Compliance Bricks and Mortar for May 24

These are some of the compliance related stories that caught my attention this week.


The Looming SEC IEO Fintech Smackdown
by John Reed Stark

Not to be confused with initial coin offerings (or “ICOs”), an IEO is a crypto-financing model offered and administrated via a cryptocurrency trading platform on behalf of a company (typically some form of start-up) that seeks to raise funds with its newly issued cryptocurrency digital tokens. Each IEO negotiates its unique terms, deals, and conditions with the various cryptocurrency trading platforms.


https://www.linkedin.com/pulse/looming-sec-ieo-fintech-smackdown-john-reed-stark/

Some Securities Fraudsters Escape Paying SEC Fines
by Dave Michaels
Wall Street Journal

The Securities and Exchange Commission over the five fiscal years that ended in September 2018 took in 55% of the $20 billion in enforcement fines set through settlements of court judgments according to agency statistics. During the prior five years, from 2009 through 2013, the SEC collected on 60% of the $14.6 billion.

https://www.wsj.com/articles/some-securities-fraudsters-escape-paying-sec-fines-11558344601?shareToken=stcd26267268cf44699be99d966e93fc32

Ethics Bots and Other Ways to Move Your Code of Business Conduct Beyond Puffery
by Michael Blanding
Working Knowledge

When health insurer Cigna Corp. appeared in front of a judge for allegedly misleading shareholders on Medicare regulations this spring, plaintiffs thought they had a strong case. After all, Cigna had published its own document titled “Code of Ethics and Principles of Conduct” that specifically required employees to uphold all regulations and “act with integrity in all that we do.”
When the panel of three judges took a look at the argument, however, they threw it out of court as irrelevant. “We think the statements in Cigna’s Code of Ethics are a textbook example of ‘puffery,’” the judges wrote. “They are too general to cause a reasonable investor to rely upon them.”

https://hbswk.hbs.edu/item/ethics-bots-and-other-ways-to-move-your-code-of-business-conduct-beyond-puffery?cid=wk-rss

Three Compliance Lessons from Preet Bahara
by Tom Fox
FCPA Compliance & Ethics

Preet Bharara gave the morning keynote at the second day of Compliance Week 2019. It was interesting because rather than a speech he did so with a one-hour Q&A format with Allen & Overy partner Gene Ingoglia facilitating the session through the role of the questioner. The questions were built around Bharara’s recently released book Doing Justice: A Prosecutor’s Thoughts on Crime, Punishment, and the Rule of Law.

http://fcpacompliancereport.com/2019/05/three-compliance-lessons-preet-bharara/

Recruiting and Retaining Compliance Staff is Key Risk for Banks, Regulator Says
by Kristin Broughton
Wall Street Journal

Criminals laundering money through the financial system have long been one of the top risks facing the banking industry. Building a solid defense against such intrusions is becoming another, a U.S. financial regulator said Monday.
U.S. banks are having a hard time recruiting and retaining compliance professionals, particularly those who specialize in financial crimes, the Office of the Comptroller of the Currency said in a semiannual report on the risks facing lenders.

https://www.wsj.com/articles/recruiting-and-retaining-compliance-staff-is-key-risk-for-banks-regulator-says-11558395878?shareToken=sta0ad1cfbeeec4a5594014a9356f51c3f

Please support my Pan Mass Challenge ride to fight cancer. On the first weekend in August, I’ll be riding across Massachusetts to raise money for cancer research. I could use your support: https://profile.pmc.org/DC0176

Thaddeus North and CCO Liability

At a recent event, an official with the Securities and Exchange Commission tried to give some comfort to a room full of compliance officers that the SEC was not trying to saddle compliance officers with potential liability. He pointed us to the opinion in the matter of Thaddeus North.

The case was the Commission’s review of a FINRA disciplinary action. Mr. North was the Chief Compliance Officer of Southridge Investment Group. FINRA found Mr. North had been (1) failing to establish a reasonable supervisory system for the review of electronic correspondence, (2) failing to reasonably review electronic correspondence, and (3) failing to report a relationship with a statutorily disqualified person.

In Thaddeus North opinion, the SEC cites several cases of CCO liability. The Commission used those decisions to delineate that:

[I]n general, good faith judgments of CCOs made after reasonable inquiry and analysis should not be second guessed. In addition, indicia of good faith or lack of good faith are important factors in assessing reasonableness, fairness and equity in the application of CCO liability.

The North opinion cites four areas where a CCO could have liability:

  1. CCO engages in wrongdoing
  2. CCO attempts to cover up the fraud
  3. CCO crosses a clearly established line
  4. CCO fails meaningfully to implement compliance programs, policies, and procedures for which he or she has direct responsibility,

The third one is a new iteration. Frankly, I don’t know what it means. It’s not mentioned otherwise in the opinion.

In contrast to those four areas of liability the Commission opines that “disciplinary action against individuals generally should not be based on an isolated circumstance where a CCO, using good faith judgment makes a decision, after reasonable inquiry, that with hindsight, proves to be problematic “

Apparently, everything in between is a matter-specific analysis that should involve informed judgment by the Commission.

The SEC found North in the middle ground and found him liable. The opinion states that “North failed to make reasonable efforts to fulfill the responsibilities of his position.” That is a not one of the four listed areas of CCO liability. The Commission adds in that North’s actions were egregious and he repeatedly failed to perform some compliance functions.

I find the opinion frustrating if it’s trying to allay concerns about CCO liability. The SEC states the four areas, then says that North did something that was not in one of those four areas. The Commission uses the “failed to make reasonable efforts” standard on liability for North, instead of the fourth area’s “fails meaningfully to implement.”

Would it have been too hard for the Commission to use the same standard just set forth in the prior paragraph? That would have made me feel better about CCO liability instead of creating a broader standard for CCO liability.

Sources:

Compliance Bricks and Mortar for May 17

These are some of the compliance-related stories that recently caught my attention.


Reasonableness Pants
Commissioner Hester M. Peirce

A strong enforcement program requires us—to draw from the admonition a judge recently gave to us in a matter before her—to “put on [our] reasonableness pants.” The SEC ought always to wear reasonableness pants, and I would like to talk today about what those reasonableness pants look like on a regulator.

https://www.sec.gov/news/speech/speech-peirce-050819

Rise of the No Men
The Economist

But pity not finance’s in-house policemen, for they have had a golden decade since the crisis. While swathes of banking have laboured under cutbacks and stiff capital requirements, their headcount and clout have grown. Banks fined for aiding corruption, money-laundering and sanctions-busting have beefed up their compliance, risk, legal and internal-audit teams. Compliance officers will never be the rock stars of finance, but they have moved from drums to rhythm guitar. And though some banks hint at having reached “Peak Compliance”, staffing and investment are likely to remain well above pre-crisis levels.

https://www.economist.com/finance-and-economics/2019/05/02/the-past-decade-has-brought-a-compliance-boom-in-banking

Wells Fargo creates new unit focused on regulatory compliance
Imani Moise
Reuters

The new unit, whose creation was reported earlier on Wednesday by the Financial Times, will be charged with working through the more than a dozen regulatory consent orders the bank is operating under – agreements between regulators and the bank that it will work to satisfy certain requirements. It will also implement new business and risk-management processes.

https://www.reuters.com/article/us-wells-fargo-risk/wells-fargo-creates-new-unit-focused-on-regulatory-compliance-idUSKCN1SE2U5

How We Howey
by Hester M. Peirce, U.S. Securities and Exchange Commission
Harvard Law School Forum on Corporate Governance and Financial Regulation

While Howey has four factors to consider, the framework lists 38 separate considerations, many of which include several sub-points. A seasoned securities lawyer might be able to infer which of these considerations will likely be controlling and might therefore be able to provide the appropriate weight to each. Whether the framework gives anything new to the seasoned securities lawyer used to operating in the facts and circumstances world of Howey is an open question. I worry that non-lawyers and lawyers not steeped in securities law and its attendant lore will not know what to make of the guidance. Pages worth of factors, many of which seemingly apply to all decentralized networks, might contribute to the feeling that navigating the securities laws in this area is perilous business. Rather than sorting through the factors or hiring an expensive lawyer to do so, a wary company may reasonably decide to forgo certain opportunities or to pursue them in a more crypto-friendly jurisdiction overseas.

https://corpgov.law.harvard.edu/2019/05/13/how-we-howey/

Oh Come On, CFTC…
By Matt Kelly
Radical Compliance

Well this takes the whistleblowing cake: the Commodities & Futures Trading Commission is promoting its whistleblower program at a cryptocurrency conference in New York this week, complete with a booth in the hallway and free CFTC whistles handed out to attendees.

http://www.radicalcompliance.com/2019/05/14/oh-good-lord-cftc/

Five Good Reads for Compliance Professionals
by Kitty Holt
SCCE’s Compliance & Ethics Blog

  • The Lucifer Effect: Understanding How Good People Turn Evil by Philip Zimbardo….
  • Dying Out Here Is Not An Option by John Connelly….
  • The Forger’s Spell: A True Story of Vermeer, Nazis, and the Greatest Art Hoax of the Twentieth Century by Edward Dolnick….
  • Whistleblower by Amy Block Joy…
  • Why We Sleep: Unlocking the Power of Sleep and Dreams, by Matthew Walker, PhD. …

PMC 2019
Please support my ride to fight cancer. On the first weekend in August, I’ll be riding across Massachusetts to raise money for cancer research. I could use your support:
https://profile.pmc.org/DC0176

Private Fund Compliance Forum 2019

I spent Wednesday and will spend Thursday at Private Equity International’s 10th annual Private Fund Compliance Forum. I’ve attended this event at least a half-dozen times and enjoy coming back.

The organizers asked that most of the sessions be off-record. I had detailed notes that I published on Wednesday, but took them down. Instead, I’ll share a few general observations.

It sounds like exams of private equity funds are down. Many regional offices are allocating exam resources to other registrants. New registrants are often getting a hello and welcome to registration message from their regional office. The Private Funds Unit is still active and examining fund managers. It sounds like the focus is on managers who have not yet been examined. The regional offices do act on tips and complaints about fund managers.

When you end up with an SEC exam, make sure you focus on the document request and try to scope it. Scoping is hard, but can save the fund manager and the SEC examiners a great deal of time. Reach out to the SEC to make sure you understand what they are looking for. The document request list often looks like a wide-ranging shotgun blast. Examiners are not looking for huge stacks of documents from smaller firms.

The SEC is stalling registrants from the EU. The concern is that GDPR will prevent the SEC from getting the information they need as part of the reporting and examination process.

There is a great deal of discussion around cybersecurity. None of the attendees indicated that they had subject to any of the cybersecurity sweep exams. Those sweeps are now in their third iteration. See: New SEC Cyber Enforcement Initiative.  If you report a breach, you have increased your chances of a cybersecurity exam from the SEC.

It’s not just SEC examiners who are focused on cybersecurity. Expect investors to also conduct a fair amount of diligence on cyber.

CCOs need to stay laser focused on fees and expenses when that money comes back to the fund manager or an affiliate of the manager. If the fund documents state that a service will be provided at market rate, make sure you are conducting periodic surveys of the market rates. If the fund manager is being reimbursed for an employee’s time spent on a portfolio company, make sure you know what part of the employee’s compensation can be included in the rate. If the fund documents say salary, that means you can’t include the cost of benefits.

There was much more knowledge shared from panelists and even more shared among attendees. Plan on coming next year.

Failed Algorithms

Isaac Asimov’s Three Laws of Robotics, designed to prevent robots from harming humans:

  • A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  • A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
  • A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.

How does this work when the robot is a financial adviser? The Securities and Exchange Commission brought cases against two robo-advisers.

Wealthfront Advisers is an online robo-adviser that provides software-based portfolio management, including a tax-loss harvesting program for clients’ taxable accounts. The SEC alleged that Wealthfront falsely represented to its clients that the robot would monitor their accounts to avoid transactions that might trigger a wash sale. The SEC alleged that Wealthfront failed to conduct such monitoring. That made Wealthfront’s representations misleading.

In a separate case, the SEC alleged that Hedgeable Inc., a robo-adviser, misleadingly compared its results to performances of other robo-advisers. According to the SEC, Hedgeable calculated its returns based on a small subset of client accounts. Further it miscalculated its competitors’ trading returns by using approximations based on information on the competitors’ websites.

While the headlines sound groundbreaking because they involved robo-advisers, the two rob-adviser actions were human misconduct, not malfunctioning algorithms. Those algorithms were fairly basic.

Samathur Li Kin-kan is suing a robo-adviser for not being as sophisticated as promised. Tyndaris Investments’ K1 supercomputer was supposed to comb through online sources like real-time news and social media to gauge investor sentiment and make predictions on U.S. stock futures. It would then send instructions to a broker to execute trades, adjusting its strategy over time based on what it had learned.

Li is suing Tyndaris for about $23 million for exaggerating what the supercomputer could do.  It managed to lose $20 million in one day. THe loss was due to a failed stop-loss order. Li’s lawyers argue that the order wouldn’t have been triggered if K1 was as sophisticated as Tyndaris led him to believe.

For how, it’s the humans being blamed for robots’ shortcomings.

Sources:


OFAC Issues a Framework for Compliance Commitments

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is published A Framework for OFAC Compliance Commitments. OFAC wants to provide organizations its perspective on the essential components of a sanctions compliance program.

“As the United States continues to enhance our sanctions programs, ensuring that the private sector implements strong and effective compliance programs that protect the U.S. financial system from abuse is a key part of our strategy.”

Sigal P. Mandelker, Under Secretary for Terrorism and Financial Intelligence.

The United States has increasingly used its financial system to penalize countries it dislikes as well as drug kingpins and terrorists. The dollar has been the standard for international business. That may change if the US continues to weaponize the dollar against countries it disfavors.

OFAC has decided to coin the initialism “SCP” for Sanctions Compliance Program. An SCP has five essential components:

1. Management Commitment

  • Senior management has reviewed and approved the SCOP
  • Senior management delegate sufficient authority and provided direct reporting lines
  • Senior management has given adequate resources to the SCP
  • Senior management promotes a culture of compliance
  • Senior management recognizes the seriousness of deficiencies and violations

2. Risk Assessment

  • Organization has conducted an OFAC risk assessment
  • Organization has a methodology to identify and address the risks it identifies

3. Internal Controls

  • Written policies and procedures
  • Internal controls based on risk assessment
  • Enforces policies and procedures
  • Adequate record-keeping
  • Corrects discovered weaknesses
  • Communicates policies and procedures to relevant staff
  • Personnel appointed to integrate policies and procedures into corporate operations.

4. Testing and Auditing

  • Testing and auditing is accountable to senior management
  • Testing and auditing are appropriately sophisticated
  • Takes corrective actions after a negative result.

5. Training

  • OFAC Training provides adequate information
  • Training scope is appropriate
  • Training frequency is appropriate based on risk profile
  • Updates training after a negative result
  • Training provides easily accessible resources.

The Framework includes a short appendix that offers some analysis of some of the causes of sanctions violations that OFAC identified during its investigative process.

Sources:

Pilfering? a Private Equity Fund

The Securities and Exchange Commission has made the industry very aware that it will look closely at the way private-equity firms handle fund expenses. The latest firm to get caught by the SEC for taking money from investors is Corinthian Capital.

Corinthian agreed to the order, but it contains the usual carve-out that Corinthian neither admits nor denies the findings in the order. Things may have actually happened different, but I’m accepting what’s in there as a warning for what the SEC does not like.

The first problem was related to improperly using a fee offset according to the the fund documents. The order does a poor job of explaining the operation of this particular offset. It seems like Corinthian affiliated limited partners are able not fund part of their capital commitments. The fund documents are silent on whether the offset can be applied retroactively. Corinthian applied it retroactively. Worse, the firm miscalculated the offset.

Compounding the miscalculation problem, Corinthian withdrew more than it was entitled to in fees from the fund to pay down the manager’s line of credit. Once that line was crossed, Corinthian transferred other cash from the fund to pay management expenses.

The second problem was charging the fund for organizational expenses that were not permitted by the fund documents. On problem is that the management company charged the fund for expected formation expenses. The SEC pointed out that this was improper because those expenses had not actually been incurred.

In addition, Corinthian misclassified some expenses as organizational expenses and ended up charging costs to the fund partners that should not have been charged to them. One item specifically reference is a placement agent fee.

“Corinthian also lacked policies and procedures with respect to charging CEF 2 for organizational expenses. Informal practices, dating from a former CFO, were put in place that gave great discretion to estimate and classify organizational expenses. While the CFO tracked and the investment committee determined the amount charged to CEF 2 for organizational expenses as referenced in Paragraph 12, no process was implemented to determine the accuracy of such estimates or whether expenses were properly classified. “

The third problem was that Corinthian’s auditor noticed these problems. The auditor chose to withdraw from the engagement and withdraw its opinion from the prior year’s financial statements. That left Corinthian not timely delivering audited financial statements and therefore in violation of the Custody Rule.

Sources:

Compliance Bricks and Mortar for May 10

These are some of the compliance-related stories that recently caught my attention.


Who to Sue When a Robot Loses Your Fortune
By Thomas Beardsworth and Nishant Kumar
Bloomberg Business

The timeline leading up to the legal battle was drawn from filings to the commercial court in London where the trial is scheduled to begin next April. It all started over lunch at a Dubai restaurant on March 19, 2017. It was the first time 45-year-old Li, met Costa, the 49-year-old Italian who’s often known by peers in the industry as “Captain Magic.” During their meal, Costa described a robot hedge fund his company London-based Tyndaris Investments would soon offer to manage money entirely using AI, or artificial intelligence.

https://www.bloomberg.com/news/articles/2019-05-06/who-to-sue-when-a-robot-loses-your-fortune

U.S. v. Connolly: “Outsourcing” a Government Investigation — And How to Avoid It
by David B. Massey, James Q. Walker, Lee S. Richards III, Shari A. Brandt, Audrey L. Ingram, Daniel C. Zinman, Arthur Greenspan, and Rachel S. Mechanic
NYU Law’s Compliance & Enforcement

On May 2, in a widely-watched case, the U.S. District Court for the Southern District of New York found that the government “outsourced” a criminal LIBOR investigation to Deutsche Bank and its outside counsel, and thereby violated defendant Gavin Black’s Fifth Amendment rights when outside counsel interviewed the defendant under threat of termination from his employment.  United States v. Connolly, 16 Cr. 370 (CM), Memorandum Decision and Order Denying Defendant Gavin Black’s Motion for Kastigar Relief, ECF Document 432, slip op. at 19, 29 (May 2, 2019).  But because the DOJ did not use the defendant’s compelled statements at trial and the investigation was not otherwise tainted, the Court found no Kastigar violation and held that, even if there was, any error was harmless.  Connolly, slip op. at 40-41, 43-44.  


https://wp.nyu.edu/compliance_enforcement/2019/05/07/u-s-v-connolly-outsourcing-a-government-investigation-and-how-to-avoid-it/

CBS Beefs Up Ethics & Compliance
By Matt Kelly
Radical Compliance

Most notably, CBS will place “human resources production partners” on set at all of its programs, so actors and other staff will have someone they can approach with any complaints. That seems directly related to Michael Weatherly, star of CBS’ hit show Bull. He was accused in December of harassing co-star Eliza Dushku, and then squeezing her off the show in 2016 when Dushku complained about his behavior to CBS executives.

CBS also said it has hired a new chief ethics and compliance officer, Hazel Mayers. Mayers started the job in March, after working since 2015 as general counsel at Simon & Schuster — but Mayers also previously worked at CBS for 12 years before that, as assistant general counsel and chief compliance officer.

http://www.radicalcompliance.com/2019/05/07/cbs-beefs-ethics-compliance/

The Ruthless, Secretive, and Sometimes Seedy World of Hedge Fund Private Investigators
by Michelle Celarier
Institutional Investor

Work for activist hedge funds is a particularly revealing task, according to Barakett. “I’m never surprised by what we find,” he says, mentioning a public company executive who had a “wife and kids in one city, and another wife and kids in another city in another — nonadjacent — state.” Another married CEO of a public company “had his gay lover on the payroll and was also living in a condo owned by the company,” Barakett says.

https://www.institutionalinvestor.com/article/b1f6yg8n93jyfh/The-Ruthless-Secretive-and-Sometimes-Seedy-World-of-Hedge-Fund-Private-Investigators

What characteristics do the World’s Most Ethical Companies have in common?
By Aarti Maharaj
The FCPA Blog

Some of the findings include:
Diversity at the highest levels: Among the 128 companies from Ethisphere’s 2019 awards list, women hold 28.1 percent of the director positions (a four percent increase over last year). That compares with 21.1 percent overall on the large cap index.
Disseminating information about disciplinary actions: Amazingly, one out of every ten employees surveyed by Ethisphere indicated that they either disagree or strongly disagree that the rules and associated disciplinary actions for unethical behavior or misconduct are the same for every employee. That said, nearly one-third (32 percent) of honorees do communicate publicly about how such concerns were reported, the types of concerns reported, and the substantiation rates of corresponding investigations. This figure represents a noticeable increase over 2018, when less than a quarter of 2018 honorees communicated such information publicly.
Supporting middle management: An employee’s immediate manager is the most commonly used resource for not only asking questions but also reporting observed instances of misconduct, so supporting middle management with tools to ease the intake and tracking process is important to the World’s Most Ethical Companies. The majority (84 percent) of 2019 honorees use a tracking tool or case management system that tracks all reports and related investigations, regardless of how the report was originally made.

http://www.fcpablog.com/blog/2019/4/24/what-characteristics-do-the-worlds-most-ethical-companies-ha.html

We Select Best-in-Class… of those that pay us

Deutsche Bank marketed a robust, independent due diligence process to identify, evaluate, and select best-in-class asset managers.  But failed to disclose that it only recommended hedge funds that shared their management fees with the bank.

DB disclosed that it might receive revenue sharing and actually disclosed the amount it received in the subscription agreement. DB can recommend only its own products to its clients, as long as there is good disclosure.

However, the SEC felt that DB did not have good disclosure. The marketing for the fund failed to disclose that it was only recommending funds that agreed to pay a kickback to DB. 

The SEC has been focusing on these “retrocessions.”  What is interesting about this case is that the bank was not a registered adviser or broker-dealer. The bank was charged with violating the Securities Act’s anti-fraud provisions (17(a)(2)).

This is not the first time this has happened. JP Morgan paid a $267 million settlement to the SEC in 2016. The bank was investigated for steering high-net-worth clients toward its own proprietary investment funds that could cost more rather than those managed by other institutions.

Sources: