billion dollars. So the answer remains, where is the rest of it?

Also unclear at this stage is whether the Bitfinex customers from whom the Bitcoin was stolen are going to receive restitution. Restitution in federal criminal cases is a matter of statute. Federal crimes of violence, fraud, or property loss will usually require a sentencing court to order restitution. In the present case, the crimes of money laundering and fraud against the United States may not require a court to order restitution to the account holders at sentencing. Of course, the court can always order restitution at its discretion.

Several commentators have noted that the couple was not charged with the actual hacking of the Bitfinex and have pondered whether the hacker is still out there. A possible explanation, however, is that for criminal prosecutions, the Computer Fraud and Abuse Act (which the hacking would likely fall under) does not contain a specific statute of limitations. In the absence of a specific statute of limitations, the default federal limitations period of five years applies. See 18 U.S.C. § 3282. The six-year delay in bringing the couple to justice may have made it impossible for the government to charge them for hacking Bitfinex.

An interesting side note in the government’s filing is that one of the shell companies set up to launder the Bitcoin also received approximately $11,000 from U.S. Small Business Administration Paycheck Protection Program (PPP) loan advance provided in response to the COVID-19 crisis. Perhaps this is the basis for the charge under 18 U.S.C. § 371 (Conspiracy to Defraud the United States).

The ultimate takeaway perhaps is that Lichtenstein and Morgan went through extraordinary lengths to try and launder their Bitcoin and they still got caught. Maybe hackers will decide that getting their hands on illicit Bitcoin just simply isn’t worth the trouble if you can’t spend it. Then again, there is still $1.1 billion dollars out there somewhere . . . .