Bits and Pieces on Compliance

Here are a few stories and items that caught my eye this week, but I have not had time to build-out to a full post:

SEC Speaks on Compliance Issues to Investment Advisers by Joel Beck of BD Law Blog

Lori Richards, the Director of the SEC’s Office of Compliance Inspections and Examinations (OCIE) spoke on issues that the examiner staff will be reviewing. Here is a summary of Ms. Richards’ four key areas, but compliance officers for RIAs ought to take 4 minutes and read her speech:

1. Disclosure. The SEC is reverting to the main focus of securities regulation: disclosure. Here, RIAs should be careful that all disclosures are made to their clients, including any conflicts of interests.
2. Custody. Are your advisory clients’ assets safe? How do you know? With recent headline-grabbing articles on ponzi schemes and other fraudulent conduct, Ms. Richards indicated that SEC examiners will be focusing on controls over custody of assets.
3. Performance claims. Are yours accurate? They better be.
4. Resources. Does your compliance program have adequate resources devoted to it to ensure that the RIA carries out an effective compliance program?

Spotting a Ponzi scheme or investment scam by Tracy Coenen of The Fraud Files Blog

Have you invested with a potential Ponzi?.. . How would you spot a Ponzi scheme?

  • Does the business of the company make sense in light of market conditions and your general business knowledge?
  • Does the company exist because of some secret, revolutionary new process or product? If so, what proof is there that the technology or process is legitimate?
  • Does the company rely on some rare gem, piece of real estate, antique, or other hard-to-find item? If so, is the investment scheme really scalable to the extent that the promoters suggest?
  • Is the company guaranteeing rates of return on investments with them?
  • Can their promises be verified in any way?Does the company have a board of directors, auditors, lawyers, and other advisors typical of a company of its size?

SEC’s OCIE Unit Ramps Up Training on Detecting Ponzi Schemes by Bruce Carton of Securities Docket

Burned by its high-profile failure in the Madoff case, the SEC is ramping up its training of staff on how to detect certain types of securities fraud. Reuters reports that the SEC’s inspection unit (the Office of Compliance Inspections and Examinations) is now offering 90-minute classes for employees on topics such as “Basics of Ponzi schemes, affinity fraud and related schemes” and “Exam issues and techniques for detecting Ponzi schemes, affinity fraud and related schemes.” “We’re doing it because of Bernie Madoff,” one SEC official told Reuters.

The New York Times Blogophobia by Felix Salmon for Portfolio.com

What’s with the sudden blogophobia at the NYT? Between Craig Whitney’s astonishingly tone-deaf memo on how to write a blog, and the legal department’s heavy-handed nastygram trying to shut down Apartment Therapy, it seems that one of the most web-savvy media companies in the world has finally reached the point at which it reckons that the web-savvy types can’t be entrusted with the website any more, and the grownups need to step in and screw everything up.

What Do Bernie Madoff, the Loch Ness Monster, and Alex Rodriguez Have In Common?

They are in the 2009 edition of Topps’ Allen & Ginter series of Trading Cards.

topps

The set will consist of 350 cards: 230 baseball players, 30 rookies, 25 historic figures and 15 world champions. It also will include 50 short-printed cards. Among the unusual inclusions to the basic set are Old Faithful (the Yellowstone geyser), Brigham Young, Loch Ness Monster, Vincent Van Gogh, General George Custer, Olympic swimmer Michael Phelps.

Also, there will be a “world’s biggest hoaxes, hoodwinks and bamboozles” set that will include Charles Ponzi, The Runaway Bride, Enron, Cold Fusion, Bernie Madoff and The War of the Worlds.

(I believe A-Rod is part of the baseball players collection.)

topps_2

Thanks to Bruce Carton of Securities Docket for pointing out The Bernard Madoff Trading Card.

See:

Ethical Integrity Leadership – Setting the Tone From The Top

ethicspoint-logo

EthicsPoint sponsored this webinar and these are my notes. Howard Sklar, Vice President & Global Anti-Corruption Leader, American Express Company was the presenter. Howard was quick to point out that it is not just the “tone” but having the right “tone.” Also, it not be just the tone “at” the top, but that it be the tone “from” the top.

Howard started off with trying to define “tone at the top.” Many people just default to the Justice Potter Stewart’s take on pornography: “We know it when we see it.” Howard likes the ACFE definition:

An organization’s leadership creates the tone at the top – an ethical (or unethical) atmosphere in the workplace. Management’s tone has a trickle-down effect on employees. If top managers uphold ethics and integrity so will employees. But if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud and feel that ethical conduct isn’t a priority. In short, employees will follow the examples of their bosses.

Howard offered up his working definition for the presentation:

Tone at the top is a visible willingness by senior management to let values drive decisions to prioritize those values above other factors – including financial results and to expect all others in the organization to do the same.

Howard pointed out that the first recommendation of the Treadway Commission was the importance of setting the tone at the top.

But who is the top? The Audit Committee, CEO, Board of Directors, vice presidents, . . .? They are clearly at the top of the organization. But in this context you need to be thinking about all leaders throughout the organization. Front-line employees are most influenced by their immediate manager.

Repetition is important. Leaders and employees throughout the organization need to hear the message and hear it consistently. It is important for leaders to talk about the values of the company and to live up to those values. You can not have a message of “win at any cost” and you can no longer operate as a company with the value of  “win at any cost.”

Howard says there is no such thing as “compliance training.” It is all business training. You sell the product in the right way. You need one message. It is also important to integrate personal stories into explaining the values of the company.

Compensation is an incredibly important part of the message. If your salary or bonus is not affected by compliance. [For an example of misaligned pay structure look at Countrywide in originating sub-prime mortgage loans: Did Compliance Programs Fail During the Financial Industry Meltdown?]

The example of an opposite message is a company ingraining earnings targets in employee. Employees should not be told that earning targets are the most important part of the company. Short term thinking is short term thinking, and values are long term.

Compliance can set the goals, but they are part of the business goals not a separate set of compliance goals.

An important measurement for compliance is whether an employee feels comfortable reporting misconduct.

Howard recommends that a compliance officer become a stop in the exit interview process. Departing interviews can offer some insights and discuss problems that they may have been unwilling to report when they were an employee.

Howard says you should make sure that compliance and the compliance officers are on the company’s organization chart.

Some of Howard’s other best practices:

  • Make compliance part of hiring. Check references.
  • Make compliance part of the non-monetary reward and recognition process. Recognize employees who do the right thing.
  • Trumpet your failures as well as your successes.

See:

Ponzimonium, Ponzipalooza, Ponzimania

Charles Ponzi
Charles Ponzi

There is “rampant Ponzimonium.” Or is there a “virtual Ponzipalooza”?

Bart Chilton, a commissioner at the Commodities Futures Trading Commission coined these terms in his speech on March 20 before American Bar Association’s Committee on Derivatives and Futures Law Students.

Personally, I prefer Ponzimania.

The CFTC has filed charges against 15 alleged Ponzi schemes so far this year, compared with 13 during the whole of 2008. (If you do the math that would mean more than 60 cases for 2009, assuming the rate continues. )  In a search of the SEC litigation website I had 57 hits for Ponzi in 2009, compared to 92 for all of 2008.   (I admit that it is less scientific than the CFTC research.) Clearly there are more enforcement actions against Ponzi schemes. We are hearing more about Ponzi schemes in the news.

Is this increase because there are more Ponzi schemes out there?

Or are we just uncovering a greater percentage of Ponzi schemes?

I think the investment tide has gone out, uncovering more Ponzi schemes and fraud in the market. The newscycle has switched from celebrating big gains to wallowing in the muck from the financial implosion.

It is easier to run a fraud when values are increasing. Even a terrible investor can make some money when most of the possible investment choices are rising in value. Plummeting markets decrease the value of the poor investment choices and increase the amount of redemptions by the investors/victims. It was the redemption activity that finally did in Madoff. He could not raise new money fast enough to pay out the redemptions.

Jim Cramer has gone from being a rock star of the investing world to being the punching bag of Jon Stewart. The media is now turning on investment industry looking for targets to aim the public’s ire over the financial implosion. Fraudsters make good news and good targets.

I don’t think there are any more fraudulent schemes currently out there than average. The downturn in the markets is bringing fraud schemes crashing down. The media is feasting on carnage.

I expect that we will be experiencing Ponzimonium, Ponzipalooza, and Ponzimania for awhile.

See:

Did Compliance Programs Fail During the Financial Industry Meltdown?

ice_cubes_openphoto

Most people would say yes to this question. I think the answer is more complex. A stand alone compliance program could not prevent the over-exuberance, excessive risk taking, and ethical lapses that lead to the meltdown.

The inspiration for this post came from an article by David Hechler, Risky Business: Did compliance programs fail the test during the financial industry meltdown? for the April edition of Corporate Counsel. Hechler focused on Countrywide Financial Corporation and Tim Mazur, who was an ethics officer at Countrywide. Hechler comes up with three lessons from

  1. Misaligned Compensation Mangles Companies
  2. You Don’t Build an Ethical Culture in a Day (or Year)
  3. Empowerment Is More than a Nice Word

The real problem was a failure of compliance at the structural level, not the program level.

Top-level executive compensation for public companies will be linked to stock performance. There are many people discussing the pros and cons of this approach and how it affects compliance. The more important place to look for misalignment of compensation is front-line employees and mid-level managers.

The examples in the story about Countrywide are a great example. Loan officers at Countrywide were paid higher commission for sub-prime loans than traditional loans. Wrong compensation. Those loans are riskier to the company so they should be less valuable and be subject to a lower commission. (You should also question why commissions would change from one loan product to another.)

The compensation to the loan officer is tied to origination of the loan with no compensation tied to the repayment of the loan. So of course, underwriting standards are going to deteriorate as the pool of good borrowers shrinks and you need to find less qualified borrowers to take on loans.

The managers of these loan officers were also similarly compensated based on origination of the loans so they were going to push for more and more loans regardless of the likelihood of repayment. There is a similarity to this structure and the the structure at Enron. In The Smartest Guys in the Room: The Amazing Rise and Scandalous Fall of Enron, the authors paint a picture of Enron focused on origination of deals with little resources or focus on managing the deals.

You can’t build an ethical culture if the structure is not in place. Mazur contends that he did not have enough time to build an ethical culture at Countrywide. Unless he would have been able to change that front-line employee compensation model, I do not think he could have prevented the problems at Countrywide.

You need to align the institutional incentives of your company for a compliant and ethical company. You also need to align the personal incentives for employees throughout the company to match those institutional incentives.

See:

Update: fixed some typos

OFAC: Are You In Compliance?

attus_logo

ATTUS Technologies was kind enough to host a webinar on OFAC compliance. Bradley Allen, CAMS, gave the presentation and these are my notes.

The mission of Office of Foreign Assets Control is to administer and enforce economic and trade sanctions based on U.S. foreign policy and national security goals against selected targets. It really came into the forefront as a result of the Post 9/11 policies. OFAC is not just about terrorists and terrorism countries, but also narcotics traffickers and drug kingpins.

Bradley led us through the history of OFAC

  • Secretary Gallatin – Embargo Act of 1807
  • Civil War “Trading with the Enemy Act” (TWEA)
  • WW I “Trading with the Enemy Act of 1917”
  • WW II Office of Foreign Funds Control (FFC)
    • German Invasion of Norway 1940
    • FFC Regulations – Economic Warfare
  • FFC becomes OFAC – December 1950
    • TWEA applied to North Korea & China
  • TWEA applied to Cuba – 1963
  • IEEPA – Peacetime Sanctions – 1977

The key piece is the Specially Designated Nationals list that is gathered by several government agencies with a thorough review process before getting on the list. (It also makes it hard to get off the list.)

The enforcement options can range from no action, issuing a warning letter, a revocation of an export license, civil penalties and even criminal prosecution. There is currently a $250,000 minimum penalty or 2x the value of transaction, whichever is greater. There have been very few criminal prosecutions. The new enforcement guidelines are under IEEPA Enhancement Act October 16, 2007 (P.L. 110-96, 121 Stat 1011) The penalty depends on whether the conduct was egregious and whether you voluntarily disclosed the violation.

There are various pieces of authority for the OFAC lists and enforcement:

  • Trading With the Enemy Act (TWEA), P.L. 65- 91, 40 Stat. 411 (Oct. 6, 1917)
  • International Emergency Economic Powers Act (IEEPA), P.L. 95-223, 91 Stat. (Dec. 28, 1977)
  • Executive Order 13224
  • Various other statutes

Chiquita was fined $25 million by OFAC for paying a Columbian terrorist group for protection. Farq had threatened to kill the Chiquita workers.

Lloyds TSB was fined $350 million for doing business in Iran. Even though they were based in London, they routed wire transfers through new York. That made them subject to OFAC.

For OFAC compliance, you need to screen all new relationships before engagement in business (clients, vendors, and employees). The OFAC list is updated frequently (there were 54 updates last year.) You need to re-screen periodically and you need a policy to memorialize when you re-screen.

See:

AIG Bonus – My Thoughts

AIG

I have not said much about the AIG bonus hullabaloo. Frankly, I thought the outrage was ill-informed and silly. AIG wanted to keep some people around to help fix the mess it was in. Any sensible person would have one foot out the door of AIG looking around for a more stable employment opportunity. So AIG did what companies in bankruptcy typically do. They offered retention bonuses to entice people to stick around.

I understand it looks bad that taxpayer money is going to bonuses for a company at the epicenter of the financial meltdown. But a company is only as good as its employees.

I assume the bad idea of taxing these bonuses passed by the House of Representatives will die in the more sensible Senate discussions. (The Senate may also have read the Constitution and noticed that section prohibiting Bills of Attainder.)

If you still have a pitchfork in your hand and want the AIG bonuses revoked, take a look at this letter of resignation from Jake DeSantis: Dear A.I.G., I Quit!. It was published in the Op-Ed Section of the New York Times.

I take this action after 11 years of dedicated, honorable service to A.I.G. I can no longer effectively perform my duties in this dysfunctional environment, nor am I being paid to do so. Like you, I was asked to work for an annual salary of $1, and I agreed out of a sense of duty to the company and to the public officials who have come to its aid. Having now been let down by both, I can no longer justify spending 10, 12, 14 hours a day away from my family for the benefit of those who have let me down.

Does that sound like a guy who is “stealing” taxpayer money?

See:

Ways Companies Mismanage Risk

hbr_2009_march

René M. Stulz put together Six Ways Companies Mismanage Risk for the March issue of the Harvard Business Review. Professor Stulz summarizes his thoughts in that “conventional approaches to risk management present many pitfalls. Even in the best of times, if you are to manage risk effectively, you must make extremely good judgment calls involving data and metrics, have a clear sense of how all the moving parts work together, and communicate that well.” Risk management is a new discipline, moving from the domain of the quant geeks to the board room. It is hard to pull it all together

Based on the recent downfalls of financial companies, it is clear that they lost a sense of of how the pieces of their risk management worked together. (See my earlier post: The Risk Management Formula That Killed Wall Street.) You need to understand the data, understand the weaknesses of the formulas that manipulate the data, and the understand what is missing from the end result. Most of the danger comes from what you don’t know that you don’t know. To avoid that you need to continually learn so there is less you don’t know and continually be cognizant that there is still much that you don’t know.

Here are the six ways from Professor Stulz:

  • Lack of appropriate data. The rapid financial innovation of recent decades has made historical data less useful.
  • Narrow measures of risk. Traditional daily measures of risk can’t capture a company’s full exposure when market fundamentals are shifting.
  • Overlooked risks. Hedge funds that bought high-yielding Russian debt in the 1990s failed to properly account for counterparty risk.
  • Hidden risks. Unreported risks have a tendency to expand in financial institutions.
  • Poor communication. Complex and expensive risk-management systems can induce a false sense of security when their output is poorly communicated to top management.
  • Rate of change. The risk characteristics of securities may change too quickly to enable managers to properly assess and hedge risks.

“If you live in Florida or Louisiana, you shouldn’t spend a lot of time thinking about how likely it is that you’ll be hit by a hurricane. Rather, you should think about what would happen to your organization if it was hit by one and how you would deal with the situation. Instead of focusing on the fact that the probabilities of catastrophic risks are extremely small, risk managers should build scenarios for such risks, and the organization should design strategies for surviving them.”

René M. Stulz is the Everett D. Reese Chair of Banking and Monetary Economics at The Ohio State University’s Fisher College of Business in Columbus.

See:

COBRA Expansion and Premium Subsidy Under The 2009 Stimulus Act

logo goulston and storrs

Jack Eiferman, Director, Goulston & Storrs, specializes in healthcare and Adrienne Markham, Director, Goulston & Storrs, specializes in employment law gave this webinar and I thought I would share my notes.

Adrienne pointed out that federal COBRA is only for companies with more than 20 employees. Massachusetts, like many other states, have a mini-COBRA that applies to companies with fewer than 20 employees.

The ARRA added the new temporary COBRA subsidiary that applies to anyone “involuntarily terminated” since September 1, 2008 and prior to the end of 2009. There is an exception if you are involuntarily terminated for gross misconduct. Then you are not eligible for COBRA or the subsidiary.

Unfortunately the law does not define “involuntarily terminated.” If you want to get the subsidy you need to properly document the termination.

Employers are allowed to add a 2% administrative premium on COBRA coverage. The subsidy is 65% of the health care insurance costs. Employer gets a dollar for dollar credit on the payroll tax for the subsidy.

The subsidy benefit is currently for 9 months. (Although there is some discussion on extending the duration.) COBRA coverage is for eighteen months and remains unchanged.

If you already received checks for COBRA coverage. You can either refund the overpayment to the employee or credit the excess payments to future payments (as long as the catch-up within 120 days).

For COBRA eligible employees who did not elect COBRA or dropped the coverage, they get a second bite at the apple. You need to send a notice to those employees giving them another chance at electing COBRA coverage.

It also applies to other health coverage like dental and vision, as well as medical coverage. It does not apply to health care reimbursement plans.

The employer cannot pay the 35% payable by the employee. The employee or anyone except the employer must pay the 35%. The employer cannot claim their 65% credit until the employee pays their 35%.

There are some income requirements for eligibility. But this is the responsibility of the employee, not the employer.

What to do?

  • Identify all former employees who were subject to COBRA triggering events from September 1, 2008 to February 17, 2008.
  • Identify those who are eligible.
  • Send the right notice.
  • Manage the payment and election process.

It is important to have a compliance program for tracking eligible employees, premium payments, tax filings, etc.

See: