Month: March 2009

Did Compliance Programs Fail During the Financial Industry Meltdown?

ice_cubes_openphoto

Most people would say yes to this question. I think the answer is more complex. A stand alone compliance program could not prevent the over-exuberance, excessive risk taking, and ethical lapses that lead to the meltdown.

The inspiration for this post came from an article by David Hechler, Risky Business: Did compliance programs fail the test during the financial industry meltdown? for the April edition of Corporate Counsel. Hechler focused on Countrywide Financial Corporation and Tim Mazur, who was an ethics officer at Countrywide. Hechler comes up with three lessons from

  1. Misaligned Compensation Mangles Companies
  2. You Don’t Build an Ethical Culture in a Day (or Year)
  3. Empowerment Is More than a Nice Word

The real problem was a failure of compliance at the structural level, not the program level.

Top-level executive compensation for public companies will be linked to stock performance. There are many people discussing the pros and cons of this approach and how it affects compliance. The more important place to look for misalignment of compensation is front-line employees and mid-level managers.

The examples in the story about Countrywide are a great example. Loan officers at Countrywide were paid higher commission for sub-prime loans than traditional loans. Wrong compensation. Those loans are riskier to the company so they should be less valuable and be subject to a lower commission. (You should also question why commissions would change from one loan product to another.)

The compensation to the loan officer is tied to origination of the loan with no compensation tied to the repayment of the loan. So of course, underwriting standards are going to deteriorate as the pool of good borrowers shrinks and you need to find less qualified borrowers to take on loans.

The managers of these loan officers were also similarly compensated based on origination of the loans so they were going to push for more and more loans regardless of the likelihood of repayment. There is a similarity to this structure and the the structure at Enron. In The Smartest Guys in the Room: The Amazing Rise and Scandalous Fall of Enron, the authors paint a picture of Enron focused on origination of deals with little resources or focus on managing the deals.

You can’t build an ethical culture if the structure is not in place. Mazur contends that he did not have enough time to build an ethical culture at Countrywide. Unless he would have been able to change that front-line employee compensation model, I do not think he could have prevented the problems at Countrywide.

You need to align the institutional incentives of your company for a compliant and ethical company. You also need to align the personal incentives for employees throughout the company to match those institutional incentives.

See:

Update: fixed some typos

OFAC: Are You In Compliance?

attus_logo

ATTUS Technologies was kind enough to host a webinar on OFAC compliance. Bradley Allen, CAMS, gave the presentation and these are my notes.

The mission of Office of Foreign Assets Control is to administer and enforce economic and trade sanctions based on U.S. foreign policy and national security goals against selected targets. It really came into the forefront as a result of the Post 9/11 policies. OFAC is not just about terrorists and terrorism countries, but also narcotics traffickers and drug kingpins.

Bradley led us through the history of OFAC

  • Secretary Gallatin – Embargo Act of 1807
  • Civil War “Trading with the Enemy Act” (TWEA)
  • WW I “Trading with the Enemy Act of 1917”
  • WW II Office of Foreign Funds Control (FFC)
    • German Invasion of Norway 1940
    • FFC Regulations – Economic Warfare
  • FFC becomes OFAC – December 1950
    • TWEA applied to North Korea & China
  • TWEA applied to Cuba – 1963
  • IEEPA – Peacetime Sanctions – 1977

The key piece is the Specially Designated Nationals list that is gathered by several government agencies with a thorough review process before getting on the list. (It also makes it hard to get off the list.)

The enforcement options can range from no action, issuing a warning letter, a revocation of an export license, civil penalties and even criminal prosecution. There is currently a $250,000 minimum penalty or 2x the value of transaction, whichever is greater. There have been very few criminal prosecutions. The new enforcement guidelines are under IEEPA Enhancement Act October 16, 2007 (P.L. 110-96, 121 Stat 1011) The penalty depends on whether the conduct was egregious and whether you voluntarily disclosed the violation.

There are various pieces of authority for the OFAC lists and enforcement:

  • Trading With the Enemy Act (TWEA), P.L. 65- 91, 40 Stat. 411 (Oct. 6, 1917)
  • International Emergency Economic Powers Act (IEEPA), P.L. 95-223, 91 Stat. (Dec. 28, 1977)
  • Executive Order 13224
  • Various other statutes

Chiquita was fined $25 million by OFAC for paying a Columbian terrorist group for protection. Farq had threatened to kill the Chiquita workers.

Lloyds TSB was fined $350 million for doing business in Iran. Even though they were based in London, they routed wire transfers through new York. That made them subject to OFAC.

For OFAC compliance, you need to screen all new relationships before engagement in business (clients, vendors, and employees). The OFAC list is updated frequently (there were 54 updates last year.) You need to re-screen periodically and you need a policy to memorialize when you re-screen.

See:

AIG Bonus – My Thoughts

AIG

I have not said much about the AIG bonus hullabaloo. Frankly, I thought the outrage was ill-informed and silly. AIG wanted to keep some people around to help fix the mess it was in. Any sensible person would have one foot out the door of AIG looking around for a more stable employment opportunity. So AIG did what companies in bankruptcy typically do. They offered retention bonuses to entice people to stick around.

I understand it looks bad that taxpayer money is going to bonuses for a company at the epicenter of the financial meltdown. But a company is only as good as its employees.

I assume the bad idea of taxing these bonuses passed by the House of Representatives will die in the more sensible Senate discussions. (The Senate may also have read the Constitution and noticed that section prohibiting Bills of Attainder.)

If you still have a pitchfork in your hand and want the AIG bonuses revoked, take a look at this letter of resignation from Jake DeSantis: Dear A.I.G., I Quit!. It was published in the Op-Ed Section of the New York Times.

I take this action after 11 years of dedicated, honorable service to A.I.G. I can no longer effectively perform my duties in this dysfunctional environment, nor am I being paid to do so. Like you, I was asked to work for an annual salary of $1, and I agreed out of a sense of duty to the company and to the public officials who have come to its aid. Having now been let down by both, I can no longer justify spending 10, 12, 14 hours a day away from my family for the benefit of those who have let me down.

Does that sound like a guy who is “stealing” taxpayer money?

See:

Ways Companies Mismanage Risk

hbr_2009_march

René M. Stulz put together Six Ways Companies Mismanage Risk for the March issue of the Harvard Business Review. Professor Stulz summarizes his thoughts in that “conventional approaches to risk management present many pitfalls. Even in the best of times, if you are to manage risk effectively, you must make extremely good judgment calls involving data and metrics, have a clear sense of how all the moving parts work together, and communicate that well.” Risk management is a new discipline, moving from the domain of the quant geeks to the board room. It is hard to pull it all together

Based on the recent downfalls of financial companies, it is clear that they lost a sense of of how the pieces of their risk management worked together. (See my earlier post: The Risk Management Formula That Killed Wall Street.) You need to understand the data, understand the weaknesses of the formulas that manipulate the data, and the understand what is missing from the end result. Most of the danger comes from what you don’t know that you don’t know. To avoid that you need to continually learn so there is less you don’t know and continually be cognizant that there is still much that you don’t know.

Here are the six ways from Professor Stulz:

  • Lack of appropriate data. The rapid financial innovation of recent decades has made historical data less useful.
  • Narrow measures of risk. Traditional daily measures of risk can’t capture a company’s full exposure when market fundamentals are shifting.
  • Overlooked risks. Hedge funds that bought high-yielding Russian debt in the 1990s failed to properly account for counterparty risk.
  • Hidden risks. Unreported risks have a tendency to expand in financial institutions.
  • Poor communication. Complex and expensive risk-management systems can induce a false sense of security when their output is poorly communicated to top management.
  • Rate of change. The risk characteristics of securities may change too quickly to enable managers to properly assess and hedge risks.

“If you live in Florida or Louisiana, you shouldn’t spend a lot of time thinking about how likely it is that you’ll be hit by a hurricane. Rather, you should think about what would happen to your organization if it was hit by one and how you would deal with the situation. Instead of focusing on the fact that the probabilities of catastrophic risks are extremely small, risk managers should build scenarios for such risks, and the organization should design strategies for surviving them.”

René M. Stulz is the Everett D. Reese Chair of Banking and Monetary Economics at The Ohio State University’s Fisher College of Business in Columbus.

See:

COBRA Expansion and Premium Subsidy Under The 2009 Stimulus Act

logo goulston and storrs

Jack Eiferman, Director, Goulston & Storrs, specializes in healthcare and Adrienne Markham, Director, Goulston & Storrs, specializes in employment law gave this webinar and I thought I would share my notes.

Adrienne pointed out that federal COBRA is only for companies with more than 20 employees. Massachusetts, like many other states, have a mini-COBRA that applies to companies with fewer than 20 employees.

The ARRA added the new temporary COBRA subsidiary that applies to anyone “involuntarily terminated” since September 1, 2008 and prior to the end of 2009. There is an exception if you are involuntarily terminated for gross misconduct. Then you are not eligible for COBRA or the subsidiary.

Unfortunately the law does not define “involuntarily terminated.” If you want to get the subsidy you need to properly document the termination.

Employers are allowed to add a 2% administrative premium on COBRA coverage. The subsidy is 65% of the health care insurance costs. Employer gets a dollar for dollar credit on the payroll tax for the subsidy.

The subsidy benefit is currently for 9 months. (Although there is some discussion on extending the duration.) COBRA coverage is for eighteen months and remains unchanged.

If you already received checks for COBRA coverage. You can either refund the overpayment to the employee or credit the excess payments to future payments (as long as the catch-up within 120 days).

For COBRA eligible employees who did not elect COBRA or dropped the coverage, they get a second bite at the apple. You need to send a notice to those employees giving them another chance at electing COBRA coverage.

It also applies to other health coverage like dental and vision, as well as medical coverage. It does not apply to health care reimbursement plans.

The employer cannot pay the 35% payable by the employee. The employee or anyone except the employer must pay the 35%. The employer cannot claim their 65% credit until the employee pays their 35%.

There are some income requirements for eligibility. But this is the responsibility of the employee, not the employer.

What to do?

  • Identify all former employees who were subject to COBRA triggering events from September 1, 2008 to February 17, 2008.
  • Identify those who are eligible.
  • Send the right notice.
  • Manage the payment and election process.

It is important to have a compliance program for tracking eligible employees, premium payments, tax filings, etc.

See:

Compliance and Recommendations on Social Networking Sites

View Doug Cornelius's profile on LinkedIn

I am an enthusiast of social networking sites and web 2.0. But I realize they have limitations and dangers. I have been very concerned about the Recommendations feature in LinkedIn. That feature allows any of your connections on LinkedIn to post a recommendation or endorsement about you that appears on your profile page.

At first, that seems great. Since the one view of LinkedIn is that it operates as an online resume, posting recommendations is a smart feature. But what if you are in a regulated industry? Many professions have limitation on what they can say in advertisements and what they can say about their services.

I took a look at how recommendations are regulated for investment advisers and for lawyers. Two areas that affect me the most.

If you a registered investment adviser, you are subject to Rule 206(4)-1:

a. It shall constitute a fraudulent, deceptive, or manipulative act, practice, or course of business within the meaning of section 206(4) of the Act for any investment adviser registered or required to be registered under section 203 of the Act, directly or indirectly, to publish, circulate, or distribute any advertisement:

(1) Which refers, directly or indirectly, to any testimonial of any kind concerning the investment adviser or concerning any advice, analysis, report or other service rendered by such investment adviser. . .

It looks like recommendations are prohibited in an “advertisement.” The definition of “advertisement” is broad:

b. For the purposes of this section the term advertisement shall include any notice, circular, letter or other written communication addressed to more than one person, or any notice or other announcement in any publication or by radio or television, which offers (1) any analysis, report, or publication concerning securities, or which is to be used in making any determination as to when to buy or sell any security, or which security to buy or sell, or (2) any graph, chart, formula, or other device to be used in making any determination as to when to buy or sell any security, or which security to buy or sell, or (3) any other investment advisory service with regard to securities.

Is your LinkedIn profile an “advertisement” under this rule?  If you state that you offer investment advisory services on your LinkedIn profile, then I think it is an advertisement. So you should not have recommendations.

What about lawyers? The first problem is that every jurisdiction has a different set of rules about attorney advertising. You need to take a look at the rules in your jurisdiction.

First look to the ABA Model Rule 7.1:

A lawyer shall not make a false or misleading communication about the lawyer or the lawyer’s services. A communication is false or misleading if it contains a material misrepresentation of fact or law, or omits a fact necessary to make the statement considered as a whole not materially misleading.

Under this rule, you could have a recommendation as long as does not have a material misrepresentation and is not misleading. That gets you into gray areas very quickly.

This is just a model rule. Every state is different. For example, Arkansas[Rule 7.1 (d)], Florida [Rule 4-7.2(c)(1)(J)], Indiana [Rule 7.2(d)(3)], South Carolina [Rule 7.1(d)], and Wyoming [Rule 7.2(h)] all explicitly prohibit any kind of testimonial in attorney advertising. Nevada, Pennsylvania, California, Louisiana, Missouri, New York, Oregon, South Dakota, Texas, and Virginia have limitations on what can be said in a testimonial or a disclaimer that needs to be present.

What do I think? Keep recommendations off your LinkedIn profile.

See:

SEC Settlements in Ponzi Scheme Cases: Putting Madoff and Stanford in Context

Charles Ponzi
Charles Ponzi

In the last six and half years the Securities and Exchange Commission has reached settlements with over 300 defendants in cases related to alleged Ponzi schemes. NERA Consulting has been tracking these SEC settlements since the Sarbanes-Oxley Act was enacted in July 2002.

In that time frame there have been 12 Ponzi scheme settlements that involved alleged fraud in excess of $50 million. Jan Larsen and Paul Hinton of NERA Consulting put together an overview of those 12 cases and their SEC Settlements: SEC Settlements in Ponzi Scheme Cases: Putting Madoff and Stanford in Context (.pdf).

Based on the settlement amounts shown in this report, things don’t look good for the Madoff investors. The settlement amounts are small, averaging less than 10% of the fraud size. Most of the total settlement amount is tied to the Private Capital Management, Inc. case where $112 million of the $145 was recovered.

nera_table

Thanks to Bruce Carton of Securities Docket for pointing out this report (via Twitter).

Business Codes of The Global 200

kpmg

In drafting and updating my code of conduct and ethics it is always useful to see what other companies are doing. I look for both approach, content and style. For instance, I collected the Whistleblower Hotlines for Home Builders. It is great to see a comparison of a group of compliance codes. KPMG put together a study of the codes of conduct for the Fortune Global 200 companies: Business codes of the Global 200 — their prevalence, content and embedding (.pdf).

A good and properly implemented business code is not just a nice thing to have; it is based on an all-encompassing business need. A business code contributes to an organization’s strategic positioning, to strengthening its identity and reputation, to an improved corporate culture and work climate, and to improved financial performance. A business code and the compliance program to implement it are the cornerstone of an organization.

This whitepaper illustrates some of the results from a study that KPMG conducted with RSM Erasmus University. In 1990 only 14% of the Global 200 had a code of conduct but in 2007 86% of them have a code, including 100% of North American firms.

A few interesting things jumped out at me.

The codes are mostly directed at employees, with less than half discussing corporate responsibility to shareholders. I found this strange since the purpose of the code should be to protect the shareholder’s investment and provide a long-term result for shareholders. It is the focus on the short-term that leads to trouble.

Although 73% of the codes refer to the acceptance of gifts, only 59% refer to the offering of gifts. You would expect a code to address both.  Since both offer the same danger of being viewed as bribery.

See:

Martindale-Hubbell Connected – My Thoughts

mh_connected_banner

I have been a member of the Martindale-Hubbell Connected community for several months. I met John Lipsey, Vice President, Corporate Counsel Services for LexisNexis in September at a speaking engagement on Social Networking for Lawyers. John told the story of why Connected would be a great resource for lawyers.

The lure of Connected is the idea of combining an online networking community, the Martindale-Hubbell lawyer listings, and the enormous pool of data in the Lexis databases. Theoretically, your lawyer listing,  articles, cases, news, and people connections would be all linked together in one place. As with blogging, you could show your expertise through the stuff you write, the cases you work on, the transactions you work on and the news about you. Then you tie that all information to a central profile and connect with the people you know.

That’s a great story. They even put together this snazzy video to prove it:

But so far it is just a story.

The site is merely a social network site with a connection to Martindale-Hubbell  listings. So far there is no connection to the substantive Lexis content. Even the social networking tools are mediocre.

I was told that there are some major upgrades and changes coming soon as they plan to open Connected to a wider audience at the end of March.

To be fair, Connected is not a disaster like the ABA’s LegallyMinded. But, Connected does not have the interesting community of users and content like Legal OnRamp, a similar platform. Connected does not have the large population of users like LinkedIn and Facebook. Connected also lacks many of the rich features of LinkedIn and Facebook.

Part of Connected’s approach is create an authenticated community. So that the person is who they say they are. An interesting approach, but to me it seems like a lot of work for little value. (Perhaps they are scarred by the squatters holding LexisNexis in Twitter.) The authentication seems designed around the Martindale listing. So to start you need to be a lawyer to get. Apparently they are going to open Connected to the larger legal community sometime this summer (according to Kathleen Delaney in the comment to this post).

Frankly, I am not sold on having a gated community for a broad legal community. What would I publish or say in Connected that I would not otherwise say on this blog, Twitter, Facebook, or LinkedIn? I am an early adopter, so maybe the general legal population would be more likely to contribute in Connected than on one of the public platforms? I am skeptical.

I have not written about Connected because there is not much to write about. It is sparsely populated and lacks content. I am one of the few non-Lexis people doing much with it. (As a curmudgeon, I mostly complain about the lack of features and the stuff that does not work.) They do replicate Compliance Building in Connected (a brilliant decision), but they have had trouble tying the posts to my Connected profile.

Lexis slapped the “beta” label on Connected because they are still working on it. Either they have a lot of work to do, or the site is intended to be mediocre.

See:

UPDATE: I corrected the spelling to “Hubbell.”