2009 – Page 52 – Compliance Building

What is a Hedge Fund?

The President’s Working Group on Financial Markets Report of the Asset Managers’ Committee uses this as a definition of “hedge fund.”

By “hedge fund” we mean a pooled investment vehicle that generally meets most, if not all, of the following criteria: (i) it is not marketed to the general public (i.e., it is privately offered), (ii) its investors are limited to high net worth individuals and institutions, (iii) it is not registered as an investment company under relevant laws (e.g., U.S. Investment Company Act of 1940), (iv) its assets are managed by a professional investment management firm that is compensated in part based upon investment performance of the vehicle, (v) its primary investment objective is investing in a liquid portfolio of securities and other investment assets, and (vi) it has periodic but restricted or limited investor redemption rights. (This description is based in part on the definition in the Managed Funds Association’s 2007 Sound Practices for Hedge Fund Managers.) Although hedge funds may invest in private equity and real estate, this Report is not addressed to the specific considerations of private equity or real estate funds. We use the terms “alternative asset manager” and “manager” to refer to the entity that establishes the investment profile and strategies for the hedge fund and makes the investment decisions on its behalf.

Establishing an Integrated Risk Management Framework

Scott Kwarta, Director of Advisory Services at OpenPages, Inc., put together a presentation on Establishing an Integrated Risk Management Framework (.pdf).

I like this depiction of the risk management cycle:

What is Enterprise Risk Management?

The Committee of Sponsoring Organizations of the Treadway Commission adopts this definition of Enterprise Risk Management:

Enterprise risk management is a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.

The definition reflects certain fundamental concepts. Enterprise risk management is:
• A process, ongoing and flowing through an entity
• Effected by people at every level of an organization • Applied in strategy setting
• Applied across the enterprise, at every level and unit, and includes taking an entity level portfolio view of risk
• Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
• Able to provide reasonable assurance to an entity’s management and board of directors
• Geared to ac

You can find that definition in the Enterprise Risk Management – Integrated Framework Executive Summary (.pdf) by Committee of Sponsoring Organizations of the Treadway Commission

Second Circuit Affirms Ionia Management Case

The Second Circuit Court of Appeals focused on the standard for convicting a company of criminal charges for acts of its managers and employees in US v. Ionia.

The Second Circuit declined to change the standards for corporate criminal liability and keeps Respondeat Superior in place.

The court found there was ample evidence that the crew acted within the scope of their employment and acted within in their authority in committing the bad acts. There was also evidence that the company benefited from these bad acts.

Unfortunately, the court chose not to take into account whether the company had effective policies and procedures to deter and detect criminal actions.

“Adding such an element is contrary to the precedent of our Circuit on this issue. See Twentieth Century Fox Film Corp., 882 F. 2d at 660 (holding that a compliance program, “however extensive, does not immunize the corporation from liability when its employees, acting within the scope of their authority, fail to comply with the law”). And this remains so regardless of asserted new Supreme Court cases in other areas of the law. As the District Court instructed the jury here, a corporate compliance program may be relevant to whether an employee was acting in the scope of his employment, but it is not a separate element.”

There was some hope that the court would alter the doctrine of respondeat superior and include a good faith defense or limit the doctrine to higher level employees. A company can be brought down by lower level employees violating company policies.

See also:

Naked Corporate Defendants on The FCPA Blog
Press Release on Trial and Conviction
Re-evaluating Corporate Criminal Liability on the White Collar Crime Blog

Boston University’s Code of Conduct

For a change of pace, I thought I would look at the codes of conduct for educational institutions for their take on the issues. Boston University has an easy to find page with the President’s Statement of Commitment to Ethical Conduct with a link to the BU’s Code of Ethical Conduct.

Boston University is committed to the highest standards of honesty and integrity in all its activities. This includes, among other concerns, the following:

Avoiding conflicts of interest and commitment;

Dealing with others honestly and in good faith;

Preserving confidentiality;

Compliance with applicable laws, rules, and regulations; and

Timely and accurate public disclosures.

I also tried finding the Code for Brandeis University (my other alma mater) but failed. Perhaps the International Center for Ethics, Justice and Public Life clogs up the search results. Or maybe the Code is not published externally.

CEO Pay and the Lake Wobegon Effect

Rachel Hayes and Scott Schaefer of the University of Utah have published CEO Pay and the Lake Wobegon Effect in the Journal of Financial Economics. The central tenet is that every CEO wants to be paid above average because that means the company is performing above average.

President’s Working Group on Financial Markets Reports

Asset Managers’ Committee and the Investors’ Committee of the President’s Working Group on Financial Markets Reports have released their best practices reports for hedge fund managers and investors, respectively: Asset Managers’ Committee Report (.pdf) and the Investors’ Committee Report (.pdf).

In the Asset Manager’s Committee Report:

A Manager should establish a comprehensive and integrated compliance and business practices framework that is supported by adequate resources. The goal of the framework is to provide guidance to the Manager and its personnel in respect of ethical, regulatory compliance and conflict of interest situations. Critical to the success of the framework is a strong culture of compliance.

Document Retention Policies and Spoliation of Evidence

In a recent case, a court found the implementation of a document retention policy to amount to the spoliation of evidence and imposed the “nuclear” sanction of declaring the suit unenforceable.

In the case of Micron Tech. v. Rambus in the U.S. District Court for Delware, Judge Sue Robinson was addressing the effect of Rambus’ document retention policy on the availability of evidence for the case. Rambus had brought suit against Micron Technology Inc. to enforce a patent held by Rambus on dynamic random access memory.

According to the opinion, Rambus took several months to ramp up for its litigation strategy to enforce its patent portfolio. At the same time, Rambus designed and implemented a document retention policy and began destroying company documents until a time just prior to when it filed the suit.

The case does not invalidate document retention policies. It seems from the facts in the case that Rambus purposefully destroyed records as part of its litigation strategy.

Judge Robinson points out:

“42. A duty to preserve evidence arises when there is a knowledge of potential claim. Winters v. Textron, Inc. 187 FRD 518( M.D. Pa. 1999). A potential claim is generally deemed cognizable in this regard when litigation is pending or imminent, or when there is a reasonable belief that litigation is foreseeable. . . . As soon as a potential claim is thus identified, a party is under a duty to preserve evidence which it knows, or reasonably should know, is relevant to the future litigation. Nat’l Ass’n of Radiation Survivors v. Turnage, 115 FRD 543, 556-57 (N.D. Cal 1987)”

If a company has a records retention policy it is appropriate for a court to determine if it was instituted in bad faith.

In this case, the Judge found that destroyed documents were discoverable and could have played a role in Micron’s defenses of patent misuse, violation of antitrust and unfair competition laws and inequitable conduct. This evidence would only exist in internal Rambus documents.

The court concluded that “the showing of bad faith is so clear and convincing” and the “very integrity of the litigation process has been impugned.”

To me the key in this case is that Rambus initiated the suit and implemented the document retention policy. You can compare this with Arthur Andersen v. US, 544 U.S. 696 where Arthur Andersen thought it would be subpoenaed but continued shredding documents right up until the time the subpoena was served. Rambus, as the initiator of the suit knew well ahead of time that litigation was foreseeable.

It is important to consider putting a litigation hold in place before litigation has actually commenced.

Data Breach at Heartland Payment Systems

Heartland Payment Systems (HPY) disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. The company said it couldn’t estimate how many customer records have been compromised, but said the data compromised include the information on a card’s magnetic strip that could be used to duplicate a card.

No merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were involved in the breach. Nor were any of Heartland’s check management systems; Canadian, payroll, campus solutions or micropayments operations; Give Something Back Network; or the recently acquired Network Services and Chockstone processing platforms.

Avivah Litan, an analyst at research company Gartner, called it the largest card-data breach ever. before this breach, the largest known breach occurred when around 45 million card numbers were stolen from retail company TJX Cos.

See also:

Heartland Payment Systems Uncovers Malicious Software In Its Processing System – company press release
Payment Processor Breach May Be Largest Ever by Brian Krebs of Security Fix on WashingtonPost.com
Card Data Breached, Firm Says by Ben Worthen on WSJ.com

Can Facebook Get You Into Legal Trouble?

Kim S. Nash writing for CIO.com: How Text Messaging and Facebook Can Get You in Legal Trouble. The article focusing on the electronic discovery pitfalls of the ever-changing and expanding ways we communicate.

One thing is clear, banning access to social networking platforms is not effective. Even if you ban access in the workplace, your employees have access to the sites outside the workplace. What they post can be found and impact your organization.

Instead of ignoring the existence of social networking, educate and monitor. Social networking is just another way to communicate. Existing, well drafted email policies can easily be adapted to include social networking. If you shouldn’t put in an email, you should put it on a blog, Facebook or Twitter.

Some of these social networking tools allow for easier monitoring than email. Many of the platforms are designed to send out updates when new information is published. With a free RSS feed reader you can subscribe to these updates, collect them and review them.