Compliance Building

Code of Ethics for Investment Advisers

Rule 204A-1 under the Advisers Act requires investment advisers to adopt a code of ethics. Adoption means establish, maintian and enforcing a written code. At a minimum, the code must include:

(1) A standard (or standards) of business conduct that you require of your supervised persons, which standard must reflect your fiduciary obligations and those of your supervised persons;

(2) Provisions requiring your supervised persons to comply with applicable Federal securities laws;

(3) Provisions that require all of your access persons to report, and you to review, their personal securities transactions and holdings periodically as provided below;

(4) Provisions requiring supervised persons to report any violations of your code of ethics promptly to your chief compliance officer or, provided your chief compliance officer also receives reports of all violations, to other persons you designate in your code of ethics; and

(5) Provisions requiring you to provide each of your supervised persons with a copy of your code of ethics and any amendments, and requiring your supervised persons to provide you with a written acknowledgment of their receipt of the code and any amendments.

17 CFR § 275.204A-1 Investment adviser codes of ethics

Information for Newly-Registered Investment Advisers

The Staff of the Securities and Exchange Commission’s Division of Investment Management and Office of Compliance Inspections and Examinations put together an information overview for Newly-Registered Investment Advisers.

It is intended to assist newly-registered investment advisers in understanding their compliance obligations with respect to these provisions. This information sheet also provides information about the resources available to investment advisers from the SEC to help advisers understand and comply with these laws and rules.

As an adviser registered with the SEC, you have an obligation to comply with all of the applicable provisions of the Advisers Act and the rules that have been adopted by the SEC. This information sheet does not provide a complete description of all of the obligations of SEC-registered advisers under the law. To access the Advisers Act and rules and other information, visit the SEC’s website at www.sec.gov (the Advisers Act and rules are available at http://www.sec.gov/divisions/investment.shtml).

FCPA Allegation Against McCain Fundraiser

Republican fundraiser Harry Sargent III is subject to a suit from Supreme Fuels that Sargent’s company International Oil Trading Company made illegal payments to Jordanian officials. IOTC has an exclusinve license to move military fuel through Jordan.

IOTC’s response, according to the NBC News Investigates story:

. . .in an email to NBC News, a spokesman said that there were no bribes and only a legitimate “fee” paid to the government of Jordan. “What Supreme [Fuels] calls a ‘bribe’ was a required fee for importing and transporting military fuel through Jordan,” a spokesman for Sargeant and IOTC said. “The fee was paid to an official agency of the Jordanian state and thoroughly documented. This and any other related charge have been shared with the Department of Defense (and to Congress) as part of our transparent disclosure of any and all costs related to the fuel delivery process.”

Under the Foreign Corrupt Practices Act, payments to agencies of a foreign government are not illegal. The FCPA is only applicable to payments to foreign officials. Foreign governments are free to extort as much money as they can. It is the personal gain by a government official that is a problem.

The other unusual part of the suit is that it is filed by a private party. There is no right for a private party to bring suit under the FCPA. Only the DOJ and SEC have the power to enforce the statue. The party is suing under RICO.

The leading case on private actions under FCPA is Lamb v. Philip Morris, Inc. (6th Cir. 1990) 915 F.2d 1024, cert. den. (1991) 498 U.S. 1086:

Since we find that no private right of action is available under the Foreign Corrupt Practices Act of 1977 (FCPA), 15 U.S.C. Secs. 78dd-1, 78dd-2, we affirm the dismissal of the plaintiffs’ FCPA claim.

FinCEN Proposes Regulatory Simplification

In a news release, the Financial Crimes Enforcement Network (FinCEN) announced the publication of a proposal to simplify its rules and regulations by centralizing them in its own new chapter of the Code of Federal Regulations.

The current organizational structure of FinCEN regulations developed over many years, during which Congress expanded FinCEN’s authority . As a result, the regulations are somewhat difficult to navigate. FinCEN’s regulations are currently included in the CFR as Part 103 in Chapter I under “Title 31, Money and Finance: Treasury.” FinCEN is proposing to reorganize and renumber its regulations into a new tenth chapter of Title 31 which would appear as “Title 31 Chapter X – Financial Crimes Enforcement Network.”

The proposal includes two structural changes to the organization of the BSA regulations. FinCEN regulations would be reorganized into a “General Provisions” part and then separate parts for each type of financial institution that has a BSA obligation. Therefore, under this simplified proposal, a compliance official for a Money Services Business, for example, would need only to look under “General Provisions” and then under “Rules for Money Services Businesses” to find pertinent FinCEN regulations. Additionally, FinCEN is proposing a numbering logic to its regulations. By having a uniform numbering system, specific FinCEN regulations will be easier to identify. For example, regulatory requirements for reports of suspicious transactions are proposed to be reorganized as 1010.320. The citation .320 will be universal in the part for each type of financial institution as well. The requirement for reports of suspicious transactions for banks will be 1020.320, for casinos and card clubs will be 1021.320, brokers or dealers in securities 1023.320, etc.

The Notice of Proposed Rulemaking is on the FinCEN website.

Certification Mark for EU Safe Harbor Framework

The Commerce Department’s International Trade Administration (ITA) has developed a certification mark for the U.S.-European Union Safe Harbor Framework. The mark may be used by companies on their websites to signify that they have self-certified compliance with the provisions of the Safe Harbor Framework. To display the certification mark, you must follow the Safe Harbor Certification Mark Instructions developed by ITA. Only those organizations that have self-certified and are listed on ITA’s official Safe Harbor Program list will be allowed to use the mark in an appropriate manner.

More than 1,500 U.S. companies participate in the Safe Harbor.

If you are considering joining the safe harbor, take the following steps:

Read the Safe Harbor Overview, including the Benefits of Joining.
Read the Safe Harbor Documents.
Review the Safe Harbor Workbook.
Review the Helpful Hints Before Self-Certification.

If you decide to join the safe harbor, you should:

Bring your organization’s policies and practices into compliance with the Safe Harbor’s Requirements;
Verify that your organization has done so; and
If you wish to assure your organization of safe harbor benefits, review the Information Required for Certification
complete and submit the Certification Form.

After your information has been reviewed for completeness, it will be posted to the Safe Harbor List.

FTC Will Grant Six-Month Delay of Enforcement of ‘Red Flags’ Rule

The FTC announced that they will suspend enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The Identity Theft Rules are found at 16 C.F.R. Part 681.2.

The FTC published a FTC Business Alert in June 2008 entitled New ‘Red Flag’ Requirements for Financial Institutions and Creditors Will Help Fight Identity Theft. The Red Flags Rules apply to “financial institutions” and “creditors” with “covered accounts.”

A financial institution has the same meaning as in 15 U.S.C. 1681a(t) which is defined as a state or national bank, a state or federal savings and loan association, a mutual savings bank, a state or federal credit union, or any other entity that holds a “transaction account” belonging to a consumer. Most of these institutions are regulated by the Federal bank regulatory agencies and the NCUA. Financial institutions under the FTC’s jurisdiction include state-chartered credit unions and certain other entities that hold consumer transaction accounts.

A transaction account is a deposit or other account from which the owner makes payments or transfers. Transaction accounts include checking accounts, negotiable order of withdrawal accounts, savings deposits subject to automatic transfers, and share draft accounts.

A creditor is any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. Accepting credit cards as a form of payment does not in and of itself make an entity a creditor. Creditors include finance companies, automobile dealers, mortgage brokers, utility companies, and telecommunications companies. Where non-profit and government entities defer payment for goods or services, they, too, are to be considered creditors. Most creditors, except for those regulated by the Federal bank regulatory agencies and the NCUA, come under the jurisdiction of the FTC.

A covered account is an account used mostly for personal, family, or household purposes, and that involves multiple payments or transactions. Covered accounts include credit card accounts, mortgage loans, automobile loans, margin accounts, cell phone accounts, utility accounts, checking accounts, and savings accounts. A covered account is also an account for which there is a foreseeable risk of identity theft – for example, small business or sole proprietorship accounts.

The Red Flag Rules would require the establishment of an Identity Theft Prevention Program. 16 C.F.R. Part 681.2 lays out these requirements and elements:

(1) Program requirement. Each financial institution or creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the financial institution or creditor and the nature and scope of its activities.

(2) Elements of the Program. The Program must include reasonable policies and procedures to:

(i) Identify relevant Red Flags for the covered accounts that the financial institution or creditor offers or maintains, and incorporate those Red Flags into its Program;

(ii) Detect Red Flags that have been incorporated into the Program of the financial institution or creditor;

(iii) Respond appropriately to any Red Flags that are detected pursuant to paragraph (d)(2)(ii) of this section to prevent and mitigate identity theft; and

(iv) Ensure the Program (including the Red Flags determined to be relevant) is updated periodically, to reflect changes in risks to customers and to the safety and soundness of the financial institution or creditor from identity theft.

PCAOB Standard No. 5

The Public Company Accounting Oversight Board released Auditing Standard No. 5 – An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statement (.pdf) on June 12, 2007. The standard was approved by the SEC on July 25, 2007 and became effective for audits of fiscal years ending on or after November 15, 2007.

SEC Prosecutions under the Foreign Corrupt Practices Act

sec-seal According to Linda Chatman Thomsen, director of the SEC’s Division of Enforcement, in a Forbes Article [The SEC in 2008: A Very Good Year?], the SEC filed 15 FCPA cases in 2008. Since January 2006, the SEC has brought 38 FCPA enforcement actions. That number is more than were brought in all prior years combined since 1977 when the FCPA became.

Thinking About Training

Jeffrey M. Kaplan and Rebecca Walker, partners in the law firm of Kaplan & Walker LLP wrote an article Thinking About Training in the March/April 2008 edition of Ethikos.

The goals of training—to enhance employees’ understanding of the law and company policy and promote ethical business conduct—will not be achieved if training is not comprehensible and interesting enough to be heard and remembered. The Sentencing Guidelines highlight this notion by providing that companies must not only provide training—they must do so in an effective manner.

Email Etiquette and Compliance

Lots of hallway conversations have turned into email and instant messaging conversations. There are lots of problems with that.

First, is just the lack of human interaction. Humans are social and need to meet face-to-face. Along with that is the limited ability to add tone, sarcasm and other elements of conversation into the written word.

The second problem is that ability to retrieve that email or instant message conversation in a way that you cannot with a hallway conversation. This is a records management and compliance problem.

An example of an embarrassing and damaging IM conversation came out on Capitol Hill today. According to the New York Times (Rating Agencies Draw Fire on Capitol Hill) Congressman John A. Yarmuth, a Democrat from Kentucky, read aloud from an instant-message conversation between two S&P employees in the firm’s structured product division:

Official 1: By the way, that deal is ridiculous

Official 2: I know, right. The model definitely doesn’t capture half the risk.

Official 1: We should not be rating it

Official 2: We rate every deal. It could be structured by cows and we would rate it

Official 1: There is a lot of risk associated with it. I personally don’t feel comfy signing off as a committee member.

That may have been a funny hallway conversation, but is not getting the company in lots of trouble.

Before you send that email or IM, ask yourself how you would feel if your Congressman was reading it into testimony and having it appear in the New York Times.