Compliance Building

Compliance Bricks and Mortar for September 22

These are some of the compliance-related stories that recently caught my attention.

Other People’s Money: SEC Disgorgement After Kokesh by Daniel R. Walfish in NYU’s Compliance & Enforcement

Kokesh held that the disgorgement remedy in SEC enforcement actions is a “penalty” for purposes of the five-year limitations period for the “enforcement of any civil fine, penalty, or forfeiture.” 28 U.S.C. § 2462. Many have assumed, on the basis of a footnote in Kokesh, that courts will soon be considering whether they have authority to order disgorgement at all in SEC enforcement actions. That issue certainly lurks, but I suspect that courts first will revisit the proper scope of the remedy, including whether a court may force a defendant to “disgorge” ill-gotten gains that the defendant did not personally receive but that went to third parties, such as individuals and entities associated with the defendant. [More…]

Anti-Fraud Triangle Paper by Matt Kelly in Radical Compliance

As devout Radical Compliance readers might already know, from time to time I have written about something I call the Anti-Fraud Triangle—a method of assessing misconduct risk in your organization, based on the Fraud Triangle that auditors have used for decades to understand fraud risk.

Well, I just published a longer white paper on the Anti-Fraud Triangle with Workiva, and hosted a companion webcast not long ago on the same subject. If you like geeking out over risk assessment techniques, swing by Workiva’s website and take a look. [More…]

Why It’s Lights Out for LIBOR by 2021 by Jane Rogers in the CLS Blue Sky Blog

In light of LIBOR’s unsustainability, the FCA has decided to replace rather than reform LIBOR, and therefore not to encourage or compel panel banks to continue to contribute quotes and maintain LIBOR after 2021. Market participants are urged to begin planning a transition to replacement rates anchored in observable transactions by 2021. [More…]

When You Look And Find That You Are The Problem

Cybersecurity is hard. It’s nearly impossible to stop an attack. If someone really wants in, they can continue to attack and attack until they find a gap. It’s hard to know that you have been breached until well after the breach. It may be just as hard to figure out what was accessed and what damage has been done. It’s hard to know what the right response should be.

Of course, I could be talking about the enormous Equifax breach. But this time it’s the Securities and Exchange Commission.

“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems. … Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information.”

SEC Chair Clayton noted that the breach did not “result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.”

If that is the standard for cybersecurity, then that is what the SEC should also use in its enforcement against investment advisers and broker/dealers. Instead we have cases like the one against R.T. Jones where there was no resulting losses to its clients, only the potential loss of data.

As is typical with a company with bad news, it buries the bad news in a pile of other disclosures. The SEC did the same thing. It spent one paragraph revealing the breach in an eight-page statement chiding the industry to be better about cybersecurity and touting its own initiatives.

The SEC’s statement, like Equifax’s revelation, did not explain why there was a such a lengthy delay between the announcement and the discovery of the breach.

The likely result of the breach is that the hackers were able to access EDGAR filings before the general public and trade on that information before the general public.

Sources:

Statement on Cybersecurity by Chairman Jay Clayton
SEC reveals it was hacked, information may have been used for illegal stock trades by Renae Merle in the Washington Post
The SEC’s Cybersecurity Smackdown against R.T. Jones

The One With the Scalping

An investment adviser should not buy positions on their own behalf shortly before recommending that position to its clients. Nor should the adviser make recommendations to buy when the adviser is selling in the adviser’s personal accounts. Mark A. Gomes was doing just that.

The test case came against Capital Gains Research Bureau. The firm produced a monthly newsletter recommending securities. In 1960 the firm purchased securities before recommending them in its report for long-term investment. On each occasion, there was an increase in the market price and the volume of trading of the recommended security within a few days after the distribution of the Report. Immediately thereafter, the firm sold its position at a profit.

As you might expect, it’s the internet that has replaced the monthly newsletter. “Stock analysts” are making claims on SeekingAlpha, Twitter, and other websites.

Mr. Gomes distributed his recommendations through his own website and a third party website. He had a premium subscription that gave subscribers more access. He never disclosed that he held positions in some of the stocks he was discussing.

On at least five occasions between February 2014 and July 2014, (1) Gomes purchased shares in a stock (2) recommended buying that stock, and then (3) sold shares in his personal accounts within days of his recommendation. In at least one instance, Gomes began selling shares only a few hours after posting his recommendation.

By recommending investments, but failing to disclose that he would trade in the opposite direction of his recommendations, Gomes omitted material information necessary in order to make his recommendations not misleading. A reasonable investor would consider Gomes’s intention to sell his shares as an important factor in assessing the objectivity and credibility of his descriptions.

I did find it interesting that the complaint skipped over the fact that Mr. Gomes was not registered as an investment adviser. According to Section 202(a)(11):

‘‘Investment adviser’’ means any person who, for compensation, engages in the business of advising others, either directly or through publications or writings, as to the value of securities or as to the advisability of investing in, purchasing, or selling securities, or who, for compensation and as part of a regular business, issues or promulgates analyses or reports concerning securities;…”

Sources:

Most Frequent Advertising Rule Compliance Issues

It looks like the Securities and Exchange Commission has been taking a close look at advertising by investment advisers. The Office of Compliance Inspections and Examinations issued a risk alert on The Most Frequent Advertising Rule Compliance Issues Identified in OCIE Examinations of Investment Advisers.

I didn’t see any surprises in the alert.

Advisers presented performance results without deducting advisory fees.
Advertisements that compared results to a benchmark but did not include disclosures about the limitations inherent in such comparisons, including instances where, for example, an advertisement did not disclose that the advertised strategy materially differed from the composition of the benchmark to which it was compared.
Advertisements that contained hypothetical and backtested performance results, but did not explain how these returns were derived.
Advertised performance results complied with a certain voluntary performance standard, when it was not clear to staff that the performance results in fact adhered to the performance standard’s guidelines. (i.e. GIPS compliance)
Advertisements that staff believe contain cherry-picked stock selections
Disclosure of past specific investment recommendations
that may have been misleading because they included only certain, and not all, recommendations, in order to illustrate a particular investment strategy, and they did not meet the conditions set forth in Subsection (a)(2) of the Advertising Rule. In addition, they did not satisfy the representations upon which IM staff based certain no-action assurances as provided in the TCW Group and Franklin no-action letters.
Advertisements that referred to advisers receiving high rankings in various publications, but those publications were issued several years prior, and the rankings were no longer applicable.
References to professional designations that have lapsed or that did not
explain the minimum qualifications required to attain such designations.
Statements of clients attesting to their services or otherwise endorsing the adviser that may be prohibited testimonials.

The only tidbit of information is that OCIE conducted a “Touting Initiative” in 2016. The focus was to examine the adequacy of disclosures that advisers provided to their clients when touting awards, promoting ranking lists, or identifying professional designations in their marketing materials.

OCIE launched the Touting Initiative because of the “regularity with which staff encounters advisers that advertise these accolades without disclosing material facts about them.”

Sources:

The Most Frequent Advertising Rule Compliance Issues Identified in OCIE Examinations of Investment Advisers September 14, 2017 Risk Alert
TCW Group no-action letter
Franklin no-action letter

Another One with Improper Fees Charged to a Private Fund

For years, the Securities and Exchange Commission has been focused on fees and expenses allocated by a private fund managers to their sponsored funds. The latest to be caught improperly allocating fees and expenses is Potomac Asset Management.

First, Potomac improperly charged $2.2 million in fees to the fund for services provided by Potomac to a portfolio company of Fund I. After the portfolio company subsequently reimbursed the cost of the fees, Potomac failed to offset those fees against the management fees it charged to Fund as required by the fund documents. That meant Potomac earned a larger advisory fee that was in violation of the fund documents and was failed to be disclosed on Form ADV.

Second, Potomac improperly used the Funds’ assets to pay some expenses that should have been paid by Potomac. An individual with the title of “Principal”, who was required to perform at least 35 hours of “consulting” per week, and who was treated internally as a Potomac employee was billed to the fund improperly. Potomac also billed office rent to the fund.

The fund documents provided:

In general, [Potomac] shall bear compensation and expenses of its employees and fees and expenses for administrative, clerical and related support services, maintenance of books and records for the Fund, office space and facilities, utilities, and telephone insofar as they relate to the investment activities of the Fund. All other expenses will be borne by the Fund.

Third, Potomac used fund assets to pay costs associated with the Potomac’s regulatory obligations. Potomac charged some of the costs associated with the SEC exam and enforcement investigation to the fund. [That is always a big mistake.]

Fourth, the Funds’ audited financial statements failed to disclose these payments as related party transactions. Because the financial statements did not reflect the related party relationships and material transactions, they were not prepared in accordance with Generally Accepted Accounting Principles . Therefore, Potomac did not have a good audit under the Custody Rule. That left Potomac outside the audit exception for private funds and in custody of client assets in violation of the Custody Rule.

Fifth, the general partners of the Funds, failed to timely make certain capital contributions to the Funds as required by the terms of the Fund documents.

I don’t see any novel items in this list of mistakes and misdeeds. The SEC has been speaking about these concerns and bringing actions against firms who have done similar things. The first three items are only wrong to the extent it’s in contravention of the fund documents. Many fund managers are getting more explicit in the fund documents about what expenses can be charged to the fund. Although, I don’t think many fund investors would accept fund documents that allocated those expenses to the fund.

It has been a few months since I have seen a private equity fees and expenses case. It’s a good reminder to make sure funds are following the fund documents.

Sources:

In the Matter of Potomac Asset Management and Goodloe E. Byron IA-4766
Private equity fund adviser, principal settle fee and expense failures for $300K by Amy Leisinger, J.D.

Blockchain for Corporate Records

Jamie Dimon, chief executive of JPMorgan Chase & Co, speaking at a bank investor conference said Bitcoin “is a fraud” and will blow up. Further, that if any JPMorgan traders were trading the crypto-currency, “I would fire them in a second, for two reasons: It is against our rules and they are stupid, and both are dangerous.”

I’ve said it before. I don’t find Bitcoin to be a currency and it’s utility is suspect. But like Tesla stock and Dutch tulip bulbs, people will trade on the item if there is a dollar to be made. I don’t think it’s a fraud. There is value.

The interesting part of Bitcoin is the underlying blockchain technology that traces who holds all of the bitcoins in circulation. Imagine if Bank of America, JP Morgan, US Bank, Wells Fargo and all of the other banks used one ledger to track the movement of cash and each of them had a copy to prevent fraud. That’s blockchain, a distributed ledger.

Blockchain has uses outside of the tracking of money. It can be used to track almost anything.

Delaware and Nevada passed laws this summer allowing Blockchain to be used to track corporate records. It sounds innovative, but I’m skeptical.

The grand theme of Blockchain is trust. Since many people have copies of the distributed ledger, you prevent fraud. Because everyone has direct access information, you cut out intermediaries who would intervene to charge a transaction fee.

Most corporate records don’t fall into that category. There is a single instance and that is all that is needed.

The exception is stock ownership. I see some utility there to track ownership of a firm’s shares. For it to work, all of the shareholders and the firm would need to have the Blockchain ledger. For a small firm, it’s probably overkill. For a large company there may be some economies of scale.

I’m not sure how it works for a public company. Trading in public companies is fraught with issues. The markets do more than just transfer ownership. Their main role is pricing the shares. Blockchain could be used for the record-keeping but not does not lend itself well to the pricing.

For Bitcoin, Blockchain does a great job of tracks who holds the currency. The pricing comes from converting bitcoins into dollars which is outside of Blockchain and done by intermediaries who charge a fee. I assume the same would true if company moved the trading of public company shares onto blockchain.

The other problem is whether one Blockchain instance could address the shares at multiple firms or would there need to be separate instances of Blockchain. That also has some scaling issue.

I think there are tremendous uses for Blockchain to share value and information across firms and eliminate transaction costs. In these early days, it sounds more like people with a hammer thinking everything looks like a nail.

Sources:

The Truth About Blockchain by Marco IansitiKarim R. Lakhani in the Harvard Business Review
Overstock Begins Trading Its Shares Via the Bitcoin Blockchain by Cade Metz in Wired
Companies Can Put Shareholders on a Blockchain Starting Today by Jeff John Roberts in Fortune
Nevada Precedes Delaware In Blockchain Legislation by Keith Paul Bishop
Day 7 of One Month of Innovation in Compliance – Blockchain will Transform Compliance
How Blockchain Will Change Organizations by Don Tapscott and Alex Tapscott
Delaware Blockchain Move Drawing in Private Companies, Law Firms by Sara Merken

A Few Minutes to Remember

Compliance Bricks and Mortar for September 8

These are some of the compliance-related stories that recently caught my attention.

Three Equifax Managers Sold Stock Before Cyber Hack Was Revealed by Anders Melin

Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers. The credit-reporting service said late Thursday in a statement that it discovered the intrusion on July 29. Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans. [More…]

Why the Supreme Court May Review the S.E.C.’s In-House Judges by Peter Henning in DealBook

The S.E.C. asked for en banc review of that decision, but the appeals court denied the request in May. In response, the agency issued an ordersuspending all administrative cases in which a decision could be reviewed in the 10th Circuit, which covers Colorado, Kansas, New Mexico, Oklahoma, Utah and Wyoming.

That kind of inconsistency in the law demands the Supreme Court resolve the split in how the appeals courts assess whether the S.E.C.’s administrative judges were appointed properly. [More…]

Robert Jackson of New York to be a Member of the Securities and Exchange Commission for the remainder of a 5-year term expiring June 5, 2019.

Mr. Jackson is a Professor at Columbia Law School and Director of its Program on Corporate Law and Policy. Mr. Jackson’s academic work focuses on corporate governance and the use of advanced data science techniques to improve transparency in securities markets. His career has spanned the public and private sectors. Mr. Jackson served as a senior advisor at the Department of the Treasury during the financial crisis, assisting Kenneth Feinberg in his work as Special Master for TARP Executive Compensation, and previously worked as a lawyer in private practice. Mr. Jackson holds two bachelor’s degrees from the University of Pennsylvania, an M.B.A. in Finance from the Wharton School of Business, a master’s degree from Harvard’s Kennedy School of Government, and a law degree from Harvard Law School. Born in the Bronx, New York, Mr. Jackson currently lives in New York City. [WhiteHouse.gov]

Let’s Not Get Too Excited with FINRA’s Proposal on Re-Taking Exams by Ernest Badway

Most brokers despise the fact that they need to re-take their examinations if they are not employed with a broker-dealer for 2 years or if they are not associated with a member firm. Now, FINRA comes to the rescue with a new proposal to permit registered representatives to avoid re-taking their exams for up to 7 years so long as they fulfill continuing education requirements. See http://www.finra.org/sites/default/files/rule_filing_file/SR-FINRA-2017-007.pdf. [More…]

Whistleblower Hotlines: Still a Vital Tool by Matt Kelly in Ethics & Compliance Matters

Recently the chief compliance officer of a global company asked me: does a company need a telephone-based whistleblower hotline anymore? In our all-technology, all-the-time world, could a company phase out telephone hotlines in favor of a web-only reporting system?

The answer to that question requires a bit of finesse. The short answer is yes: in the purest, technical interpretation of corporate governance law and SEC rules, a company isn’t required to provide a telephone hotline as one reporting option. But you would need bulletproof arguments demonstrating why your organization no longer needs a telephone hotline, and never will in the future. [More…]

Can Concert Tickets Be Securities?

WFAN morning show co-host Craig Carton was arrested for scamming investors out of $5.6 million. His ploy was a fraudulent ticket resale business. He promised the ability to deliver face-value tickets to concerts by Katy Perry, Justin Bieber, Metallica and Barbra Streisand. According to the Securities and Exchange Commission, he used the investors’ money to repay gambling debts.

The case has attracted attention because of the high-profile of Mr. Carton. It attracted my attention because I was curious if it was a securities law violation.

Mr. Carton has not responded to the SEC charges and is also subject to parallel criminal charges. I looked at the SEC complaint to see how it handled the threshold question of whether securities were involved, accepting the charges as true for educational purposes.

Using the Howey test to determine if there is an investment contract, we look at the four factors:

an investment of money,
a common enterprise,
a reasonable expectation of profits, and
a reliance on the entrepreneurial or managerial efforts of others.

As usual, 1 and 4 are the easy prongs. Investors gave Mr. Carton money with promises of getting more back. The SEC cites a presentation with a per deal average of 2.2X and 187% IRR.

The investors were just putting up money and relying on Mr. Carton to execute on the acquisition and resale of tickets. That should leave the fourth prong satisfied.

The complaint points to two separate schemes, one with an individual and a second with a hedge fund.

According to the SEC’s complaint, the scheme with the individual investor involved only that individual investor and not a pooling of money. There is a split among the courts about the “common enterprise” prong of the test. Some courts look toward a pooling of money. Some are just satisfied if the success of the investor depends on the promoter’s expertise. The complaint is in the Second Circuit which places a heavy reliance on a pooling of money to meet the common enterprise prong.

As to the individual investor, there may be some grounds to argue that it was not a securities transaction and therefore outside the scope of the SEC. That would still leave Mr. Carton with the criminal charges of wire fraud, etc.

As to the hedge fund scheme, the investment document was, at least in name, structured as a loan. The operative document was a Revolving Loan Agreement. There is little to discern in the complaint about whether it was a loan in name only and a was really a “security” that would give the SEC jurisdiction. If it’s a loan, that may be outside the definition of “security” and we never get to “investment contract” test in Howey. Again, the scheme would still subject Mr. Carton to criminal charges of wire fraud and bank fraud.

Sources:

Follow Up on the Osunkwo CCO Liability

I was quite bothered by the Osunkwo CCO liability case that, on its face, sanctioned a CCO for misstating a firm’s assets under management. A few years ago, the SEC had expressed an unwillingness to prosecute CCOs, except in three extreme circumstances:

Participating in the wrongdoing
Hindering the SEC examination or investigation
Wholesale failure

None of those were indicated in the administrative order against Mr. Osunkwo.

I had gone through the SEC filings to see if I could find something that more devious that make me feel less uneasy about this sanction against a CCO for errors on the Form ADV.

In the Diamond CCO liability case earlier this year, that CCO was also sanctioned for mistakes on a Form ADV filing. Ms. Diamond had stated that the private fund was subject to annual GAAP audits by a third party auditor to comply with the custody rule. In fact, the fund was not and was a fraud. Investors lost money because the CCO did not do her job.

I thought the SEC did a poor job in the administrative order by not lining up the pieces to state that there was a wholesale failure and investors lost money because of that failure. But at least the fraud was mentioned in that order.

There was no indication of fraud in the Osunkwo administrative order. There is a mention that Aegis Capital and Circle One are no longer registered as investment advisers.

indicted for stealing investor money that was supposed to be used to fund the acquisition and consolidation of small to mid-sized RIAs. Those principals, John Lakian and Diane Lamm are accused of diverting some of that money for personal uses.

I have not had time to pull together all of charges, but it looks like the SEC is placing liability on Osunkwo for indirect losses. I have not found any documents that accuse anyone of pilfering money from the investment adviser clients at the firms that Osunkwo was CCO. Instead, it’s the losses from the investors in the RIA holding company that lead to the CCO liability.

I assume that the holding company was valuing an acquired RIA at $X per AUM. By overstating the AUM in the RIA, Osunkwo was allowing the holding company to overstate the value of its holdings. Investors and and lenders to the holding company sustained losses indirectly because of the Form ADV overstatement of AUM.

I don’t like this expansion of CCO duties and expansion of CCO liability. It’s stretching the obligations of the CCO to not only protect the clients of an investment adviser, but the investors in the owner of the investment adviser.

Sources: