Month: April 2015

SEC Issues Cybersecurity Guidance

hacker

Last year, the SEC raised a cloud of concern when it started its cybersecurity initiative aimed at broker/dealers, investment advisers and fund managers. Based on an interview last month it seems that initiative would continue into a phase 2. The SEC recently released its Cybersecurity Guidance that enunciates some steps investment advisers and fund managers can take to improve their ability to repel cyber threats.

1. Conduct a periodic assessment.

2. Create a strategy to prevent, detect and respond to cybersecurity threats.

3. Implement the strategy.

Of course, cybersecurity is important and all advisers and fund managers should take it seriously.

I do get hung up on the SEC’s statement that a firm’s initiative should be part of a compliance initiative “reasonable designed to prevent violations of the federal securities law.” I think the SEC is stretching the anti-fraud provisions of Section 206 beyond where they should go.

As the guidance point out, it is not possible to anticipate and prevent every cyber attack. If a bad actor wants to attack your systems, the bad actor can eventually get into your systems. Is that breach a compliance failure or not? The SEC’s guidance is setting complex security protocols as a legal compliance issue.

I’m skeptical that there are many people in the SEC’s IM division who understand cybersecurity protocols. I’m just as skeptical that there are many adviser/fund manager CCOs who understand cybersecurity protocols. But the SEC is insisting that cybersecurity protocols fall under the aegis of the the Section 206 anti-fraud provisions.

Sources:

Hacker by Dani Latore
CC BY SA
https://www.flickr.com/photos/dlato/6437570877/

For those of you getting this by email, you should see a slightly different look. I changed providers. Let me know if you encounter any problems.

 

Finding That Rogue Employee

Pirate Skull and crossed sables

JPMorgan Chase & Co. has racked up more than $36 billion in legal bills since the financial crisis. The firm clearly has incentive to identify rogue employees before they go astray. According a story in Bloomberg, the firm is rolling out a new surveillance tool to identify potential rogue employees.

I’m skeptical.

I attended a session at the FBI on white collar criminals. One of the unfortunate conclusions from the FBI’s research on white collar criminals is that many of the traits that are indicative of a white collar criminal are also the traits most companies seek in their top executives.

JPMorgan’s technology would have to identify traits that would indicate an employee is more likely to go rogue than another. A tool could apply risk ratings to employees allowing the compliance team to focus on individuals who pose a higher risk than others.

But technology is just one half of JPMorgan’s compliance initiative. The other other half is a review of the firm’s culture. Part of that review is training sessions that unfortunately use real JPMorgan incidents as examples.

I think culture wins over technology.

Sources:

Model Business Continuity Rule for Investment Advisers

dilbert-Disaster-Recovery

There is no explicit requirement that an adviser or fund manager have a disaster recovery plan. But any manager trying to fund-raise knows that investors will ask about its business continuity plan.

The SEC sort of requires SEC registered investment advisers to have a business continuity plan. It’s an easy one to miss in Rule 206(4)-7.

Oh, you don’t see anything about business continuity in the rule? It’s not in the rule, it’s in the Release for Rule 206(4)-7:

We believe that an adviser’s fiduciary obligation to its clients includes the obligation to take steps to protect the clients’ interests from being placed at risk as a result of the adviser’s inability to provide advisory services after, for example, a natural disaster or, in the case of some smaller firms, the death of the owner or key personnel. The clients of an adviser that is engaged in the active management of their assets would ordinarily be placed at risk if the adviser ceased operations. [SEC Release No. IA-2204]

State -level adviser regulators have stepped up and rolled out a model rule for state securities regulators.

NASAA’s model rule and guidance are intended to ensure that smaller advisers fulfill their responsibilities to protect their clients and mitigate any client harm in the event of a significant interruption to the adviser’s business. The NASAA membership adopted the model rule at NASAA’s Public Policy Conference on April 13.

Every investment adviser shall establish, implement, and maintain written procedures relating to a Business Continuity and Succession Plan. The plan shall be based upon the facts and circumstances of the investment adviser’s business model including the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. The plan shall provide for at least the following:

1. The protection, backup, and recovery of books and records.
2. Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians),and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.
3. Office relocation in the event of temporary or permanent loss of a principal place of business.
4. Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel.
5. Otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.

There is another 18 pages of guidance to help an adviser craft a plan that meets the rule.

Of course, this is not imposed on advisers or fund managers registered with the Securities and Exchange Commission. But I bet you would find it to be a useful tool in evaluating your firm’s business continuity plan.

Sources:

Weekend Riding: Midnight Boston Marathon Bike Ride

While marathon runners were sleeping in anticipation of the race on Patriots Day, I joined hundreds of cyclists to bike the 26.2 miles in the middle of the night. The Midnight Marathon Bike Ride was back for its seventh year in a row. Short of actually running, I thought it was a great way to honor the marathon tradition.

Plus, I signed up to ride the Pan-Mass Challenge to raise money for cancer research. So, I need to spend a lot of time in my bike saddle to prepare for that two-day ride across the state

Please donate to my PMC ride at one of the following links:

pmc-text-stacked

The roads were still open to vehicular traffic at midnight before the marathon, but there are few cars on the road that time of  the day. The road were mostly recovered from the winter stress and were spruced up for the marathon’s start several hours later.

The ride actually starts in South Station. You can jump on the commuter rail and load your bike in a truck to re-join you at the Southborough station at midnight. I convinced Mrs. Doug to drive me and two fellow riders out to Southborough instead.

start of the midnight ride

There were dozens and dozens of riders at the train station who had also been dropped off. That’s lots of riders with an assortment of lights, bikes, skill levels and motivations.

It was cold. We were dressed to ride, not stand around in the cold. So we jumped on our saddles and rode off just before midnight and before the train arrived. As we left the the parking a lot, a half-dozen moving trucks full of the train riders’ bikes pulled into the parking lot.

midnight marathon route

It was a few miles from the train station to the Marathon’s starting line in Hopkinton. A few miles that went mostly uphill, with a nasty half-mile stretch in excess of a 5% grade. It’s a tough enough hill that there is a plan B route that goes around the hill.

At the start line we found several hundred more cyclists already in place waiting for midnight or the train riders to come. We kept pedaling.

And pedaling and pedaling.

It was a continuous stream of bikes from start to finish.

Marathon security was nice enough to leave the finish line open for us to take pictures.

end of the marathon ride

Boston Common Coffee Company hosted a charity pancake breakfast after the ride. Pancakes taste great after 30 miles in the saddle.

More Coverage:

Please donate to my PMC ride at one of the following links:

 pmc-text-stacked

Compliance Bricks and Mortar for April 24

IMG_2257[1]

These are some of the compliance-related stories that recently caught my attention.

Investors Turn to Big Real-Estate Funds by Peter Grant in the Wall Street Journal

Investors are pouring more money into real-estate funds than they have since the property bust, but a few giant fund firms are collecting the lion’s share of the spoils. Pension funds, endowments and other big institutional investors are putting more cash into private-equity firms with large real-estate funds and strong track records, leaving smaller firms to fight over the scraps.

TriBeCa Developer Settles with AG’s Office over Unregistered Real Estate Securities by Rodney F. Tonkovic, J.D. in Jim Hamilton’s World of Securities Regulation

According to the complaint, 39 Lispenard acted as an unregistered syndicator of securities with regard to two buildings in TriBeCa, New York, NY. 39 Lispenard acted as an unregistered sponsor of realty in the offering and sale of condominium units in those buildings without filing an offering plan as required under New York law. According to the office’s press release, Moore blatantly procured investors in an unregistered syndication, hiring a prominent real estate firm in order to reach a wide audience.

Advocacy Groups Looking for an SEC Superhero by Bruce Carton in Compliance Week

Today, it appears, the SEC chair must be prepared for far more creative scrutiny, and in very different venues. On his blog today, Broc Romanek included a photo of a poster ad in the Union Station Metro station near the SEC’s headquarters.  To make a long story short, the ad below is an appeal to SEC Chair Mary Jo White from an advocacy group for her to help stomp out the menace of “dark money.”

Two Regulatory Crises by David Smyth in Cady Bar the Door

It strikes me that two civil regulators are facing dire attacks on aspects of their enforcement programs – both in different U.S. Courts of Appeals – at the same time. Both of these attacks arise out of generalized statutes that only sort of address the problems the regulators seek to remedy. To some degree, how these matters are resolved will determine whether these enforcement portfolios are reinvigorated or whither on the vine. In both cases a Congressional fix could be in order.

Compliance Officer Earns Million-Dollar Whistleblower Award

whistle blower

I’m not sure if this is good news or bad news.

In August 2014 the SEC announced a modest whistleblower award of $300,000 to an unnamed company employee “who performed audit and compliance functions and reported wrongdoing to the SEC after the company failed to take action when the employee reported it internally.

There is little in this latest award to figure out the company involved. The amount of the fine assessed against the company and the percentage chosen by the SEC’s Claims Review Staff are redacted.

“This compliance officer reported misconduct after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.” – Andrew Ceresney, Director of the SEC’s Division of Enforcement

Sources:

Compliance Bricks and Mortar for April 17

IMG_2256[1]These are some of the compliance-related stories that recently caught my attention

Lions and Tigers and Bears – Certifications, Checklists and Standards by in Corruption, Crime & Compliance

People always look for shortcuts as a weak replacement for efficiency. My concern is that compliance practitioners, vendors, standard setting organizations, and non-profit organizations are offering a range of tools that divert important attention and resources from more important compliance priorities. Here is my quick review of the dangers of each: …

Sen. Warren Criticizes Financial Regulators for Weak Penalties by Victoria McGrane in the Wall Street Journal

In a Wednesday speech assessing the state of financial oversight, the Massachusetts Democrat dished out harsh criticism for the Justice Department, the Securities and Exchange Commission, and the Federal Reserve for not being tougher on big financial institutions in the years since the 2008 crisis.

Crisis Chronicles: The Panic of 1825 and the Most Fantastic Financial Swindle of All Time by Don Morgan and James Narron in Liberty Street Economics

Centered in London, the banking panic of 1825 has been called the first modern financial crisis, the first Latin American crisis, and the first emerging market crisis. And while the panic displayed many of the key elements of past crises we have covered—fluctuations in money growth, an investment bubble, a stock market crash, and bank runs—this crisis had its own twists, including a Bank of England that hesitated before stepping in as lender of last resort. But it is perhaps best known for an infamous bond market swindle surrounding an entirely made-up Central American principality. In this edition of Crisis Chronicles, we explore the Panic of 1825 and visit the mythical nation of Poyais.

The Mansions Owned by White-Collar Criminals By Katy McLaughlin in the Wall Street Journal

Enron, Tyco, WorldCom, Bernard L. Madoff Investment Securities—in these cases, executives bilked investors of billions through accounting fraud, conspiracy and insider trading. And part of the proceeds went into real estate.

What became of their mansions? We reached out to case lawyers, county tax offices, real-estate agents, new owners and the fallen executives themselves to ask what became of the properties caught up in the scandals.

$250 Could Cost a Firm $6.1 Million

compliance politics and money

A T. Rowe Price vice president made a $250 contribution to the campaign of Scott Walker for governor of Wisconsin in a recall election. That small donation could have cost T. Rowe Price $6.1 million in fees. The SEC’s Rule 206(4)-5 once again shows it scary side to advisers. Fortunately, the Securities and Exchange Commission granted some relief.

T. Rowe Price Associates, Inc. and T. Rowe Price International Ltd, affiliated SEC registered advisers, have over $60 billion in assets under management. Amidst that, T. Rowe Price manages some money for the Wisconsin state public pension plan.

Governor Walker appoint some of the members to the board of trustees. That makes the Wisconsin Governor an “Official” under Rule 206(4)-5.

Unfortunately, the vice president failed to pre-clear the February 2012 contribution with his compliance group and sent in the donation. He does not live in Wisconsin and is not entitled to vote for that Official’s office. So his donation is limited to $150 under Rule 206(4)-5.

T. Rowe Price discovered the errant contribution in March 2014 while developing a testing program that includes searches of public websites for contributions made by employees.

The SEC ruling is a good result for the firm, but shows how out of proportion the SEC rule is for potential harm.

Sources:

Pyramid Scheme or Ponzi Scheme

Charles Ponzi
Charles Ponzi

The Securities and Exchange Commission brought charges against James Evans for engaging in a “Ponzi scheme.” The names of his scheme caught my eye: Cash Flow Bot and Dollar Monster. After digging around, I was puzzled as to what to call the scheme.

A Ponzi scheme purports to be a real investment opportunity, but payouts come from new investor money instead of the returns of the underlying investment (if any). The scheme’s sponsor needs some cover of respectability to convince his prey that he or she is really investing the money and generating returns.

How could an investor think that something called “Dollar Monster” was a real investment?

The websites are gone, but I found this 2010 description of DollarMonster:

DollarMonster is a simple straight-line matrix which is simply a one level payment system. The person at the top gets paid and the entire list below moves up every time 2 purchases in this line are bought.

Pyramid schemes promise consumers (or investors) large profits based primarily on recruiting others to join the program. The scheme is not based on profits from any real investment or real sale of goods to the public. The participant makes money by hoping he or she is near the beginning of the line and many more people come after.

Then I discovered this world of money cyclers. Dollar Monster looks like one of those. You put in a dollar. Two more people behind you put in a dollar, so you get their dollars, and they get paid when four more people put in a dollar. It’s impossible to sustain. By level 11 you need the number or participants to be in excess of the US population. What happens is the money keeps being recycled, crediting each others accounts, then implodes when more people cash out than new recruits join.

I don’t think it’s securities fraud. That may put money cyclers outside the grasp of the SEC. There is no investment contract. There is no pretense that you’re buying equity or debt. You’re just hoping that more people get in line behind you. It’s a game of chicken, keeping your money in and hoping to redeem before the inevitable collapse.

It looks like Dollar Monster went through several iterations over the years. In late 2013 Dollar Monster made the mistake of putting on a cloak of actual investment. That put DollarMonster into the SEC’s scope. According to the SEC complaint, DollarMonster stated its mission was to “provide our investors with a great opportunity for their funds -by investing as prudently as possible – to gain high rates in return.”

Money cyclers are easy to find and don’t pretend to be anything else. Look at the lists here:

None are legitimate ways to make money. It’s largely a gamble that you get in line early enough and can redeem your gain before everyone else. Collapse in inevitable. In the United States, money cyclers fall in a grey area of legality. As long as the platform does not misrepresent itself or make false promises, it may not be illegal.

Dollar Monster made the mistake of misrepresenting itself, making it look like a Ponzi scheme. That makes it securities fraud instead of merely being a sucker’s game.

Sources:

Invest With Managers Who Eat Their Own Cooking

eat your own cooking

“It pays to invest with managers who invest in their funds. ” – Russel Kinnel of Morningstar

I think this statement will come as no surprise to most investors. Mr. Kinnel did some research on mutual funds to prove the point. It turns out that manager investment is correlated to better performance.

Mr. Kinnel was able to group mutual funds into bands required by the SEC based on manager investment. For US equity funds, there was a 10% improvement in success rates between managers who had $0 invested and those who had over $1 million invested.

The sad part is that the success rate for the better managers was still only 39% over the five year period of the study. It dropped to 29% for those not “eating the soup.” Success rate is defined in his study as a mutual fund that survived and outperformed their category peers.

This seems to end up advocating index funds for public equity exposure instead of actively managed funds.

Sources: