Privacy Notices – Testing Effectiveness

privacy
Its great that regulators come up with privacy disclosure forms, but are they effective?

The Securities and Exchange Commission has reopened the period for public comment on proposed amendments to Regulation S-P, which implements the privacy provisions of the Gramm-Leach-Bliley Act. [15 U.S.C. §§6801 – 6809] They opened back up for comment because they tested the model notices and found weaknesses with the current form.

The proposed amendments were designed to create a safe harbor for a model form that financial institutions may use to provide disclosures in initial and annual privacy notices required under Regulation S-P. Based on the field research, it sounds like the model notice needs some more work.

See:

IRS Notice 2009-38 on Section 382 For Acquisition of Instruments Issued by Recipients of TARP Funds

IRS_Logo

The Internal Revenue Service issued Notice 2009-38 (.pdf) to provide guidance when instruments are acquired by the Treasury Department under the Capital Purchase Program of the Emergency Economic Stabilization Act (“EESA”) and the Troubled Asset Relief Program (“TARP”). The issue arose because of the massive amount of securities being acquired by the Treasury. If those acquisitions are be deemed an ownership change that could limit the ability to deduct net operating loss carryovers and recognized built-in losses

In general, Section 382 of the Tax Code limits deductions for net operating loss carryovers and recognized built-in losses subsequent to an ownership change. An ownership change, as defined in Section 382(g) of the Tax Code, is generally a change of 50% or more of the ownership of a corporation within a three-year period. Prior to this Notice and similar earlier guidance, the Treasury Department’s acquisition of certain stock of a corporation could have resulted in an ownership change, thereby limiting the corporation’s ability to utilize prior losses to reduce its taxable income.

Corporate Blogs and Tweets Must Keep SEC in Mind

ebayink

Richard Brewer-Hay made it into the Wall Street Journal and even got his photograph included. Who is he? He is part of the next wave of investor relations professionals who are using web 2.0 tools to provide investors with company information. In 2008, Richard started using a blog as part of eBay’s investor relations: eBay Ink Blog.

Richard then saw Twitter as a useful tool for sending out investor relations information. eBay’s lawyers even gave it their blessing. (After they found out about it and required some disclosure language.) The first big test was the March 11 shareholder meeting where he live tweeted from the audience, broadcasting the meeting beyond the four walls of the room.

The Securities and Exchange Commission laid the groundwork for this approach in the August 2008 Guidance on the Use of Company Website [Release 34-58288] (.pdf) The SEC stated that: “We acknowledge the utility these interactive web site features afford companies and shareholders alike, and want to promote their growth as important means for companies to maintain a dialogue with their various constituencies.” At today’s Society of American Business Editors and Writers convention in Denver, Mary Schapiro noted that the SEC favors greater and broader disclosure [using Twitter and other tools to communicate with investors] but that it hasn’t come to a resolution on the new technology.”

The first step is the analysis of whether and when information is “public” for purposes of the applicability of Regulation FD. In the guidance, the SEC laid out a three part test for “companies to consider whether and when: (1) a company web site is a recognized channel of distribution, (2) posting of information on a company web site disseminates the information in a manner making it available to the securities marketplace in general, and (3) there has been a reasonable waiting period for investors and the market to react to the posted information.”

The next step is to consider whether and when postings on their web sites are “reasonably designed to provide broad, non-exclusionary distribution of the information to the public.” (Rule 101(e)(2) of Regulation FD.

Lastly, the company needs to keep in mind that the antifraud provisions of the of the federal securities laws, including Exchange Act Section 10(b) and Rule 10b-5 are applicable to the content of its web site.

It was great to see eBay’s effort being lauded in the WSJ. It is strange that other companies have not joined the trend. I would guess that there is a lack of business results associated with the transition from web 1.0 to web 2.0. To make the transition, an investor relations professional would need to show that one of the following is true:

  • Increase in share price
  • Reduction in securities and shareholder litigation
  • Reduced costs
  • Increase in revenue

I think it is hard to show that they could achieve any one of these goals. Perhaps you could show that the content management of a blog is less expensive and easier to maintain than a commercial product. WordPress (which powers Compliance Building) is free and offers great content management tools.  You would also need to make the transition from using the public relations news wire services to the blog platform in order to comply with the selective disclosure rules of Regulation FD.

Personally, I think it is the better way to go. Companies can better control the message by using their own website to communicate with investors. But you nee people like Richard to prove the value proposition. We also need the SEC to take a better position on using these tools.

Are there other companies making the most of web 2.0 and joining the Investor Relations 2.0 movement?

See:

Swine Flu, Disaster Recovery, and Compliance

swine-flu

One aspect of a compliance program is disaster recovery. Investors want to know that your operations can be up and running if something goes wrong. Although first thoughts go to an extraordinary event like the World Trade Center attacks, the problem is more likely to be something less dramatic.

From today’s headlines, it may be time to look at your disaster recovery plans in case of a pandemic. If Swine Flu keeps most of your workforce at home, what do you do?

But first you should decide whether you need to worry about the Swine Flu. The culprit is an unusual new virus known as A/H1N1, which is a form of swine flu that has made its way from pigs into humans. This is an entirely new hybrid strain composed of pig, bird and human viruses. As to whether it risks becoming a pandemic, that depends on the severity of the effects and how easily it is transmitted.

Over 1,500 Mexicans have been afflicted with symptoms that may be the result of this new virus. But it is not yet confirmed whether the cause of most of these cases was A/H1N1 or commonplace strains of influenza. Five American states—California, Texas, Kansas, Ohio and New York—have confirmed mild cases of A/H1N1. So too has Canada,  Britain, Israel and New Zealand. One theory is that college students have been bringing the virus back to the U.S. after college spring break in Mexico.

On the very good side of things, reports indicate that the Mexican swine flu virus is susceptible to the most widely stockpiled flu antiviral drugs, Tamiflu and its relatives. If the effects are severe and it is very contagious, tools are available to fight it.

You can judge whether you should be alarmed at the Swine Flu outbreak. (I am not.) But you should take this as an opportunity to test your disaster recovery plan and make sure you can still be up and running if your workforce is not in the office.

And just to be safe, don’t kiss pigs.

See:

Image is from Cute Overload: Mmmmm, snoutlicioussss Thanks to Niki Black for pointing it out: Swine Flu Transmission solved from Twitter

Moral Hazard and Structural Compliance

danger sign

I have been tossing around the concept of structural compliance in my head. The idea is to focus on the alignment of employee incentives with the long term goals of the organization. Jeff Kaplan forwarded me an article he wrote for the April 2009 issue of CCH’s Federal Ethics Report: Boards of Directors, Moral Hazard and Corporate Compliance Programs.

“Moral hazard” is the phenomenon that reducing the effect of risk by providing insurance results in the encouragement of riskier behavior. A party insulated from risk may behave differently from the way it would behave if it were fully exposed to the risk.

Jeff point out the moral hazard in the economic crisis where individuals creating the risk did not have their interests aligned with those of the organization. I touched on these in my post about Countrywide: Did Compliance Programs Fail During the Financial Industry Meltdown? In that story, we saw that loan officers were compensated more for origination of sub-prime loans than standard loans. They were actually paid more to originate riskier loans. The loan officers were not compensated based on the repayment of the loan. They were isolated from the risk of non-repayment.

One of the problems with the securitization of loans is that the originators do not retain the risk. They originate, sell the loans, and transfer the risk. This continues as the loans are repackaged and tranched up into the collateralized debt food chain. There was a structural compliance failure. The risk was separate from the reward.

With the failure of Lehman Brothers, the term “moral hazard” was a hot topic in the news. If we rescued them, others would expect the financial safety net. (It seems like the government made the wrong decision in deciding to let Lehman fail.) We let people build in flood plains based on government flood insurance and subsidized insurance.

Another case in point is my snowboard helmet, streaked with the brown marks of tree limbs from my runs through trees. I feel safer and take some risks that I would not take without my helmet. My head is safer, but I am more likely to take damage somewhere else or dislocate my elbow (again!).

Part of the compliance program has to focus on making sure that the reporting, governance, and compensation of the people in your organization are tied to the long term goals of the organization.

If you are rewarding people based on short-term goals, then you are going to end up with short-term results. If you are rewarding them for gains and not penalizing them for losses, then they are insulated from the risk. They are likely to make riskier decisions.

Merely running a compliance program to make sure people are following the rules is nice. But it is better to have compliance program that also focuses on removing incentives to break the rules. I think that is what I mean by structural compliance.

See:

Image is a Poland road sign: Znak A-27.svg

Weekend Book Review – The Nine

the-nine

You would  expect a book about the inner workings of the United States Supreme Court to be dry and boring. I did, which is why this book has been sitting unread in my book pile for months.

Surprise! I found this book to be very interesting and entertaining.

The Nine: Inside the Secret World of the Supreme Court was written by Jeffrey Tobin, a staff writer for The New Yorker and a senior legal analyst at CNN. Toobin guides us through the last twenty years of court history by focusing on individual justices and their roles in some of the most controversial cases.

It is not an unbiased view of the justices. Tobin paints a very flattering picture of the centrist Justice O’Connor.  In Toobin’s view Rehnquist has little interest in the reasoning even of his own opinions. He paints Antonin Scalia as the brilliant but pugnacious. Stephen Breyer is portayed as an optimist with an unrealistic belief in his powers of persuasion. Justice Kennedy comes across as pompous. Thomas seems bitter and angry. Ginsburg is charming and briliant. Stevens stands as the last bastion of liberalism on the court. Souter is a hermit living in the woods of New Hampshire who has never plugged in his television.

Toobin also portrays a bumbling Clinton administration putting its appointees on the Court. In comparison, the Bush White House ran its candidates past the religious right for their approval on social issues.

I am lawyer, so I may find the working of the Supreme Court more interesting than non-lawyers. Maybe my view is tainted, but this is one of the best books I have read in many months. I think you should add The Nine to your reading list.

Coming Attractions – Frontline Reports on Madoff

madoff

Next month, Frontline is running a report about Bernard Madoff on a PBS station near you. The episode premiers the week of May 12.

“Bernard Madoff’s success as a broker made the competition wonder how the man could produce such steady returns in good times and bad. The SEC investigated several times over the last two decades, but Madoff remained untouched until last December when he admitted it was all “one big lie.” Frontline producers Martin Smith and Marcela Gaviria unravel the story behind the world’s first truly global Ponzi scheme – a deception that lasted longer, reached wider and cut deeper than any other business scandal in history.”

Corresponding with Cornelius

Boston from the Charles

Here are some of my recent comments on some other blogs or other websites that allow comments. Part of the new changes in the internet is the ability for readers to engage writers and other readers of their stories.

I am happy to have you leave comments at Compliance Building. But if not here, take a look at what other people are saying. Join me in the conversation over there.

The WSGR Term Sheet Generator: The Inexorable Creep of Document Assembly by Ken Adams of Adams Drafting

Ken heaps praise on the the online term sheet generator from Wilson Sonsini.

Alternative Billing, Alternative Lawyering at Above and Beyond KM

Discussing the effect of Richard Susskind’s take on lawyers, law firms, and knowledge management.

Fair Use and Freeriding by Scott Greenfield on Simple Justice

Scott takes on the theft of blog comment and fair use.

Alternate Ways to Cover the News by Bill Pollak on Bill’s Blog for Incisive Media

Bill contemplates how to use amateur bloggers in the coverage my mainstream legal media

Image is by Brian Corr and from Wikimedia Commons: Boston 2004 03 07.

Failure to Conduct Diligence Can Lead to SEC Sanctions

SEC Enforcement Logo

If you advertise that you have due diligence process, you had better follow that process. The Securities and Exchange Commission brought an administrative proceeding against an investment adviser for failing to follow its advertised due diligence program.

The Hennessee Group promoted its process for evaluating and selecting hedge funds as the “Five Level Due Diligence Process.” They represented to clients and prospective clients that they would not recommend investment in hedge funds that did not satisfactorily complete all five levels of its due diligence evaluation. The Hennessee Group routinely touted the excellence and rigor of the process.

According to the SEC’s order, approximately 40 clients invested millions of dollars in the Bayou hedge funds from February 2003 through August 2005 after the Hennessee Group recommended those investments. Most of the money was lost by Bayou’s principals, who defrauded their investors by fabricating Bayou’s performance. The SEC charged the managers of the Bayou hedge funds with fraud in 2005.

“With regard to Bayou, Hennessee Group, at Gradante’s direction, failed to perform two elements of the due diligence evaluation that Hennessee Group had told its clients and prospective clients that it would do: (1) a portfolio/trading analysis; and (2) a verification of Bayou’s relationship with its purported independent auditor. By not conducting the entire due diligence evaluation that it had advertised, and by failing to disclose to clients that its evaluation of Bayou deviated from its prior representations, Hennessee Group and Gradante rendered the prior representations about the due diligence process materially misleading and breached their fiduciary duties to Hennessee Group’s clients.”

To resolve the matter, the Hennesse Group agreed to adopt procedures to ensure proper disclosure of its evaluation processes. They also had to pay $549,000 in disgorgement of its advisory fees related to Bayou, and to pay a civil penalty of $100,000.

These seems like a great example of the consequences for failure to follow your policies and procedures.

See:

Credit Rating Agency Reform

sec-seal

Last week the Securities and Exchange Commission held a roundtable on the credit agencies to consider a range of ideas to get tougher on them. Securities and Exchange Commission Chairman Mary Schapiro lead the discussion and pointed out that “rating agency performance in the area of mortgage-backed securities backed by residential subprime loans, and the collateralized debt obligations linked to such securities has shaken investor confidence to its core.” The SEC has exclusive authority over rating agency registration and qualifications as a result of the Credit Rating Agency Reform Act of 2006.

There seems to be a conflict of interest when the fee for the rating agency is paid by the issuer of the debt instead of the investor who is relying on the rating. This issued-paid model accounts for 98% of the ratings.

The rating agencies are are faced with lots of litigation over their  ratings of mortgage-back securities. One of their defense tactics is that their ratings are “opinions” and are protected by the First Amendment. That would probably mean having to prove actual malice and not just making a false statement. If the ratings are found to be more of a private commercial transaction then it is less likely that the First Amendment would apply.

One thing that has struck me as odd about the ratings is that they give the same designation to company debt as they do to structured products. It seems to me that there is a big difference between (1) the bonds issued by GE, payable from GE’s revenues and (2) the bonds issued out of a fixed pool of assets like Mortgage-Back Securities.

There are only a few dozen companies that have AAA ratings on their debt. These companies are actively managed looking for the long term success of the company. There are many variables, making the rating process more complicated.

On the other hand, the structured finance products are not actively managed. You have a bunch of income coming in and you structure that income flow into tranches. The default rate is governed by the quality of the assets and the larger economy’s effect on the cash flow from those assets. The rating process is complicated in a different way because you need to look at the variables that may affect the performance and how they may be correlated. I wrote before on how the rating agencies got this wrong: The Risk Management Formula That Killed Wall Street.

Maybe its time to break the ratings into separate categories so that investors will not be mistaken into thinking that a AAA rated mortgaged back security has less chance of a default than ExxonMobil.

What do you think?

See also: