Fall 2012 Regulatory Compliance "Hot Topics"

Legal Risk Management Tip

October 2012

Download as a PDF by Clicking Here

This fall, financial conferences are "buzzing" with a variety of "hot topics." Some are not new, but rather, have a renewed focus. For instance, insider trading violations are on the rise, as are cases against individuals involved in Ponzi schemes. For the financial industry, the fourth quarter serves as a time for firms to concentrate on year-end efforts, which includes evaluation of their regulatory compliance and risk management controls. To help provide you with guidance in these and other areas, Jacko Law Group, PC ("JLG") has prepared the following summaries of trends in the compliance world both now, and moving into the New Year.

SEC Division of Enforcement Collaborates with OCIE in Examinations

Citing the need for more specialists to evaluate complex areas within an organization, the Securities and Exchange Commission's ("SEC") Office of Compliance Inspections and Examinations ("OCIE) and Division of Enforcement ("DOE") are increasingly collaborating and completing examinations together. During a recent industry conference, Carlo V. di Florio, Director of OCIE, highlighted in his keynote address OCIE's focus areas in 2013; notably, the safety of customer assets involving the Custody Rule; enhanced fraud protection through cooperation with the DOE; governance and risk management by ensuring management appreciates the role of compliance in the organization; supervision and compliance oversight; technology risks; and alternative products such as hedge and private funds and REITs.

Additionally, regulators will focus on disclosure of compensation arrangements, such as whether advisers are paid fees for placing investors in a particular investment vehicle. Marketing and performance reporting in light of the JOBS Act also will be high on the radar. Fund governance will be reviewed to determine if business units are taking responsibility for monitoring conflicts of interest and whether Boards are given full disclosure and supervising appropriately. Also, OCIE has established new programs focusing on dually-registered investment advisers/broker- dealers.

Expectation for Compliance to Understand Technology

When software analytics are used to establish a quantitative investment model, Compliance must understand the model and establish policies and procedures reasonably tailored to the business they are conducting. In AXA Rosenberg,1 the SEC charged several entities and individuals with securities fraud for concealing a significant error in the computer code of the quantitative investment model used to manage client assets. The error caused $217 million in investor losses which personnel tried to cover up for several months by claiming it was due to market conditions.

A firm's policies and procedures must take into account the risks of their model strategies, and compliance personnel must be knowledgeable and integrated in the maintenance and testing of those models, with escalation policies in place in the event of a violation. In the AXA Rosenberg case, the SEC claimed that the coding process itself represents a serious risk exposure because accurate coding is required for the model to function properly and as represented to clients. Furthermore, the SEC alleged that the firm's compliance program did not sufficiently identify and mitigate the risks associated with the model's development, testing and internal control procedures, allowing the coding error to operate undetected for more than two years.

In addition to paying fines and restitution to their clients, the SEC required (among other things) the firm to establish and maintain a Global Compliance and Ethics Oversight Committee and a Compliance Controls Sub-Committee. Additionally, the SEC required the firm to retain an independent compliance consultant, and mandated the Chief Compliance Officer to report any breach of fiduciary duty or violation of federal securities law to the CEO and Board of Directors. The extra cost in fines and administrative burden to the firm for the next several years could have been avoided if the compliance program accurately evaluated the risks involved in their business model, specifically its reliance on software analytics.

Insider Trading and How To Mitigate Risks

With the recent high profile prosecution of Raj Rajaratnam and Rajat K. Gupta, insider trading and detection is a "hot topic" for compliance professionals. In the case of Rajaratnam and Gupta, the SEC used phone records to discredit false statements that the two individuals did not speak to each other during the weeks preceding the suspicious trades. The insider trading was detected based on atypical trading patterns of stock prior to "significant" information being released to the public.

Firms should be active in establishing and enforcing policies and procedures for material, non- public information. The failure to do so may lead to fines and penalties as seen in the case of In re Janney Montgomery Scott LLC. 2 Here the firm failed to monitor the watch list, establish a firewall between investment banking and research and pre-clear and monitor personal trades. However, had the firm established effective policies and procedures to protect against insider trading, one safeguard they would have effectively implemented was a "Chinese Wall" designed to insulate the firm from rogue employees. This practice was famously articulated in the case of SEC v. Garth R. Peterson3 whereby Peterson was charged with violating the anti-bribery and internal controls provisions of the Foreign Corrupt Practices Act and the Advisers Act by having a secret business relationship with a Chinese government official who would steer business to Morgan Stanley. As a result, Peterson was permanently barred from the securities industry and ordered to pay a fine. Morgan Stanley, however, was never charged because they had established an extensive compliance program and cooperated with the SEC.

Some "Best Practices" for protecting against insider trading is to be proactive to investigate potential violations and consider remedial steps and possible changes in personnel employment. Additionally, if applicable you must segregate and take steps to protect non-public information from divisions of your firm that could possibly benefit from the discovery. An example could be to take measures to ensure information obtained from an investment banking division cannot easily be accessed or distributed by individuals in research or trading. A common practice to shield the entity would be to ensure anyone privy to the information signs confidentiality agreements and provides personal trade records when applicable.

Formulate an Enterprise Risk Management for your Firm

Carlo di Florio has stated that the SEC is focusing its examinations on risk management as it pertains to corporate governance and how senior management is ensuring effective oversight of enterprise risk management ("ERM"). This approach is taking compliance risk assessment a step further from its historical standard. Compliance risk assessment is a process-driven compliance tool that enables compliance and senior management to identify, assess, and mitigate regulatory risks that may adversely impact the attainment of key business objectives. ERM is a process- driven management tool that enables senior management to identify, assess, and manage significant organizational risks that may adversely impact the attainment of key business objectives. ERM takes compliance one step further by focusing on the organizational structure beyond regulatory risks.

While ERM extends beyond the typical compliance role, Compliance is in a great position to bring together the various aspects of the organization to evaluate its overall risks, which will naturally include regulatory risks. This requires dialogue between individuals in charge of portfolio management, administration and marketing to identify risk in their particular job function and areas where their responsibilities overlap. The risks must be identified and categorized by what their procedures are designed to protect and if there are any "gaps" that have not been addressed.

Once the risks and procedures are believed to be exhausted, an effective ERM program can be developed to identify response prioritization and mitigation. This not only provides for a more stable and prepared firm, but it allows for a more robust and tailored compliance program which will assist in the development of the firm's policies and procedures.

ERM policies and procedures are organization specific and no two ERM policies are identical. However, there is a logical structure that works well as a starting block for most organizations, which include: (1) Objective/Purpose; (2) risk governance structure; (3) delineated roles and responsibilities; (4) integrated risk culture; (5) defined risk strategy; (6) risk tolerance and appetite; (7) risk ownership; (8) risk infrastructure, documentation and communication; (9) mitigation and response; (10) key risk indicators; (11) risk training; (12) risk budgeting/funding; and (13) establishing a risk calendar.

How the SEC May Use Your ADV to Evaluate a Firm's Potential for Risk

The SEC's Enforcement Division has announced "Operation ADV", in which enforcement itself will review ADV filings for inconsistencies, dramatic changes and indications of troubling practices. Operation ADV uses analytics of your ADV and will determine the measure of potential risk of your business. The SEC will evaluate the potential risk based on disciplinary history, industry affiliations, compensation arrangements, changes in the number of assets under management, number and types of clients, whether you have custody and other areas.

If enforcement does in fact determine the risk requires examination, they will focus on areas where your policies and procedures do not match your actions. However, if time is taken to create a comprehensive risk management program, then it will serve to further enhance your firm's policies and procedures.

Alternative Products, Private Placements and REITs Remain in the Spotlight

Alternative products, private placements and REITs have been gaining more and more exposure over the years for being risky investments that investors simply do not understand. Their exposure has increased the scrutiny they receive by the regulators, particularly when it comes to valuation. Under FAS 157, valuation should first be based on market prices which are most easily determined on an exchange. If the security is not traded on an exchange then the valuation must be based on market inputs which can be found by products that are similar to the type of security you are valuing. Finally, if neither of the valuation methods is applicable, you must fair value the product.

Using a third party for valuing the securities doesn't necessarily mean you can solely rely on the third party's valuation. The adviser must have in place policies and procedures to ensure "fair value". This can be seen in UBS Global Asset Management (Americas) Inc.,4 where the SEC provided two forensic tests that should be conducted by advisers. The first is the "Static Price Test" which monitors whether the value of the instrument has been the same for a "suspicious amount of time." While no definition is provided for what constitutes a "suspicious amount of time," an adviser must take into account market volatility and other factors to determine if the product is in fact "fair value." Additionally, the "Asset Price Test" compares whether the price of a recent sale is similar to what was originally estimated or believed to be "fair value." If the prices are significantly different then you must go back and correct your valuation methodology.

Conclusion

With so many laws being implemented and current regulations being revised, it is difficult for any firm to ensure compliance. This legal tip highlights only some of the recent "hot topics" affecting advisers and broker dealers. For more information about any legal or compliance topic, please contact us at (619) 298-2880, [email protected] or visit www.jackolg.com. Thank you.

Author: Andrew Deddeh, Esq., Associate Attorney; Editor: Michelle L. Jacko, Esq., Managing Partner, JLG. JLG works extensively with investment advisers, broker-dealers, investment companies, hedge funds, private equity firms, banks and financial professionals on securities and corporate law regulatory matters.

This article is for information purposes and does not contain or convey legal advice. The information herein should not be relied upon in regard to any particular facts or circumstances without first consulting with a lawyer.


1 In the Matter of AXA Rosenberg Group LLC, AXA Rosenberg Investment Management LLC, and Barr Rosenberg Research Center LLC, Release No. IA-3149 (November 16, 2011), http://www.sec.gov/litigation/admin/2011/33- 9181.pdf

2 In the Matter of Janney Montgomery Scott LLC, Release No. 34-64855 (July 11, 2011), http://www.sec.gov/litigation/admin/2011/34-64855.pdf

3 DOJ Press Release No. 12-534, Former Morgan Stanley Managing Director Pleads Guilty for Role in Evading Internal Controls Required by FCPA (Apr. 25, 2012), http://www.justice.gov/opa/pr/2012/April/12-crm-534.html

4 In the Matter of UBS Global Asset Management (Americas) Inc., Release No. IA-3356 (January 17, 2012), http://www.sec.gov/litigation/admin/2012/ia-3356.pdf