Blogs for Investor Relations

thompson-logo1Louis Thompson, Jr. has an article in Compliance Week on using blogs for investor relations. Blogs: If Used Properly, an Investor-Friendly Tool (subscription required).

Louis focuses on the Dell Shares blog used as an investor relations tool by Dell, Inc. and the GE Reports blog used by General Electric. Since this is a blog, I was interested to see what he had to say about them.

Many of the issues and concerns that Louis brings up are not about blogs but some of the functionality of blogs. After all, a blog is just a publishing platform. It is how you use that generates value or creates problems.

All of the SEC rules about company’s distributing material information applies to blog as they do to any other company communication.

The big benefit of a blog is that it will send out a notification when there is new information. This saves me from having to come back to check for information or cramming my email inbox.  For an investor relations professional, this saves you a step of writing message and then sending an email. The blog compresses those two steps into one.

The second benefit is the interactivity. You can hear back from your investors. This is a new area and probably a little scary. You can hear criticism. You can hear compliments. For most people it is hard to take the criticism. (Personally I have come to dread silence over criticism. At least with criticism you know someone is paying attention. I find this better than being ignored.)

Certainly, you want to get some good legal advice in crafting the disclaimers and for dealing with comments on a blog. As Bruce Carton and I discussed in our Webinar on 2.0 for Securities and Compliance Professionals, blogs are just communications tools. You shouldn’t put anything in a blog that you would not put in an email or a story published on the front page of the newspaper.

Disclaimer: According to his biography, Louis is a partner with Beacon Advisors, Inc. That company is not affiliated with my employer.

Policies for Private Use of Company Computer Systems and Mobile Devices

edward_angell_logoMark E. Schreiber and Barbara A. Lee published an article on the New Liabilities and Policies for Incidental Private Use of Company Electronic Systems and PDAs.

The discussion in the article comes from the decision in Quon v. Arch Wireless Operating Company, Inc., 529 F.3d 892 (9th Cir. 2008). In that case the court found that a police department had violated the Fourth Amendment and state constitutional rights of employees and the people they exchanged text messages with, when they reviewed “personal” text messages created on devices owned and issued by the police department. It also found that the text messaging provider, Arch Wireless, violated the Stored Communications Act (SCA), 18 U.S.C. §§2701-2711, by providing transcripts of these messages to the employer.

The authors point out that the decision in Quon deals with constitutional questions involving government employees.  The same positions may not be true for non-government employees.  But there are still lessons to be learned:

  • Policies regarding employee use of email, internet access, and mobile devices should be clear that employees have no expectation of privacy
  • Policies should make it clear that employees can expect their use of computer systems and devices, including personal use and messages, to be subject to monitoring and access by the employer with or without notice.
  • Carefully draft service agreements to comply in advance with the SCA and other wiretap type statutes with “consent” language.
  • Update subpoena and document response policies and protocols to comply with the SCA and,  if the company operates internationally, foreign laws.

Decision on Whistleblower Provisions of Sarbanes-Oxley

first_circuit_court_of_appealsA federal court held that a former employee seeking on acted in good faith, but under an objective analysis, his belief that the company was engaged in fraud was not reasonable and upheld termination. Day v. Staples, Inc., 2009 WL 294804 (1st Cir. February 9, 2009)

The employee complained that the company improperly handled regularly customer returns. The company claimed that the employee was terminated for performance reasons not connected to his statements concerning improper conduct.

The Department of Labor administrative law judge dismissed the SOX complaint, as did the federal district court. The district court concluded that the belief that Staples was engaged in accounting fraud was not reasonable.

In this decision, the First Circuit Court of Appeals held that the “reasonable belief” had to be both subjectively  reasonable as well as objectively reasonable.

This is the first decision by the First Circuit under under the whistleblower protection provision of the Sarbanes-Oxley Act (“SOX”), 18 U.S.C. §1514A.

Day’s complaint did not assert any specific violations of securities laws; rather, it stated that he believed certain Staples practices resulted in the “manipulat[ion] [of] accounting data in an unlawful manner that had negative financial ramifications for Staples,” which “defrauded Staples’ shareholders” and violated the Staples Code of Ethics.

The Court stated: “The plain language of SOX does not provide protection for any type of information provided by an employee but restricts the employee’s protection to information only about certain types of conduct. Those types of conduct fall into three broad categories: (1) a violation of specified federal criminal fraud statutes: 18 U.S.C. § 1341 (mail fraud), § 1343 (wire fraud), § 1344 (bank fraud), § 1348 (securities fraud); (2) a violation of any rule or regulation of the SEC; and/or (3) a violation of any provision of federal law relating to fraud against shareholders.”18 U.S.C. §1514A(a)(1)

When the court applied this test to Mr. Day, it found that the he brought his complaints in subjective good faith. However, there was no objectively reasonable basis to believe that the conduct of which Mr. Day complained constituted securities fraud or shareholder fraud. Without an objectively “reasonable belief” that the conduct constituted either securities fraud or shareholder fraud, the court determined that the whistleblower protection provision did not shield the Mr. Day from termination.

The Risk Management Formula That Killed Wall Street

wired-1703Felix Salmon published a great article in Wired that looks at the Recipe for Disaster: The Formula That Killed Wall Street. The article looks at the widespread use of the Gaussian copula function. In assessing the risks in mortgage backed securities.

The theory behind Gaussian copula function tries to overcome the difficulty in assessing the multitude of  correlations among all the risks in a pool of mortgages. David X. Li came up with the Gaussian copula function that instead of waiting to assemble enough historical data about actual defaults, which are rare in the real world, uses historical prices from the Credit Default Swaps market. Li wrote a model that used the price of Credit Default Swaps, rather than real-world default data as a shortcut to determining the correlation between risks. There is an inherent assumption that the CDS markets can price default risk correctly.

I did not do well in my college statistics class. (It was on Friday afternoon, close to happy hour.) But I do remember two concepts. One, correlation does not equal cause and effect. Two, you always need to challenge the underlying assumptions and methodology, because they can have dramatic effects on the data. (and third, do not schedule difficult classes on Friday afternoon.)

According to Felix’s story, Wall Street seemed to miss some of the underlying assumptions in the Gaussian copula function. Since the risk profile was based on the CDS market, the data was only looked as far back as the CDS market existed. That was less than ten years. During that time, home prices did nothing except skyrocket. Unfortunately, the last real estate crash was before that period.

Li’s formula was used to price hundreds of billions of dollars worth of mortgaged-backed securities. As we now see, Wall Street got it wrong.

It looks like I did not waste my time with statistics and that I got the key knowledge. Look closely at correlation to see why things are moving together. Challenge the underlying assumptions and make sure you understand how they effect the end product of your results. Those are good lessons for anyone involved in enterprise risk management.

The 2008 LRN Ethics and Compliance Risk Management Practices Report

lrn_logoLRN published their 2008 LRN Ethics and Compliance Risk Management Practices Report (.pdf) (free registration required)  The report is based on a survey of senior ethics, legal, risk and audit professionals, with 461 completed surveys.

The key findings of the report:

  • Ethics and compliance programs are maturing
  • Companies identify their top two ethics and compliance risks as electronic data protection and data privacy
  • A majority of companies perform formal risk assessments involving multiple functions
  • Companies cite engaging employees and making education more relevant as their top challenges in prevention
  • Detecting violations still presents a significant challenge
  • Multinational companies face bigger challenges at their international regions than at headquarters
  • Few larger companies actively manage ethics and compliance risks within their supplier and partners’ network
  • Lack of resources – budget and staff – continues to be the leading challenge in conducting risk assessments and in implementing prevention programs

LRN conducted a similar survey in 2007, so this report is able to identify trends (to the extent two data points make a trend). I hope that they conduct a survey this year to see if these trends stay true.

“More and more companies are recognizing that ethics and compliance is the new frontier of business strategy. Increasing research demonstrates that forward-looking companies that put in place comprehensive and holistic ethics and compliance programs – i.e., programs that do not simply ensure the organization meet all regulatory requirements but that embed values-based business conduct into their culture – enhance their capabilities to compete in the marketplace. Without the distractions that accompany conflicting ethical viewpoints and goals or concerns over potential and actual rules infractions. Companies should concentrate on the workforce or the management of compliance infractions, companies can thrive through inspiration, motivating employees to be their best. An ethical work environment leads to more productive and profitable organizations.”

The report also pitches the LRN Ethics and Compliance Risk Management Process:

An integral component of enterprise risk management is to holistically build a strong
control environment with a culture of corporate ethics, by defining, preventing, detecting,
responding and evaluating as part of five key steps for building a sustainable compliance risk
management process:

  • Define business ethics and corporate compliance risks to create a comprehensive risk profile.
  • Prevent ethics and compliance lapses/failures with hard and soft controls, including business ethics and corporate compliance training.
  • Detect noncompliance with the law, regulations, company code of ethics and corporate governance practice via multiple reporting methods.
  • Respond swiftly and publicly to allegations and potential violations.
  • Evaluate results and make continuous improvements.

An LRN illustration of their process:

lrn-process

How Not To Fire Someone for Workplace Fraud

Staples fired sales director Alan S. Noonan was fired for padding his expense report. Executive Vice President Jay Baitler sent an e-mail to approximately 1,500 employees explaining the reason for the firing.

The e-mail contained no untruths, but Mr. Noonan sued for defamation anyhow.

Unfortunately for Staples, truth is not a defense in Massachusetts if the challenged statement was communicated with actual malice according to the 1st U.S. Circuit Court of Appeals in its recent decision Noonan v. Staples (posted at JD Supra).

The 1st U.S. Circuit Court of Appeals looked at G. L. c. 231, Section 92, which says that truth is a defense to libel “unless actual malice is proved.” However, in a 1998 case, Shaari v. Harvard Student Agencies, the Supreme Judicial Court ruled that statute unconstitutional as applied to matters of public concern.

See more:

A Benchmarking Survey on Third-Party Codes of Conduct

Society of Corporate Compliance & Ethics

Rebecca Walker of Kaplan & Walker LLP is the author of a report on A Benchmarking Survey on Third-Party Codes of Conduct (register to download) sponsored by The Society of Corporate Compliance and Ethics. The SCCE received survey results from more than 400 compliance professionals on how they deal with third-party compliance policies. As Rebecca point out in the report: “Organizations are also subject to risks of misconduct by virtue of the actions of agents and other third parties who act on their behalf or partner with the organization in some way.”

Among the relevant findings in the survey:

  1. Only 47% of companies disseminate their internal employee code of conduct to to third parties.
  2. Only 26% of companies require that third parties certify to their codes of conduct.
  3. Of those 26%, 92% did not have a threshold as when they required certifications.
  4. Only 17% of organizations have a code of conduct that is applicable to third parties.

Rebecca points out the U.S. Sentencing Guidelines provide incentives to have your compliance programs reach out to third parties:

Sentencing Guideline §8B2.1(4):

(A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

One of the problems with pushing out your compliance program to third parties is that they may have the may have their own which differs with your program. The bigger problem is you setting the compliance standards but not enforcing them. Rebecca offers some ways to extend compliance and ethics requirements to third-parties. These are some highlights:

  • Conduct due diligence regarding business partners’ compliance and ethics programs.
  • Incorporate language into contracts with third parties requiring compliance.
  • Train third parties on the ethics and compliance program or on particular company policies or procedures.

Thanks to Corporate Compliance Insights for pointing out this survey: Third Party Controls Lacking In Ethics and Compliance Expectations Says SCCE Survey.

Ways Webinars Fail

After my webinar with Bruce Carton on Tuesday (Web 2.0: Leveraging new media to Maximize Your Securities and Compliance Practice), I ran across a three part series on Why Webinars Fail from Larry Kilbourne: Content Failures, Format Failures and,  Process Failures.  I hope we did not make too many of these mistakes:

  • Cramming too much into one slide. The unmoving PowerPoint slide becomes like wallpaper on the monitor. (Larry recommends a slide or two per minute.)
  • A presenter simply reading the bullet points. (“Bullet points, if used properly, are the basis for commentary, not the commentary itself.”)
  • Animations and streaming video. (Audience members may not have the internet connection bandwidth to handle them.)
  • Delivering a monologue. (Use a “Charlie Rose” format.)
  • Using the webinar as a sales pitch. (Webinar registrants are prepared to get pitched, but they expect in return to receive information, data, or research that will benefit them.)
  • Live product demos. (Inevitably the product crashes – in real time, in front of an audience.)
  • Lack of preparation. (Unrehearsed webinars generally look unrehearsed.)

Thanks to Stewart Mader for pointing out these articles: Why Webinars Fail To Sustain Attention & How to Fix Them.

Compliance Building Is Now Mobile

To those of you who use mobile devices, I have installed a plugin that makes it easier to read Compliance Building on your mobile device.  It looks great on my iPhone. At some point in the future I will add a little more pizzazz to the color scheme and maybe an image. It also renders quickly on my blackberry. In each case, it shows just the last few blog post headlines and the main navigation pages.

Thanks to Stewart Mader for pointing out the MobilePress plugin for the WordPress blogging platform: Future Changes in 2009: Part 4: iPhone & Mobile Versions.

COBRA Coverage Under ARRA

As part of the enormous stimulus package in the American Recovery and Reinvestment Act of 2009, the federal government included some relief for laid-off employees.

California Labor and Employment Law Blog

Mark Spring discusses the COBRA subsidy in ARRA over at the California Labor and Employment Law Blog: The Stimulus Bill’s Impact on COBRA.

The biggest change to COBRA is a 65% subsidy from the government for certain eligible COBRA participants.  The 65 percent subsidy is advanced by the employer and then recouped by a credit against payroll tax submissions.  The subsidy is available to eligible individuals for up to nine months.