Author: Doug Cornelius

These are some of the compliance related stories that recently caught my attention:

Cybercriminals Have Your Business In Their Crosshairs And Your Employees Are In Cahoots With Them by Ivy Walker

So how are your employees in cahoots with cyber attackers? Because the number one way hackers gain access to small business networks is when someone on that network clicks a link or an attachment in a malicious email. Once inside your network, the attackers can do things like steal or encrypt your data.

https://www.forbes.com/sites/ivywalker/2019/01/31/cybercriminals-have-your-business-their-crosshairs-and-your-employees-are-in-cahoots-with-them/#4e8a88fd1953

Retaliation Against CCOs: Three Tales by Matt Kelly

We hear those stories from time to time: a compliance officer reports some concern to management (otherwise known as doing your job), and management responds by punishing the compliance officer rather than considering the issue itself. Lately I’ve seen a string of such cases in the news, so in the interest of defending this noble profession, let’s take a look at them.

http://www.radicalcompliance.com/2019/02/04/retaliation-ccos-three-tales/

Crypto-Exchange Says It Can’t Pay Investors Because Its C.E.O. Died, and He Had the Passwords by Karen Zriack

A Canadian cryptocurrency exchange said it could not repay at least $250 million to clients after its chief executive died suddenly while visiting India. The company, Quadriga CX, said in court filings that the C.E.O., Gerald W. Cotten, was the only person who knew the security keys and passwords needed to access the funds.

https://www.nytimes.com/2019/02/05/business/quadriga-cx-gerald-cotten.html

Cleary Gottlieb Reviews 2018 Cybersecurity and Data Privacy Developments by Pam Marcogliese, Rahul Mukhi, Katherine Carroll, Alexis Collins and Emmanuel Ronco

In 2018, data privacy and cyber breaches made headlines throughout the year.  Major companies continued to suffer data breaches, highlighting the risks and potential costs of cyber incidents across industries.  At the same time, a growing and overlapping thicket of data security and privacy regulations—within the U.S., European Union, Latin America, and elsewhere—continued to increase compliance costs and regulatory risks.  This memo surveys some of the key cybersecurity and data privacy developments of 2018, including the major data breaches and cyber-attacks, regulatory and legislative actions, and notable settlements and court decisions.

http://clsbluesky.law.columbia.edu/2019/02/06/cleary-gottlieb-reviews-2018-cybersecurity-and-data-privacy-developments/

NFL to Hire Director, Compliance by David D. Dodge

The NFL’s move to provide guidance to its teams’ compliance programs resembles in some respects the NBA’s recent directive to its member teams.  NBA Commissioner Adam Silver recommended that each team take steps similar to those taken by one of its teams, the Dallas Mavericks, in building an effective compliance program – all with an eye towards each team having its own effective compliance program.

http://complianceandethics.org/nfl-to-hire-director-compliance/

Requisition Title: Director, Compliance

NFL Compliance partners with Security and Internal Audit and other League functions to identify and manage risk — legal, financial, and reputational.  NFL Compliance is responsible for ensuring effective policies and procedures mitigate these risks, that NFL staff understand these policies and procedures, and to provide guidance and serve as a resource to staff.  NFL Compliance monitors for adherence to league policies and procedures and reviews potential situations of non-compliance.  Managing risks relating to third-party vendors is also an important feature of the League’s compliance program.  NFL Compliance supports all League offices, including international, and provides guidance to NFL teams.
 
The Director will assist the Vice President of Compliance in promoting a corporate culture where employees meet the NFL’s core values, acting with integrity and following the highest ethical standards. 

https://nfl.taleo.net/careersection/nfl_ex/jobdetail.ftl;jsessionid=qM7DMYVY7Fkp0WWw5AnwH6xeAKeRCm_4-g_XCpxIIdT3Xcbr0cLR!-682138332

These are a few of the compliance related stories that recently caught my attention.

Why The SEC Shutdown Must End (Now) by John Reed Stark

It is not surprising that the SEC has only filed one civil action in federal court since the shutdown began, which was a parallel action brought alongside the U.S. Attorney’s Office for the District of New Jersey. (The matter involved charges against nine defendants for participating in a previously disclosed scheme to hack into the SEC’s EDGAR system and extract nonpublic information to use for illegal trading.)

[More…]

When Is a Crypto Asset a “Security,” and Why Does That Matter? (Part I)
When Is a Crypto Asset a “Security,” and Why Does That Matter? (Part II)
by Joseph H. Nesler

In our January 17 blog, “When Is a Crypto Asset a “Security,” and Why Does That Matter? (Part I),” the Crypto Law Corner explained that SEC-registered investment advisers must apply the so-called “Howeytest,” on a case–by-case basis, to determine whether a particular crypto asset is a security, and suggested that applying the Howey test can prove daunting to SEC-registered investment advisers in the event they are required to determine whether particular crypto assets are “securities.”  
Why is the Howey test daunting? 
Although the three-part “Howey test” may sound simple and straightforward, it is anything but.

[More…]

BigLaw associate was duped into transferring over $2.5M to fraudster’s account, decision reveals
by Debra Cassens Weiss

An associate at Dentons Canada was duped into transferring more than $2.5 million into a fraudster’s account, according to an opinion by an Ontario judge in an insurance coverage dispute.
The Dec. 11 decision by Judge Carole J. Brown said the Vancouver-based associate sent the money from a property sale to a Hong Kong bank account after he received emails asking him to do so, report the American Lawyer and the Law Times. The emails appeared to have been sent by a mortgage company representative and two bank officials where the mortgager had an account.

Should some parts of a compliance program be kept secret?
By Richard L. Cassin

Internal controls, for example, share some DNA with corporate security systems. The controls must be there, according to the FCPA and securities laws, so that management knows where all the company’s assets are, who’s handling them, and for what purpose. That’s a way to stop the company assets from being used to pay bribes.
But from a corporate security perspective, the internal controls are there to stop people from stealing from the company, or using the assets to commit fraud or other crimes. Internal controls, then, are something like the security system around a bank vault.

Circuit Court Rejects SEC Claims on Howey Security Test
by T. Gorman

Partnership interests such as those involved here may be securities within the meaning of Howey. Typically, however, interests in general partnerships fail the test – investors have sufficient authority and powers negating the need for the protections of the securities laws. Limited partners are different. Their authority is limited. Without significant power they become more like a shareholder and their interest may be viewed as a security.
The line between the two types of partnerships when considering the question of if a security is involved can be assessed by considering three factors set forth in Williamson v Tucker, 645 F. 2d 404 (5^th Cir. 1981). Under that test a partner is dependent “solely” on the efforts of a third party manager when: 1) an agreement among the parties leaves so little power in the hands of the partner that the person essentially becomes a limited partner; or 2) the partner is so inexperienced that he is incapable of intelligently exercising his authority; or 3) the partner is so dependent on some unique entrepreneurial or managerial ability of the promoter that he cannot replace the person or exercise any meaningful partnership or venture powers.

Five ‘stupid’ ideas about trust in business
By Barbara Brooks Kimmel and Charles H. Green

Do these flawed views of trust merit actually being called “stupid”? You be the judge.

1. Trust is synonymous with “check-the-box”sustainability practices or “greening” your organization.

2. Blockchain is a road to trust.

3. Loading up corporate communications with trust words du jour elevates brand or organizational trust

4. Elevating data security is a pathway to trust

5. Trust can be chemically induced.

Why Aren’t Hedge Funds Required to Fight Money Laundering?
By Heather Vogell

Yet one major part of the financial system has remained stubbornly exempt, despite experts’ repeated warnings that it is vulnerable to criminal manipulation. Investment companies such as hedge funds and private equity firms have escaped multiple efforts to subject them to rules meant to combat money laundering.
The latest attempt, which began in 2015, appears to have ground to a halt, according to sources familiar with the process.

These are some compliance-related stories that recently caught my attention:

SEC Brings Enforcement Action for Failure to Verify Accredited Investor Status 
by Steve Quinlivan

The SEC alleged CoinAlpha did not have pre-existing substantive relationships with nine of the fund’s investors and engaged in a general solicitation of public interest in the securities offering through CoinAlpha’s website, which was generally accessible without password protection. Additionally, CoinAlpha engaged in general solicitation through blog postings, and media interviews and digital asset and blockchain conferences, accessible both via live attendance and through the Internet. Despite collecting accredited investor questionnaires and representations from investors certifying to their accredited investor status, Respondent did not take reasonable steps to verify that investors in the Fund were accredited investors.

Debevoise & Plimpton Discusses Custody of Digital Assets
by Kenneth J. Berman, Byungkwon Lim and Gary E. Murphy 

Significant uncertainties remain, however, in applying existing laws, regulations and practices to these digital assets. One area of significant concern is custody. Without a way to safely store and hold digital assets, institutional investors are often reluctant to make—and, in some cases, may be legally precluded from making—investments in this space.
Custody generally refers to the holding and control of an asset. What does it mean to have or retain custody of a digital asset? What practical concerns do investors in digital assets have regarding the custody and safeguarding of such assets? What legal obligations are imposed in the custody of digital assets? Do current methods of custody adequately address these legal and practical concerns?
This paper focuses on these and related questions, with a particular emphasis on the custody requirements imposed on registered investment advisers under the U.S. Investment Advisers Act of 1940 (the “Advisers Act”). [More…]

Cyber risk measurement and the holistic cybersecurity approach
by Jim Boehm, Peter Merrath, Thomas Poppensieker, Rolf Riemenschnitter, and Tobias Stähle

A holistic approach proceeds from an accurate overview of the risk landscape—a governing principle that first of all requires accurate risk reporting. The goal is to empower organizations to focus their defenses on the most likely and most threatening cyber risk scenarios, achieving a balance between effective resilience and efficient operations. Tight controls are applied only to the most crucial assets. The holistic approach lays out a path to root-cause mitigation in four phases 

SEC Names Danae M. Serrano Acting Ethics Counsel and Designated Agency Ethics Official

Ms. Serrano joined the SEC in 2010 as an Assistant Ethics Counsel, and has served as the Deputy Ethics Counsel and Alternate Designated Agency Ethics Official since 2013. Ms. Serrano also served as the Agency’s Acting Chief Compliance Officer until August 2018.
“Danae is widely respected by her colleagues throughout the Commission for her steady and thoughtful ethics counsel,” said Chairman Jay Clayton. “I know that Danae and her team are committed to maintaining the highest ethical standards at the SEC, and I want to thank her for taking on this important role in support of the Commission and our dedicated staff.”
“I am grateful for this opportunity to lead the talented and dedicated staff in the Office of the Ethics Counsel, and for the Chairman’s support of the SEC’s robust ethics and compliance programs,” said Ms. Serrano.
Before joining the SEC, Ms. Serrano served as an attorney in the General Counsel’s Office of the Pension Benefit Guaranty Corporation (PBGC), where she advised on government ethics and administrative law matters. Prior to PBGC, Ms. Serrano served as an attorney and ethics official in the United States Air Force, Office of the General Counsel. Ms. Serrano received her law degree from the University of Connecticut School of Law, where she was an Executive Editor of the Connecticut Insurance Law Journal. She received her B.A. in History from Yale University.

SEC faces lawsuit over ‘gag orders’ in enforcement settlements
by Joe Mont

The Cato Institute, a libertarian think tank, is suing the Securities and Exchange Commission in federal court to challenge its decades-old policy of imposing “gag orders” on settling defendants in civil enforcement actions. As a routine condition of settling civil or administrative actions, defendants agree to a promise that they will never publicly contest, challenge, or deny any of the allegations the SEC has made against them—even after the case has been settled and the underlying lawsuit or administrative proceeding dismissed.

Five things to do NOW to deal with Sexual Harassment Compliance Challenges
by Kristy Grant-Hart

The public, regulator, and shareholder expectations for companies are sky-high when it comes to preventing and responding to sexual harassment.  What can you do to protect your company in 2019?  Start with these five actions… [More…]

These are some of the compliance-related stories that recently caught my attention.

---

The Shift from Active to Passive Investing: Potential Risks to Financial Stability? by Patrick McCabe, Board of Governors of the Federal Reserve System

In our working paper, we examine four channels by which the active-to-passive shift may affect financial stability: (1) effects on liquidity transformation and redemption risk for investment funds; (2) growth of passive products with strategies that amplify asset-price volatility; (3) increased asset-management industry concentration; and (4) effects of indexing on the prices, volatility, and comovement of financial assets.[More…]

---

Index Funds and the Future of Corporate Governance: Theory, Evidence, and Policy by Lucian Bebchuk and Scott Hirst

We focus on understanding the structural incentive problems that motivate index fund managers to under-invest in stewardship and defer to corporate managers, thereby impeding their ability to deliver on their governance promise. We stress that in some cases, fiduciary norms, or a desire to do the right thing, could lead well-meaning index fund managers to take actions that differ from those suggested by a pure incentive analysis. Furthermore, index fund managers also have incentives to be perceived as responsible stewards by their beneficial investors and by the public—and thus, to avoid actions that would make salient their under-investing in stewardship and deferring to corporate managers. These factors could well constrain the force of the problems that we investigate. However, these structural problems should be expected to have significant effects; the evidence we present in Part ‎III demonstrates that this is, in fact, the case. [More…]

---

Dissecting the Conundrum of Investing in Hedge Funds Despite High Fees and Mediocre Returns by Cary Martin Shelby

October 2018 ended with the hedge fund industry suffering its worst monthly decline since September 2011, according to the HFRI Fund Weighted Composite Index. Some commentators are predicting that 2018 will end with the hedge fund industry experiencing its worst annual performance since the failure of Lehman in 2008. This news comes on the heels of a disastrous decade for hedge fund performance. In the years following the financial crisis of 2007-2009, the S&P 500 consistently outperformed the hedge fund industry. Even Warren Buffet famously predicted that a basket of hedge funds would underperform the S&P 500 over a 10-year period from 2007-2017. He in fact won that bet as his basket of hedge funds earned 2.2 percent over that period while the S&P 500 earned 7.1 percent. [More…]

---

Two Celebrities Charged With Unlawfully Touting Coin Offerings

The SEC’s orders found that Mayweather failed to disclose promotional payments from three ICO issuers, including $100,000 from Centra Tech Inc., and that Khaled failed to disclose a $50,000 payment from Centra Tech, which he touted on his social media accounts as a “Game changer.” Mayweather’s promotions included a message to his Twitter followers that Centra’s ICO “starts in a few hours. Get yours before they sell out, I got mine…”[More…]

---

The Whistleblowers by Tamar Frankel in Verdict

A whistleblower may face conflicted commitments and loyalties. As a good citizen, he or she is committed to following the law. Yet he or she is also committed to the workplace and to its leaders’ directives and success. The institutions and their leaders’ actions and directions may conflict with the whistleblower’s interpretation of the law. Unfortunately, such conflicts may not be unique. [more…]

---

Why don’t we trust whistleblowers? by Kelly Richmond Pope

In my TED Talk, I explore the dilemma faced by many whistleblowers; speak up and help the problem or speak up and be forever scrutinized. [More…]

---