April 2009 – Page 2 – Compliance Building

Failure to Conduct Diligence Can Lead to SEC Sanctions

SEC Enforcement Logo

If you advertise that you have due diligence process, you had better follow that process. The Securities and Exchange Commission brought an administrative proceeding against an investment adviser for failing to follow its advertised due diligence program.

The Hennessee Group promoted its process for evaluating and selecting hedge funds as the “Five Level Due Diligence Process.” They represented to clients and prospective clients that they would not recommend investment in hedge funds that did not satisfactorily complete all five levels of its due diligence evaluation. The Hennessee Group routinely touted the excellence and rigor of the process.

According to the SEC’s order, approximately 40 clients invested millions of dollars in the Bayou hedge funds from February 2003 through August 2005 after the Hennessee Group recommended those investments. Most of the money was lost by Bayou’s principals, who defrauded their investors by fabricating Bayou’s performance. The SEC charged the managers of the Bayou hedge funds with fraud in 2005.

“With regard to Bayou, Hennessee Group, at Gradante’s direction, failed to perform two elements of the due diligence evaluation that Hennessee Group had told its clients and prospective clients that it would do: (1) a portfolio/trading analysis; and (2) a verification of Bayou’s relationship with its purported independent auditor. By not conducting the entire due diligence evaluation that it had advertised, and by failing to disclose to clients that its evaluation of Bayou deviated from its prior representations, Hennessee Group and Gradante rendered the prior representations about the due diligence process materially misleading and breached their fiduciary duties to Hennessee Group’s clients.”

To resolve the matter, the Hennesse Group agreed to adopt procedures to ensure proper disclosure of its evaluation processes. They also had to pay $549,000 in disgorgement of its advisory fees related to Bayou, and to pay a civil penalty of $100,000.

These seems like a great example of the consequences for failure to follow your policies and procedures.

See:

SEC Administrative Proceeding In the Matter of Hennessee Group LLC and Charles J. Gradante (.pdf) Adm. Proc. File No. 3-13454 (April 22, 2009)
SEC Charges Investment Adviser That Recommended Bayou Hedge Funds to Clients – SEC Press Release
Failing To Conduct Due Diligence — An Investment Adviser Is Sanctioned by Thomas O. Gorman for SEC Actions
SEC Press Release on the Bayou Funds fraud
Hennessee Settles Bayou Case by Ianthe Jeanne Dugan in the Wall Street Journal

Credit Rating Agency Reform

Last week the Securities and Exchange Commission held a roundtable on the credit agencies to consider a range of ideas to get tougher on them. Securities and Exchange Commission Chairman Mary Schapiro lead the discussion and pointed out that “rating agency performance in the area of mortgage-backed securities backed by residential subprime loans, and the collateralized debt obligations linked to such securities has shaken investor confidence to its core.” The SEC has exclusive authority over rating agency registration and qualifications as a result of the Credit Rating Agency Reform Act of 2006.

There seems to be a conflict of interest when the fee for the rating agency is paid by the issuer of the debt instead of the investor who is relying on the rating. This issued-paid model accounts for 98% of the ratings.

The rating agencies are are faced with lots of litigation over their ratings of mortgage-back securities. One of their defense tactics is that their ratings are “opinions” and are protected by the First Amendment. That would probably mean having to prove actual malice and not just making a false statement. If the ratings are found to be more of a private commercial transaction then it is less likely that the First Amendment would apply.

One thing that has struck me as odd about the ratings is that they give the same designation to company debt as they do to structured products. It seems to me that there is a big difference between (1) the bonds issued by GE, payable from GE’s revenues and (2) the bonds issued out of a fixed pool of assets like Mortgage-Back Securities.

There are only a few dozen companies that have AAA ratings on their debt. These companies are actively managed looking for the long term success of the company. There are many variables, making the rating process more complicated.

On the other hand, the structured finance products are not actively managed. You have a bunch of income coming in and you structure that income flow into tranches. The default rate is governed by the quality of the assets and the larger economy’s effect on the cash flow from those assets. The rating process is complicated in a different way because you need to look at the variables that may affect the performance and how they may be correlated. I wrote before on how the rating agencies got this wrong: The Risk Management Formula That Killed Wall Street.

Maybe its time to break the ratings into separate categories so that investors will not be mistaken into thinking that a AAA rated mortgaged back security has less chance of a default than ExxonMobil.

What do you think?

See also:

Text of Speech by Chairman Mary L. Schapiro
Video of the Rountable (.wmv)
SEC’s Schapiro: “Intense Review” of Rating Agencies Needed by Bruce Carton of Enforcement Action (Requires Compliance Week Subscription)
SEC Puts Ratings Firms on Notice by Kara Scanell for WSJ.com
Credit Agency Reform Act of 2006 (.pdf)
The Risk Management Formula That Killed Wall Street
Credit Raters Plead the First. Will it Fly? by Nathan Koppel for the Wall Street Journal
A First Amendment Defense for the Rating Agencies from the WSJ Law Blog

N.Y. Comptroller Bans Placement Agents for State Pension Fund

State Comptroller Thomas P. DiNapoli today announced he has banned the involvement of placement agents, paid intermediaries and registered lobbyists in investments with the New York State Common Retirement Fund (CRF). The ban includes entities “compensated on a flat fee, a contingent fee or any other basis.”

See:

N.Y. Comptroller Bans Placement Agents for State Pension Fund – from the Wall Street Journal
DiNapoli Bans Placement Agents – press release from the office of the New York State Comptroller

Earth Day

earth

Today is the 39th celebration of Earth Day, celebrated in the U.S. each April 22 since 1970. Senator Gaylord Nelson from Wisconsin called for an environmental teach-in, or Earth Day, to be held on April 22, 1970. In that same year, the Environmental Protection Agency was formed to consolidate federal research, monitoring, and enforcement. About 20 million people celebrated that first Earth Day.

How is your compliance program addressing sustainability?

See:

Boston.com’s Earth Day page – A guide to events and resources around Boston
Earth Day New York
EarthDay.gov – A cooperative effort across the U.S. government
EPA’s Earth Day
Earth Day: What It Meant – Senator Nelson reflecting back on the origins of the day.

Image is from NASA (part of the public domain) and is available on Wikimedia: Earth Western Hemisphere white background.jpg

SIGTARP Quarterly Report

Congress was smart enough to not let loose the billions of TARP funds without some oversight. The Office of the Special Inspector General for the Troubled Asset Relief Program (SIGTARP) was established by Section 121 of the Emergency Economic Stabilization Act as amended by the Special Inspector General for the Troubled Asset Relief Program Act of 2009. Neil Barofsky, the Special Inspector General for SIGTARP sees serious dangers in the operation of the US Treasury’s umbrella bailout plan according to his Quarterly Report to Congress.

SIGTARP set up a SIGTARP Hotline for reporting of concerns, allegations, information, and evidence of violations of criminal and civil laws in connection with TARP. SIGTARP has already received almost 200 tips. Both from the hotline and from other sources, SIGTARP has initiated nearly 20 preliminary and full criminal investigations to date.

Since SIGTARP’s Initial Report in February, SIGTARP’s Audit Division launched a survey of 364 TARP recipients to obtain answers to recurring questions regarding use of TARP funding and actions taken to comply with executive compensation requirements associated with the funding. They had a 100% response rate.

For those of you wondering where all the money has gone and what they are doing with it, this is a great report to browse through.

See:

SIGTARP webpage
April 21, 2009 Quarterly Report of SIGTARP (.pdf) (update)
[http://www.sigir.mil/sigtarp/lkgfdkdlfjg/pdf/SIGTARP_April_2009_Complete.pdf?bcsi_scan_447638299E31E942=Q10gNAP31VRIpUSk4mXfUw0AAAB1VQIR&bcsi_scan_filename=SIGTARP_April_2009_Complete.pdf] April 21, 2009 Quarterly Report of SIGTARP (.pdf) – original location of the report on the website for Office of the Special Inspector General for Iraq Reconstruction (update)
Crimes Suspected in 20 Bailout Cases — For Starters by Ralph Vartabedian and Tom Hamburger for the LA Times
The TARP Cop Report by Paul Murphy for the Financial Times
SIGTARP Hotline for reporting of concerns, allegations, information, and evidence of violations of criminal and civil laws in connection with TARP
SIGTARP Initial Report to Congress (.pdf) February 6, 2009
Special Inspector General for the Troubled Asset Relief Program Act of 2009 bill text and status on Thomas

New Look, Printing, and Mobile Viewing

For those of you who get updates through email updates or RSS, you may not have seen the new look for the Compliance Building website. Please come back and take a look.

I have also made some structural changes. The pages and posts are now printer friendly, making it easy to print and take the content with you.

Lastly the site is now mobile friendly. It looks great on the iPhone, so-so on a Blackberry. When I have some free time I will see what I can do about the blackberry browser.

Please let me know if something is not working.

Tuesday Morning Quarterback and Compliance

What do these have in common? Gregg Easterbrook includes Tim Geithner, Charles Ponzi, Allen Stanford and Ron Blagojevich in his annual mock of mock football drafts.

For those of you have who have not read Gregg Easterbrook’s Tuesday Morning Quarterback, he is not your normal football scribe. Gregg Easterbrook is a contributing editor for The New Republic, The Atlantic Monthly and The Washington Monthly. He is also the author of The Progress Paradox: How Life Gets Better While People Feel Worse, and other books. If the name sounds familiar in legal circles, that’s because his brother is Frank Easterbrook, Chief Judge of the United States Court of Appeals for the Seventh Circuit.

Besides the content on the mock of the mock drafts and his annual prediction for the seventh round of the draft (as likely to be right as any of the mock drafts for the first round), Gregg offers his opinions on the AIG bonus scandal, linking Easter and Passover, and the series finale of “Battlestar Galactica” complaints.

SEC Enforcement Update: A Wounded Animal is a Dangerous Animal

Securities Docket presented this webcast with Michael MacPhail, of Holland & Hart LLP and Patrick Hunnius of White & Case LLP. “In a sharp detour from the era of Chairman Christopher Cox, the SEC under new Chairman Mary Shapiro’s leadership has obtained big budget increases that will be used to increase the number of enforcement lawyers. It has also empowered its staff by streamlining procedures relating to the issuance of formal orders of investigation and negotiating civil penalties with corporations. The staff has responded enthusiastically to the change in regime by bringing an unprecedented number of emergency civil actions, cases involving Foreign Corrupt Practices Act violations, and cases targeting lawyers.” The materials are available on Securities Docket. These are my notes.

Michael MacPhail of Holland & Hart LLP started off by pointing out the beating the enforcement division has taken over the last year. The new administration has brought in some strong new leadership. (and its pissed off and wants some victories.) The SEC is touting its litigation victories and enforcement actions. It wants to be tough and is taking a “Get Tough” approach.

The SEC is also seeking lots of Temporary Restraining Orders. The TRO is ex parte so the company has no chance to present its case at the TRO hearing. The TRO also usually includes an asset freeze. These are “draconian” measures. Since the SEC is limiting funds, they are also limiting the defendants’ access to cash for legal fees. That makes it hard to keep lawyers in place. One example is the Stanford case where his lawyers quit and Stanford now has to defend himself.

How do you avoid a TRO? Talk with the SEC staff and let them know that you have removed the risk factors. Show proof that the bad acts have stopped. Convince the SEC that assets and funds are not moving. Try using escrow accounts and transparent accounts. You will also need to prove that you are actually taking those steps. The Wells Process has started changing from office to office and case to case on the defendants access to information about the case against them.

Patrick took over to focus on enforcement priorities that are likely here to stay and some likely new trends. He pointed out that FCPA enforcement has been on the increase. They are also look at attorneys and other professionals. These are attractive scalps. One of the likely areas of enforcement is the FCPA in the era of Sovereign Wealth Funds and the use of government bailout funds. Many Sovereign Wealth Funds can fall under the definition of foreign controlled enterprise under the FCPA.

There is no clear line of what amount of foreign ownership makes an entity an instrumentality of a foreign government. Majority ownership is probably enough. But minority interests may still be enough. Increased Sovereign Wealth Fund investment activity could transform ordinary business partners into a foreign government instrumentality. For example, 10% of Daimler is owned by a Sovereign Wealth Fund. Another example is the City Center project in Las Vegas which is joint venture of MGM and Dubai World. The owner of that project may be subject to the FCPA. There are very few compliance programs in place to deal with that scenario. You have to be cautious about the foreign government ownership of banks and financial companies. Icelandic banks are probably instrumentalities of a foreign government. Looking inward, Citibank, AIG, and Bank of America could be thought of as instrumentalities of the United States.

The SEC has raised the flag that they are going after gatekeepers, especially if it can be seen that the gatekeepers was heavily involved in the bad acts. Patrick pointed out how lawyers have got dragged into the back-dating of stock options scandal. Patrick looked at two cases. In US v. Collins, the attorney was found to have been involved in drafting loan documents to hide some of the REFCO losses. The attorney was also involved in drafting the SEC disclosure documents and did not disclose the bad things he saw or should have seen. In US v. Offill he worked with his client to get around the registration requirements in order to sell securities. He was accused of being part of a “pump and dump” schemes.

The Legal and Regulatory Implications of Internet Privacy

Pillsbury Winthrop Shaw Pittman LLP and Protiviti presented a webinar on the legal implications of social networking. These are my notes.

Rocco Grillo of Protiviti started off the presentation. Social networks have become part of many people’s day-to-day work. They have not replaced email, but are still robust communication tools. The first presenter offered the example of a Fortune 500 Company that wanted to shut down access to several social networking sites and make the use of them during working hours as a terminable offense. They found out that their human resources group used Facebook extensively as part of their recruiting program.

He moved on to social networking risks, pointing out the ability of these sites to include trojans or viruses to computers. (Although he did not offer any examples of how they offer any more of threat than other websites.) Rocco emphasized the importance to create policy and work with your company to craft one that takes into account how people in your organization uses these tools. Use of the sites is not an IT decision. You need to work with a larger group of stakeholders.

He noted the ability of profile spoofing on these sites. How do you know that the person behind that profile is that person? Avoid publishing common verification information like your date of birth or mother’s maiden name. Rocco shared some other scare stories.

Rocco did move on to balancing the risks with the benefits of the tools. Shutting down social networks does not remove the risks. You need a balanced strategy. These are powerful tools, but you need to make people aware of some of the risks.

Ben Duranske took over next. He is part of Pillsbury’s virtual worlds and video games practice. He pointed out that besides Second Life, many of these virtual worlds are pitched towards kids. Sites like Webkins and Club Penguin target a younger audience than Second Life. The roadblocks for virtual worlds are bandwidth, processing power, and ease of access. Since they are proprietary, virtual worlds are walled gardens and there is no standardization. These sites allow users to create things. There are real dollars involved and real money. The Terms of Service of these sites largely concede ownership of your content to the site and allow them to disclose lots of the information. They are very willing to respond to subpoenas requested the revelation of user identities.

Ben laid out some key concerns regarding privacy in mainstream virtual worlds and games:

Violation of Export Restrictions
Loss of Trade Secret Protection
Inadvertent Privacy Policy Violations
Destruction of Confidentiality Protections

He pointed out that he does not communicate with client in virtual worlds regarding their cases.

Since many of these sites are targeted at kids, you need to make sure you comply with the requirements of Children’s Online Privacy Protection Act (COPPA).

Wayne Matus of Pillsbury moved on to cloud computing. Your information and the things you are doing are not happening on your computer or server, but are actually somewhere else. He pointed out four principal types of cloud computing:

Internet-based services
Infrastructure as a service
platform as a service
software as a service

Why should lawyers care? The Fourth Amendment. It is not clear if those protections apply to cloud computing. Every man’s house is his castle. But is your piece of the cloud part of your castle? Do you have a reasonable expectation of privacy for this information up in the cloud?

In United States v. Miller, 425 U.S. 435 (1976), the Supreme Court held a government’s demand on a bank did not affect any 4th Amendment interest of its customer. In United States v. Ziegler (2007), the United States Court of Appeals for the Ninth Circuit acknowledged that an employee has a right to privacy in his workplace computer. The court also found that an employer can consent to searches and seizures that would otherwise be illegal.

You need to comply with the Patriot Act. You have some uncertainties as to what jurisdiction applies. You may not know where you information actually exists. There are lots of complex laws that limit the flow information: HIPPA, Tax returns, Attorney-Client privilege, Electronic Communications Privacy Act, Fair Credit Reporting Act, etc. Part of the problem is that many of the contractual agreements with the cloud computing providers do not adequately address many of these issues.

Wayne offered up some things to include in the terms of service:

Use of data
Location of data
Encryption
No change of terms
Destruction
Ownership (assignment)
Subpoena
Audit rights

Hotline for Improvements

I overheard at a recent compliance meeting about the possibility of using the whistleblower hotline to also solicit comments for improvements to the operations of your company.

Those of you with active hotlines you probably get enough false positives coming through (HR, workplace disputes, …) that you probably don’t want anything else coming in. But employees and other stakeholders may use a hotline to report any issue that makes them uncomfortable. For example, complaints regarding discrimination and sexual harassment are high-liability issues that need to be addressed. Turning away these calls because the hotline is “for Sarbanes-Oxley Complaints Only” may alienate an employee who has made the difficult decision to take action.

But if your hotline is underused, the anonymity feature could be useful as a suggestions box.

If something is bothering them in the workplace, even if it not a high-liability issues, could come through the hotline. To spin it around, profitability and cost reduction suggestions could come through the hotline.

What do you think?

Image is by oyxman and made available through Wikimedia Commons: Tall Red K6 Phone Box.jpg.