Header graphic for print

Cady Bar the Door

Insight & Commentary on SEC Enforcement Actions and Related Issues

Pulling Mark Filip from UVA Rape Investigation Takes “Independence” Too Far

Posted in Investigations

I really don’t mean to be a mouthpiece for Kirkland & Ellis white collar lawyers.  But they’ve been in the news in recent days, this time in connection with this horrific story about widespread sexual assaults at the University of Virginia.  It describes a 2012 gang rape of a first-year student at the Phi Kappa Psi house, and the culture of acceptance and evidence suppression that has allegedly allowed many similar incidents to happen at UVA over decades.  It is hard to read, but if you have children or are at all interested in higher education, you should.

UVA is in a bit of a jam now, because as Dean Nicole Eramo says in the article, “Nobody wants to send their daughter to the rape school.”  To examine how it could improve its response to sexual assault allegations, the university hired Kirkland’s Mark Filip, a former federal judge, prosecutor, and Deputy Attorney General.  I don’t have firsthand knowledge of his work, but I suspect he would have been an excellent choice here.  But his appointment didn’t last long.

Instead, Filip is being pulled from the investigation because he was a Phi Kappa Psi member when he was an undergrad at the University of Illinois.  Virginia Attorney General Mark Herring said, “This situation is too serious to allow anything to undermine the confidence in the objectiveness and independence of this review.”  I guess I understand the inclination here.  It’s one of the preeminent public universities and a symbol of the state itself, and the Rolling Stone piece makes it look like a long-time enabler of the worst kinds of rapists imaginable.  Better to have the internal investigation be as untainted as possible.

But does anyone really think Filip’s time as a Phi Kappa Psi member over 25 years ago at a different school would color his approach to this investigation?  These aren’t pranks we’re talking about.  If the allegations are true, it is just about the worst criminal behavior – and coverup – you could have.  Also, the investigation will go far beyond Phi Kappa Psi.  Will former membership in a fraternity disqualify anyone from leading this investigation?  Steptoe’s Phil Khinda says, “Independence is a proxy for intellectual integrity.”  And that integrity is what you want; independence is only a means of getting at that.  I seriously doubt Filip’s intellectual integrity is compromised here.  The university will surely find someone qualified to lead the investigation, but the line drawn in cutting him out is silly.

Michael Garcia Now Just Taunting FIFA

Posted in Investigations

And I say that in the most complimentary way.  If you haven’t been following this story, here’s a quick recap:  FIFA awarded the 2018 and 2022 World Cups to Russia and Qatar, respectively.  This raised eyebrows, as they say.  Didn’t we just endure a crazily expensive and possibly corrupt Winter Olympics in Sochi?  And what is the average high temperature in a Qatar summer, when the World Cup is normally played?  Oh, 106°?  Athletes will play soccer matches for up to 120 minutes in that?  At some point people wondered if maybe these decisions weren’t made on the merits and instead owed something to corrupt payments made to FIFA officials.

So FIFA hired Michael Garcia, a former U.S. Attorney for the Southern District of New York, to conduct an internal investigation and get to the bottom of the situation.  Paragon of integrity!  How could anyone doubt the results if Garcia gave FIFA a clean bill of health?  So over 18 months, Garcia conducted that investigation.  Earlier this year, he wrapped things up and delivered his report to FIFA executives.  Apparently, his deal with the much-maligned soccer organization was that his report would be made public.  It wasn’t.  So Garcia waited.  And waited.  He agitated for its release.  And finally it (or the happy version of it) was released, with FIFA declaring itself corruption-free and the World Cup bidding process legitimate.  Maybe it wasn’t a big deal that laptops Russia used during its bid were destroyed and not made available to investigators.  Garcia wasn’t having it.  He denounced FIFA’s secrecy after he’d completed his work.  And last week he lodged an appeal of FIFA’s official report, publicly proclaiming it to be incomplete and inconsistent with what he learned over 18 months.  And now that FIFA has concluded its own investigation, the FBI is reportedly ramping up its own.

A primary feature of any legitimate internal investigation is the investigator’s independence from the subject.  Garcia is exhibiting a fairly extreme version of that independence here.  It’s not often that a white shoe investigator makes an exit this noisy.  As Tom Fox notes, “If your outside counsel disavows him or herself from the company’s interpretation of [an internal investigation], you are in big trouble.”  FIFA might have hoped that it would be able to contain the damage by hiring him to bless some version of the facts that was just vague enough for everyone to keep his job.  Instead, an actual criminal investigation is on its way.  In addition to being the right thing to do, Garcia is only helping his reputation as an independent investigator here.  Corporations that want to learn own up to actual facts and move past a crisis can hire him without much concern that he’ll deliver a whitewash.  Of course, it might not be much fun exposing the actual truth either.  So, you know, pick your poison.

Proposed “Fair Fund” for CR Intrinsic Case Stirs Dustup among SEC’s Commissioners

Posted in Insider Trading, SEC Litigation

In the right kind of enforcement action, the SEC can take the money it’s generated and set up what’s called a Fair Fund to redistribute that money to harmed investors.  But what is the right kind of case?  This procedure was established as part of the 2002 Sarbanes-Oxley law, and it’s relatively easy to contemplate such funds in the context of the giant accounting fraud cases that spurred that law.  Commissioners Dan Gallagher and Michael Piwowar strongly believe the SEC’s massive insider trading case against CR Intrinsic isn’t the right vehicle for it.  I tend to agree.

With a Ponzi scheme, it is quite clear what investors have lost.  In an accounting fraud case, a large swath of investors has arguably bought shares at inflated prices and can measure the difference between what they paid and what they should or would have paid with complete information.  But an insider trading case is different from most of the enforcement cases the SEC handles.  As Gallagher and Piwowar put it:

Fair funds can play an important role in returning money to defrauded investors, but in this case it will be incredibly difficult and expensive to identify and compensate the victims. In fact, it may not be possible to know who was harmed.

They’re right.  Pinpointing who the counterparties are in insider cases is really hard, painstaking work that falls on the shoulders of the SEC market surveillance staff.  Which is why I said on Twitter yesterday: “That fund is ludicrous.”  Maybe a little harsh.  If you follow that last link, you’ll see that Alison Frankel at Reuters wondered why I said that, and I basically recited the quote from Gallagher and Piwowar above.

Bruce Carton then jumped in and, to my mind, pointed out the tension in fair funds for insider trading cases.  He said, “If your trade is matched with a purchaser/seller with inside info you’re a victim. If not, then not a victim?”  Leaving aside how hard it is to find those people, it sounds sensible, right?  Then he said, “So if you sell at market price then it is just luck of who you’re matched with that determines if you’re a victim?”  Hmmmm.  Well, yes.  That is exactly how it would have to go.  Here, a trader who bought shares in the two pharmaceutical companies at issue would either be a victim or not a victim based on who the counter-party was on particular days – in faceless, electronic transactions.  If they were lucky enough to have been matched with CR Intrinsic, they win a piece of the fair fund.  If not, they lose.

Does that seem, um, fair to you?  I don’t think the benefits of distribution to these particular investors outweigh the significant administrative costs involved. Of course, the alternative is to send the money to the general U.S. Treasury.  Maybe not very satisfying, but here we are.

SEC and FINRA Issue Risk Alert on Penny Stock Companies

Posted in FINRA, Microcap Fraud

I’m not your legal advisor.  And I’m definitely not your investment adviser.  But the first rule of penny stock companies should be: do not invest in penny stock companies.  I mean, does that seem like a smart thing to do?  Alas, some people will never obey that rule.  For them, on October 30th the SEC and FINRA have issued a risk alert, with five guiding rules.  Here they are, with my paraphrase of the agencies’ explanatory language below each:

1.      Research whether the company has been dormant—and brought back to life.

This sort of rebirth should be an automatic red flag.  You can search the SEC’s EDGAR database to see when the company may have last filed periodic reports.  Another resource is the Secretary of State’s office in the state where the company was formed or incorporated. The charter documents filed with the state may provide details of the company’s history.  See if the company recently reinstated business operations in its original state of incorporation, or re-incorporated in a new state.  If possible, contact company management to determine why it ceased operations to begin with, and why it decided to reinstate operations.  A company that does not answer the phone or return calls should be another warning sign.  Perhaps needless to say.

2.      Know where the stock trades.

Most stock pump-and-dump schemes involve stocks that do not trade on the NASDAQ or the NYSE.  Instead, these stocks tend to be quoted on an over-the-counter (OTC) quotation platform like the OTC Link Alternative Trading System (ATS) operated by OTC Markets Group, Inc. Companies that list their stocks on exchanges must meet minimum listing standards, but  companies quoted on OTC Link generally do not.  Companies quoted on the OTC Link’s OTCQX and OTCQB marketplaces are subject to some initial and ongoing requirements.  But in this space, more disclosure tends to be better.  Watch out.

3.      Be wary of frequent changes to a company’s name or business focus.

Name changes and the potential for manipulation often go hand in hand.  You can learn about name changes and other corporate events on the OTC Markets website.  If the company files periodic reports, you can search changes in a company name or business focus in the SEC’s EDGAR database.

4.      Check for mammoth reverse stock splits.

A reverse stock split reduces the number of shares outstanding and increases the price per share without changing the total economic value of the shares.  A company might perform a reverse stock split with a 1-for-5 or similar ratio (in an effort to meet minimum bid price requirements for continued listing on an exchange).  A dormant shell company, on the other hand, might carry out a 1-for-20,000 or even 1-for-50,000 reverse split.  This may be done to inflate the price of the stock.

5.      Know that “Q” is for caution.

A stock symbol with a fifth letter “Q” at the end denotes that the company has filed for bankruptcy.  Like other non-reporting shell companies, dormant, bankrupt companies can be candidates for manipulation.

I would add a sixth:

6.      Watch out for companies that spring to life to capitalize on news events.

Suffice it to say that businesses claiming to capitalize on Hurricane Katrina, the BP oil spill, or weed legalization are often hoping to capitalize on your investment.

If you can’t follow the very first rule at the top, consider these other six.

SIFMA Issues Cybersecurity Regulatory Principles

Posted in Cybersecurity

Does everyone feel compelled to comment on cybersecurity issues?  It seems that way.  And on October 20th the Securities Industry and Financial Markets Association jumped deeper into the fray when it issued its Principles for Effective Cybersecurity Regulatory Guidance.  SIFMA goes into substantial depth for each one in the document itself, but without further ado, here they are, followed by my comments or summaries on each:

1.  The U.S. government has a significant role and responsibility in protecting the business community.

My former boss John Stark likes to say, “A data breach is the only crime where you’re the victim and you’re treated like a criminal.”  Probably true!  In that spirit, SIFMA would like the government’s enforcement efforts to be focused on computer criminals and not securities firms that are doing their best to protect their clients’ information.

2.  Recognize the value of public–private collaboration in the development of agency guidance.

The Principles cite The National Institute of Standards and Technology’s Cybersecurity Framework (discussed here) as a useful model of public-private cooperation that should guide the development of agency guidance.  Along those lines, SIFMA suggests that an agency working group be established that can facilitate coordination across government agencies and self-regulatory organizations, and receive industry feedback on suggested approaches to cybersecurity.

3.  Compliance with cybersecurity agency guidance must be flexible, scalable and practical.

Again with the NIST Cybersecurity Framework, which by its terms is “envisioned as a ‘living’ document, improved based on feedback from users’ experiences, while new standards, guidelines, and technology” are built into future versions.  SIFMA thinks the same should be true for the standards and practices recommended by agencies.

4.  Financial services cybersecurity guidance should be harmonized across agencies.

Here’s what SIFMA says: “Financial regulators should coordinate to avoid a counter-productive proliferation of overlapping standards and overlapping regulators. A diffusion of regulatory principles undermines focus and diverts valuable resources for companies and agencies alike.”  They’re right to say this, but oh, dear, this is hard.  It’s not easy to get people on board within an agency, or even an agency division.  Cross-agency coordination is well-nigh impossible.

5.  Agency guidance must consider the resources of the firm.

SIFMA rightly notes that “[s]ophisticated prevention measures are sometimes financially prohibitive for smaller firms and burdensome standards could drive these important players out of the market.”  Leaving financial services solely in the hands of giant players who can out-comply smaller ones would be horrendous.

6.  Effective cybersecurity guidance is risk-based and threat-informed.

This one is closely related to Nos. 3 and 5.  Basically, SIFMA hopes there won’t be regulation for regulation’s sake.  “Agencies should premise their guidance on a cost-benefit analysis that takes into account the benefits to firms and consumers versus the compliance costs and potential burdens suffered by consumers.”

7.  Financial regulators should engage in risk-based, value-added audits instead of checklist reviews.

I can’t help but see this as a shot at the SEC’s investment adviser cybersecurity examination module, publicly released in April 2014 to help advisers prepare for regulatory exams in this area.  As former SEC official Bob Plaze notes here, a one-size-fits-all checklist could be punitive for smaller firms that can’t afford to keep up.

8.  Crisis response is an essential component to an effective cybersecurity program.

Needless to say?  SIFMA also says explicitly here what it merely implies in No. 1: “Both firms and their clients are the victims when breaches or incidents occur.”

9.  Information sharing is foundational to protection, must be limited to cybersecurity purposes, and must respect firms’ confidences.

While SIFMA appreciates the guidance the Justice Department and the Federal Trade Commission have recently given to assuage antitrust concerns associated with inter-firm information sharing to fight computer crime, more such assurances are always better.  Put another way, don’t replace one regulatory concern (cybersecurity) with another (antitrust liability).

10.  The management of cybersecurity at critical third parties is essential for firms.

Keeping a close watch on third-party vendors is a crucial cybersecurity issue for all businesses.  SIFMA would like some help from the government on this huge job:  “Regulators should increase their coverage of third parties and put pressure on these third parties to meet the regulatory expectations of the financial services firms that they serve.”

Be careful out there.


SEC Sanctions Auditor, Should Make Small Issuers Think Twice

Posted in Accounting Fraud, Auditors

The SEC brought a settled administrative action against an auditor on October 24th.  Often I’ll take a case like this and write something about it to warn other auditors (or investment advisers or broker-dealers, or whomever) from similar behavior.  But you know what?  No.  It’s too dumb.


Here’s the relevant law:  Section 10A(j) of the Exchange Act says: “It shall be unlawful for a registered public accounting firm to provide audit services to an issuer if the lead . . . audit partner . . . has performed audit services for that issuer in each of the 5 previous fiscal years of that issuer.”  And Rule 2-01(c)(6) of Regulation S-X says: . . . an accountant is not independent of an audit client when: (A) Any audit partner … performs: (1) The services of a lead partner …. or concurring partner . . . for more than five consecutive years.”


According to the SEC’s administrative order, Elliot Berman and his audit firm Berman & Company did not pay close attention to these five-year rotation rules.  Instead, Elliot served as the lead partner for the mysteriously identified “Issuer A” for five years, from 2006 through 2010, and came up with a neat trick for 2011.  When he should have rotated off, he appointed a Berman & Co. employee as the nominal lead partner for Issuer A’s 2011 audit.  Unfortunately, this employee:

  • was not a certified public accountant;
  • had never been a CPA;
  • had no experience auditing public companies;
  • had very little experience auditing private companies;
  • did not have the requisite understanding of PCAOB audit standards to perform a public company audit; and
  • was not otherwise qualified to be the lead partner of a public company audit.

Meanwhile, according to the order, Elliot continued to serve as the primary contact with Issuer A’s management, board of directors, and the board’s audit committee.  Elliot presented certain matters related to the audit to Issuer A’s audit committee, and communicated with management on substantive audit issues.  He was the sole contact with the engagement quality review partner for the 2011 Issuer A audit.  Elliot also reviewed and commented on the company’s 2011 Form 10-K, reviewed the audit work papers for some of the 2011 quarterly reviews and left comments for the audit team, made staffing decisions concerning the engagement, directed staff regarding audit documentation, and performed the audit work regarding the company’s discontinued operations.

Anyway, that was the alleged plan – turn over the nominal reins to this employee while Elliot retained control over the audit, and the business relationship with Issuer A.  I think it’s safe to say that no amount of continuing education or professional reading (maybe not even erudite blog posts!) will fix the will to engage in this sort of jiggery-pokery.  Maybe a one-year suspension from practicing before the Commission and a $15,000 civil penalty will do the trick instead.

Issuers in Similar Situations

But the issuer should be another matter.  The order tells us precious little about it.  All it says is, “Issuer A, a Delaware corporation, is a biotech company. Issuer A’s stock is registered pursuant to Section 12(b) of the Exchange Act.”  That could mean almost anything.  Regardless, Issuer A should consider whether the professional services firms it hires – auditors, lawyers, tax advisers, etc. – are up to the task.

I don’t think it’s crazy to think that a firm whose logo misspells “consultants” might cut some corners in other areas.  The order assumes Issuer A’s violations of Section 13(a) of the Exchange Act and Rule 13a-1, so some clear trouble already looms on the horizon.  Be sure your professionals have your back and are equipped to do the work they say they will.

Rengan Rajaratnam Settlement Exposes Slightly Weak Point in SEC’s Newish Admissions Policy

Posted in Insider Trading, Parallel Proceedings, SEC Litigation

You remember Rengan Rajaratnam, right?  He broke the S.D.N.Y.’s long streak of insider trading victories when a jury acquitted him in July.  I wondered what the effect on his case with the SEC would be.  Would he settle?  Would he take that one to trial and win, too?

Well, he and the SEC came to a settlement last Thursday, and here they are: Rajaratnam will pay disgorgement of $372,000, prejudgment interest of $96,000, and a civil penalty of $372,000.  He also agreed to be barred from the securities industry with the right to apply for reentry after five years.  So, pretty standard terms.  And at first I read them as a substantial SEC victory.  That is, regardless of the acquittal in Rajaratnam’s criminal case, the SEC appeared to have dictated the terms and exacted what it normally does when settling an insider trading case before trial, as most are done.

Anyway, I thought that until I read this quote from Rajaratnam’s lawyer, Daniel Gitner: “The S.E.C. elected to offer, and Rengan elected to accept, a no admit/no deny settlement. Rengan is moving on to the next phase of his life. If the S.E.C. has further comment, so will we.”  Gitner was right to make this point publicly, and it means a bit more than it would have two years ago.  Since the Commission changed its policy for settled cases last year to compel admissions of liability in some of them, a case without one is a small victory, however modest, for a settling defendant.  Rajaratnam may be paying a lot of money, and he’s agreeing to step out of the securities industry for at least five years.  But even with all the resources of two government agencies being thrown at him, they’re not making him admit he did anything wrong.  It’s not a huge win.  Rajaratnam probably isn’t crowing about it at home.  But it’s slightly more than he would have had if the SEC had kept its policy to have all settlements be uniform on that point.

SEC Issues Risk Alert, Hits E*Trade on Penny Stock Sales

Posted in Broker-Dealers, Compliance

“What has been will be again / what has been done will be done again; there is nothing new under the sun.”  Ecclesiastes 1:9.

On October 9th the SEC brought a settled administrative action against E*Trade Securities and G1 Execution Services (formerly E*Trade Capital Markets) for their part in the unregistered sales of billions of shares of penny stocks between 2007 and 2011.  Suffice it to say that they weren’t the only ones.  On the same day the Commission also (1) released FAQs on a broker-dealer’s duties on when trying to rely on the reasonable inquiry exemption when executing customer orders; and (2) issued a Risk Alert on broker-dealer controls regarding customer sales of penny stocks.  The gist is, broker-dealers cannot turn a blind eye when executing its customers’ sales of securities of dubious or uncertain origin.  These documents are all part of the SEC’s larger effort to focus on financial system gatekeepers and thereby save staff resources that would otherwise be spent chasing individual bad actors.  What’s most interesting to me about the case and accompanying educational materials is how old the underlying principles are.  The SEC has been preaching about broker-dealer oversight of little-known securities for literally half a century.  And yet here we are.

The Law

Here’s the law in this area (roughly):  Section 5 of the Securities Act prohibits the offer and sale of securities unless a registration statement is in effect or the offer and sale are subject to an exemption.  Section 2(a)(11) defines a securities underwriter partially as “any person who has purchased from an issuer, with a view to, or offers or sells for an issuer in connection with, the distribution of any security.”  There’s nothing especially wrong with being an underwriter, but if you are, that status will affect your (and, as we’ll see, your broker’s) ability to dump securities on the open market willy-nilly.

Also, many securities are properly sold under exemptions every day, but some people still like to make sales that are neither registered nor exempt.  Broker-dealers don’t relish the idea of being liable for these sales, so Securities Act Section 4(a)(4) includes an exemption just for them.  To rely on that exemption, though, a broker must, among other things, engage in a “reasonable inquiry” into the facts surrounding the proposed unregistered sale, and after such inquiry it must not be “aware of circumstances indicating that the person for whose account the securities are sold is an underwriter with respect to the securities or that the transaction is part of a distribution of the securities of the issuer.”  See Section 4(a)(4); Rule 144(g)(4).  The idea is, the broker needs to be sure it’s not just acting as a link in the chain of distribution from the issuer to the market; if it is, and the sales are not registered, it could be liable under Section 5.

But what counts as a “reasonable inquiry”?  The SEC explained the general principles over 50 years ago in an interpretive release: Distribution by Broker-Dealers of Unregistered Securities, Securities Act Release No. 4445 (Feb. 2, 1962):

A dealer who is offered a modest amount of a widely traded security by a responsible customer, whose lack of relationship to the issuer is well known to him, may ordinarily proceed with considerable confidence. On the other hand, when a dealer is offered a substantial block of a little-known security, either by persons who appear reluctant to disclose exactly where the securities came from, or where the surrounding circumstances raise a question as to whether or not the ostensible sellers may be merely intermediaries for controlling persons or statutory underwriters, then searching inquiry is called for.

The E*Trade Case

So what did the E*Trade subsidiaries do?  Basically, they had three institutional customers, known for purposes of the SEC’s administrative order as A, B, and C.  From the time that those customers began trading penny stocks, the order says E*Trade was presented with the following recurring red flags: (1) the three customers acquired substantial amounts of newly issued penny stocks; (2) directly from little known, non-reporting issuers; (3) through private, unregistered transactions; (4) then immediately resold those shares; and (5) wired out the sales proceeds.  Hmmm, does that sound familiar?  The SEC thought these facts should have raised a question as to whether these customers were engaged in an unlawful distribution by, for example, acting as statutory underwriters.

So, in the face of these red flags, what did the E*Trade subsidiaries allegedly do (or not do)?  For three years, they did not ascertain whether an exemption from registration was available.  They didn’t ask A and B to identify the specific exemptions they were relying on.  Later, the subsidiaries conducted an Enhanced Due Diligence review and allegedly relied on conclusory representations by A and C that the claimed exemptions were available.  According to the order, they also relied on attorney opinion letters that claimed to identify an applicable exemption and why it was properly available.  These letters, though, indicated that their conclusions were primarily based on unverified representations by the customers and issuers and did not describe all of the elements of the claimed exemptions.

The SEC held that the E*Trade subsidiaries were aware of facts showing that their customers were engaging in improper distributions of securities, and found them liable for direct violations of Section 5.  They are jointly and severally liable for disgorgement of $1.4 million and a penalty of $1 million.  Given that G1Execution is no longer part of E*Trade, they’ll have to sort out who pays what.

What to Do

What should a broker in the same position do here?  The FAQs explain what we’ve known all along.  The factors a reasonable inquiry should cover are included in Note (ii) to Rule 144(g)(4):

  • the length of time the securities have been held by the broker-dealer’s customer (including physical inspection of the securities if practicable);
  • the nature of the transaction in which the securities were acquired by the customer;
  • the amount of securities of the same class sold during the past 3 months by all persons whose sales are required to be taken into consideration in evaluating compliance with the volume limitations of Rule 144(e);
  • whether the customer intends to sell additional securities of the same class through any other means;
  • whether the customer has solicited or made any arrangement for the solicitation of buy orders in connection with the proposed sale of securities;
  • whether the customer has made any payment to any other person in connection with the proposed sale of the securities; and
  • the number of shares or other units of the class outstanding, or the relevant trading volume.

For smaller shops without an online presence – increasingly rare – staying on top of problematic trades may be relatively simple.  Outliers selling large blocks of microcap securities will stand out.  For broker-dealers allowing online trading, their compliance software should be written to automate exception reports based on these factors if it doesn’t incorporate them already.  And take them seriously when electronic triggers are pulled, without relying on a customer’s or issuer’s own representations.

Other Aspects of the Risk Alert

The Risk Alert also noted that broker-dealers should keep a careful watch out for particular kinds of accounts and account structures, including accounts of purported stock loan companies, accounts using a master/sub-structure, and held in the names of corporate entities or foreign financial institutions.  All could have the effect of disguising trading activity and facilitating unregistered sales.  Finally, if appropriate, broker-dealers should be prepared to file Suspicious Activity Reports notifying FinCEN of bad actors in their midst.  The exam sweep leading to the Risk Alert found a number of firms that were not filing SARs when necessary.

DOJ’s Marshall Miller: You’re All FCPA Lawyers Now

Posted in Compliance, FCPA

Marshall Miller, the Justice Department’s  principal Deputy Assistant Attorney General for the Criminal Division, has been heating up the compliance conference circuit in recent weeks.  On September 17th, it was the Global Investigation Review Program in New York.  On October 7th, he stopped by the Advanced Compliance and Ethics Workshop to discuss corporate compliance programs: what to do and what not to do to maximize their effectiveness.

As you might expect Miller to say, a growing company’s failure to expand compliance programs to meet its needs can lead to a lot of problems.  Conversely, programs that have widespread,  protective and training mechanisms – as well as procedures designed to uncover wrongdoing and expose culpable individuals – are the most effective.

Also, while no single compliance program could fit all companies, some characteristics will be common to all.  Fortunately, the Justice Department and SEC have told you what those are in their 2012 FCPA Resource Guide.  Have you read it?  Even if your company’s sales are entirely domestic, it might not be a bad idea.  It includes a section entitled, “Hallmarks of Effective Compliance Programs.”  As Miller notes, while the hallmarks are focused on anti-corruption compliance, “the principles identified apply universally.”  These include:

  • Commitment from corporate leaders;
  • Adaptation to corporate growth; and
  • Encouraging good behavior with concurrent enforcement and discipline of bad actors.

Miller pointed out several egregious cases from the recent years.  Weatherford International is a Swiss oil services company that settled a massive FCPA case in November 2013.  Before 2008, Weatherford did not have a dedicated compliance officer or compliance personnel, did not conduct anti-corruption training, and did not have an effective system for investigating employee reporting of ethics and compliance violations.  Though it operated in more than 100 countries, it didn’t bother translating its compliance policy into non-English languages, and did nothing to respond to affirmative allegations of corruption arising out of a 2004 ethics questionnaire.  “Put simply, Weatherford’s compliance policy was a program in name only.  It wasn’t worth the paper it was written on.”

The Orthofix International case, Miller said, is another example of a program’s adaptive failure.  Between 2003 and 2010, according to DOJ and the SEC, the Mexican subsidiary of this medical device company paid bribes to Mexican officials in return for hospital agreements to purchase millions of dollars of medical equipment.  Like Weatherford, Orthofix had failed to translate its compliance policy into Spanish or even implement its compliance policy at the subsidiary.  Orthofix also failed to train its personnel or regularly test or audit transactions for illicit payments.

One case Miller cited involved not so much a failure of compliance as much as a triumph of we-don’t-need-no-stinking-compliance.  Between 2004 and 2012, BNP Paribas secretly moved over $8.8 billion through the U.S. financial system on behalf of Sudanese, Iranian and Cuban sanctioned certain Sudanese banks.  Another identified specific transactions in cautioning that a satellite bank system was being used to evade U.S. sanctions.  The compliance officer sounded warning bells, writing: “This practice effectively means that we are circumventing the U.S. embargo on transactions in USD by Sudan.”  Other compliance staff in New York flagged some problematic transactions and raised concerns.  What did bank officials say in response?  As one executive put it: “I only see the solution of going through another bank than BNPP NY for all transactions to these destinations.”

Miller’s prescription for compliance personnel in such a situation is . . . well, he doesn’t really have one.  Document your advice and when you gave it?  Try not to find yourself on the legal or compliance side of such a company because there will not be much you can do.

Miller did end on a positive note with reference to the 2012 Morgan Stanley FCPA “declination” and concurrent prosecution of Garth Peterson.  The message, as Miller is becoming fond of saying, is to have a rigorous compliance program with substantial training and follow-up, and be ready to rat out your employees if necessary.  Easy as that.

Wrapping up Securities Enforcement Forum 2014

Posted in Non-scienter-based Violations, SEC Litigation, SEC Structure

I was lucky enough to spend Tuesday at Bruce Carton’s Securities Enforcement Forum 2014.  In three years, it has gone from zero to the preeminent securities enforcement law conference anywhere.  I blogged it hurriedly throughout the day, but here are what I think are the most salient points or comments after some reflection:

“Broken Windows”

Commissioner Michael Piwowar thinks that a “broken windows” approach to securities enforcement does not necessarily work when applied to all regulations and entities the SEC is charged with overseeing.  This point generated discussion later in the day, when Enforcement Director Andrew Ceresney defended his and Chair Mary Jo White’s approach.   He noted that for his Division, the broken windows theory is not about making every regulatory violation into an enforcement action.  OCIE is still out there issuing deficiency letters without enforcement actions.  Still, Section 16(a) of the Exchange Act is an important protective rule, and is designed to prevent larger trading violations.  Ceresney insisted that the SEC was not moving away from important areas such as financial reporting and market structure cases to do trivial work.

Corporate Penalties

Commissioner Piwowar also raised the spectre of the 2006 Statement of the SEC Concerning Financial Penalties.  The statement raises a number of factors for the Commission to consider in deciding corporate penalties.  Piwowar and others, including Commissioner Gallagher, think that large corporate penalties can sometimes hurt, not help, shareholders.  Piwowar also thinks that the 2006 statement is receiving short shrift from some staff.  Ceresney was somewhat dismissive of the statement when the Directors Panel came around.  As he said, the 2006 statement was never binding and is merely a guide.  It provides factors for the staff to consider, and the staff considers them.  But they are not bound by something that never became a rule.

FCPA Monitors

Chuck Duross at Morrison & Foerster noted that companies coming out of FCPA enforcement actions are not being forced to endure compliance monitors for the lengths of times that they used to.  Instead of three year terms, companies are sometimes able to forego monitors entirely or have them for 18 months with the possibility of extension.  The SEC’s FCPA Unit Chief Kara Brockmeyer sees this as a result of companies preparing their compliance systems on the front end, and not requiring the same level of oversight as before.  Still, she doesn’t see monitors disappearing entirely.  In response to a reporter’s question asking what the downsides of having monitors are, Simpson Thacher’s Jeffrey Knox pointed out that corporate monitors are not mere passive observers but corporate policy makers.  If the compliance function is working without them, their presence may not be good for the company or the public.

Administrative Proceedings

The day saw a lot of discussion of the SEC’s post-Dodd-Frank increased use of administrative proceedings in its enforcement matters.  Several senior staff members, including Ceresney, Brockmeyer, and Associate Director Scott Friestad assured the audience that more were coming.  Recently departed Co-Director George Canellos opined that in deciding between filing cases in federal court or as an AP, it wasn’t appropriate for the staff to consider which gave the SEC a better chance to win.  Ceresney didn’t seem to be as sure about that, and Friestad definitely didn’t buy it.  “Should I be filing where I’m most likely to lose?”  For Russ Ryan, at King & Spalding, administrative proceedings after Dodd-Frank have a core, potentially Constitutional problem.  That is, they provide an extremely accelerated process that is well suited for technical, regulatory violations, but is now being applied to enforce punitive sanctions against non-registered entities.  Now, the SEC is acting as both the prosecutor and the judge in a punitive context and in a way that Ryan thinks triggers Separation of Powers concerns.  He also thinks some of the recent challenges to SEC administrative cases are not quite ripe, and have allowed district courts easy outs by saying the respondents have not exhausted their administrative remedies.  This topic will have a way to go before it’s played out.

Practice Suggestions

Steptoe’s Phil Khinda had a few.  For Wells submissions, he said to remember you’re not writing for the Enforcement staff.  You’re writing for the GC’s office and the worriers in the other divisions and offices to create doubt and weakness in the SEC’s case.  The Wells doesn’t need to be written like an attacking opposition brief.  Instead, it should read like an amicus brief, and speak to the staff like they would talk to each other.  Ryan also said he’d seen a recent trend wherein the staff has been more open to frank discussions very early in a case about what they’re looking for and how a subpoena might be kept relatively narrow.  Friestad said that Ryan may have just been lucky, but that he encouraged staff in his group to be similarly forthcoming.  Khinda also said that he tries very hard to build credibility with the staff early in an investigation.  When he gets challenged for a lack of “independence” when he’s acting as defense counsel, “[w]hat I say to the staff is independence is a proxy for intellectual integrity.  If I seem tired it’s because I’ve been running around trying to get at what the issues are.  The staff wants to know that you are thinking about the issues and trying to learn them the way they would.”