NSCP Currents Special Edition Compliance in the Age of Dodd-Frank and Aggressive

NSCP Currents
May/June 2011 Special Edition
Compliance in the Age of Dodd-Frank and Aggressive
Criminal and Civil Enforcement Actions
by Jeffrey L. Bornstein and Michael J. Quinn
This article is for informational
purposes only and does not contain or
convey legal advice. The information
herein should not be used or relied
upon in regard to any particular
facts or circumstances without first
consulting with a lawyer.
The Compliance Environment
Since Enron, WorldCom and the
other high-profile scandals of the
1990s, businesses have focused their
efforts on developing, implementing
and revitalizing internal corporate
compliance programs. The crises
that nearly brought down our
financial markets in 2008 and the
resulting Dodd-Frank Act passed by
Congress have placed an even greater
emphasis on companies creating
an internal culture of compliance.
The substantial monetary rewards
available to whistleblowers under the
Act constitute a fundamental change
in the enforcement regime and must
also result in a similarly fundamental
change in the compliance regime.
There are always new scandals
involving business executives
seeking to evade existing rules to
ensure success. The recent criminal
conviction of Raj Rajaratnam and
the continuing prosecution of other
alleged insider traders in the hedge
fund world present new challenges to
existing compliance programs. This is
especially true where fund managers
cultivate relationships with corporate
insiders, use the services of so-called
Jeffrey L. Bornstein and Michael J. Quinn are
Government Enforcement partners in the San
Francisco and Los Angeles offices, respectively, of
K&L Gates LLP.
expert networks and otherwise spend
much of their time and energy trying
to get an informational edge on the
The potential compliance issues,
made even more complex by DoddFrank, may seem insurmountable.
What follows is a brief discussion of
some of the challenges that confront
existing compliance programs and
some suggested approaches.
Compliance Examples
(1) Paul Pain, a prolific trader and
money manager, is not performing up
to par. He has repeatedly complained
about various practices, but nothing
has ever come from his complaints.
For instance, he recently suggested
that there were some improper
trading activities by BigBoss. You
conducted a cursory “look-see” but
found nothing incriminating. In the
next quarter, BigBoss tells you to fire
Pain. Together with Human Resources,
you plan to break the bad news to
Pain. Just before you do, however, the
company receives a subpoena from
the SEC relating to the activities of
BigBoss. When you go to fire Pain,
he asserts that his firing is simply
retaliation against his whistleblowing.
What can a firm expect under
the new SEC policy regarding
On May 25, the SEC adopted
new rules involving whistleblowers.
The rules are designed to balance the
desire for companies to have robust
internal compliance programs with the
SEC’s need to get information quickly
so that it can take timely enforcement
actions to protect investors and
shareholders. The SEC’s rules require
that, to be considered for an award,
a whistleblower must voluntarily
provide the SEC with original
information that leads to successful
enforcement by the SEC of a federal
court or administrative action in which
the SEC obtains monetary sanctions
totaling more than $1 million. The
new rules are scheduled to go into
effect in the next several months.
Among the highlights, the new rules:
• Allow whistleblowers to obtain credit
for reporting original information
to their employers, even if the
whistleblower never contacts the
SEC. The whistleblower is entitled to
a reward if the employer passes the
tip along to the SEC. Any monetary
award to the whistleblower will be
based not only on the information
reported to the employer, but also on
the basis of any other information the
company provides to the SEC from its
internal review;
• Give a whistleblower credit for
reporting problems internally before
approaching the SEC, so long as the
SEC is notified within 120 days;
• Contain anti-retaliation provisions
that are available to anyone who
provides information—based on
his or her reasonable belief—about
a possible securities law violation,
even if it does not lead to a successful
enforcement action; and
• Incentivize, but do not require,
whistleblowers to first report
compliance problems internally by
enabling them to collect a larger
award based not only on the original
information that they provided but also
(Continued on page 2)
© 2011 National Society of Compliance Professionals, Inc.
NSCP Currents May / June 2011 Special Edition
(Continued from page 1)
any additional information developed
by the company in its internal
Under our hypothetical, there
are now new pressures placed on all
companies to ensure that complaints
are properly addressed. Personnel
departments need to be far more
diligent in documenting performance
or other problems with employees on
a timely basis, because attempting
to discipline an employee after he or
she makes a whistleblower complaint
could prove risky. Dodd-Frank
retaliation penalties are more onerous
than even those under SarbanesOxley. Conducting only a cursory
review of internal complaints may
carry significant consequences. Early
consultation with counsel may be
Companies are rightly concerned
about the effect that cash incentives
will have on employees to bypass
internal compliance or to exaggerate
small compliance issues into larger
ones. In deciding not to require
that whistleblowers first report
problems internally, the SEC noted
that many companies do not have
robust compliance programs that
offer assurances of confidentiality to
those who report issues. Congress and
the SEC are seeking to get ahead of
potential problems and desire not to be
hamstrung by outdated regulations and
enforcement techniques.
While the SEC’s intent seems
clear, the challenges for companies
are illustrated by our hypothetical,
in which the allegations concern
one or more individuals in upper
management. An effective compliance
program should have an internal
reporting mechanism – perhaps
directly to an independent component
of the Board – especially where the
allegations concern improper activities
by top management officials.
For large public companies, this
should be relatively easy. For smaller
companies, in particular those whose
existence is closely associated with top
management, it may be more difficult
to question or investigate allegations
without the support of independent
Board members and outside
counsel. Given how expensive these
investigations can be, making sure you
have appropriate insurance coverage
also may be a prudent consideration.
Ultimately, the onus will be on
companies to make their compliance
programs even more robust. Active
vigilance, training, systems and
internal communication are all keys
to avoiding whistleblower problems.
Companies will benefit by seeking to
assure that employees feel confident
in reporting problems internally first
so that the company can best position
itself to respond appropriately. The
costs associated with such programs
will be substantial, but the cost of
failing to implement them may be
even higher.
(2) A disgruntled investor believes
that Freddie FundManager made
concessions to him when he first
invested his money with your firm.
His investments with your firm were
profitable for many years, but recently,
he has lost substantial sums. The fund
documents were not updated timely,
the email correspondence between
Freddie and the investor are not clear,
and you have been largely kept on the
What should/could a compliance
officer do proactively to keep this
from becoming a litigation liability?
Some managers may perceive a
compliance program as a nuisance
interfering with business. This
hypothetical illustrates the potential
for private litigation and/or regulatory
enforcement action not only for
deliberate acts but also as the result
of a business practice that may have
the effect of being fraudulent -- in
violation of, for example, Section
206(2) of the Advisers Act. That
section pertains to business practices
that may result in fraud even if there
was no intent to deceive. A good
compliance program could involve
regular review of fund and investment
documents to keep them consistent
with both applicable regulations and
the current realities of the business
being conducted at your firm. In turn,
such review could give compliance
personnel insight into practices
that may be problematic before any
resulting lawsuit or regulatory inquiry.
However, once there is any sort of
complaint, it is imperative to involve
compliance and either in-house or
outside legal counsel immediately. An
inadequate response to an investor or
client complaint can often multiply the
magnitude of the harm.
Poorly worded documents,
ambiguous emails, and/or failures to
recognize potential claims by investors
whose investments have lost money
and who now seek to blame their
money manager are all recipes for a
nasty lawsuit and frequently some sort
of SEC inquiry.
(3) Joe HedgeFund is a
workaholic. Joe is on the phone, on
the golf course, and wining and dining
corporate insiders, trying to assemble
the most complete information as
part of the mosaic he builds to initiate
his trading strategy. While there are
no obvious red flags involving the
volume of trades or the combination
of trading around a position, there
appear to be instances in which the
fund profits (or avoids losses) around
the announcement of key events. Your
suspicions are raised, but you do not
share your concerns with anyone, so as
not to “rock the boat.”
What, if anything, can a
compliance officer do to ensure that
Joe is not trading based on inside
Regular monitoring of email,
instant messages and trading records
frequently are central elements of
compliance and oversight programs.
Effective compliance also means
cultivating a culture that puts a
premium not only on success but
also on achieving it in a manner that
does not put the firm at risk. While
there is much to be said for gathering
NSCP Currents May / June 2011 Special Edition
information that will benefit the firm,
its funds and its clients, the more a
trader or other investment professional
has access to informal information
from insiders, the greater the risk of
crossing the line.
In the scenario presented by this
hypothetical, it may be important for
the firm to monitor correspondence
and even expense reports and to
ask questions. Firms also could
look for patterns of trades in certain
stocks or sectors following these
informal meetings with insiders. For
information obtained from experts,
firms need to do their homework.
What does the firm know about the
kinds of information and the sources
of the information being provided
to the firm? Are there any insiders
who are being paid and/or providing
information? Why are payments
being made? Does their employer
know about their dual role as outside
consultant and company insider?
Firms may wish to consider
requiring periodic affirmations signed
under penalty of perjury from all
outside consultants and analysts
attesting to their knowledge of, and
compliance with, all applicable insider
trading regulations. Further, firms
should work to implement a robust
program to monitor trading activity.
If it appears that a trader or fund
manager is trading just in front of
good or bad news, it may be that there
is something else in the mix besides
hard work, and the firm may need to
investigate further.
It is impossible for any company
to anticipate and prevent all improper
behavior. The temptation to bend the
rules to make more money is common
and powerful. Many transgressors are
good at convincing themselves and
potentially others that their conduct
does not actually cross the line.
The more that compliance
personnel and procedures are an
integral part of a firm’s business
culture, the more likely it is that
employees will feel comfortable
reporting misconduct internally.
That paradigm may break down in
the case of disgruntled employees
or if complaints never seem to go
anywhere. Any firm that ignores the
new incentives provided by the SEC’s
whistleblower policy likely does so at
its own peril.
is a publication of the
National Society of Compliance Professionals, Inc.
22 Kent Road, Cornwall Bridge, CT 06754
(860) 672-0843 / info@nscp.org
Inclusion of any advertisement in any NSCP publication is at the sole discretion of the NSCP Board of
Directors, and in no way represents an endorsement of the advertiser or the advertised product by NSCP.
NSCP Board of Directors
Joan Hinchman, Executive Director, President and CEO
Katherine Addleman
Lee D. Augsburger
Torstein M. Braaten
A. Brad Busscher
David A. DeMuro
Patricia E. Flynn
Editor & Layout
Frederick D. Vorck, Jr.
Bari Havlik
Deborah A. Lamb
David H. Lui
Martha J. Matthews
Lynn M. McGrade
Selwyn J. Notelovitz
Diane P. Novak
David W. Porteous
Charles V. Senatore
David M. Sobel
Craig R. Watanabe
Judy B. Werner
Pamela K. Ziermann
Joan Hinchman