Author: Doug Cornelius

You can find out more about Doug on the About Doug page

Compliance Bits and Pieces for May 7

Here are some recent compliance related stories that I found interesting:

Why Executive Pay Is So High by Neil Weinberg in Forbes.com

So [Gary] Wilson can say, with more than a little credibility, that the boards supposedly overseeing management are instead packed with lackeys with appalling frequency. It’s a familiar complaint but one that he believes is responsible for out-of-control pay, the short-term greed that helped spawn the recent financial meltdown and a staggering waste of resources. Wilson’s solution: Abolish the joint role of chief executive and chairman and install independent bosses to oversee boards.

The Executive Session by Fred Wilson in A VC

Every board meeting should end with an executive session. The term executive session is an oxymoron because it is a meeting of all the board members other than the executives of the company.The first time most CEOs hear of this idea, they hate it. The words “we want to meet without you” strike fear in the hearts of most CEOs. And understandably so.

What is the Cost of FCPA Compliance? Or what is the cost of non-compliance? by Tom Fox

How do you measure the cost of FCPA compliance? Put another way, can your company afford not to be FCPA compliant? What will the costs be if there are allegations of bribery and corruption in your company? Will the investigative costs exceed $100 million as they may well do in Avon’s case? Will your fine, penalty and any profit disgorgement exceed $550 million as happened with Halliburton or simply be in the $330-$340 million range as with its former Joint Venture partners?

Google Move Steps Up Interest in Web Disclosure By Melissa Klein Aguilar in Compliance Week

Last month, the search engine giant published a press release touting its first-quarter 2010 results—without actually detailing what the results were. Instead, it directed anybody curious to visit Google’s investors relations Website and announced that it intends to make all future announcements about financial performance exclusively through news posted there.

That’s a departure from prevalent practice in Corporate America, which is to publish the full text of earnings information in a press release. It also puts Google in the vanguard of companies taking advantage of guidance the Securities and Exchange Commission published nearly two years ago to encourage companies to use disclosure via Website more often.

How The Hell Did GM Pay Back Its Loans “in Full And Ahead of Schedule”? Well, It Didn’t.

Social Networking / Web 2.0 Revolution

This morning I presented to the Association of Legal Administrators. They asked me to give the view as a lawyer, law firm client, former legal administrator and blogger on what law firms should know about web 2.0. I also mixed risks, policies and compliance issues.

The crowd was a diverse bunch in terms of how they use the tools personally and at their law firms.

Here are the materials, with references and links to tools I mentioned in the presentation.

Here is a link to my social media policies database.

Here is the slidedeck:

ALA social networking web 2.0 revolution

Evolving Employee Rights in the Age of Web 2.0

Morgan Lewis presented and informative webcast on Web 2.0 from the viewpoint of the company/employee perspective. These are my notes.

Panelists:

Companies cannot limit the personal use of these sites. But the line between personal and professional can be very fuzzy. You limit access over the company’s network, but employees have easy access from mobile phones and home computers.

They cited Deloitte’s 2009 Ethics & Workplace Survey Examines the Reputational Risk Implications of Social Networks to point out the need of company’s to address social media.

One issues is the reasonable expectation of privacy. This is even more complicated given that the data is in the internet cloud and not the company’s hardware or storage. Most (if not all) of your Web 2.0 data resides in the cloud, not your hard drive or network storage that you control.

Personal Use of Mobile Devices

The first issue with privacy is the use of mobile devices. Its hard to prevent ALL personal use of a company supplied device, especially a mobile device. Even if you ban personal use of the device, it is hard to monitor and hard to enforce. Would you really discipline an employee who made a personal phone call on their blackberry? You need a clear policy that is enforceable. You also need to set reasonable expectations of privacy.

This is exactly the issue addressed in the Quon case, recently argued at the Supreme Court. The panel spent some time discussing the Quon case and some lessons that may be coming out of this case. There are some lessons to be learned from this case, even though the decision may be limited to government workplaces.

The additional complication is that the company (in this case the government) pulled the personal information from a third-party service provider. That implicated the Electronic Communications Privacy Act

Personal Email

They also took a close look at the . That was more focused on the use of personal email and attorney-client privilege. There are some interesting attacks on that company’s computer use policy.

They raised the Convertino v. U.S. Department of Justice (674 F. Supp 2d 97 (D.D.C. 2009). The DOJ found email between an Assistant Attorney General and his personal attorney. He had used a DOJ email account. He deleted the email, but didn’t realize that a deleted copy would be kept. He deleted the emails immediately after they were sent or received.  The court used a similar test as that used in Stengart court to look at the employee’s expectation of privacy. DOJ did not ban personal email on the company system.

The take away is that employees should inform employees that they have no reasonable expectation of privacy in any technology provided by the company. (It is probably too hard to monitor and enforce a complete ban on personal use.) You should also let them know that back-up copies may exist even if the employee deletes a copy.

Proposed Internet/Email Policy

Here are some items they propose :

  • Limit personal use of the company email system.
  • Inform employees they have no reasonable expectation of privacy in any technology provided by the company (e.g., email, Internet, laptop, PDA).
  • All information forwarded or received via the company email system is subject to monitoring and may be stored.
  • All information sent, received or viewed on the Internet, including personal, web-based communications, instant messages, text messages or other forms of communication, can be stored on a computer’s hard drive, the company’s servers, etc. and can be reviewed and retrieved by the company at any time.
  • Back-up copies of electronic communications may exist, even if “deleted” from the computer.
  • Issue periodic reminders to employees that the computers they are working on do not belong to them, and that information accessed on the computers may be subject to inspection and collection.
  • Describe prohibited activities:
    • Disseminating confidential information;
    • Any actions that could be seen as harassing;
    • “Hacking” and related activities;
    • Tampering with or disabling security mechanisms on company computers;
    • Unauthorized downloads; and
    • Violations of copyright laws.
  • Enforce the policy and punish violators.
  • Obtain signed acknowledgements and post the policy.

HR using Web 2.0

There are special limitations for HR and hiring managers. You need to be careful when using social networking sites to find information about potential hires. Do not try to gain a view of someone’s online account through deception.

You should consider whether employees can give recommendations on sites like LinkedIn.

You can’t prohibit employees from discussing terms and conditions of employment. Such a ban would be a violation under the National Labor Relations Act.

FTC Guidelines and the Workplace

The FTC guidelines are also something to keep in mind. Your employees may be the biggest fans of your products. If an employee is talking about your company’s product, the employee needs to disclose they are an employee. Otherwise it could be consider a deceptive testimonial, creating potential liability for the employee and the company.

The FTC guidelines requires disclosure of a material connection between the blogger (commenter, Twitter-er, etc.) and the company. Employment is clearly a material connection. That means it needs to be clearly and conspicuously disclosed. (16 C.F.R. §255.5 ) The existence of a policy will consider the existence of a policy in deciding in whether to bring an enforcement action.

A company should make it clear that the policy is applicable across all communication platforms.

Should you search the internet for information on job applicants?

There are issues. Many people may argue that it is an invasion of privacy. Beyond the practical issues, there are legal issues such as discrimination and unlawful background checks.

You also need to be concerned that the information you find is applicable to that person. There are lots of people out there with similar names. (Even I am not unique: Another Doug Cornelius)

Are you liable for false statements made by your employees?

If the company sponsors the content, then yes the company can be held responsible. Even on a non-sponsored site, if the company does nothing then that could be viewed as assent and be held responsible.

Can you discipline an employee for using these site?

Not if they are complaining about their working environment to other employees. That is protected under the National Labor Relations Act.

If the activity is akin to whistle-blowing, then the activity could be protected under Sarbanes-Oxley or state statute.

A few states specifically protect off-duty, off-site conduct.

Can you prevent employees from saying bad things about the company?

An injunction acts as a prior restraint on speech. [See: Bynorg v. SL Green Realty Corp., 2005 WL 3497821 (S.D.N.Y. 2005)]

It  is easier to get damages for defamation and invasion of privacy. [See: Varian Medical Systems, Inc. v. Delfino]

If the blogger is anonymous, it’s harder to do. Particularly in California, you need to prove defamation before a court will grant a subpoena.

Protect your IP

You want to be careful about how employees are using your logo or other intellectual property on their own sites.

Materials

They posted a copy of the slidedeck from the presentation on their website if you want more detail: Presentation Slidedeck

FTC and Bloggers

Back in December, the Federal Trade Commission released new guidelines that specifically required bloggers to disclose any material connections to a product or company they are writing about.

The FTC had opened an investigation against Ann Taylor Stores for providing gifts to bloggers who the company expected would post blog content about Ann Taylor’s LOFT stores.

Apparently Ann Taylor missed the memo from their law firm about these guidelines.  LOFT held a preview of their Summer 2010 collection and provided gifts to bloggers at January 26, 2010 event. Bloggers who attended failed to disclose that they received gifts for posting blog content about that event.

“Depending on the circumstances, an advertiser’s provision of a gift to a blogger for posting blog content about an event could constitute a material connection that is not reasonably expected by readers of the blog.”

The FTC decided not to bring an enforcement action and Ann Taylor escaped punishment. The FTC gave these reasons:

  1. The January 26,2010 preview was the first (and, to date, only) such preview event.
  2. Only a very small number of bloggers posted content about the preview, and several of those bloggers disclosed that LOFT had provided them gifts at the preview.
  3. LOFT adopted a written policy in February 2010 stating that LOFT will not issue any gift to any blogger without first telling the blogger that the blogger must disclose the gift in his or her blog.

Apparently, LOFT posted a sign at the event stating that bloggers should disclose that they received gifts. It seems clear that companies should get a signed agreement from their endorsers about their requirement to disclose before handing out gifts.

As the FTC had stated when the released the Guidelines, they went after the company not the bloggers. Although the FTC may go after the bloggers also.

Sources:

SEC is Probing Hedge Funds

They’re looking at you.

Rob Kaplan and Bruce Karpati, co-chiefs of the Asset Management Unit of the SEC enforcement division, held their first full staff meeting last week. This new unit will be focusing on misbehavior by private-equity funds, hedge funds, buyout firms, mutual funds and other asset managers. The unit is one of the five specialty units the SEC formed earlier this year.

Side Pockets

Hedge funds use side pockets to protect new investments, long term investments and other assets that they do not want to liquidate in the face of redemptions in the fund. In the Great Panic of 2008 funds used side pockets to limit redemption.

Valuations

One issue related to the side pocket is valuation of the assets. One reason for keeping the assets is because the fund managers feel the assets are not being properly valued in the market. On the bad side, the fund may be charging fees against the inflated value of those side pockets assets. Most side pocket assets are illiquid, which makes valuations difficult to determine.

Management Investment

One surprising priority for the unit is evaluating whether fund managers really have their own wealth invested in the fund when they are saying so in the prospectus and marketing materials.

It sounds like some enforcement proceedings are likely to appear in this area in the next few months.

Sources:

Picture is by Daniel Rosenbaum for The New York Times

What About the Rating Agencies?

There has been lots of criticism aimed at Goldman Sachs over the Abacus 2007-AC1 deal. They help set up a CDO so their client, Paulson & Company, could make a bet on a downturn in the residential real estate market. To make that bet, they allowed Paulson to influence the securities that went into the CDO. Most of them turned out to be dreck and the CDO ended up tanking. Paulson made money from his short position and the investors in the CDO lost more than $1 billion.

Who Was the Client?

Paulson & Company hired Goldman Sachs and paid them $15 million for the structuring of the Ababcus 2001-AC1 CDO. So they were clearly a client.

The purchasers of the CDO were clients of Goldman Sachs. Since they were purchasing securities from Goldman Sachs as a broker-dealer, they were not owed a fiduciary duty by Goldman Sachs. That is one of the current differences between the law governing investment advisers and broker-dealers. Goldman made a statement in the materials that they do not have a fiduciary obligation to the investors.

Goldman Sachs had a split loyalty that is common with Wall Street transactions.

Disclosure

In selling securities you are required to disclose all material information and risks in a prospectus for the security and deliver that prospectus to purchasers.

Goldman claims that its Abacus investors had all the information needed to evaluate risks for themselves in the prospectus.

The SEC is claiming that Goldman should have disclosed that Paulson influenced the selection of securities placed in the CDO and that they were engaged by Paulson to build the CDO so Paulson could take a short position against it.

Illegal or Unethical?

Obviously, the SEC is taking the position that Goldman acted illegally. Personally, I’m not sure it was illegal. If it turns out that they said Paulson was long on the CDO, when he was actually short, then they are in trouble.

Lots of people are arguing that they acted unethically. That is a stronger argument. Goldman may not have been required to disclose Paulson’s role in the transaction, but they probable should have disclosed it.

I prefer to use the very technical term “yechy.” Goldman looks very bad. As a company, they seek to have a better reputation than this.

They should not have structured the transaction this way. They should settle this case, chalk it up as a mistake and act better. (I own some stock in Goldman Sachs that I bought when the price dropped because of these accusations.)

What about the Rating Agencies?

Even with all the dreck in this CDO, the rating agencies still gave a AAA rating to the $480 million Class A, AA to the $60 million Class B, AA- to the $100 million Class C, and A to the $60 million Class D.

Clearly one of the factors in the sub-prime market was the failure of the rating agencies. They were giving AAA ratings to collections of dreck.

S&P defines the AAA rating for structured finance as “judged to be of the highest quality, with minimal credit risk.”

Maybe this chart is better explanation of the ratings:

Sources:

Compliance Bits and Pieces for April 30

HALLDOR KOLBEINS/AFP/Getty Images

I was on vacation last week and apparently missed lots of big news. A volcano kept me from going to Europe, but nothing stopped the SEC from bringing a case against Goldman Sachs. Here are some recent compliance related stories that I found interesting.

The SEC and the Rogue Inspector General by J Robert Brown Jr. in Race to the Bottom

We were dismayed at the leaks that revealed confidential discussions taking place at a closed Commission meeting about the Goldman case. We are equally dismayed at the recent announcement by the SEC’s Inspector General that he intends to look into allegations that the Goldman case was deliberately timed to coincide with financial reform efforts.

Trust Quotes #10: David Gebler by Charles Green in Trust Matters

CHG: What’s the difference between ethics and compliance? And does anyone care about the former?

DG: Compliance is the adherence to prescribed standards of behavior. Compliance training educates people on what behavior is expected of them.

Ethics is the determination of whether people will engage in the desired behavior and what should be done to encourage people to do things they know they should do, but often don’t.

The SEC, The Goldman Case and Critics by Tom Gorman in SEC Actions

Sometimes the SEC is an aggressive market regulator and at other times it appears to be the gang that can not shoot straight. In filing the Goldman case, discussed here, it not only brought the most significant enforcement action in years, but also responded to critics who claim the agency can not take on the Wall Street giants, but only the little guys.

SEC versus Goldman Sachs in Ten Seconds into the Future

It is going to be hard for the SEC to establish that GS defrauded investors by its failure to disclose Paulson’s role and intentions in ABACUS. Why? Paulson wanted to make a bet. A bet is not a sure thing. If Paulson or GS could affect the outcome of the bet then that is another matter.

NYPD to Bicycles: We Got You Now by Scott Greenfield in Simple Justice

In related news, the NYPD determined that the possibility that a pipe bomb could be placed in a bicycle gave rise to the theft of hundreds along Houston Street in Manhattan, in anticipation of President Obama’s trip to Cooper Union last week in honor of Earth Day.

Hedge Fund Industry Will Be Under Close Scrutiny by SEC Division of Enforcement by Frederic D. Firestone and Miachael A. Unger of McDermott, Will & Emery

The hedge fund industry is a top programmatic priority of the U.S. Securities and Exchange Commission (SEC) Division of Enforcement. The Division is currently allocating unprecedented resources to hedge fund issues and investigations. This focus will intensify if hedge fund legislation is passed.

Bourke Appeals Ruling in Most Complex, Convoluted Case in FCPA History by Mike Koehler in Corporate Compliance Insights

An FCPA trial like Bourke’s is rare. An FCPA appeal is even more rare. An FCPA appeal to the influential Second Circuit is even more rare. …This post summarizes the FCPA related issues in Bourke’s brief.

Synthetic CDs, Explained in NPR’s Planet Money

On today’s All Things Considered: A Glossary of Financial Terms, Adam Davidson explains the difference between a mortgage-backed security, a CDO, and a synthetic CDO. Also, why shorts aren’t bad, and what a tranche is.

Who Blows the Whistle on Corporate Fraud?

It takes a village.

Alexander Dyck, Adair Morse, and Luigi Zingales found that fraud detection does not rely on standard corporate governance actors. Instead they found that employees, short sellers and analysts are the top sources in uncovering corporate fraud.

The three researchers studied reported fraud cases between 1996 and 2004 for U.S. companies with more than $750 million in assets. They ended up with a sample of 216 cases, including the high profile cases like Enron, HealthSouth and Worldcom.

They conclude that those in the best position to spot fraud are those who gather a lot of relevant information as a by-product of their normal work.  Employees, industry regulators, and analysts are at the top of the list.

Financial Reward

A monetary award, like the bounty under the Federal Civil False Claims Act, seems to be a good incentive for employees.

Short sellers are another group with a financial incentive.  The researchers looked at short selling activity prior to revelation of fraud. When that activity three standard deviations above the prior three month average they took that as indication that the short sellers had identified a fraud. If you use that benchmark, the short-sellers detected 22 of the fraud cases.

Reputation Reward

The other incentive is the reputation reward that they largely attribute to journalists. A journalist who uncovers a big fraud gets national attention and future career opportunities. It is interesting that when they weight the frauds based on size, journalists move farther up the list as the fraud detector. That seems a clear indication that reporters are more interested in the big, splashy fraud cases. That also means that we cannot expect the media to act as an effective monitor for smaller companies or for technical violations.

Auditors

I’m sure Francine McKenna, of re: The Auditors, would be interested to see their findings regarding auditors.

“We find very weak evidence of auditor’s incentives to blow the whistle. Auditing a fraudulent company is bad for reputation, but conditional on doing so, bringing this information to light has no benefit for an auditor: it is likely to cost him the account and it does not make him gain new ones.”

Compliance

On a positive note from the compliance perspective, of the 216 cases, 74 or 34.3%, were detected by internal governance. But we shouldn’t pat ourselves on the back too much. These cases are pre-2005 and therefore date before the compliance era.

Raw Data

Of the the 142 cases detected by external governance here is the breakdown:

Fraud Detector Cases Percentage
Employee 26 18.3%
Analyst 24 16.9%
Media 22 15.5%
Industry Regulator or SRO 20 14.1%
Auditor 16 11.3%
SEC 10 7.0%
Client or Competitor 9 6.3%
Equity Holder 5 3.5%
Short seller 5 3.5%
Law Firm 5 3.5%

It would be great to move the SEC higher on the list. But it seems that you want to keep as many groups interested in detecting and reporting fraud. There are lots of groups interested in detecting fraud for lots of reasons. We should make sure that all of them stay engaged and have incentives to report the fraud.

Sources:

Image is Qiqi Green Whistle by Steven Depolo under Creative Commons

FINRA Guidance on Private Placements

finra

The Financial Industry Regulatory Authority released Regulatory Notice 10-22 reminding registered firms about their obligations regarding suitability, disclosures and other requirements for selling private placements to customers.

A Broker-Dealer that recommends a security is under a duty to conduct a reasonable investigation concerning that security and the issuer’s representations about it. This is true regardless of the type of security. The “reasonable” standard for the investigation depends on many factors including the nature of the recommendation, the role of the broker-dealer in the transaction, its knowledge of and relationship to the issuer, and the issuer itself.

NASD Rule 2310 requires a broker-dealer to have reasonable grounds to believe that a recommendation to purchase, sell or exchange a security is suitable for the customer. That means they must have a reasonable basis to to determine that the recommendation is suitable for at least some investors. Then they have to determine that it is suitable for the specific customer.

The fact that an investor meets the net worth or income test for being an accredited investor is only one factor to be considered in the course of a complete suitability analysis. In a Regulation D offering the broker-dealer should, at a minimum, conduct a reasonable investigation concerning:

  • the issuer and its management;
  • the business prospects of the issuer;
  • the assets held by or to be acquired by the issuer;
  • the claims being made; and
  • the intended use of proceeds of the offering

Although the “reasonable investigation” must be tailored to each private placement, the regulatory notice provides a list of best practices gathered from member firms.

A. Issuer and Management. Reasonable investigations of the issuer and its management concerning the issuer’s
history and management’s background and qualifications to conduct the business might include:

  • Examining the issuer’s governing documents, including any charter, bylaws and partnership agreement, noting particularly the amount of its authorized stock and any restriction on its activities. If the issuer is a corporation, a BD might determine whether it has perpetual existence.
  • Examining historical financial statements of the issuer and its affiliates, with particular focus, if available, on financial statements that have been audited by an independent certified public accountant and auditor letters to management.
  • Looking for any trends indicated by the financial statements.
  • Inquiring about the business of affiliates of the issuer and the extent to which any cash needs or other expectations for the affiliate might affect the business prospects of the issuer.
  • Inquiring about internal audit controls of the issuer.
  • Contacting customers and suppliers regarding their dealing with the issuer.
  • Reviewing the issuer’s contracts, leases, mortgages, financing arrangements, contractual arrangements between the issuer and its management, employment agreements and stock option plans.
  • Inquiring about past securities offerings by the issuer and the degree of their success while keeping in mind that simply because a certain product or sponsor historically met obligations to investors, there are no guarantees that it will continue to do so, particularly if the issuer has been dependent on continuously raising new capital. This inquiry could be especially important for any blind pool or blank-check offering.
  • Inquiring about pending litigation of the issuer or its affiliates.
  • Inquiring about previous or potential regulatory or disciplinary problems of the issuer. A BD might make a credit check of the issuer.
  • Making reasonable inquiries concerning the issuer’s management. A BD might inquire about such issues as the expertise of management for the issuer’s business and the extent to which management has changed or is expected to change. For example, a BD might inquire about any regulatory or disciplinary history on the part of management and any loans or other transactions between the issuer or its affiliates and members of management that might be inappropriate or might otherwise affect the issuer’s business.
  • Inquiring about the forms and amount of management compensation, who determines the compensation and the extent to which the forms of compensation could present serious conflicts of interest. A BD might make similar inquiries concerning the qualifications and integrity of any board of directors or similar body of the issuer.
  • Inquiring about the length of time that the issuer has been in business and whether the focus of its business is expected to change.

B. Issuer’s Business Prospects. Reasonable investigations of the issuer’s business prospects, and the relationship of those prospects to the proposed price of the securities being offered, might include:

  • Inquiring about the viability of any patent or other intellectual property rights held by the issuer.
  • Inquiring about the industry in which the issuer conducts its business, the prospects for that industry, any existing or potential regulatory restrictions on that business and the competitive position of the issuer.
  • Requesting any business plan, business model or other description of the business intentions of the issuer and its management and their expectations for the business, and analyzing management’s assumptions upon which any business forecast is based. A BD might test models with information from representative assets to validate projected returns, break-even points and similar information provided to investors.
  • Requesting financial models used to generate projections or targeted returns.
  • Maintaining in the BD’s files a summary of the analysis that was performed on financial models provided by the issuer that detail the results of any stress tests performed on the issuer’s assumptions and projections.

C. Issuer’s Assets. Reasonable investigations of the quality of the assets and facilities of the issuer might include:

  • Visiting and inspecting a sample of the issuer’s assets and facilities to determine whether the value of assets reflected in the financial statements is reasonable and that management’s assertions concerning the condition of the issuer’s physical plants and the adequacy of its equipment are accurate.
  • Carefully examining any geological, land use, engineering or other reports by third-party experts that may raise red flags.
  • Obtaining, with respect to energy development and exploration programs, expert opinions from engineers, geologists and others are necessary as a basis for determining the suitability of the investment prior to recommending the security to investors.

“An increase in investor complaints regarding private placements, as well as SEC actions halting sales of certain private placement offerings, led FINRA to launch a nationwide initiative that involves active examinations and investigations of broker-dealers engaged in retail sales of private placement interests,” said FINRA Chairman and CEO Rick Ketchum.

Sources