OCIE Evaluates Cybersecurity in the Securities Industry

In February, the Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a risk alert regarding the cybersecurity preparedness of the securities industry. OCIE examined 57 registered broker-dealers and 49 registered investment advisers as a part of its “Cybersecurity Examination Initiative” that was announced in the spring of 2014.

OCIE collected information from these firms regarding risks related to cybersecurity policies, remote access to client funds, designations of Chief Information Security Officers (“CISO”) and third party vendors. Key findings of the examinations are discussed below:

  1. Written Cybersecurity Policies

The vast majority of examined broker-dealers and registered investment advisers adopted written cybersecurity policies. However, only half of registered investment advisers had written policies in business continuity plans to counteract cybersecurity attacks. Most firms did not address who would be held responsible for client losses. Only 9% of investment advisers offered security guarantees for client losses. Advisers and broker-dealers should review their business continuity policies and consider any relevant updates with respect to cybersecurity issues.

  1. Role of Third Party Vendors

OCIE focused on the examined firms’ monitoring of third party vendors that have access to firm networks. 32% of investment advisers required third party vendors to conduct “cybersecurity risk assessments” and only 24% had cybersecurity requirements in their contracts. In contrast, almost 75% of broker-dealers had cybersecurity requirements in their third party vendor contracts. OCIE considers sharing of information with vendors to increase the likelihood of cyber-related incidents. Investment advisers should consider following the lead of these broker-dealers and include cybersecurity requirements in their third party vendor contracts.

  1. CISO or Chief Technology Officer (“CTO”)

Whether a firm designated a CISO or a CTO tended to vary on the type of firm: 68% of broker-dealers versus 30% of registered investment advisers identified a CISO. Registered investment advisers typically assigned CISO duties to a CCO or CTO.  Though compliance will naturally be involved in cybersecurity policies for financial firms, given the complexity of these issues, technology experts should be more deeply and substantively involved.

  1. Cybersecurity Incidents

About 75% of both broker-dealers and registered investment advisers that were examined had experienced a cybersecurity incident. The most common issues involved fraudulent emails or malware.   The fraudulent emails, in particular, should be considered a serious issue, given the Regulation S-ID requirements that became effective in May 2013 for SEC-registered investment advisers and others registered with the Commodity Futures Trading Commission.  Read our article on this topic here.

Almost all examined firms had written policies in place, but 25% of broker-dealers cited employees not following procedures as a reason for losses, highlighting the importance of initial and ongoing training for all employees on key points of the policies.  Consider holding a separate, more detailed training for those involved in client services, finance and other areas more likely to be on the front lines of a cyber-attack.

Even the smallest client loss, reimbursed by the firm, can damage its relationship with the client in question; a series of losses or other failures could erode confidence across the client base and invite regulatory scrutiny.  Firms should be proactive in not only adopting policies, but emphasize training, monitoring and reevaluating policies in light of evolving threats.

  1. Final Thoughts

Many firms modeled cybersecurity policies and procedures on published works by the National Institute of Standards and Technology, the International Organization for Standardization and the Federal Financial Institutions Examination Council. Additionally, many firms considered industry organizations as means to gain more information about cybersecurity risks.

The OCIE risk alert highlights the cybersecurity priorities for OCIE and current industry practices. Investment advisers should recognize that cybersecurity testing will likely become a part of standard OCIE examinations in the future.  Proper cybersecurity requires ongoing monitoring, robust training and possibly expensive IT infrastructure. However, firms must consider their duty to safeguard client information and assets. The time and money spent on cybersecurity can prevent a loss of client trust and a firm’s reputation.

Implications of Basel III for Hedge Fund Managers

In January, Bank of America cut ties with 150 hedge fund managers in its prime brokerage group because they were viewed to be unprofitable. Goldman Sachs also made drastic changes to their client lending strategy last year. JP Morgan has warned hedge fund managers in a report about the serious changes heading their way this year. Brokers made these moves as a result of upcoming Basel III obligations for brokers.

Basel III is an international accord that is meant to encourage a return to traditional banking practices after the 2008 crisis. The accord purposefully reduces brokers’ activities and profitability in favor of less risk and market safety. The three Basel III obligations that are forcing brokers to alter their relationships with hedge fund managers are:

  • Limited leverage;
  • Increased liquidity requirements; and
  • Increased capital requirements.

Brokers are becoming wary of dealing with many hedge funds because they greatly affect these limits. Following are additional thoughts on the changing relationships between hedge fund managers and brokers:

  • Small hedge funds require a significant amount of capital compared to other investments and are not necessarily very profitable. Bank of America and Goldman Sachs, among others, believe that the clients that affect these limits are no longer valuable;
  • Hedge funds that invest in high-quality liquid assets will likely survive the brokers’ scale-down of their prime broker clients;
  • Hedge funds that do not produce healthy return on equity for brokers will be severely affected this year and in 2018, when limitations become mandatory. Hedge fund managers should be aware of brokers’ plans to redirect their resources away from businesses that are expected to earn low returns on equity; and
  • On a purely domestic side of regulations and politics, whether or not President Obama vetoes delaying the implementation of the Volcker Rule will have significant effects on how brokers handle their relationships with hedge fund managers. The Volcker Rule greatly reduces but does not completely restrict brokers’ investments in hedge funds and private equity. The Volcker Rule will require brokers’ to make more cuts to managers that underperform.

Despite some recent optimism, it is notable that 661 funds shut down in the first three quarters of 2014. In particular, firms with declining or stagnant profits should prepare for the possibility of changes in their broker’s policies and practices.  Any small hedge fund manager, however successful should also consider the potential shift in their brokers’ priorities as a result of Basel III.

Primer:  Custody Rule for SEC-Registered Investment Advisers

Custody arrangements will always be reviewed in a routine regulatory examination. Violations of Rule 206(4)-2, more commonly referred to as the Custody Rule (the “Rule”) are also rapidly becoming a key enforcement area for the Securities and Exchange Commission (“SEC”). This primer will cover the important points of the Rule and discuss the most common violations.

  1. The Rule

At its most basic, the Rule:

  • Defines custody as “holding, directly or indirectly, client funds or securities, or having any authority to obtain possession of them;
  • Requires safekeeping of client assets, which means maintaining them at a qualified custodian such as a bank or broker-dealer. Assets must be in a segregated account either for each client under its name, or in an account that contains only clients’ assets with the adviser’s name as agent or trustee;
  • Requires the adviser to notify clients when accounts are opened for them and reasonably believe, after due inquiry, that custodians deliver account statements directly to clients at least quarterly; and
  • Requires independent, surprise verification of assets by an accountant. Private fund managers can satisfy this requirement by arranging for their funds to be audited annually (more on this in the next section).

 

  1. Important Nuances

Though simple on its face, there are some important nuances to consider:

  • An adviser can have custody through an affiliate (e.g., the general partner, or equivalent of a private fund);
  • The authority to obtain possession of funds or securities creates custody, regardless of whether such authority is exercised;
  • The accountant retained to provide either the surprise verification or the annual audit of a fund must be an independent public accountant that is both registered with and inspected by the Public Company Accounting Oversight Board or PCAOB.

 

  1. Common Violations

The SEC’s National Examination Program (“NEP”) staff recognized four common deficiencies during their recent investigations:

  • Advisers often failed to recognize that they had custody under the Rule. The NEP staff cited examples of advisers having physical or electronic possession of assets, but not fulfilling their Rule obligations;
  • Some surprise exams were not conducted on a “surprise” basis. The NEP staff collected evidence suggesting that the examinations were being conducted at a predictable time each year;
  • Certain advisers did not meet the qualified custodian requirements. Advisers that commingled client’s assets with employee or propriety assets were in violation of the Rule. The NEP staff also noted that some client assets were held in an adviser’s name, but not in an account that was under the adviser’s name as an agent or trustee for the client and that held only client assets; and
  • Some audits were considered to be unacceptable. Some auditors could not be considered to be independent under Regulation S-X or were not registered with the PCAOB. In other instances, audited financial statements were not prepared in accordance to generally accepted accounting principles standards.

 

  1. Compliance Tips

To comply with the Rule, adviser should consider:

  • Creating policies and procedures that address the application of the Rule. Advisers should consider how future Rule changes may alter their policies. SEC press releases about rule changes can be found here. Advisers should also consider how changes in their business may affect their Rule obligations and update policies accordingly; and
  • Ensuring that all parties involved consistently follow the prescribed procedures. The Rule is quite technical, and it is important that all parties involved understand the Rule, policies, and procedures.

Many violations of the Rule were the result of advisers not recognizing and understanding their obligations. These issues can be avoided by establishing clear written policies and procedures, distributing them firm-wide and training key staff on their role in implementing the adviser’s custody rule procedures.

SEC Announces Examination Priorities for 2015

The Office of Compliance Inspections and Examinations (“OCIE”) of the Securities and Exchange Commission (“SEC”) released its 2015 examination priorities for investment advisers, broker-dealers, and transfer agents. OCIE will focus its efforts on issues related to market-wide risks, analyzing data to prevent illegal activity and protecting investors who are saving for retirement, which are discussed in turn below:

  1. Assessing Market-Wide Risk

OCIE intends to examine widespread firm and industry structural risks. OCIE will closely monitor the largest of broker-dealers and asset managers. Large firms allow for better understanding of market trends as a whole. Additionally, clearing agencies will face increased scrutiny in 2015. As we have previously discussed, the SEC will examine broker-dealers’ cybersecurity compliance programs. Lastly, OCIE will increase their efforts of tracking firms’ trading history against their best execution policies. OCIE intends to work with the Division of Trading and Markets and other regulatory agencies to address market-wide risks.

  1. Use of Data Analytics

As SEC Chair Mary Jo White noted in her speech at the New York Times DealBook Conference in December, OCIE will increase its use of data analytics in examinations. OCIE will use data to identify individuals that are repeat offenders and will examine their employers. Additionally, data analytics will be used to identify excessive trading, market manipulation, and pump-and-dump schemes. Lastly, the OCIE will test firms’ anti-money laundering policies with collected data.

  1. Protecting Investors Saving for Retirement

The most significant theme of OCIE’s examination priorities is the protection of retail investors and investors saving for retirement. This includes investigating the suitability and sales practices for retirement products to individual investors. OCIE intends to examine branch office practices for deviations from the policies set out in compliance programs. Two types of companies the OCIE will examine closely are alternative investment companies and fixed income investment companies. The SEC considers alternative investment companies to be those that make returns that are uncorrelated to the stock market. Companies that act as both broker-dealers and registered investment advisers will likely be examined for the appropriateness of account types offered to their clients.

In addition to these three themes, the OCIE intends to examine transfer agents, municipal advisers, and never-before-examined registered investment company complexes. The SEC will also place significant emphasis on examining fees and expenses in private equity funds. OCIE noted many inconsistencies among private equity advisers in 2014 and plans to act on those findings in 2015. Advisers should review the SEC’s release in its entirety and consult their legal counsel and/or compliance consultant to best prepare for their next examination.

Mary Jo White’s Remarks at NYT DealBook Conference

On December 14, 2014 Chair Mary Jo White of the Securities and Exchange Commission (“SEC”) spoke at the New York Times’ DealBook Opportunities for Tomorrow Conference. She concentrated on the SEC’s future enhancements of risk monitoring and regulatory safeguards for the asset management industry, specifically: data reporting, portfolio composition risk controls and transition planning for advisers. Following are some key takeaways:

  • Chair White spoke about how the SEC relies on data reporting in order to understand the industry. She noted the rapid growth of the industry from $4 billion assets under management in 1940 to $63 trillion assets under management in 2014. As a result, the SEC has implemented new data reporting tools largely due to the Dodd-Frank Act. However, the SEC still only receives information from about a quarter of all registered firms. The SEC will release new recommendations for modernizing and enhancing avenues for data reporting that are already in place.

 

  • She also addressed portfolio composition risk and operational risk. Portfolio composition risk refers to the risk of mixing a fund’s investments. These can include risks associated with liquidity and leverage. Noting that operational risk involves the possibility of internal process and system failures, she emphasized these in relation to exchange-traded funds (ETFs) and the use of derivatives by mutual funds. The SEC will likely require broader portfolio composition and operational risk management policies for advisers to these types of funds in the future.

 

  • The final focal point of Chair White’s speech was transition planning and stress training for investment advisers. She pointed out that clients are severely at risk when an investment adviser is no longer able to operate. One especially problematic example is if there are restrictions on the use of a client’s money that is held by an investment adviser. The SEC is preparing recommendations for avoiding issues related to the termination of an investment advisory arrangement.

Chair White’s speech at the New York Times is a sign that the SEC is becoming increasingly interested in data reporting, portfolio composition risk controls and transition planning for advisers. The SEC is planning on new rules or amendments for each of these core points. In addition, there will likely be more reporting requirements for private funds in the near future. Investment advisers should keep an eye out for the possibility of new obligations in all of these areas.

Primer: Holdings Reporting for Investment Advisers

There are several provisions in the Securities Act of 1933 (“Securities Act”) or the Securities Exchange Act of 1934 (“Exchange Act”) that require investment advisers to report their holdings or other investment activity to the SEC. Most of these filings are available to the public via the SEC’s Electronic Document Access and Retrieval (“EDGAR”) system, with some exceptions, which are discussed below. Notably, many of these filings are required whether a firm is registered with the SEC or not (including Exempt Reporting Advisers and state registrants).  Deadlines and other requirements may also vary depending on a firm’s registered status.  These are discussed in more detail below.

  1. EDGAR Filing Generally

EDGAR requires market participants to file electronically with the SEC, enables the SEC to catalog and analyze filing data, and allows the public to quickly search most filings. First-time filers will need to apply for EDGAR access by filing Form ID with the SEC on its EDGAR Filer Management website (“Filer Management”). Form ID asks for basic business and contact information and an 8 character “Passphrase” selected by the filer. Within 48 hours, the SEC will assign a Central Index Key (“CIK”) number to the filer, which will be emailed to the contact person identified on the Form ID. Once a CIK number has been assigned, filers must return to Filer Management to generate the passcodes (“Codes”) used to make filings.

These Codes are all 8 characters and are randomly assigned by Filer Management. They include:

  • Password (NB: this is not the same as the Passphrase that filers select initially). The Password expires annually on the anniversary of its assignment and must be changed within 10 days of that anniversary (the “Grace Period”). The Password is used for all EDGAR filings;
  • CCC: This is the CIK Confirmation Code and must also be used for all EDGAR filings; and
  • PMAC: This is the Password Modification Access Code and can be used to update only the Password within the Grace Period. Following expiry of the Grace Period, filers must use their CIK and Passphrase to generate an entirely new set of Codes.

Filers should ensure that their Passphrase and Codes are kept in a secure location and updated as needed. This will prevent unauthorized use (including access to confidential filings) and avoid delays when making filings.

  1. Schedule 13D and 13G

Generally, a Schedule 13D filing is required where a person (including entities) beneficially owns more than 5% of a class of publicly traded equity securities of an issuer for the purpose of changing or influencing control (in other words, is an activist investor, or anticipates becoming one). A shorter form Schedule 13G is applicable where a person holds the position in the ordinary course of business and not for the purpose of changing or influencing control of the issuer (i.e., is a passive investor).

A person “beneficially owns” a security if it has or shares the power to vote or dispose of the security. To the extent that an investment adviser has discretionary authority over client accounts, it may be a beneficial owner for purposes of these filings. A person also beneficially owns any securities that it has the right to acquire (e.g. exercise of an option), if the right is exercisable within sixty days.

The initial Schedule 13D or 13G, as applicable, is due within ten days following the acquisition that causes the person to cross the 5% threshold.  Thereafter, 13D must be amended promptly (no more than two days) following a material change, including a 1% change in ownership. SEC or State registered investment advisers have the luxury of longer deadlines. If at the end of their fiscal year a registered adviser is still over 5%, they have forty-five days to file their initial 13G, which is amended annually thereafter. Additional requirements apply at 10% and 20% ownership thresholds, or if a passive investor becomes an activist and must file on 13D.

  1. Form 13F

Any investment adviser that on the last trading day of any month of a calendar year exercises investment discretion over $100 million or more invested in equity securities traded on stock exchanges or the Nasdaq is subject to reporting on Form 13F. The SEC compiles a list of “13F Securities” which is published quarterly on its website. The filing is due in mid-February (the exact deadline will vary depending on the calendar) using data as of December 31. Thereafter, a quarterly 13F report is required forty-five days after the end of each calendar quarter. Firms that met the threshold and then fell below will still need to make the initial and quarterly filings the following year.  See also the SEC’s 13F FAQ.

13F is a public filing, though filers can request confidential treatment.

  1. Form 13H

Any investment adviser who directly or indirectly exercises investment discretion over transactions in US exchange-listed securities equal to or greater than either (a) 2 million shares or $20 million per calendar day or (b) 20 million shares or $200 million per calendar month must report identifying and other data about itself and its affiliates to the SEC on Form 13H promptly (within ten days) after reaching the either of the foregoing activity levels. Thereafter, an annual 13H report is required within forty-five days after the end of each full calendar year (the same timeframe as for 13F and 13G for registered investment advisers). Interim amendments are required following any change to the information provided on the form.

Options must be included in calculating the thresholds. The SEC’s 13H FAQ is a useful resource for calculations and other questions.

13H is a confidential filing and is not searchable via EDGAR (though it is filed on the EDGAR system; it is subject to an earlier cut-off time than public filings).

  1. Section 16

Section 16 of the Exchange Act mandates filings by certain insiders of public companies. Officers, directors and 10% shareholders are all considered insiders with respect to the shares of the public companies that employ them, or in which they hold 10% of the outstanding shares. Investment advisers registered with the SEC may be eligible for relief from the filing requirement if their aggregate holdings (i.e. across all funds and clients) meet the 10% threshold. However, if a single fund or another client meets that threshold, it will still be required to file.

The filings are made on Form 3 (initial filing), Form 4 (amendment filing) and Form 5 (annual filing). Amendments must be filed promptly, no later than two days following the change. It is best practice to file as soon as possible following the change, e.g., the same business day, especially given the increased SEC enforcement focus on this area.

See also the SEC’s guidance and electronic filing FAQs.

Practical Controls Around Expert Network Usage

Practical Controls Around Expert Network Usage

Unsurprisingly, recent SEC examinations of investment advisers are focusing closely on insider trading (see our primer on detecting and preventing insider trading).  The staff’s approach is multi-pronged and extensively covers a firm’s use of expert networks.  A firm should state in their policies if they do not use expert networks.

For firms that do utilize expert networks, some controls that can be placed around this area to maximize compliance are listed below.

  1. Workflow

Policies and procedures should specify how expert network and other research arrangements will be evaluated and approved.  For example:

  • State that providers must be approved by firm management, including the Chief Compliance Officer; only approved providers may be utilized by employees;
  • Prior to approving a provider consider, among other things:

-Whether or not it has compliance policies and procedures in place that are designed to prohibit and prevent insider trading;

-The depth and scope of such policies and procedures;

-The means by which these policies and procedures are carried out and tested;

-The added value of utilizing the provider relative to the internal research function at the firm; and

-The reputation of the outside research provider.

  • Require a written agreement with the provider that addresses and prohibits the communication of material non-public information.  Consider implementing a checks and balances process that requires the Chief Compliance Officer and/or General Counsel to review the agreement but also another officer’s signature;
  • Require any transmission of material non-public information to be reported to the Chief Compliance Officer; and
  • Otherwise encourage employees to discuss their concerns and questions with the Chief Compliance Officer (i.e., an open door policy).
  1. Reviews and Recordkeeping

Expert network activities should be reviewed as part of the annual review, at minimum.  For firms with a lot of activity or other risk factors, reviews should be more frequent.  Recordkeeping should be robust to establish compliance with stated policies and procedures and to demonstrate that policies and procedures are sufficient to prevent the transmission of material non-public information.

Recordkeeping might include:

  • Log of calls;
  • Due diligence files on chosen service providers:

-Executed agreement;

-Terms of service documentation if separate from the agreement;

-Documentation of the selection process, including the reasons for using a service provider and this one in particular, the purpose for the research (e.g., for general market, sector or similar information and not on specific issuers) and any other material that demonstrates the manner in which the firm became comfortable with the service.

  • Any relevant policies on insider trading generally and the use of expert networks. These should be considered living documents, to be reviewed and updated on a continual basis;
  • Any reporting that is circulated among compliance and other departments regarding usage.
  1. Real-Time Controls

Particularly where there is a lot of activity, firms should consider the kinds of real-time controls they can place around expert network usage.  These might include:

  • Utilizing Scripts. Scripts should be as concise as possible, written and distributed to all analysts.  Analysts should receive robust training on when and how to use the script to ensure maximum compliance.  They are typically be recited at the beginning of a call and/or copied into an email setting up the call.
  • Establishing guidelines specific to a particular provider or a particular outside research function on an as-needed basis;
  • Targeted training to analysts;
  • Targeted reviews of communications among the firm/its analysts, the service provider and experts utilized;
  • Placing hard limits on usage (e.g., a set number of calls per month, or only in certain sectors or markets of interest; prohibition on calls about specific issuers);
  • Any tools provided by the service or otherwise available, such as:

-All calls are routed through a bridge line to eliminate the exchange of direct contact information.  This will also enable monitoring by compliance, either to chaperone all calls or randomly dial in.  There is usually functionality for a pre-recorded script;

-Pre-approval such that a call cannot be setup absent approval by the firm’s compliance team.

 

The MCAA and the Rise of ‘GATCA’

The Cayman Islands and 50 jurisdictions signed the Organisation for Economic Co-operation and Development’s (“OECD”) Multilateral Competent Authority Agreement (“MCAA”) on October 29, 2014 in Berlin. The MCAA implements the automatic exchange of tax information based on the OCED’s Multilateral Convention on Mutual Administrative Assistance in Tax Matters. The MCAA will require Competent Tax Authorities (“Authority” or “Authorities”) in these jurisdictions to automatically exchange relevant tax information based on the OECD’s Common Reporting Standards.

Here are some takeaways from the MCAA:

  • The MCAA in tone has similarities to GATCA, a term to describe a global version of FATCA that would enable countries’ governments to charge tax evaders in up to 65 countries. While GATCA is not an actual policy in place, governments are increasingly making bilateral agreements to prevent tax evasion like the MCAA;
  • Private funds based in the Cayman Islands will now have significantly more international tax reporting and compliance obligations. In addition to the MCAA, Cayman Island organization have additional reporting obligations based on US FATCA and the new UK FATCA The Cayman Islands has already implemented several of the laws and regulations to enable the automatic exchange with other authorities. See our discussion of UK FATCA here;
  • The MCAA will be activated in each jurisdiction once the OECD can confirm that there is proper legislation in place to enforce the rules based on the OECD’s Common Reporting Standards. This rule is particularly important when considering privacy issues that may arise with frequent and large information swaps between Authorities;
  • An Authority needs to provide a timeline of dates regarding enforcement for previous accounts and new accounts to the OECD for approval to implement automatic tax exchanges; and
  • An Authority needs to provide the OECD a list of the other Authorities with which it would like to have an automatic tax exchange agreement. The MCAA does not guarantee exchanges with all of the signees.

The MCAA is a reminder to closely follow the ever changing landscape of international compliance rules and regulations, particularly in the area of tax.  Firms operating in one or more of the jurisdictions listed should frequent the relevant websites for news regarding the possible regulation changes. Awareness of changing international regulation is especially true for private funds operating in Crown Dependencies and Overseas Territories, such as the Cayman Islands and the British Virgin Islands, in light of UK FATCA. Authorities look forward to the opportunity to catch tax evaders and violations can be very embarrassing and costly.

Primer: Detecting and Preventing Insider Trading

Most everyone in the securities industry knows what insider trading is, at least the general outlines. Challenges arise when figuring out how to manage it internally from a compliance perspective, and how to detect (and avoid receiving) material non-public information (“MNPI”) in the first place. This primer sets out the basics briefly as a background but will focus on practical strategies to detect and prevent insider trading.

Managing Insider Trading Issues:

Investment advisers, fund managers, broker-dealers and other participants in the marketplace regardless of registration or exemption status, should have policies and procedures in place to prevent and detect insider trading. These can include, among other things:

  1. Clear agreements with research providers (especially expert networks) that contain representations to the effect that the firm is not engaging the provider for purposes of obtaining MNPI, and that the provider is aware of the laws pertaining to insider trading and will not transmit MNPI.
  2. Establish a policy prohibiting insider trading with the following supporting processes:
  • Employee training;
  • Emphasize that MNPI can be received in connection with the firm’s work or through other means. Receiving MNPI is still a risk to the firm even if the employee receives it separately from his or her work;
  • Periodic review of electronic communications;
  • At least quarterly reviews of employees’ personal securities transactions. More frequent reviews are always better and should be considered necessary to manage a high volume of activity and/or increased risk of receiving MNPI;
  • Real-time maintenance of restricted/watch lists;
  • Escalation of MNPI or a new risk area to Chief Compliance Officer; and
  • Restrict access to any MNPI that is in the firm’s possession.
  1. Analysts or other employees who may contact public companies in the course of their research, or who otherwise might access MNPI should receive additional and/or more frequent training on how to handle insider trading issues.
  2. Employees who think they have received MNPI must not share that information with anyone other than the Chief Compliance Officer and must not trade while in possession of that information (e., even if the MNPI is not a factor or is among other factors in a decision to trade).
  3. Identify areas in which a firm may be more likely to receive MNPI and implement additional policies if needed:
  • Issuers in a client portfolio that may be involved in M&A activity, tender offers and the like;
  • Activist strategies;
  • Confidentiality agreements with respect to information about a public company (e.g., for private equity funds, such an issuer might be in a position to acquire a portfolio company);
  • Use of expert networks; and
  • Employees/principals or their family members who have relationships with public companies (board/officer positions, employees, significant shareholders).

Background:

  1. Insiders. An “insider” includes officers, directors and employees of an issuer of securities. Additionally, anyone who has a confidential relationship with the issuer, such as its attorneys, accountants or other consultants is considered a “temporary insider.”
  2. Material Information. Information is material if there is a substantial likelihood that a reasonable investor would consider it important in making an investment decision, or if that information is reasonably certain to have a substantial effect on the price of an issuer’s securities. Material information can be positive or negative, and can relate to any aspect of a company’s business or to a type of security. While this definition is intentionally broad, common examples include:
  • Revenue and earnings information;
  • Projections and forward-looking information;
  • Mergers, acquisitions, tender offers, joint ventures, or changes in assets (even if preliminary);
  • New products;
  • Developments about customers or suppliers, such as the loss of a major contract;
  • Changes in control or management;
  • Events regarding the issuer’s securities, including defaults on strict securities; calls of securities for redemption; repurchase plans; stock splits; changes in dividends; changes to rights of securities holders; public or private sales of securities;
  • Change in auditors or audit report; and
  • Bankruptcies or receiverships.

 

  1. Non-public Information. Information is non-public until it has been effectively communicated to the marketplace. Practically speaking, this means that some fact will show that the information is available to the general public, e.g. through an SEC filing, a newspaper or online article, a quotation service such as Bloomberg, or a widely distributed communication by the issuer. Rumors or other information known to a smaller segment of the investment community is not considered public.

Types of Insider Trading:

  1. Classical Theory. Classic insider trading occurs when an officer, director, employee, or other insider trades on the basis of MNPI about the issuer for which s/he works, in breach of his/her duty to the issuer to refrain from such trading. The duty to refrain from trading extends to attorneys, accountants and other consultants who obtain information through their relationship as well as to “tippees,” if they are aware, or should have been aware, that they were given confidential information by an insider who has breached their duty to the issuer.
  2. Misappropriation Theory. This form of insider trading takes place between the source of the information and a third party who owes a duty to the source. If the third party steals or misappropriates information from the source and then trades on it, the third party is liable for insider trading. This is potentially broader than classical theory insider trading. In a 2013 case, the trader arguably did not receive MNPI as such, but had sufficient knowledge to make a correct, educated guess about an acquisition and traded accordingly. We discussed this case here; the SEC’s release and complaint are available on its website.

 

UK FATCA: New Filing Obligations for Overseas Crown Territories

The United Kingdom and its Crown Dependencies, such as the Cayman Islands and the British Virgin Islands, have entered into intergovernmental agreements (“IGA”) to improve compliance with UK tax laws. These new IGAs are popularly referred to as UK FATCA due to their similarity to the United States Foreign Account Tax Act (“US FATCA”).

Pre-existing and new investors, as of July 1, 2014, of funds located in UK FATCA jurisdictions have different obligations. Funds are required to obtain a form of self-certification for new investors. Here are the respective rules:

  • New investors to funds in UK IGA jurisdictions will have to self-certify as either a “Specified UK Person” or a “Passive Non-Financial Foreign Entity.” Specified UK Persons will have additional forms to complete. The Cayman Islands FATCA working group has created forms for the purpose of distribution to investors while funds in other IGA jurisdictions have distributed questionnaires in subscription documents.
  • Funds with pre-existing investors should obtain self-certification forms from their investors. Furthermore, UK FATCA requires that the funds perform an adequate search of possible links to the UK (“UK Indicia”). This search includes looking for UK mailing addresses or UK bank account information. If there is a link, UK FATCA will require the fund to obtain additional information.

New and pre-existing investors also have different timelines for compliance obligations:

  • July 1, 2014: Obtain self-certification from all new investors;
  • June 30, 2015: Complete UK Indicia review for pre-6/1/2014 individuals;
  • May 26, 2016: Report to local tax authority for the 2014 and 2015 calendar years;
  • June 30, 2016: Complete UK indicia review for pre-6/1/2014 entity investors;
  • May 31, 2017: Report to the local tax authority for the 2016 calendar year.

Finally, there are two more important things to note about UK FATCA:

  • Unlike US FATCA, UK FATCA does not have any tax withholding provisions as a consequence of non-compliance. Compliance obligations are only based on the laws and regulations of the UK IGA jurisdiction where the fund is located. Fines and penalties are based on local laws.
  • Investment funds that recognize certain investors as reportable based on UK FATCA will have to do so on an annual basis. This includes a variety of information ranging from the investor’s birthdate to his or her account balances.

UK FATCA is a step in the direction of increased global regulation of financial services on a variety of fronts.  Managers to offshore funds should review the relevant jurisdiction’s websites to stay updated on changes.

Further reading:

Our article on the Multilateral Competent Authority Agreement signed by a number of jurisdictions, including the Cayman Islands, for the exchange of tax information (also known as GATCA).

The Cayman Islands Tax Information Authority website is a great resource for more information regarding UK FATCA.  More on Cayman is available on Maples & Calder’s website.

Schulte Roth and Zabel’s UK FATCA Alert provides a thorough discussion of requirements.

PwC provides an in-depth discussion of the interaction between FATCA and the UK regime.