Month: August 2011

Enforcement of the Massachusetts Data Privacy Law

It’s been almost 18 months since the Massachusetts Data Privacy Law went into effect. Belmont Savings Bank has become one of the first charged with violating the law.

Belmont Savings Bank maintained personal information on an unencrypted backup data tape and then lost the tape. According to surveillance footage the tape was likely discarded inadvertently by the overnight clearing crew and sent to the incinerator.

There were several rounds of changes between the first version of 201 CMR 17.00 and the final one. One central element was the requirement that there be written information security plan in place if your company has “personal information” on a Massachusetts resident. Obviously, you need to comply with the plan.

In this case, Belmont Savings Bank has the plan. But they failed to comply with it. The data tape should have been locked-up overnight and not left on a desk.

The Massachusetts’ Attorney General entered into an Assurance of Discontinuance with Belmont Savings Bank. As part of the settlement, the bank has to

  • encryp, to the extent technically feasible, all personal information stored on backup data tapes
  • store backup data tapes containing personal information in a secure location
  • effectively train its workforce on the policies and procedures with respect to maintaining the security of personal information

There is no evidence indicating that any customer’s personal information has been acquired or used by an unauthorized person or used for an unauthorized purpose. The Assurance of Discontinuance states that if actual harm to customers results, the Attorney General’s Office will reopen discussions to determine appropriate restitution.

Sources:

More from FINRA on Social Media and Mobile Devices

In January 2010, FINRA issued Regulatory Notice 10-06 in an attempt to provide guidance on the application of FINRA rules governing communications with the public to social media sites. The guidance did not provide much that was new. Largely, FINRA pointed out that the existing communication and record-keeping rules applied. Too bad that the site did not allow you to take the steps needed to comply with the existing rules.

Apparently, the guidance raised enough questions that FINRA decided to provide some additional guidance. It is not intended to alter the principles or the guidance provided in Regulatory Notice 10-06. Anyone expecting something new or innovative will be disappointed.

Q1: Does determining whether a communication is subject to the recordkeeping requirements of SEA Rule 17a-4(b)(4) depend on whether an associated person uses a personal device or technology to make the communication?

A1: SEA Rule 17a-4(b)(4) requires a firm to retain records of communications that relate to its “business as such.” Whether a particular communication is related to the business of the firm depends upon the facts and circumstances. This analysis does not depend upon the type of device or technology used to transmit the communication, nor does it depend upon whether it is a firm-issued or personal device of the individual; rather, the content of the communication is determinative. For instance, the requirement would apply if the electronic communication was received or sent by an associated person through a third-party’s platform or system. A firm’s policies and procedures must include training and education of its associated persons regarding the differences between business and nonbusiness communications and the measures required to ensure that any business communication made by associated persons is retained, retrievable and supervised.

The FINRA rules came first and they are in place for a good reason. It’s up to the firm to find a may to meet the compliance standards if they want to use third-party websites to publish information, communicate with the public, or communicate with clients.  If cloud providers want to take over company-hosted communications they need to but more effort into the record-keeping and compliance requirements of the business world.

Sources:

Compliance Bits and Pieces for August 26

These are some compliance related stories that recently caught my attention:

Does the SEC’s Revolving Door Raise Conflicts of Interest? by Bruce Carton in Securities Docket

Every year about four percent of the employees working at the Securities and Exchange Commission decide for various reasons to voluntarily leave the agency and seek greener pastures. Having spent years gaining experience and connections at the nation’s top financial regulator, these lawyers, accountants, economists, and others are often in high demand when they return to the private sector.

O’Donohoe on Potato Chips and Salty Snacks on EconTalk

Should the United States be making computer chips or potato chips? In a 1992 presidential debate, then-candidate Ross Perot stated “you make more making computer chips than potato chips.”  Russ Robert takes a long look at the potato chip manufacturing and distribution process. Well worth an hour of your time

Survey Finds Compliance Chiefs Doing Little Compliance-Related Work by Samuel Rubenfeld in WSJ.com’s Corruption Currents

A survey of corporate compliance professionals in the financial services industry found that 41% of them spend less than half of their time on compliance-related issues. Conducted by National Regulatory Services, the survey found that chief compliance officers spend the least amount of time on compliance-related tasks out of all compliance professionals. Overall, 59% of a chief’s day is spent on such tasks, a slight decline since 2008. Only 25% of them spend more than 90% of their day on compliance issues, a five-point drop since 2008.

Presidential Campaign Season and the SEC’s Pay-to-Play Rule

the great seal fo the state of iowa

With the recent Iowa Straw Poll, the presidential campaign season is getting into full gear. That also means that campaign fundraising is in full gear. I thought it would be useful to apply the SEC’s new Pay-to-play for Investment Advisors to the crop of presidential contenders.

Under SEC Rule 206(4)-5, investment advisors are limited in their ability to give campaign contributions to political candidates who can directly or indirectly influence the hiring of an investment advisor by a government-sponsored investment entity. A campaign contribution in violation of the rule means the investment advisor can not collect fees from the applicable government-sponsored investor for two years. The rule applies to registered investment advisors and fund managers that had been exempt under the now-repealed, private fund manager exemption.

The president of the United States is not an office that can directly or indirectly influence the hiring of an investment advisor, so that position is not one that is limited by the SEC Rule. However, you also need to look at the candidate’s current office to see if that position is one that is limited.

That means campaign contributions to the incumbent president, Barack Obama, are not limited by the rule. Some of his potential competitors are limited.

  1. Michele Bachmann. Her current office in the US House of Representatives is not limited by the rule.
  2. Ron Paul. His current office in the US House of Representatives is not limited by the rule.
  3. Tim Pawlenty. As Governor of Minnesota, contributions to his campaign would have been limited had he still been in office. He finished his term on January 3, 2011, which pre-dates the March 13, 2011 effective date of the rule.
  4. Rick Santorum. He does not currently hold a political office and is therefore not limited by the rule.
  5. Herman Cain. He does not currently hold a political office and is therefore not limited by the rule.
  6. Rick Perry. As the current Governor of Texas, he appoints trustees to the
  7. Mitt Romney. He does not currently hold a political office and is therefore not limited by the rule.
  8. Newt Gingrich. He does not currently hold a political office and is therefore not limited by the rule.
  9. Jon Huntsman. He does not currently hold a political office and is therefore not limited by the rule.
  10. Thaddeus McCotter. His current office in the US House of Representatives is not limited by the rule.

Registered Investment Advisors, private fund managers getting ready to register with Securities and Exchange Commission, and their employees need to be very cautious about making contributions to Governor Perry if they have a Texas state sponsored fund as a client or investor, or hope to have one as a client or investor in the next two years.

The rule also applies to placement agents. They must either be a registered investment advisor subject to SEC Rule 206(4)-5 or a municipal adviser subject to MSRB Rule G-42.

It is very obvious that SEC Rule 206(4)-5 can cause significant distortions in the political campaign.

Sources:

Earthquakes, Hurricanes, and Disaster Recovery

Monday’s East Coast earthquake was far from a disaster. I just thought I had too much coffee, until I heard others in the hallway say “Do you feel that?” Then I realized the shaking was not just because I was over-caffeinated.

Even though significant earthquakes are rare on the East Coast, hurricanes are not. Irene, the first big hurricane of the season is also approaching the East Coast.

Perhaps these are some good reminders to blow the dust off your disaster recovery plan. As a registered investment adviser, you need to have a plan. Each of the thousands (hundreds?) of private fund managers getting ready to register as investment advisers with the Securities and Exchange Commission will need a plan.

It’s easy to miss the requirement for having a business continuity plan. It’s in Rule 206(4)-7. Oh, you don’t see anything about business continuity in the rule? It’s not in the rule, it’s in the Release for Rule 206(4)-7:

We believe that an adviser’s fiduciary obligation to its clients includes the obligation to take steps to protect the clients’ interests from being placed at risk as a result of the adviser’s inability to provide advisory services after, for example, a natural disaster or, in the case of some smaller firms, the death of the owner or key personnel. The clients of an adviser that is engaged in the active management of their assets would ordinarily be placed at risk if the adviser ceased operations. [SEC Release No. IA-2204]

Sources:

 

Image of 20111 VA Earthquake is by Frank Paynter

Massachusetts and Expert Network Services

At least one of the hedge funds being investigated for its use of expert networks in based in Massachusetts. In an unusual instance of the state regulators acting before Securities and Exchange Commission, the Massachusetts securities regulators are proposing a new regulation to address the use of expert network services. They are proposing a new section under 950 CMR 12.205(9)(c)(16) to the existing list of dishonest and unethical practices:

16. a. To retain consulting services, for compensation that is provided either directly to the consultant or indirectly through a Matching or Expert Network Service, unless the adviser obtains a written certification, signed by the consultant that:

(i) describes all confidentiality restrictions that the consultant has, or reasonably expects to have, regarding Confidential Information; and

(ii) affirmatively states that the consultant will not provide any Confidential Information to the adviser.

b. Notwithstanding section (a) an investment adviser who comes into possession of material Confidential Information through a consultation is precluded from trading any relevant security until such time as the Confidential Information is made public.

c. Definitions. For purposes of this section:

(i) “Confidential Information” means any non-public information, which one is bound by a confidentiality agreement or fiduciary (or similar) duty not to disclose.

(ii) “Matching or Expert Network Service” means a firm that for compensation matches consultants with investment advisers.

As alleged in In the Matter of Risk Reward Capital Management Corp., RRC Management LLC, RRC BioFund LP, and James Silverman, Docket No. E-2010-057, some investment advisers have paid expert networks and consultants to access confidential information about publicly traded companies.

Massachusetts wants additional measures to ensure that confidential information is not being accessed and traded upon. The proposed regulations do not alter an investment advisers’ existing duty not to trade on insider information. The goal is to provide investment advisers with greater clarity as to what is impermissible conduct when paying consultants for information.

In the end, it seems like it is just a record-keeping exercise to me.

You can review comments or submit a comment on the proposed regulation.  There is a proposed effective date of December 1, 2011.

Sources:

What is a Venture Capital Fund?

For me, venture capital has always been a fuzzy term. They generally invest in start-ups and provide early stage capital for their growth. As a company progresses through later rounds of funding, that definition does not seem to work that well. For example, would you label the latest rounds of funding in Facebook as “venture capital”?

The other problem for a venture capital fund is that liquidity events for their portfolio companies may leave them holding valuable chunks of publicly traded stock or mature private company securities, leaving their capitalization.

Until recently, an exact definition was not needed. Venture capital fund managers could operate across a spectrum of business models, depending on what limitations they promised to their fund investors.

Now, the Securities and Exchange Commission has required a more precise definition. Venture Capital fund managers can take advantage of an exemption from registration under the Investment Advisers Act. This exemption is not available for the rest of the private equity world of investment managers.

The SEC published the final definition under a new Rule 203(l)-1

A venture capital fund is any private fund that:

(1) Represents to investors and potential investors that it pursues a venture capital strategy;

(2) Immediately after the acquisition of any asset, other than qualifying investments or short-term holdings, holds no more than 20 percent of the amount of the fund‘s aggregate capital contributions and uncalled committed capital in assets (other than short-term holdings) that are not qualifying investments, valued at cost or fair value, consistently applied by the fund;

(3) Does not borrow, issue debt obligations, provide guarantees or otherwise incur leverage, in excess of 15 percent of the private fund‘s aggregate capital contributions and uncalled committed capital, and any such borrowing, indebtedness, guarantee or leverage is for a non-renewable term of no longer than 120 calendar days, except that any guarantee by the private fund of a qualifying portfolio company‘s obligations up to the amount of the value of the private fund‘s investment in the qualifying portfolio company is not subject to the 120 calendar day limit;

(4) Only issues securities the terms of which do not provide a holder with any right, except in extraordinary circumstances, to withdraw, redeem or require the repurchase of such securities but may entitle holders to receive distributions made to all holders pro rata; and

(5) Is not registered under section 8 of the Investment Company Act of 1940 (15 U.S.C. 80a-8), and has not elected to be treated as a business development company pursuant to section 54 of that Act (15 U.S.C. 80a-53).

They piece of the definition is the term “qualifying investments.”

Qualifying investment means:

(i) An equity security issued by a qualifying portfolio company that has been acquired directly by the private fund from the qualifying portfolio company;

(ii) Any equity security issued by a qualifying portfolio company in exchange for an equity security issued by the qualifying portfolio company described in paragraph (c)(3)(i) of this section; or

(iii) Any equity security issued by a company of which a qualifying portfolio company is a majority-owned subsidiary, as defined in section 2(a)(24) of the Investment Company Act of 1940 (15 U.S.C. 80a-2(a)(24)), or a predecessor, and is acquired by the private fund in exchange for an equity security described in paragraph (c)(3)(i) or (c)(3)(ii) of this section.

Qualifying portfolio company means any company that:

(i) At the time of any investment by the private fund, is not reporting or foreign traded and does not control, is not controlled by or under common control with another company, directly or indirectly, that is reporting or foreign traded;

(ii) Does not borrow or issue debt obligations in connection with the private fund‘s investment in such company and distribute to the private fund the proceeds of such borrowing or issuance in exchange for the private fund‘s investment; and

(iii) Is not an investment company, a private fund, an issuer that would be an investment company but for the exemption provided by § 270.3a-7 of this chapter, or a commodity pool.

The big limitation throughout the definition is on the debt limitation.

Many funds use a subscription credit facility secured by the uncalled capital commitments. This gives them quicker access to cash for investments. Then the facility is paid down after capital is called. The use of a credit facility also allows the capital calls to be spread out and can be used to give fund investors more lead time to pull together their own cash. It seems this new rule will severly limit the ability of a venture capital fund to use a subscription credit facility.

Sources:

Image – Multiple sources across the internet. Let me know if you are the original creator

Compliance Bits and Pieces for August 19

Here are some recent compliance related stories that caught my attention:

ABA Journal Seeks ‘Blawg 100′ Nominees

The editors of the ABA Journal are gearing up to select their annual list of the 100 best legal blogs, the Blawg 100. And they are seeking suggestions of blogs they should include. “Tell us about a blawg—not your own—that you read regularly and think other lawyers should know about,” they ask.

To nominate a law blog you think should be included, go to the Blawg 100 Amici page and submit it to the editors.

Breach Notification Obligations In All 50 States? by Kristen J. Mathews in Proskauer’s Privacy Law Blog

Did you know there are breach notification obligations in all 50 states (effective 9/2012), even though only 46 states have adopted them? How could that be, you ask? Because Texas said so. (Does that surprise you?)

Texas recently amended its breach notification law so that its consumer notification obligations apply not only to residents of Texas, but to any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Texas’s amended law (H.B. 300) specifically requires notification of data breaches to residents of states that have not enacted their own law requiring such notification (that is, Alabama, Kentucky, New Mexico and South Dakota).

Fair Valuation of Assets under Management Is Key Element of SEC Regime for Hedge Fund and Private Fund Advisers in Jim Hamilton’s World of Securities Regulation

Acting on a Dodd-Frank mandate, the SEC adopted regulations requiring that hedge fund and private fund advisers with $150 million assets under management register with the Commission. Given the $150 million asserts under management trigger for registration, the fair valuation of a fund’s assets is a critical element of the new regime. The SEC said in Adopting Release No. IA-3222 that hedge fund and private fund advisers must determine the amount of their assets under management based on the market value of those assets, or the fair value of those assets where market value is unavailable. They must calculate the assets on a gross basis, that is, without deducting liabilities, such as accrued fees and expenses or the amount of any borrowing. If a fund does not have an internal capability for valuing illiquid assets, the SEC expects it to obtain pricing or valuation services from an outside administrator or other service provider.

Former FrontPoint Manager Pleads Guilty to Insider Trading by Azam Ahmed in Dealbook

The portfolio manager, Joseph F. Skowron, known as Chip, admitted before a federal judge in Manhattan that he had avoided $30 million in losses by trading on tips leaked by a consultant for an expert network about the results of a clinical drug trial. He also admitted that he and the consultant, Dr. Yves Benhamou, had agreed to mislead the Securities and Exchange Commission about their actions. Mr. Skowron faces as much as five years in prison for the one count of conspiracy to commit securities fraud and obstruct justice and will pay a $5 million fine.

Is the SEC Covering Up Wall Street Crimes? by Matt Taibbi in Rolling Stone

Flynn discovered a directive on the enforcement division’s internal website ordering staff to destroy “any records obtained in connection” with closed MUIs. The directive appeared to violate federal law, which gives responsibility for maintaining and destroying all records to the National Archives and Records Administration. Over a decade earlier, in fact, the SEC had struck a deal with NARA stipulating that investigative records were to be maintained for 25 years – and that if any files were to be destroyed after that, the shredding was to be done by NARA, not the SEC.

But Flynn soon learned that the records for thousands of preliminary investigations no longer existed. In his letter to Congress, Flynn estimates that the practice of destroying MUIs had begun as early as 1993, and has resulted in at least 9,000 case files being destroyed.

Matt Taibbi Thinks It’s “Orwellian” For the Government Not To Keep Records On You Just Because You Haven’t Done Anything Wrong by Matt Levine in Dealbreaker

Matt Taibbi may actually be right that it breaks the law – he has, on occasion, been right about facts in the world, though it’s often a coincidence. Here he suggests that some SEC staffers were worried about personal criminal liability for not archiving records of preliminary inquiries, which sounds a little far-fetched but possible. And there are some more interesting accusations here – including some suggestive coincidences where SEC enforcement execs squashed investigations and then left for the firms that were being investigated. But we were always under the impression that the trouble with Big Brother was too much all-pervading surveillance, not too little.

Report on Investment Adviser’s Use of Social Media in Massachusetts

Social Media used by Investment Advisers

There is a growing trend in the financial services industry to use social media sites for outreach to existing as well as potential customers. Noticing this trend, the Securities Division of The Office of the Secretary of the Commonwealth surveyed investment advisers registered and doing business within the Commonwealth of Massachusetts. The purpose of the survey is to determine the scope of investment advisers’ use of social media, and what, if any, record retention and supervisory procedures have been implemented or utilized by those advisers. Empirical evidence is good to have.

The Division forwarded the social media survey to 576 investment advisers registered with the Division and located in the Commonwealth and 79% of advisers have responded.

  • 44% of investment advisers used some form of social media
  • Of those not using, 10% expect to use it in the next year
  • A majority of investment advisers using social media fall within the 42-62 age bracket

The Survey also suggests that some advisers do not have policies relating to the retention or supervision of social media content, are not retaining social media content, and do not supervise the use of social media content.

  • 69% of advisers using social media claimed to not have written record retention policies related to the retention of social media content
  • 57% also did not retain all content posted on social media websites maintained (directly or indirectly), by the firm.

It should not come as  surprise that the Division concluded that additional regulatory guidance concerning the use of social media would be appropriate. We have already seen enforcement at the national level for the abuse of social media. I expect the states will be on board soon and including a review of social media as part of their examination and review process.

Sources:

Germany, Sub-Prime Mortgage Backed Securities, and Scatology

Michael Lewis continues his around the world tour of the 2008 financial crisis from the view of Germany: It’s the Economy, Dummkopf!. The story in the September issue of Vanity Fair seems to be all about excrement. We heard that there were big chunks of the mortgage securities business that were terrible. There is the famous email describing the Timberwolf as on sh*tty deal.

Lewis did great job offering some insight from Ireland, Greece, the Iceland. In this story he seems distractedby feces and Nazis. The biggest insight I took away was:

At bottom, he [Dirk Röthig, of the German financial institution IKB] says, the Germans were blind to the possibility that the Americans were playing the game by something other than the official rules. The Germans took the rules at their face value: they looked into the history of triple-A-rated bonds and accepted the official story that triple-A-rated bonds were completely risk-free.

IKB and many of the other German banks thought they were getting a good return on the mortgage-back securities with little risk, but were actually getting a sh*tty deal. I get it. But I think he belabors the metaphor.

Michael Lewis could write about the economics of a paper bag and I’m sure it would be interesting story to read. In fact, I paid for a subscription to Vanity Fair just because of his articles. This one came up a bit short. Maybe he just thought the underlying story was not interesting enough so he spiced it up with lots of stories about German scatology. He layers in some Jewish alienation in Germany for some spice in his the discussion of feces.

It’s the Economy, Dummkopf! is still worth reading and still offers a few great insights into the 2008 financial crisis.

Sources: