September 2015 – Compliance Building

New SEC Rulemaking Database

Strong rulemaking is central to the mission of the Securities and Exchange Commission. Transparency to the process is important so the affected parties can provide input and see changes coming. To help with mission and to improve transparency, the SEC launched a new database intended to provide better transparency.

SEC Seal 2

I applaud any effort the SEC takes to make it easier for compliance professionals to find, understand and implement its regulatory scheme.

I decided to try out the index/database and share my initial thoughts.

The new database does provide a better single source for lots of the SEC rules. It’s better than the current chronological listing of rules. But not not that much better.

The rules have three sortable fields:

Last action
File number
Title of rulemaking

The first two are not useful. Anyone remember the date the rule was proposed or the file no.? No I didn’t think so. The title is useful if you know the name and the name is descriptive.

I decided to look for two rulemaking that interest me: Crowdfunding implementation under the JOBS Act and General solicitation amendments to Form D and the private placement regime.

I had trouble. I didn’t know the date or the file number or the name. I have the choice to limit the rules displayed by Status: “All”, “complete” or “Proposed”. I also had the choice to limit the display by SEC division. None of these choice are particularly useful for the layperson. I’m not sure any of the database choices are even useful for compliance professionals.

The database lacks a separate search.

Fortunately, I have this website so I could search for the post about the changes, find the relevant SEC document and locate the file number on the document so I could use the database.

I found my post on the proposed amendments to Rule 506 and Form D that were released at the time the SEC issued the new Rule 506(c) allowing general solicitation. In the SEC’s database I see that the database shows the proposed rule and second rule re-opening the comment period. I’m not sure I could have found that entry if it were not for this website.

Fortunately, the crowdfunding regulation was actually called “Crowdfunding” so it was easier to spot by sorting the “rulemaking” column.

I did notice that the Naked Short Selling Anti-Fraud rule is out of order because it is titled “Naked” Short Selling Anti-Fraud, with the punctuation disrupting the alphabetical sort.

Sources:

75th Anniversary Celebration: Investment Company and Investment Advisers Acts

75th anniversary

The SEC is hosting a conference Tuesday, September 29 to commemorate the 75th Anniversary of the Investment Company Act and the Investment Advisers Act. The event will include remarks from SEC Chair Mary Jo White and fellow commissioners, as well as a series of panel discussions featuring industry pioneers, former SEC chairmen and division directors, academics and other distinguished leaders from the asset management field.

The Investment Company Act and the Investment Advisers Act, which were signed into law by Pres. Roosevelt in August 1940, are the primary laws governing investment companies and investment advisers, and give the SEC the power to regulate these entities. Investment companies and investment advisers are a significant part of the U.S. capital markets, and in 2015, the SEC oversees registered investment companies with a combined $17.8 trillion in assets and registered investment advisers with approximately $67 trillion in regulatory assets under management.

9:15 a.m. – 9:30 a.m.

Opening Remarks by Chair Mary Jo White

9:30 a.m. – 10:45 a.m.

Panel 1. Asset Management Industry Pioneers

Moderator: Andrew J. Donohue, Chief of Staff

Panelists:

John C. Bogle, Founder and Former Chairman, The Vanguard Group

Don Phillips, Managing Director, Morningstar

James S. Riepe, Senior Advisor and Retired Vice Chairman, T. Rowe Price Group, Inc.

11:00 a.m.

Panel Introduction by Commissioner Daniel M. Gallagher

Panel 2. The Arc of History (Former SEC Chairmen)

Moderator: Chair Mary Jo White

Panelists:

The Hon. David S. Ruder (1987 – 1989)

The Hon. Richard C. Breeden (1989 – 1993)

The Hon. Harvey L. Pitt (2001– 2003)

The Hon. William H. Donaldson (2003 – 2005)

The Hon. Elisse B. Walter (2012 – 2013)

1:15 p.m.

Panel Introduction by Commissioner Kara M. Stein

Panel 3. Diverse Perspectives on the Asset Management Industry

Moderator: David W. Grim, Director, Division of Investment Management

Panelists:

Jameson A. Baxter, Chair of the Board of Trustees of the Putnam Mutual Funds

Matthew P. Fink, Independent Director, Oppenheimer Mutual Funds and author

of The Rise of Mutual Funds: An Insider’s View

Rick A. Fleming, SEC Investor Advocate

Tamar Frankel, Professor of Law, Boston University School of Law

Thomas P. Lemke, Independent Director; Former Executive Vice President,

General Counsel, and Head of Governance, Legg Mason Inc.

2:45 p.m.

Panel Introduction by Commissioner Michael S. Piwowar

Panel 4. The Regulators’ View (Former Division Directors)

Moderator: David W. Grim, Director, Division of Investment Management

Panelists:

Allan S. Mostoff (1972 – 1975)

Joel H. Goldberg (1981– 1983)

Kathryn B. McGrath (1983 – 1990)

Marianne K. Smythe (1990 – 1993)

Barry Barbash (1993 – 1998)

Paul F. Roye (1998 – 2005)

Andrew J. Donohue (2006 – 2010)

Eileen Rominger (2011– 2012)

Norm Champ (2012 – 2015)

4:00 p.m. – 4:15 p.m.

Closing Remarks by Chief of Staff Andrew J. Donohue

HOW: This event is open to the public on a first come, first served basis, and will be available to watch via webcast on www.sec.gov. Guests are asked to check in with the security desk and provide a photo ID upon arrival. Additional event details can be found at sec.gov/spotlight/75th-anniversary-iac-ica.shtml.

The SEC Tries to Change Its Home-Court Advantage

There has been much written about the problems with the Securities and Exchange Commission adjudicating cases in its own administrative law courts. The SEC launched a proposal to change the rules for the SEC’s administrative proceedings to adjust the tilt of the home-court advantage.

home court

It’s clearly a move to limit the problems with the use of administrative judges. That is running into its own Constitutional challenge. It would seem that the SEC should change the appointment mechanism for its administrative judges. Of course that risks having past decisions overturned.

There is a clear home-court advantage for the SEC. The SEC won against 90% of defendants before its own judges in contested cases from October 2010 through March of this year, a Wall Street Journal analysis found. That’s higher than the 69% success rate in federal court.

The SEC’s proposals include many changes to the SEC’s Rules of Practice:

Permit parties to take depositions of witnesses as part of discovery
Require parties in administrative proceedings to submit filings and serve each other electronically, and to redact certain sensitive personal information from those filings
Hold hearings within four to eight months of an order.
Allow depositions but the requesting party would be responsible for all fees and expenses for the witness.
Permit subpoenas to compel a witness to attend a deposition, including one who “testified during an investigation.”
Reveal details of an expert witness’ upcoming testimony, exhibits to be shown and how much compensation the witness received.
Permit the division to withhold information on persons who are in settlement negotiations but “who are not respondents in the proceeding at issue.”

I think this a good step in the right direction for the SEC. There is an advantage to using the expertise of the SEC’s administrative judges who focus on the substantive area than a federal judge who handles a broad range of actions. The focus should be on the substance and not the procedural restrictions in the proceedings. The SEC should not have a home court advantage on the procedural side if it thinks it has better substantive decision-making.

Sources:

The SEC’s Cybersecurity Smackdown

Last week the Securities and Exchange Commission issued a new risk alert on cybersecurity and this week the SEC announced a new action for a cybersecurity breach. The action is just as bad as I thought it could be. It also shows that the SEC is misplaced in being a cybersecurity enforcer.

6870002408_abf6b5b6a8_z

R.T. Jones Capital Equities is a registered investment adviser with about 8400 clients. The firm discovered a breach in July 2013. According to the SEC order, the firm hired at least two cybersecurity firms to assess the breach. Neither cybersecurity firm could determine if Personally Identifiable Information was accessed or compromised during the breach.

According to the order, R.T. Jones has not learned that the breach resulted in any losses to its clients or that their accounts have been compromised. There is only the potential loss of data.

Even with no financial harm, the SEC decided to bring an action.

The cybersecurity firms did discover that the attack was based in mainland China and launched from multiple IP addresses. At every conference that I hear about cybersecurity, an expert will always point out that you cannot prevent an attack and an eventual breach. If there is concerted effort from a sponsored group, the hackers will find a way in.

The SEC cited its “safeguards rule”: Rule 30(a) of Regulation S-P (17 C.F.R.§248.30(a)) as the basis for the action. According to a story by Nicholas Donato in Private Funds Management only in two other instances has the SEC cited this rule in enforcement action: PL Financial Corporation in 2008 and stock trading firm Commonwealth Equity in 2009.

The SEC also goes on to cite that the R.T. Jones compromised server had non-client PII on it. I’m not sure that Safeguards Rule applies to non-customer information.

In the end, R.T. Jones was cited for failing to adopt written policies and procedures reasonably designed to safeguard customer information. For example, R.T. Jones failed to conduct periodic risk assessments, implement a firewall, encrypt PII stored on its server, or maintain a response plan for cybersecurity incidents.

The SEC also fails to establish that adoption of those written policies and procedures would have prevented the breach. But even a non-computer expert like me thinks it was poor effort on the part of R.T. Jones for not having a firewall when there is PII on a public facing webserver. Perhaps the firm’s failing was egregious. The SEC does not state so.

The SEC does state that R.T. Jones had no written policies and procedures for PII. They were not inadequate. They just did not exist. That is one big takeaway from the action. Firms need to at least try to prevent the loss of PII and have the written policies and procedures to try and prevent a breach.

Sources:

SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Policies and Procedures Prior To Breach
SEC order against R.T. Jones
Investor Alert – Identity Theft, Data Breaches, and Your Investment Accounts
SEC fires cybersecurity warning shot ahead of sweep by Nicholas Donato in Private Funds Management
So who thought that the SEC was not serious about cybersecurity by Joshua Horn in Securities Compliance Sentinel
SEC Doubles Down on Cybersecurity by John Reed Stark in Cybersecurity Docket
SEC Says No More Mr. Nice Guy on Investment Adviser Cybersecurity by David Smyth in Cady Bar the Door

Compliance Bricks and Mortar for September 18

These are some of the compliance-related stories that recently caught my attention.

bricks freedon trail

A Hill To Die On By Donna Boehme in SCCE’s Compliance & Ethics Blog

Of the thousands of decisions that must be made in the course of designing and implementing a meaningful compliance program to cover all of an organization’s top risks, what really matters? This is the judgment that successful CCOs develop over time through experience and observation, and working with their mentors and thought circles. It’s as if Fisher and Ury wrote a special CCO edition of their great business book “Getting to Yes,” filled with examples from our field. Now THAT would be a book worth having on every CCO’s bookshelf! Or how about 7 Habits of Highly Effective CCO’s? As the dear departed Dr. Stephen Covey would say “Begin with the end in mind!”

Corporations, the Constitution, and the Rights of Others by Thomas Joo in the CLS Blue Sky Blog

Unfortunately, denying corporate constitutional rights is unlikely to have much effect. Insofar as the Supreme Court has protected corporations under the Constitution, that protection does not expressly rely on the notion that a corporation per se has constitutional rights. To the contrary, a central strategy of the Court’s corporate constitutional jurisprudence has been to avoid deciding whether corporations are the holders of constitutional rights. Constitutional decisions protecting corporations have not been based on the rights of corporate “persons,” but on the less controversial rights of human persons. That is, “corporate” constitutional rights are actually based on the rights of others. [More…]

Mark Cuban Joins Increasing Clamor Against SEC Administrative Proceedings by Amanda Maine, J.D. in Jim Hamilton’s World of Securities Regulation

Businessman Mark Cuban, calling himself a “first-hand witness to and victim of SEC overreach,” has filed an amicus brief in the Eleventh Circuit urging it uphold an injunction of an SEC administrative proceeding against Charles H. Hill, Jr. Cuban drew on his own experience during the SEC’s unsuccessful insider trading action against him to argue that the use of administrative law judges in complex litigation such as insider trading cases is unfair and against the public interest (Hill v. SEC, September 15, 2015). [More…]

Parking Meter Expired. Or Maybe Not by Adam Turteltaub in SCCE’s Compliance & Ethics Blog

All of this is yet another example of why incentives need to be treated as a risk area. When people are offered a reward for hitting a goal, they are more likely to try their best to achieve it. For some, that will mean cutting corners, bending rules, or just plain cheating. [More…]

Cybersecurity Exams Part II: More Governance

Last year, the Securities and Exchange Commission raised a cloud of concern when it started its cybersecurity initiative aimed at broker/dealers, investment advisers and fund managers. Based on an interview in April it seems that initiative would continue into a phase 2. The SEC recently released its OCIE’s 2015 Cybersecurity Examination Initiative.

6870002408_abf6b5b6a8_z

According to the Risk Alert, the exams will focus on six areas:

Governance and Risk Assessment
Access Rights and Controls
Data Loss Prevention
Vendor Management
Training
Incident Response

As with Part I, the Risk Alert has a sample document request letter.

I will once again criticize the SEC’s approach to Cybersecurity.

Not because cybersecurity is not important. It is very important and a risk for all firms.

I criticize because the SEC has push cybersecurity as an anti-fraud requirement. SEC is saying that a failure to adequately address cybersecurity is effectively committing fraud on your investors. The big problem is that breaches cannot be prevented. We have seen that a dedicated hacker can get into any system given enough time. Cyber initiatives can only deter hacks. Once you are hacked, you’re not only facing the problems directly from the hack, but also the looming slap from the SEC that you defrauded your investors.

On top of that, the SEC is mostly accountants and lawyers and the compliance world is mostly accountants and lawyers. Cyber requires IT personnel. I suspect many SEC compliance personnel will stare at some of the items on the request letter and have little idea what the SEC is asking for.

Hand the request to your IT department and see what they can do with it.

Sources:

Anonymous Hacker by Brian Klug
CC BY SA

Outside Trading Defendants Settle

A month ago, the Securities and Exchange Commission brought charges against a large network of traders who made a big pile of money by hacking into corporate press release websites and trading on the news before it was made public. Two traders, who made $25 million in the scheme, settled the charges against them and returned the profits.

New_Toronto_Stock_Exchange_trading_floor

Ukrainian-based Jaspen Capital Partners Limited and CEO Andriy Supranonok agreed to pay the SEC $30 million to settle the charges. That’s a 20% premium on the $25 million that the firm made on the trades. The firm’s assets and accounts were frozen when the charges were brought. I assume that shut down business that went through the United States.

The scheme was based on hacks into Marketwired of Toronto, PR Newswire in New York, and Business Wire of San Francisco. The hackers got an early look at the press releases and traded on the likely movement of the stock.

At times, the scheme has been labeled “insider trading”, but that seems to be a bad label to me. The defendants were using stolen data for their trading strategies. They did not get the information through working inside or for the companies involved. John Reed Stark was one of the first to use the “outside trading” label.

Sources:

SEC Obtains $30 Million From Traders Who Profited on Hacked News Releases
SEC Charges 32 Defendants in Scheme to Trade on Hacked News Releases
‘Outsider Trading’ Crackdown Announced by Bruce Carton in Compliance Week
The SEC’S “Outsider Trading” Dragnet by John Reed Stark in Cybersecurity Docket
Ukrainian Firm, CEO to Pay $30 Million to Settle SEC Charges by Chelsey Dulaney in the Wall Street Journal

Compliance Bricks and Mortar for September 11

These are some of the compliance-related stories that recently caught my attention.

9-11 tribute

What Does Aristotle Have to do With Business Ethics? by Ben Dipietro in the WSJ’s Risk & Compliance Journal

History can show us the consequences of unethical behavior, the disasters that have resulted from unethical behavior. But it’s not just a mirror reflecting bad behavior, it’s also a guide book to proper conduct and to articulate and define what an ethical life is. It makes business people human and humane, as well as profitable. Ethics are not the adversary of profit; there’s a right way of making money and a wrong way. [The right way] is fairly, honestly. A free market requires mutual consent, contract law and transparency. Without good faith and honesty, you cannot have a free market. [More..]

Private fund Performance After the Dodd-Frank Act – Evidence from 2010 to 2015 by Wulf Kaal in the CLS Blue Sky Blog

Our findings support the private fund industry’s claims that increased supervision and disclosure mandated in the Dodd-Frank Act have a negative effect on private fund earnings. A discontinuity exists at the threshold value of $150 million AUM, above which private fund adviser registration under the Dodd-Frank Act becomes mandatory. While the relevant estimates are not significant and the discontinuity is not persistent and dissipates in the subsequent months after the registration effective date for private fund advisers, our results do support the private fund industry’s claims that increased supervision and disclosure via the Dodd-Frank Act affects its profitability. [More…]

Rule 506(c): Updated Stats by Broc Romanek in TheCorporateCounsel.net

Since the exemption became available in September 2013, Form D filing data indicates that as of June 30, 2015:

– Filers checked that they intended to rely on Rule 506(c) in almost 2,900 new offerings, and planned to raise more than $37 billion in new capital and
– Filers checked that they intended to rely on Rule 506(b) in approximately 34,800 new offerings, and planned to raise more than $1.15 trillion in new capital.

Compliance, Workplace Investigations, and Deflategate

The National Football League kicks off its season tonight with star quarterback Tom Brady starting under center for the defending Super Bowl Champions, the New England Patriots. It was tumultuous off-season because of a botched workplace investigation and bungled discipline. There are lessons to be learned for compliance professionals.

First. I’m a long time New England Patriots fan who has watched the team struggle through its early years, its current success and its failures. My view is tainted by my fandom.

Second. The Patriots cheated and improperly inflated game balls during the Colts game last season. There should be punishment.

Other than the star power and wealth of the many people subject to the investigation, it is a routine workplace investigation. The league took steps to determine who did what and who knew what. The NFL hired a supposedly disinterested third-party to conduct an independent investigation. The result was the Wells Report.

The first problem with the investigation was the extended period of time it took to document the investigation. It took five months. That was too long given the small number of individuals involved and narrow time frame during which the bad acts took place.

John Jastremski, an assistant equipment manager, and Jim McNally, the officials’ locker room attendant, were suspended for their role in deflating footballs before the AFC Championship Game. The Wells Report makes a strong finding that these two were actively involved in manipulating the balls improperly.

The league punished the Patriots as an organization, levying a $1 million fine and taking away their first round pick in the 2016 NFL draft and their fourth round pick in the 2017 NFL draft.

The only point in major contention was levying a four-game suspension against Tom Brady. The discipline was because:

With respect to your particular involvement, the report established that there is substantial and credible evidence to conclude you were at least generally aware of the actions of the Patriots’ employees involved in the deflation of the footballs and that it was unlikely that their actions were done without your knowledge. Moreover, the report documents your failure to cooperate fully and candidly with the investigation, including by refusing to produce any relevant electronic evidence (emails, texts, etc.), despite being offered extraordinary safeguards by the investigators to protect unrelated personal information, and by providing testimony that the report concludes was not plausible and contradicted by other evidence.

Although the Patriots agreed to the organizational punishment, Mr. Brady was not willing to agree to the suspension. The Wells Report did not find that Mr. Brady had any direct knowledge of the ball tampering, that he condoned it or that he ordered it.

The legal wrangling highlights that league actions are limited by and subject to the collective bargaining agreement with the players. Union rules are in effect. That sets the process and requirements apart from a workplace of at-will employees.

In the legal appeal, the court found that there was inadequate notice of punishment. Brady had no notice that he could receive a four-game suspension for general awareness of ball deflation by others or non-cooperation with the investigation. Brady also had no notice that his discipline would be the equivalent of the discipline imposed upon a player who used performance enhancing drugs. Adequate notice of punishment is a requirement of union shop rules.

In November 2014, the Minnesota Vikings and Carolina Panthers were caught on film using sideline heaters to warm the footballs during the game in violation of league policies, but no penalties were issued in that case.

In 2010 Brett Favre interfered with an NFL investigation of sexual harassment. He was fined $50,000, but not subject to a suspension.

In 2009, the Jets were caught tampering with game balls used for kicking. The equipment manager was suspended, but there was no punishment levied against the kicker.

In the player policy, equipment violations are noted as being subject to a fine.

The NFL is always going to have a tougher time disciplining players. Not because of their wealth or notoriety, but because of the union rules in place. The other problem is that the NFL has a patchwork of polices and procedures around disciplining players.

Commissioner Goodell labeled Mr. Brady’s behavior as “conduct detrimental” and equated it to steroid use. That is supposedly how he came up with the four game suspension. However, there is a specific policy adopted by the league and the players on steroid use. Under the union rules, Commissioner Goodell can’t up-punish based on an unrelated policy.

The NFL and the players union need to straighten out the disciplinary policies and punishments. The union rules require the players have adequate notice of the likely punishment.

Of course, the Patriots should be punished and they were. Even without the Brady suspension, the monetary fine and loss of draft picks are among the biggest punishments ever imposed by the NFL.

Now it’s time to play the game. Are you ready for some football?!?

Sources:

The SEC Goes After the Gatekeepers

When a fraud is uncovered, the Securities and Exchange Commission not only wants to get the fraudsters, it also wants to get those who should have stopped the fraud: the gatekeepers. The SEC recently brought a case against an investment advisory firm and its CEO for fraudulently inflating the values of investments in the portfolio of a private fund they advised so they could attain unearned management fees. The SEC also brought a companion case against the fund’s external auditors

13814386115_87ab79eb34_z

Chris Yoo and his firm agreed to settle fraud charges related to his failure to inform clients that they received significant fees when referring clients to invest in the fund. In addition to failing to disclose the conflict, beginning in 2011, Yoo directed the firm to withdraw purported fees that were based on fraudulently inflated investment values or were otherwise disproportionate from the fund’s actual profits. Yoo falsely claimed that the fund owned an asset that had appreciated to approximately $2 million in value. In reality, the fund owned an entirely different asset that was worth less than $200,000. As a result of Yoo’s false claim, the fund’s financial statements materially overstated the fund’s investment values. As a result of the inflated values, they withdrew nearly $900,000 in purported fees to which they were not entitled.

The SEC thought the external auditors should have caught the fraud if the auditors had properly conducted a GAAP audit.

Raymon Holmdahl and Kanako Matsumoto worked for Peterson Sullivan LLP and served as the leads on the audit of Yoo’s fund.

“Holmdahl and Matsumoto did not uncover the fraudulent activity because they failed to properly verify the fund’s assets despite having reason to question Yoo’s valuations,” said Erin E. Schneider, Associate Director for Enforcement in the SEC’s San Francisco Regional Office.

Holmdahl and Matsumoto took over the audit work after the previous auditor resigned because it disagreed with the valuation of a particular security. The old auditor could not find enough evidence of the existence of the asset or its valuation. Holmdahl and Matsumoto failed to get third party verification.

Yoo’s fund claimed to own shares in “Prime Pacific Bank” that were illiquid. The fund used a model to claim a price of $3.22 a share, more than triple the $1 purchase price. In reality, the fund owned shares in “Prime Pacific Financial Services” that traded at price between $0.27 and $0.70 during the relevant period. A third party verification should have caught this name mistake.

Sources: