Month: February 2009

Web 2.0 – Leveraging New Media to Maximize Your Securities & Compliance Practice

On February 17, 2009, Securities Docket is sponsoring a webcast that will look at the numerous ways that securities and compliance counsel and professionals can now use web 2.0 to promote, market, and network themselves, their practices and their firms as never before.

Please join Bruce Carton, Editor of Securities Docket, and me for a webcast that will discuss the best new tools and strategies available to securities and compliance counsel and professionals, including:

  • RSS;
  • Social Media, such as Twitter, LinkedIn, and Facebook;
  • Blogs;
  • and much more.

To attend this webcast scheduled for February 17, at 2 pm Eastern, please sign up on the Securities Docket website.

Massachusetts Amends and Extends Its Data Privacy Law

According to this press release from the Massachusetts Office of Consumer Affairs and Business Regulation, they have once again extended the deadline for complying the with the regulations. Now the regulations will take effect Jan. 1, 2010.

I have not had a chance to analyze the differences yet, but here are the amended regulations under 202CMR 17.00 (.pdf).

Morgan Stanley Self-Reports FCPA Violation

morganstanley_logoIn a February 9, 2009, 8-K Filing with the SEC, Morgan Stanley self-reported a violation of the Foreign Corrupt Practices Act:

II. In an unrelated matter, Morgan Stanley announced today that it has recently uncovered actions initiated by an employee based in China in an overseas real estate subsidiary that appear to have violated the Foreign Corrupt Practices Act. Morgan Stanley terminated the employee, reported the activity to appropriate authorities and is continuing to investigate the matter.

FINRA’s Guide to the Internet

FINRA has published a Guide to the Internet for Registered Representatives. It paints a difficult picture for registered representatives wanting to use Web 2.0 tools.

FINRA breaks internet activity into five main group for purposes or regulatory requirements:

  • Publicly available Web sites (including banner advertisements, blogs and bulletin boards) are considered advertisements.
  • An email or instant message sent to 25 or more prospective retail customers is considered sales literature.
  • An email or instant message is considered correspondence if it is sent to i) a single customer (prospective or existing) ii) to an unlimited number of existing retail customers and/or less than 25 prospective retail customers (firm-wide) within a 30 day period.
  • Password-protected Web sites are considered sales literature.
  • Chat room discussions are considered public appearances.

I am not sure all of this is a particularly useful grouping since many of the characteristics are shared across the groups. For instance how does a chat room differ from comments on a blog. How does an RSS feed differ from an email to 25 or more prospective customers? But FINRA does acknowledge that “a member firm’s obligations to supervise electronic communications are based on the content and audience of the message, rather than the electronic form of the communication.”  [FINRA Regulatory Notice 07-59 (.pdf) on the Supervision of Electronic Communication. ]

Given that many of the Web 2.0 tools are communications with the public, you should look at FINRA Rule 2210 Communications with the Public. The rules are major impediment to the use of Web 2.0

SEC Requirements for Online Annual Reports and Proxy Statements

The SEC is trying to move investors further into the internet era with its new regulations on the ability to furnish proxy materials to shareholders by posting them on an Internet Web site and providing shareholders with notice of the electronic availability of the proxy materials. [SEC Release 34-56135] This is amendment to the original electronic delivery regulations in SEC Release 34-55146.

I am confused with a statement on page 11:

The materials must be presented on the Web site in a format, or formats, convenient for both reading online and printing on paper.[FN35]
footnote 35:
We believe that requiring readable and printable formats is important so that shareholders have meaningful access to the proxy materials. When determining the readability and printability of formats, issuers should consider the size of the files because many shareholders do not have broadband connections. Although some types of files may be suitable for persons with high-speed Internet access, the readability and printability of a document may be affected significantly by the time that it takes to download the document.

I expect that most people expected they post a .pdf version of their annual report and proxy statement on their website. This seems to indicate that you can’t if it would take a long time to download.  Personally, I though .pdf files would be the way to go. This leaves some doubt in my mind. Pdf files tend to be big which would result in a long time to download.

You can read more in this summary by John F. Olson, Partner, Gibson, Dunn & Crutcher LLP and Visiting Professor, Georgetown Law Center on The Harvard Law School Corporate Governance Blog: E-Proxy Rules Take Effect for All Public Companies.

Recent Changes to the ADA and FMLA

goodwinprocter_logoGoodwin Procter presented a webinar on recent changes to the Americans with Disability Act and the Family and Medical Leave Act. Rob Hale moderating the presentation.

Heidi Goldstein Shepherd led off with a background on the ADA. The key concept for employers is that it is up to the employee to request a “reasonable accommodation” by the employer. New amendments to the ADA went into effect on January 1.

The new term is “substantially limited” which is supposed to be defined by the EEOC. Unfortunately, the EEOC has not promulgated this definition.

The question of disability is still considered on a case-by-case basis. Employer needs to determine if the accommodation requested is reasonable. Employer is not required to lower quantitative or qualitative standards as a “reasonable accommodation.” Conduct standards can be enforced if  “job related and consistent with business necessity” and applied consistently.

Steve Feldstein looked closer at the EEOC enforcement guidance. An employee who first requests the accommodation during a discipline process still remains subject to the discipline. If you go to fire a person and person first claims a disability, it is too late for the employee.

An employer should not raise the possibility of disability in discussing a performance problem. Leave it up to the employee.

California has a different standard than the federal law for disabilities. It is not a “substantial impairment of a major life activity.” It is just an “impairment of a major life activity.”  In making a reasonable accommodation it requires you to engage in an interactive process.

Rob Hale moved on to the new FMLA regulations. There were many changes and extensive. But the substance did not change much. Rob focused on three types of changes: (1) National Defense Re-Authorization act and military leaves, (2) some substantive leave changes, and (3) changes in the notice and information right.

The military change only applies to reserve and national guard being called up for military service.  Allows time off for when the soldier returns. Also allows leaves for childcare when a family member leaves for service.

Rob moved on to new substantive changes.

  • There is longer period for counting the 12 months of service
  • If the person is out on leave that could count as part of the 12 months of service
  • Serious health condition standard changed for 2 doctors visits, now within 30 days
  • Paid leave during FMLA leave, then the paid leave provisions overrule so you can get kicked out the paid leave to the unpaid FMLA leave
  • Intermittent leave allows you to count part of day absence as a full day absence under the “physical impossible rule”  (Rob used the example of a clean room worker.)
  • You can deny a perfect attendance bonus if the employee was out on FMLA leave.
  • Releases of past FMLA claims are now permissible. (You cannot release future FMLA claims.)

Rob moved on to the new notice changes. There is a new poster you need to put up. (Ours is up.) Rob points out that you can also post it electronically.

The designation notice needs to be delivered in five days. Employee notifications have largely not changed. They have to state that they want to take a FMLA leave. Saying you want to take time off to take care of a sick child (etc.)  may not be enough. There is more pressure on frontline managers to determine if the reason is FMLA eligible.

Employer can impose requirements on FMLA request that they do with other leave request. So you can require written notice or require them to call a certain number.

There are new forms for medical certification. There are also some new procedures for completing the form and what to do if the form is incomplete.

Rob emphasized the need to have a leave counting period. Employers need to designate the 12 month period during which they can use the 12 weeks of leave.  He has seen some employees win suits by using an alternative counting method.

Steve pointed out that California has an alternative law covering medical leave: California Family Rights Act.  California allows leave for domestic partners (registered with the state and living in the same residence). Pregnancy gives you a longer time off.  Interestingly, the domestic partner situation allows a longer time off because you can take the CFRA leave and then the FMLA since the domestic partner leave is not recognized under the FMLA.

Goodwin also made some materials available:

Why Don’t Sanctions Deter Fraud?

Meric Craig Bloch theorizes that punishing people who are caught committing fraud is not an effective way to deter fraud. The reasons behind his theory:

  • Employees who commit fraud don’t anticipate getting caught. The threat of sanctions does not deter them because they don’t expect to face them. To deter them, you have to raise the “perception of detection” – people who believe they will be caught committing fraud are less likely to commit it.
  • Employees who commit fraud rationalize their conduct so that it seems legal or justified. They do not see their actions as wrong.
  • Because employees who commit fraud are primarily motivated by status, the greatest threat they face is that their crime will be detected.
  • Sanctions are reactive – you are punishing someone after the damage to the company has been done.

Is Your Organization Adequately Prepared to Fight Today’s Workplace Fraud?

EthicsPoint published this webinar focusing on proper and efficient investigations.

The presenter was Meric Craig Bloch, VP Compliance and Corporate Investigations of Adecco Group North America.

Meric predicted more fraud coming into the workplace as part of this down economy. Managers are focused on making their numbers and it is harder to do.

Profile of a fraudster:

  • Likely acts alone
  • Likely a male over 40
  • Has worked at the company for a number of years
  • Some college (and probably more) education
  • no criminal record
  • no history of job discipline

It is obvious from this that fraud risk is less on the person and more on the internal situation and pressures. The fraud triangle is a combination of:

  • opportunity – compliance programs are in place to remove opportunities
  • rationalization – when dissonance happens and gets justified as not stealing (for instance –  entitlement, revenge, minimal damage, everyone else is doing it)
  • pressure – how and when fraud happens when the pressure to commit fraud is greater than the pressure to not

In this down economy the pressure is increased. So we need to remove the opportunities.

What is the ideal opportunity for a fraudster:

  • weak internal controls or ability to override
  • Pressure to be dishonest
  • perceived reward is relatively high
  • perception of detection is low
  • potential penalty is low

What is the best way to respond

  • good internal controls
  • raise the perception of detection
  • manage pressures and incentives (this includes treated employees during layoffs and not setting difficult targets)
  • focus on identified risks
  • zero tolerance for fraud

Meric calls for doing a fraud risk assessment. Learn about the potential fraud risks inside your company and the impact on the external view of your company. You need to determine your own tolerance for fraud risk. You need assess both the likelihood and impact of the fraud. Then you can evaluate your internal controls to see if they are designed effectively and are they operating effectively. Then you need to address the residual risks that are not mitigated by existing controls or anti-fraud programs.

Meric points out that you need to take steps to detect fraud. One tool is a whistleblower hotline. But hotlines are passive. You need someone sufficiently motivated to pickup the phone and make the call. You should make fraud reporting a mandatory requirement.

Fraud generally continues until detected. Half of fraud schemes are discovered by accident.

Fraud allegations can come from many sources, so you should have a consistent protocol for investigating fraud. Your organization should have a best practice for investigations. You need to make sure the investigations are run consistently and are well-documented.

The investigator is not the police. As the investigator you need to think about the business needs. Your investigation should lead to process improvements and better internal controls.

One of the questions was how to prove ROI. Of course, compliance is all about preventing fraud and loss. So it is hard to show savings for events that did not happen.