Category: Compliance Programs

Recommended Annual Review for Hedge Funds and Other Private Fund Managers

bingham_logoBingham McCutchen has put together a Recommended Annual Review for Hedge Funds and Other Private Fund Managers.

Bingham put together a laundry list of regulations, policies and filings that you should review on at least an annual basis:

  • Compliance Policies and Procedures
  • Form ADV Part 1 and Form ADV Part II
  • Form SH
  • Anti-Fraud Rule Adopted by the SEC for Naked Short Sales
  • Blue Sky Filings and Amendments to Form D
  • Form 13F
  • Schedule 13D/13G
  • Forms 3, 4 and 5
  • Audited Financial Statements
  • Offering Document Updates
  • Ongoing ERISA Compliance
  • Section 457A
  • Section 409A
  • CFTC Requirements
  • Liability Insurance
  • Employee Training
  • Privacy Policy

Disclosure: The Wife is an attorney at Bingham.

Tips for Getting Your GRC Program Running Quickly

ca_logoMike Hoefgen of CA put together some Tips for Getting Your GRC Program Running Quickly. Even if you do not put your compliance program into the GRC archetype there are some useful thoughts.

  1. It is not a project. GRC / compliance is an on-going business process. I encountered this when I was in knowledge management. Some saw it as a project with an end-date and a segmented group. To be successful with compliance you need to be embedded in the business processes.
  2. Cross-functional team. Compliance is a business challenge, not a discrete process. You need input, but-in and support from across the organization.
  3. Don’t boil the ocean. It is easy to get caught up in trying to solve all the problems at once. Start with something that can deliver some provable success. This builds credibility.
  4. Need for speed. You want to be able to show that credibility and success in the short term. If it takes you 2 years to show success, you will be forgotten and the business processes will have moved on without you.

Bingham’s Take on Compliance Reviews of an Extraordinary Year

Nancy M. Persechino of Bingham McCutchen LLP put together her take on the Compliance Reviews of an Extraordinary Year. She also includes a chart of the changes in law and rules, new guidance, and enforcement actions (.pdf).

Given the market turbulence of the past year and the rapidly changing business and regulatory environments, many CCOs may wish to do more than simply dust off last year’s review and update its contents. At least one thing remains the same: the purpose of the annual review is to assess the adequacy of the firm’s policies and procedures in ensuring compliance with securities laws and the effectiveness of their implementation. Nothing tests the adequacy of policies and procedures quite like a crisis. So, why not treat the extraordinary events of the last year as a great “forensic test” and ask, “What went right? What didn’t?”

AICPA Exposure Draft on Compliance Audits

aicpalogoThe AICPA released a Proposed Statement on Auditing Standards for Compliance Audits (.pdf) This would replace SAS No. 74 Compliance Auditing Considerations in Audits of Governmental Entities and Recipients of Governmental Financial Assistance.

Comments or suggestions on any aspect of this exposure draft would be appreciated. To facilitate the ASB’s consideration of responses, comments should refer to specific paragraphs and include supporting reasons for each suggestion or comment.

Written comments on the exposure draft will become part of the public record of the AICPA and will be available for public inspection at the offices of the AICPA after June 1, 2009, for one year. Responses should be sent to Sharon Macey at [email protected] or Audit and Attest Standards, AICPA, 1211 Avenue of the Americas, New York, NY 10036-8775 in time to be received by April 30, 2009.

Second Circuit Affirms Ionia Management Case

The Second Circuit Court of Appeals focused on the standard for convicting a company of criminal charges for acts of its managers and employees in US v. Ionia.

The Second Circuit declined to change the standards for corporate criminal liability and keeps Respondeat Superior in place.

The court found there was ample evidence that the crew acted within the scope of their employment and acted within in their authority in committing the bad acts. There was also evidence that the company benefited from these bad acts.

Unfortunately, the court chose not to take into account whether the company had effective policies and procedures to deter and detect criminal actions.

“Adding such an element is contrary to the precedent of our Circuit on this issue. See Twentieth Century Fox Film Corp., 882 F. 2d at 660 (holding that a compliance program, “however extensive, does not immunize the corporation from liability when its employees, acting within the scope of their authority, fail to comply with the law”). And this remains so regardless of asserted new Supreme Court cases in other areas of the law. As the District Court instructed the jury here, a corporate compliance program may be relevant to whether an employee was acting in the scope of his employment, but it is not a separate element.”

There was some hope that the court would alter the doctrine of respondeat superior and include a good faith defense or limit the doctrine to higher level employees. A company can be brought down by lower level employees violating company policies.

See also:

President’s Working Group on Financial Markets Reports

globe200pxAsset Managers’ Committee and the Investors’ Committee of the President’s Working Group on Financial Markets Reports have released their best practices reports for hedge fund managers and investors, respectively: Asset Managers’ Committee Report (.pdf) and the Investors’ Committee Report (.pdf).

In the Asset Manager’s Committee Report:

A Manager should establish a comprehensive and integrated compliance and business practices framework that is supported by adequate resources. The goal of the framework is to provide guidance to the Manager and its personnel in respect of ethical, regulatory compliance and conflict of interest situations. Critical to the success of the framework is a strong culture of compliance.

Risk-Based Compliance

Certain customers, vendors, and intermediaries represent a higher compliance risk than others. Risk indicators include geography, relationships to government officials, business type, method of payment, and dollar volume.

In places where risks are very low, compliance burdens can be reduced. Where risks are not low, compliance is heightened . When there are more red flags, the proper response is more compliance.

The key to a risk-based approach is tracking and sorting the critical elements. Apply enhanced due diligence and heighten ongoing monitoring of high-risk parties proportionate to their risk profiles.

SEC Internet Enforcement

In the December Issue of Compliance Week, Bruce Carton tells some of the history of the SEC’s enforcement history.  One of the first internet efforts was an email address for the public to send tips. Back in 1996 there were about 20 complaints a day. Now there as many as 10,000 a day.

With all the complaining about the SEC, it is important to note that the SEC cannot uncover every violation or financial scam out there. How do you deal with 10,000 emails a day? Clearly the SEC missed some things in its Madoff investigations.  Maybe they were a little soft on him given his reputation. Given that he convinced so many smart, rich people money, I assume he his very persuasive.

You have an under-manned agency looking at a charming man with a great reputation. There are lots of other bad guys out there. You move on and look for more problems.

Lessons from Rome

Mary Bennett of the Ethical Leadership Group wrote three lessons we can learn from the ancient Roman army:

First, there is the timeless importance of culture. People in a society or organization will behave according to the most widely accepted common denominator, modeled by those at the top. We must train and communicate with our leaders so they get this.  So that they can communicate and stress the importance of this culture on the organization

Second, we must realize that human behavior is motivated by both the carrot and stick. Roman soldiers got paid if they followed the rules; they got executed if they did not. A simple and effective approach. We may not be able to adopt this exact approach in our ethics and compliance efforts.  But must be sure to reward good behavior as well as discipline bad behavior. Do both consistently.

Third, good controls are a must. The Roman army minimized its risks through clear rules, repeated training, and swift reinforcement with the carrot and stick. What worked in Rome can work in your organization through your ethics and compliance efforts.