Compliance Lessons From Star Wars – Hacked

With the pending release of Episode VIII – The Last Jedi, I’m joining Tom Fox in tying compliance and the Star Wars franchise together. Starting at the beginning with Star Wars, or what is now Episode IV – A New Hope, the climax is the destruction of the Death Star.

One of the complaints about the movie is the plot hole allowing “the ultimate power in universe” to be destroyed by a a group of small fighters. As we learned in Star Wars – Rogue One, the Death Star was hacked. The developer left a back door: a small, two meter-wide thermal exhaust port which would lead straight to the station’s main reactor.  The developer leaked the plans to rebels who launched their attack.

Clearly, the Securities and Exchange Commission is very focused on cybersecurity. Particularly, since the SEC’s EDGAR database was hacked last year. In speeches, actions and warning about exam priorities, the SEC puts cycbersecurity at or near the top of the list.

The focus on cybersecurity is not just to take the steps to harden your systems to prevent the hack, but creating a response plan in case you discover you are been hacked or have been hacked. Clearly, a flaw in the defense of the Death Star was not sending out enough imperial fighters to counter the rebel attack. The defense plan never expected an attack by small ships.

The death of Grand Moff Tarkin was not taking the threat seriously.

OFFICER
 We’ve analyzed their attack, sir,
and there is a danger. Should I have
your ship standing by?

TARKIN
 Evacuate? In out moment of triumph?
I think you overestimate their
chances!

Tarkin underestimated the chances and disappeared from the Star Wars movies until last year’s Rogue One prequel to Episode IV. Never underestimate a cyber-attack on your firm.

As many cybersecurity experts have told me, it’s not “if” you will be subject to an attack, it’s “when” you will be subject to a cyber-attack. Don’t suffer the imperial oversight failure of Tarkin. Be vigilant for weakness.

May the Force be with you.

Although Tom decided to ignore Episodes I-III in his posts, I will advocate for using the “machete order” for viewing the movies: IV, V, II, III, VI.

The key problem is that Mr. Lucas changed the end of VI so that Anakin is now played by Hayden Christensen. You will have no idea who that person is if you have not seen II or III. Plus II and III fill in the backstory of Anakin. You will note that Episode I, the worst of the movies, is left out. That removes Jar-Jar almost completely, removes midochlorians, and removes trade disputes. In return, you get a bigger universe, a better understanding of the threat posed by the emperor, and the redemption of Anakin.

 

 

Compliance Bricks and Mortar for December 8

These are some of the compliance-related stories that recently caught my attention.

ICO Enforcement Actions Threatened, ICO Lawsuits Proliferate By Kevin LaCroix

According to the latest update on the Coinschedule website (here), there have been a total of 228 initial coin offerings so far this year through mid-October, raising a total of over $3.6 billion. At least five of this year’s ICOs have raised over $100 million. This burgeoning activity notwithstanding, ICOs are at the center of controversy. Among other things, China and South Korea have banned ICOs. The SEC has already shown its willingness to pursue enforcement actions against ICO sponsors, as discussed further here. And now a high-profile statement by one of the country’s leading securities regulation experts suggests even greater scrutiny may lie ahead. In the meantime, as discussed below, ICO and cryptocurrency-related litigation appears to be proliferating. [More…]

See also:
Bitcoin futures are coming as CFTC gives blessing by William Watts
Bitcoin Is the World’s Hottest Currency, but No One’s Using It By Georgi Kantchev, Steven Russolillo, Paul Vigna and Christopher Whittall

What Makes a Safe Asset Safe? by Thomas Eisenbach and Sebastian Infante in Liberty Street Economics

Over the last decade, the concept of “safe assets” has received increasing attention, from regulators and private market participants, as well as researchers. This attention has led to the uncovering of some important details and nuances of what makes an asset “safe” and why it matters. In this blog post, we provide a review of the different aspects of safe assets, discuss possible reasons why they may be beneficial for investors, and give concrete examples of what these assets are in practice. [More…]

Using Side Letters in Private Funds by Alexander Davie in Strictly Business

For many fund managers, especially those early in their careers, obtaining capital and new investors is the biggest challenge, and so the temptation is great to accede to side letter requests from investors that are willing make a large investment in the fund. This can be especially true when the investor is demanding the side letter just prior to closing and may have the fund managers over a proverbial barrel. There are several risks that should be kept in mind when negotiating and drawing up such agreements. [More…]

IOSCO issues report on hedge fund statistics, trends By Amy Leisinger, J.D. in Jim Hamilton’s World of Securities Regulation

The International Organization of Securities Commissions (IOSCO) has published its biannual report on the global hedge fund marketplace, key regulatory changes, and the potential systemic risks posed by the industry. IOSCO’s survey assembles information from national authorities on hedge fund activities and is designed to enable regulators to share information and observe trends regarding exposure, leverage, liquidity management, funding, and trading activities in the hedge fund industry. [More…]

REIT controllers owed fiduciary duties to public stockholders by Joanne Cursinella, J.D. in Jim Hamilton’s World of Securities Regulation

Claims that certain defendants in a convoluted REIT scheme violated their fiduciary duties to stockholders survived a motion to dismiss. The court found that the plaintiff sufficiently alleged that the defendants set up a structure whereby they profited at the expense of the stockholders, maximizing the profits at the first entity they created to the detriment of the non-controlling stockholders of another entity they created and took public (RCS Creditor Trust v. Schorsch, November 30, 2017, Glasscock, S.). [More…]

France Gets Climate Risks Disclosures from Invest Firms by Mara Lemos Stein

France added momentum to the global push for greater climate risks awareness last year by requiring disclosures from not only companies but also institutional investors and asset managers. After the first year of reporting, governance mavens are encouraged by the level of compliance.

The energy transition and green growth law implemented in 2016 requires investors to report how they are integrating environmental, social and governance, or ESG, criteria in their portfolios; on their exposure to physical risks and risks caused by the transition to a low-carbon economy; and on steps being taken to align their firm’s decarbonization strategy with national and global emissions targets.[More…]

A Focus on Valuation Sources

Private funds are often dealing hard-to-value assets. Real estate funds are overwhelmingly dealing with hard-to-value assets. For purposes of GAAP reporting those will be the Level 2 and Level 3 assets. For these assets, valuations can be manipulated if you have a wiling participant in the process.

For thinly-traded securities, like some bonds, private funds will often rely on quotes from a broker for a potential sale. For the fund manager, the source was usually a broker that was in the circle of those trading for the fund.

A potential conflict exists, with the broker hoping to get more business from the fund and the fund hoping for a higher valuation. There is not much for the broker to lose by quoting a slightly higher sales price for thinly-traded bond in a hypothetical sale. Especially if the broker knows that she or he will not be required to actually trade that bond. In return, the broker may get additional business from the fund.

The Securities and Exchange Commission has been looking at conflicts and potentially illegal practices in this area.

In May, a former broker named Frank DiNucci Jr., said under oath that he provided bogus quotes to a trader at a mortgage bond fund. DiNucci  plead guilty to conspiracy and fraud and has been cooperating with a criminal probe by New York prosecutors. The DOJ has charged at least seven bond traders since 2013 with lying to customers about prices. Now the focus has widened to also include the buy-side of the market and is staring at practices at private funds.

Level 2 and Level 3 assets are by definition hard-to-value. A fund can not prove that the value is accurate. But it can be precise, by being consistent in its valuation procedures and ensuring that the pricing indications it receives are unbiased. Accurate and precise is the best result. But following procedures and being precise is the most important.

Sources:

The Russian Death Sentence

On Tuesday, the Russian Olympic Committee was suspended from participating in the Olympic Winter Games at PyeongChang in February 2018. The action was in response to “the systemic manipulation of the anti-doping rules and system in Russia, through the Disappearing Positive Methodology and during the Olympic Winter Games Sochi 2014″. These penalties for doping are without precedent in Olympics history. Plenty of athletes have been kicked out or lost their medals for doping. This is the first time an entire county was kicked out.

This all stems back to the corrupt doping testing facilities at Sochi. Thomas Bach, president of I.O.C., noted that Russia’s cheating was widespread. Even worse,  it corrupted the Olympic laboratory that handled drug testing at the Sochi Games on orders from Russia’s Olympic officials. Russia’s sports ministry formed a team that tampered with more than 100 samples to conceal evidence of athletes’ steroid use throughout the course of the Sochi Games.

This is a terrible outcome for Russian athletes and will likely have a huge negative impact on the PyeongChang Games. The Russian athletes have excelled in many of the winter competitions. Clearly, some of that was from doping. But not all. (Do you believe in miracles?)

The IOC opened the door for some Russian athletes to compete under a neutral flag as Olympic Athletes from Russia. The IOC has organized a group to extend invitation to a select group of athletes, support staff and officials to participate in this manner. As you might expect, the athletes must not have had a prior doping violation and must go through a battery of tests before the Games.

It’s not clear how big this pool of invitees will be. Yevgenia Medvedeva, a favorite to medal in figure skating favorite, said that she “can not accept” competing in PyeongChang as a neutral athlete. She pointed out that she was 14 during the Sochi Games and not a member of the national team.

This is obviously a huge blow to the Russian sports federation, but the IOC indicated that the Russian flag may be allowed to fly at the closing ceremonies, presumably as a symbolic indication that they can move past this and compete clean in future events.

Sources:

Yet Another ICO Scam

With Bitcoin hitting stratospheric pricing levels, there are scams aplenty trying to cash in on tulip-mania around Bitcoin. This chart from the Wall Street Journal says it all.

Of those trying to cash in, I’m sure some actually have legitimate business purposes and are trying to find new ways to operate financial systems. But many are just scams trying to fool some people out of cash. The latest scammer is PlexCoin. The SEC filed a complaint for an emergency action to freeze the scammers assets and stop selling any more.

Dominic Lacroix, and his company, PlexCorps, were running an initial coin offering of its PlexCoin. It launched the ICO on August 6.

PlexCorps claimed that if you invested $100 USD into PlexCoin at the ICO, you would obtain 769.23 PlexCoin, with an estimated value of $1,353, a return on your investment of 1354% “in 29 days or less”. It’s unclear how they reached the value of “$1.76 per PlexCoin”.

It wasn’t clear what was behind the PlexCoin or who was behind it. That didn’t stop ten of thousands of investors from plowing $15 million into the company.

It turns out that one of the people behind PlexCorps is Dominic Lacroix. In July, the Autorité des marchés financiers (AMF), Quebec’s chief financial regulator, had issued orders prohibiting Lacroix and several associated companies from promoting “any form of investment” to investors in Quebec and operating an investment scheme from within the province, even if it was targeted solely at investors who did not live in Quebec. Lacroix had several previous problems with the Quebec financial regulators.

According to the SEC complaint, the ICO of PlexCoin was an offering of securities.

PlexCoin, like Bitcoin has limited utility. There is no argument that crypto-currencies are growing in value. The problem is that even though there is value being created, it’s not being used as a currency very much. Rightly so. It makes poor economic sense to use a rapidly rising commodity to pay for a transaction if you have alternatives.

I think it is a commodity and not a currency. Theoretically, you could pay for your groceries with gold if the store was willing to accept the gold. Like a commodity, the commodity future exchanges are going to start trading on Bitcoin futures. The CBOE starts on December 11, following by the CME on December 18. It will be interesting to see whether some short selling will put pressure on BitCoin’s rise in value.

Sources:

SEC Ratifies the Appointment of Administrative Judges

In a stunning turn, the Securities and Exchange Commission altered its treatment of the SEC’s administrative law judges. There have been several challenges to the constitutionality of these in-house judges. It appears that the Trump administration’s Department of Justice changed position and perhaps undercut the position of the SEC. That caused the SEC to change it’s appointment procedures for its administrative law judges.

The problem is that the judges are appointed by an internal panel instead of by the President or the SEC Commissioners. The Appointments Clause of the Constitution is there to make sure that those who wield power are subject to “political force and the will of the people.” The President appoints “Officers” who are those who exercise “significant authority pursuant to the laws of the United States.”

There is a split in courts on whether the system of appointing the SEC’s ALJs ran afoul of the Appointments Clause.

In the Lucia case, the court used a three prong test to determine if an official is an “Officer” under the Appointments Clause:

  1. significance of the matters resolved by the government official
  2. discretion the official exercises in reaching the decision
  3. the finality of the decision

But then there is the procedural matter of what happens after an SEC in-house judge issued his or her order. Under the SEC rules, there is not final decision until the Commission determines not to review the order. That initial order from the SEC judge only becomes final when the Commission issues the finality order. “The Commission’s final action is either in the form of a new decision after de novo review or, by declining to grant or order review, its embrace of the ALJ’s initial decision as its own.”

According to the Lucia court, that leaves the full decision-making powers in the hands of the SEC commissioners who are appointed by the President in accordance with the Appointments Clause.

The 10th Circuit Court of Appeals came to the opposite conclusion in Bandimere v. SEC. That court used a different three part analysis to determine if an ALJ is an “inferior officer”:

(1) the position of the SEC ALJ was “established by Law,”;
(2) “the duties, salary, and means of appointment . . . are specified by statute,”.; and
(3) SEC ALJs “exercise significant discretion” in “carrying out . . . important functions,” .

The Bandimere decision rejected the argument in the Lucia case that ALJs do not have final decision-making power. They have enough power to make them an “inferior officer.”

A split like this often gets a case heard by the Supreme Court to resolve the conflict. In October, the solicitor general argued in a brief that the US Supreme Court should not hear the Bandimere case and if it was inclined to spend time on the issue, the Lucia case was the better one to hear.

The other shoe dropped and in the Solicitor General’s Brief on Writ of Certiorari for Lucia the argument is now to hear the case and overturn the Lucia ruling.

“[T]he government is now of the view that such ALJs are officers because they exercise ‘significant authority pursuant to the laws of the United States.’ Buckley v. Valeo, 424 U.S. 1, 126 (1976)”

That means the way the SEC hires the judges may violate the Appointments Clause. The brief also notes that this “affects not merely the Commission’s enforcement of the federal securities laws, but also the conduct of adversarial administrative proceedings in other agencies within the government.”

The Supreme Court has not agreed to hear the case, so Mr. Lucia is not out of trouble yet.

The fix for the SEC has always been there. The SEC commissioners could appoint the ALJs directly instead of it going through an internal process. That does leave the door open for existing and past cases to be thrown out or placed in jeopardy.

The SEC put that fix in place. The SEC issued order on Thursday that directly ratified the appointment of the ALJs.

“To put to rest any claim that administrative proceedings pending before, or presided over by, Commission administrative law judges violate the Appointments Clause, the Commission— in its capacity as head of a department—hereby ratifies the agency’s prior appointment of Chief Administrative Law Judge Brenda Murray and Administrative Law Judges Carol Fox Foelak, Cameron Elliot, James E. Grimes, and Jason S. Patil.”

That fixes the problem going forward, causes delays in the current cases, and calls into question prior case decisions.

It’s not clear if the SEC agreed with change in position of the Solicitor General. It could have made this change after the Supreme Court ruled against the SEC. I leave it to others to speculate about whether the DOJ decided to make the change in position without the support of the SEC.

Sources:

Revised FCPA Corporate Enforcement Policy

The case for self-reporting failures has always been a nebulous promise from the government that the enforcement will be more lenient than if not self-reported. There has been limited proof that this has been true. That may be largely because we don’t hear about the self-reported problems because there is little to no government action in those instances.

The Department of Justice is stepping up its treatment of self-reporting bribery violations under the Foreign Corrupt Practices Act. In April, the DOJ had started a new program that it would provide a 50% discount on fines under the FCPA along with generally more leaner prosecution settlement terms.

On Wednesday, the DOJ that it was going further with the program.

Deputy Attorney General Rod J. Rosenstein said in a speech Wednesday that the DOJ is changing the policy again to increase the number of companies voluntarily disclosing their bribery misconduct. That would allow the DOJ to allocate resources to pursue the individuals responsible for the bribery.

First, the updated FCPA Corporate Enforcement Policy states that when a company satisfies the standards of voluntary self-disclosure, including full cooperation and appropriate remediation, there will be a presumption that the DOJ will resolve the corporate case through a declination. Of course, that presumption is swiped away if there are aggravating circumstances related to the nature and seriousness of the offense, or if this is not the offender’s first time.

Second, if a company voluntarily discloses wrongdoing and satisfies all other requirements, but aggravating circumstances compel an enforcement action, the Department will recommend a 50% reduction off the low end of the Sentencing Guidelines fine range. Once again, recidivists may not be eligible. (The DOJ does not like repeat business.)

Third, the updated FCPA Corporate Enforcement provides details about how the Department evaluates an appropriate compliance program, which will vary depending on the size and resources of a business.

That third point will likely set some new standards in the compliance community in defining a good compliance program.

“Implementation of an effective compliance and ethics program, the criteria for which will be periodically updated and which may vary based on the size and resources of the organization, but may include:

  • The company’s culture of compliance, including awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated;
  • The resources the company has dedicated to compliance;
  • The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
  • The authority and independence of the compliance function and the availability of compliance expertise to the board;
  • The effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment;
  • The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors;
  • The auditing of the compliance program to assure its effectiveness; and
  • The reporting structure of any compliance personnel employed or contracted by the company. “

This new policy now moves the promises of leniency to something much more tangible. I expect it will also be more effective at causing companies to shake the skeletons out of their closets and disclose FCPA violations.

Sources:

Celebrity Endorsements of ICOs and other Securities

With BitCoin breaking through the $10,000 barrier and growing interest in the uses of the underlying blockchain technology, everyone is looking to cash in using virtual currency. As with an IPO, the goal of investors in an Initial Coin Offering is get in early and cheap before the market takes the price up. The Securities and Exchange Commission warned sponsors that ICOs look a lot like a securities offerings and need to comply with securities laws.

It turns out that ICO sponsors are violating SEC rules and FTC rules.

Looking forward to participating in the new @cobinhood Token! ZERO fee trading! #CryptoCurrency#BitCoin#ETHhttps://t.co/1XFiosn22Spic.twitter.com/A7es0C2Rxr
— Jamie Foxx (@iamjamiefoxx) September 18, 2017

Looking forward to participating in the new @LydianCoinLtdToken! #ThisIsNotAnAd #CryptoCurrency #BitCoin #ETH #BlockChainpic.twitter.com/a8kT9eHEko
— Paris Hilton (@ParisHilton) September 3, 2017

The SEC warned that celebrity endorsements of securities need to disclose the nature, source, and amount of any compensation paid, directly or indirectly, by the company in exchange for the endorsement.  (Obviously, that is hard to do in the 140 280 characters of Twitter.) A failure to disclose this information is a violation of the anti-touting provisions of the federal securities laws. That also potentially pulls the celebrity endorser into possible anti-fraud provisions of the securities laws

There are the advertising rules from the Federal Trade Commission that also require disclosure of payment for endorsements. The FTC Guidelines make it clear that celebrities must disclose their relationships with advertisers when making endorsements outside the context of traditional ads, such as on social media.

Ms. Hilton’s endorsement of Lydian Coin was deleted after Forbes reporters uncovered the checkered legal past of the founder of Lydian Coin.

Sources:

The War at the CFPB

The Consumer Financial Protection Bureau has been a political hotspot since it was first proposed in the wake of the 2008 financial crisis. The Republican leadership miscalculated in blocking Elizabeth Warren from becoming the first CFPB Director, which allowed her to turn to election as Senator and becoming a much larger political figure. Her replacement just stepped down and created another political firestorm.

The CFPB is well insulated politically by having an independent director. (The Director can only be removed by the President for “inefficiency, neglect of duty, or malfeasance in office.”) It’s budget comes from the Federal Reserve. (That means it’s free from financial control by Congress.)  I respect the arguments that it is questionably positioned by having such unprecedented independence.

This independence apparently had an additional wrinkle since it’s enabling statute in Dodd-Frank has a provision for succession of the Director. When the Director is removed, the Deputy Director becomes acting Director until the President appoints and the Senate confirms a new Director. 12 U.S. Code § 5491(b). At least that is according to Leandra English who was appointed Deputy Director at 2:30 on November 24. The then-current Director, Richard Cordray resigned effective midnight on November 24.

President Trump appointed Director of the Office of Management and Budget Mick Mulvaney as Acting Director of the Consumer Financial Protection Bureau in a press release at 8:50 on November 24.

The President had the Department of Justice look at the law to strengthen his position. Steven Engel, the assistant attorney general for Office of Legal Counsel issued a memorandum over the weekend that cited the 1998 Federal Vacancies Act as giving the president the full authority to appoint an acting director to the Wall Street watchdog, notwithstanding the CFPB’s established line of succession.

“The fact that the Deputy Director may serve as Acting Director by operation of the statute, however, does not displace the President’s authority under the Vacancies Reform Act,”

Presumably, both Ms. English and Mr. Mulvaney would be heading to the same office this morning, with the entire CFPB wondering who is in control. But Ms. English stopped off in court on Sunday seeking a court order declaring her as Acting Director and holding that position until the President appoints and the Senate confirms a replacement.

This is certainly just applying a band-aid to a gaping head wound. There will be a new Director shortly and that Director will do everything he (or she) can to shut down the CFPB within the statutory requirements.

Sources:

Compliance Bricks and Mortar – #OptOutside

Instead of shopping (or working), I’m off on a bike ride. If you are looking for something compliance-related to read, here are few stories that recently caught my attention.

Stock Trades of SEC Employees by Shivaram Rajgopal (Columbia Business School) and Roger M. White (Arizona State University)

In March 2009, H. David Kotz, then Inspector General (IG) of the SEC, released a report outlining the questionable trading activity of two lawyers employed by the SEC’s enforcement division. IG Kotz admitted in subsequent testimony before Congress that the SEC lacked a compliance system capable of tracking and auditing employees’ trades. This report and testimony, as well as the accompanying public outrage, spurred Mary Shapiro, then SEC Chairman, to impose new, stricter internal rules, beginning in August of 2010, whereby SEC employees must (i) refrain from buying or selling stocks of firms under SEC investigation; (ii) have their transactions pre-approved, and; (iii) order their brokers to provide transaction-level information to the SEC.

In our article, Stock Trades of SEC Employees, we investigate the efficacy of this new regime in restricting informed trading in the SEC workforce. …

Turning to returns, SEC employees beat the market by about 5% overall and by 8% in U.S. stocks (on average, per annum). These abnormal returns come not from buying winners, but rather by avoiding losers (i.e., SEC employees tend to be good at selling securities prior to price declines).

[More…]

SEC Whistleblower Report Highlights Employers’ Challenge by Henry Cutter

More than four of five people who have received whistleblower payouts from the Securities and Exchange Commission first flagged the problems within their own companies, according to a report to Congress the agency submitted this week. [More…]

Gibson Dunn Discusses Proposed Changes to CFIUS Review by Judith Alison Lee, Caroline Krass, Jose Fernandez and Stephanie Connor

The proposed Foreign Investment Risk Review Modernization Act of 2017 (“FIRRMA”) would modernize the CFIUS review and approval process, which has struggled to keep pace with a surge of foreign investment in the United States over the last several years. If passed, the bill would revamp the CFIUS review process and update the regulations to address the national security concerns implicated in the transfer of sensitive U.S. technology to countries of “special concern,” most notably China. FIRRMA would also expand the Committee’s mandate to include certain joint ventures, minority position investments and real estate transactions near military bases or other sensitive government facilities. The legislation, introduced as President Donald Trump was in Beijing for talks with Chinese President Xi Jinping, would increase the number of foreign investments in the U.S. that would be required to win CFIUS approval.[More…]

A Hedge Fund Manager Committed Fraud. Would the U.S. Let Him Go? by David Enrich

After the financial crisis last decade, the federal government was expected to aggressively pursue criminal cases against top financiers: the fund managers, bankers, mortgage lenders and Wall Street executives who helped cause the global economy to crater. But prosecutions have been rare. The exceptions have been obscure or relatively junior industry players against whom it was easy to build cases but who did not bear primary responsibility for the crisis.

One reason: Prosecutors were under pressure to move quickly and to not lose trials. They preferred to take the safest, simplest routes to win convictions, and to then move on to new cases.

That is what happened with Mr. Baker, who became a top target. The government labeled him a fugitive, made him the subject of an international manhunt and, eventually, extradited him from Germany, where he had been living with his wife. [More…]