SEC Outlines 2015 Compliance Focus as Cybersecurity Continues to Gain Prominence After a series of high-profile data breaches at both financial and nonfinancial companies, regulators are increasingly highlighting the need for funds’ ongoing efforts to prevent and respond to hacking events. Amid this added scrutiny, fund managers will be expected to stay informed of their responsibilities and ensure they are in compliance. The issue of cybersecurity has been in the headlines in 2015 following data breaches involving several nationwide retailers and retail banks. The investment sector has also been affected, including the revelation in August of a large-scale international hacking scheme that used nonpublic information to reap $100 million of illegal profits. President Barack Obama also recently called for renewed cybersecurity efforts in both the public and private sectors to address the “significant” vulnerabilities the country faces from state, nonstate and criminal actors here and abroad. The Securities and Exchange Commission (“SEC”), meanwhile, announced a settlement with a St. Louis-based investment adviser related to charges that it failed to establish the required cybersecurity policies and procedures ahead of a breach that compromised the personal information of approximately 100,000 individuals, including thousands of the firm’s clients. As part of this emphasis on cybersecurity, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released an alert on Sept. 15 outlining its 2015 Cybersecurity Examination Initiative. The alert outlined the areas of focus for the office’s second round of cybersecurity examinations, which will include further testing of investment advisers and broker-dealers to assess the implementation of firms’ procedures and Attorney Advertising In This Issue SEC Outlines 2015 Compliance Focus as Cybersecurity Continues to Gain Prominence ............................................ 1 Proposed FinCEN Regulations Extend Anti-money Laundering Requirements to Certain Private Funds Advisers.................. 3 New IRS Ruling Guidance May Cast Doubt on Some Tax-free Spinoffs.................................................................. 4 CFTC Proposes Changes to Reporting Obligations for Cleared Swaps.................................................................... 6 Dividend Equivalent Payments — Final and Temporary Regulations Issued .............................................................. 7 Editorial Team October 2015 Kramer Levin’s Funds Talk provides legal commentary on the news and events that matter most to alternative asset managers and funds. www.kramerlevin.com Funds Talk The contents of this publication are intended for general informational purposes only, and individualized advice should be obtained to address any specific situation. Robert N. Holtzman rholtzman@kramerlevin.com | 212.715.9513 Gilbert K.S. Liu gliu@kramerlevin.com | 212.715.9460 Ernest S. Wechsler ewechsler@kramerlevin.com | 212.715.9211 Mergers and Acquisitions Securitization Bankruptcy Thomas T. Janover tjanover@kramerlevin.com | 212.715.9186 Derivatives Fabien Carruzzo fcarruzzo@kramerlevin.com | 212.715.9203 Insurance Daniel A. Rabinowitz drabinowitz@kramerlevin.com | 212.715.9378 Employment Barry Herzog bherzog@kramerlevin.com | 212.715.9130 Tax Robin Wilcox rwilcox@kramerlevin.com | 212.715.3224 White Collar Defense and Investigations www.kramerlevin.com Funds Talk 2 controls. This may ultimately lead to increased enforcement actions addressing cybersecurity weaknesses. The alert’s focus areas include: Governance and Risk Assessment; Access Rights and Controls; Data Loss Prevention; Vendor Management; Training; and Incident Response. Although large investment advisers may fall victim to the most high-profile cyberattacks, small and emerging companies aren’t exempt from ensuring the protection of their investors. SEC Commissioner Luis Aguilar highlighted this responsibility on Sept. 23, when he pointed out that the majority of targeted cyberattacks in 2014 were aimed at small and midsize businesses. Earlier in 2015, the SEC also published a series of alerts aimed at enhancing protections for both investors and industry members. A Feb. 3 OCIE risk alert provided an examination of the state of preparedness in the industry on matters such as identifying cybersecurity risks; establishing policies, procedures and oversight processes; and addressing risks associated with remote access to client information, funds transfer requests and third-party vendors. Although it provides a mostly high-level overview, the guidance also provides useful information to help private and registered fund managers determine additional measures to ensure their obligations are being met. Specifically, the OCIE examination found the vast majority of examined broker-dealers (93%) and investment advisers (83%) had adopted written information security policies, and most (93% and 79%, respectively) conduct periodic, firmwide risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences. Almost all the broker-dealers (98%) and investment advisers (91%) surveyed utilized some form of encryption technology, while many also provided their clients with information about protecting their sensitive information. Other cybersecurity measures – such as the creation of chief information security officer positions, the use of cybersecurity insurance, and the examination of risk policies relating to vendors and business partners – are also discussed as potential solutions. Funds and advisers should consider the suitability of stand-alone cyber liability insurance and whether enhancements of their existing insurance are available to address potential expenses or damages relating to cybersecurity matters. For example, off-the-rack directors and officers or errors and omissions (“D&O”/“E&O”) insurance policies often have exclusions to coverage that can apply in a cyber breach scenario, but experienced counsel can be useful in identifying and negotiating contractual improvements to ensure a policy’s maximum effectiveness as a financial mitigant of potential cybersecurity-related losses. The SEC isn’t alone in its increased attention to cybersecurity and compliance with existing and relevant laws, regulations and best practices. The U.S. Third Circuit Court of Appeals unanimously affirmed on Aug. 24 a district court’s ruling in FTC v. Wyndham Worldwide Corp. that the Federal Trade Commission (“FTC”) has the authority to regulate a company’s data security practices under Section 5 of the FTC Act, which broadly prohibits “unfair or deceptive acts or practices in or affecting commerce.” In a precedent-setting victory for the FTC, the Third Circuit endorsed the FTC as a key cybersecurity regulator, and the ruling will have an impact across all sectors and may reach private fund managers responsible for handling clients’ confidential financial information, adding another The SEC isn’t alone in its increased attention to cybersecurity and compliance with existing/relevant laws, regulations and best practices. www.kramerlevin.com Funds Talk 3 layer of regulatory scrutiny to their operations. Ultimately, the fact that regulators such as the SEC and the FTC, with apparent encouragement from the White House, are increasingly active in cybersecurity enforcement and advice demonstrates the added importance they are placing on the issue, and fund managers will be expected to keep pace. While a cyberattack itself could be harmful, with the potential for far-reaching reputational and monetary losses, the damages from an enforcement action could be equally significant. n For more information, please contact: Mark F. Parise mparise@kramerlevin.com | 212.715.9276 Samantha V. Ettari settari@kramerlevin.com | 212.715.9395 Proposed FinCEN Regulations Extend Anti-money Laundering Requirements to Certain Private Funds Advisers The Treasury’s Financial Crimes Enforcement Network (“FinCEN”) has proposed anti-money laundering compliance requirements that, if adopted, would extend the Bank Secrecy Act (“BSA”) regulations that govern mutual funds, broker-dealers, banks and insurance companies to also include certain private equity firms and hedge funds. The rules would expand the definition of a “financial institution” to include SEC-registered investment advisers, which could include many asset managers, private equity firms and hedge funds, depending on their structure. The proposed rulemaking would require covered investment advisers to develop specific anti-money laundering (“AML”) programs and procedures for filing suspicious activity reports (“SARs”) when such activity is detected. The proposed rule would require investment advisers to develop and implement a written AML program “reasonably designed to prevent the investment adviser from being used to facilitate money laundering or the financing of terrorist activities and to achieve and monitor compliance with the applicable provisions of the BSA and FinCEN’s implementing regulations.” The plan must be approved in writing – either by the firm’s board of directors or trustees, or by its sole proprietor, general partner or trustee – and must also be made available to FinCEN or the SEC upon request. The plan would be required to meet four minimum requirements: Establish and implement policies, procedures and internal controls; Provide for independent testing for compliance to be conducted by company personnel or by a qualified outside party; Designate a person or persons responsible for implementing and monitoring the program’s operations and internal controls; and Provide ongoing training for appropriate persons. The proposed rules state that FinCEN would delegate examination authority for compliance to the SEC. The agency is not at this time proposing a customer identification program requirement or including within the AML program requirements provisions that were recently proposed for other FinCEN is attempting to improve oversight of areas of the U.S. financial system that it perceives to be vulnerable to market participants engaged in activities such as money laundering, terrorist financing or other illicit acts. www.kramerlevin.com Funds Talk 4 financial institutions. However, the agency says it anticipates addressing those issues with respect to investment advisers in subsequent rulemakings, with customer identification program requirements expected to be addressed via a joint rulemaking effort with the SEC. By strengthening AML measures and increasing SAR requirements, FinCEN is attempting to improve oversight of areas of the U.S. financial system that it perceives to be vulnerable to market participants engaged in activities such as money laundering, terrorist financing or other illicit acts. However, the added requirements will also increase compliance costs and administrative burdens on affected private fund firms. FinCEN is proposing that these requirements be met on or before six months from the effective date of the regulation. The agency is also seeking feedback on the amendments, specifically whether they would have a “significant economic impact on a substantial number of small entities.” The public comment period on the proposed amendments closes on Nov. 2, 2015. n For more information, please contact: Robin Wilcox rwilcox@kramerlevin.com | 212.715.3224 New IRS Ruling Guidance May Cast Doubt on Some Tax-free Spinoffs On Sept. 14, the IRS released new guidance (Notice and Revenue Procedure) limiting the types of spinoffs eligible for private letter rulings, signaling mounting IRS concerns regarding transactions involving companies with significant passive assets. The IRS’ new no-rule areas will increase apprehension for corporations planning spinoffs and for the investors – hedge funds and private equity funds included – that own stakes in those companies and expect tax-free treatment to strengthen their returns. The guidance will impact a number of potential deals that are already in the works, as well as future restructurings. As a result of the IRS position, some pending spinoffs may be subject to an unexpected degree of tax risk, and future spinoffs may require reliance on opinions of counsel regarding tax-free status. Internal Revenue Code Section 355 and related Treasury Regulations outline the many requirements for the distribution by a parent corporation (“Distributing”) of a corporate subsidiary (“Controlled”) to be tax-free. One such requirement is that both Distributing and Controlled must be engaged in the ongoing active conduct of a trade or business (“ATB”) for a period of at least five years preceding the spinoff. Many companies satisfy this requirement with a small operating business that is dwarfed in size and value in comparison with the corporation’s other assets, which may be a trade or business that does not satisfy the ATB requirements for whatever reason or may consist of passive investment assets. Neither the statute nor existing regulations require that the ATB make up a threshold percentage of a corporation’s assets. During the 1990s, the IRS refused to issue private letter rulings confirming the tax-free status of spinoffs when the ATB represented less than 5% of the overall value of the corporation directly conducting the trade or business. Since 2003, there has been no ATB size requirement for the IRS to issue a ruling, and the IRS has issued favorable rulings where the ATB was understood to be much lower – perhaps as low as 1%. The IRS is now reconsidering whether the active business must be of a certain minimum size in order for the ATB requirement to be satisfied. In the Sept. 14 guidance, the IRS said that, except in unique or compelling circumstances, going forward it will not issue Section 355 rulings when the value of the gross assets of the ATB is less than 5% of the overall value of the gross assets of Distributing or Controlled (and their subsidiaries), as applicable. The IRS’ concern about ATB size was highlighted www.kramerlevin.com Funds Talk 5 shortly prior to the release of the guidance, when Yahoo Inc. announced that the agency refused to issue a private letter ruling regarding Yahoo’s plan to spin off its minority stake in Chinese e-commerce company Alibaba Group Holding. The ATB assets in Yahoo’s planned spinoff were estimated to make up less than 0.2% of the value of Yahoo’s Alibaba shares. The IRS also expressed concerns about the increasing number of spinoffs involving the conversion of either Distributing or Controlled into a REIT or a RIC – tax-preferred vehicles that in general do not pay corporate-level income tax. According to the IRS, spinoffs involving conversions to a REIT or a RIC raise significant concerns about the ATB requirement, the statutory prohibition on spinoffs that are mere devices for the distribution of earnings and profits, and the regulatory business purpose requirement. The IRS had previously ruled favorably on Penn National Gaming’s 2013 spinoff of its passive real estate assets to shareholders. Following the distribution, the spun-off corporation leased the properties back to Penn National Gaming and elected REIT status. The Sept. 14 guidance provides that the IRS will no longer issue rulings, except in unique or compelling circumstances, regarding spinoffs that are part of a plan or series of transactions in which Distributing or Controlled converts to a REIT or a RIC. The IRS has also expressed reservations about spinoffs that result in Distributing or Controlled owning a substantial amount of investment assets. Such transactions raise concerns regarding the device prohibition and the business purpose requirement. In addition, Code Section 355(g) taxes certain spinoffs involving a corporation whose investment assets constitute at least two-thirds of the value of the corporation’s assets, but only if any person owns at least 50% of the corporation after, but not before, the spinoff. In the Sept. 14 guidance, the IRS said that it will no longer issue spinoff rulings if immediately after the transaction three factors are present: (i) the fair market value of the investment assets of Distributing or Controlled is two-thirds or more of the total fair market value of its assets; (ii) the fair market value of the gross assets of the ATB of such corporation is less than 10% of the fair market value of its investment assets; and (iii) the ratio of the fair market value of investment assets to other assets of such corporation is three times or more of such ratio for the other corporation. The guidance applies to requests made on or after Sept. 14, 2015. While many transactions will comfortably meet these new standards for rulings, others will face greater ambiguities, which could force them to reconsider their options. In the absence of further guidance or specific rulings from the IRS, many corporations will need to rely more heavily on opinions from counsel while planning, structuring and proceeding with spinoffs. Yahoo, for instance, has indicated its intention to proceed with the spinoff of Alibaba on the basis of an opinion of counsel, despite the IRS’ failure to rule. Ultimately, corporations will have to decide how confident they are in proceeding without an IRS ruling. This will determine whether they proceed with the spinoff as is, restructure the transaction or abandon the plan altogether. n For more information, please contact: Barry Herzog bherzog@kramerlevin.com | 212.715.9130 Rita Celebrezze rcelebrezze@kramerlevin.com | 212.715.9206 The IRS’ new no-rule areas will increase apprehension for corporations planning spinoffs and for the investors – hedge funds and private equity funds included – that own stakes in those companies and expect tax-free treatment to strengthen their returns. www.kramerlevin.com Funds Talk 6 CFTC Proposes Changes to Reporting Obligations for Cleared Swaps In an effort to improve the quality of swap data, the Commodity Futures Trading Commission (“CFTC”) proposed amendments to Part 45 of its regulations governing counterparties’ and registered entities’ reporting obligations for cleared swap transactions. Part 45 establishes both the reporting procedures and the information required to be reported to swap data repositories (“SDR”). While the original framework of Part 45 was premised on the reporting of a single continuous swap, the proposal is intended to better reflect the multi-swap framework of cleared swaps. The proposed rules also seek to eliminate uncertainty regarding which counterparty to a swap is responsible for reporting creation and continuation data for the various components of a cleared swap transaction. Among the changes outlined in the proposed amendments are the addition of the terms “original swap” and “clearing swap.” The proposed rules define an original swap as one that has been accepted for clearing by a derivatives clearing organization (“DCO”), which is commonly known as an “alpha” swap. By comparison, a clearing swap is created under the rules of a DCO that has a DCO as a counterparty, typically referred to as a “beta” or “gamma” swap. DCOs would also be established as the reporting counterparty for swaps. CFTC Chairman Timothy Massad described swaps reporting data as “one of the most important requirements of the Dodd-Frank Wall Street Reform and Consumer Protection Act,” calling the proposal “one big step” toward obtaining useful and timely data as efficiently as possible. The proposed rules state that in cases in which a clearing swap replaces an original swap, DCOs would be required to report creation data for each clearing swap as soon as is technologically practicable after the DCO accepts an original swap for clearing. When a clearing swap doesn’t replace the original swap, DCOs must report creation data as soon as technologically practicable after execution of the clearing swap. Otherwise, the existing requirements for creation data reporting would be largely unchanged. For swaps executed on or pursuant to a swap execution facility (“SEF”) or designated contract market (“DCM”) rules, including original swaps, the SEF or DCM would be required to select the SDR to which creation data for that swap is reported. For all other cases, including off-facility swaps and clearing swaps, the reporting counterparty would be required to select the SDR. In instances where swaps are intended to be cleared at the time of execution, the rules would remove existing confirmation data reporting requirements. The SEFs/DCMs and reporting counterparties would continue to be responsible for reporting primary economic terms (“PET”) data without having to report confirmation data for swaps intended to be submitted to a DCO at the time of execution. Instead, the DCO would report PET and confirmation data for clearing swaps in its creation data reporting. With respect to continuation data for original swaps, a DCO would have to report all such data, including terminations, to the SDR to which the swap was reported, and would require the SDR to accept and record the termination. For a clearing swap, DCOs would be required to report all creation and continuation data to a single SDR. In addition, the proposed rules remove the existing requirement While the original framework of Part 45 was premised on the reporting of a single continuous swap, the proposal is intended to better reflect the multi-swap framework of cleared swaps. www.kramerlevin.com Funds Talk 7 that a swap dealer/major swap participant reporting counterparty must report daily valuation data for cleared swaps. Instead, a DCO would be the only counterparty required to report continuation data, including valuations, for clearing swaps. The CFTC’s amendments also outline certain requirements for unique swap identifier (“USI”) creation and transmission. A DCO would be required to generate and assign a USI to each clearing swap upon, or as soon as technologically practicable after, acceptance of an original swap by the DCO for clearing. A DCO would also need to transmit the USI for a clearing swap electronically both to the SDR to which the DCO reports required swap creation data for the clearing swap and to the DCO’s counterparty as soon as technologically practicable after acceptance of an original swap or execution of a clearing swap. Finally, the proposed rules would modify and add several data fields to the existing PET fields in Part 45. The proposed amendments were based on feedback the CFTC received in 2014 regarding possible improvements to the manner in which swap data reporting rules address cleared swaps. The CFTC is accepting feedback on the proposed amendments until Oct. 30, 2015. n For more information, please contact: Fabien Carruzzo fcarruzzo@kramerlevin.com | 212.715.9203 Julia Papastavridis jpapastavridis@kramerlevin.com | 212.715.9120 Dividend Equivalent Payments — Final and Temporary Regulations Issued On Sept. 18, 2015, the IRS issued final regulations governing “dividend equivalent” payments made to foreign persons. The regulations retain the basic framework set forth in the regulations proposed on Dec. 5, 2013 (the “proposed regulations”), but incorporate several public comments made in response thereto. Internal Revenue Code Section 871(m), which was enacted in 2010 to prevent dividend equivalent payments and substitute dividend payments that are based on U.S. corporate dividends from escaping U.S. federal income taxation, treats a dividend equivalent payment as U.S. source income and thus generally subject to a 30% U.S. federal tax (unless such payment is effectively connected with the payee’s U.S. trade or business, or the rate is eliminated or reduced by treaty). Under the final regulations, a dividend equivalent payment is generally any payment that references the payment of a U.S. source dividend made pursuant to (i) a securities lending transaction or sale-repurchase transaction; (ii) a specified notional principal contract (“NPC”); (iii) a specified equity-linked instrument (“ELI”); or (iv) any other substantially similar payment (each of (i) - (iii), a “Section 871(m) transaction”). As a result, dividend equivalent payments made exclusively between foreign persons could be subject to U.S. tax. Under existing law, a specified NPC is an NPC that has any one of the following characteristics: (i) in connection with entering into the NPC, any long party to the NPC transfers the underlying security to any short party to the NPC; (ii) in connection with the termination of the NPC, any short party to the NPC transfers the underlying security to any long party to the NPC; (iii) the underlying security is not readily tradable on an established securities market; or (iv) in connection with entering into the NPC, the underlying security is posted as collateral by any short party to the NPC with any long party to Dividend equivalent payments made exclusively between foreign persons could be subject to U.S. tax. www.kramerlevin.com Funds Talk 8 the NPC (the “factor test”). Specified ELIs are not expressly subject to Section 871(m) under current law. To determine whether an NPC or ELI is a specified NPC or specified ELI, the proposed regulations replaced the factor test with a delta test. Delta is the degree of correlation between a change in the fair market value of the underlying security and the corresponding change in the fair market value of the NPC or ELI. The proposed regulations provided that an NPC or ELI with a delta of 0.7 or greater would be a specified NPC or specified ELI and thus subject to Section 871(m). The final regulations retain the delta test but, in response to taxpayers, increased the delta threshold to 0.8. By adopting a 0.8 delta test, the IRS tried to cover financial instruments that provide an economic return that is substantially similar to owning the underlying stock itself. The IRS believes that the 0.8 threshold “strikes a balance between the potential over-inclusiveness of the 0.7 delta threshold and the likelihood that a 0.9 (or higher) threshold would exclude transactions with economic returns that closely resemble an underlying security.” For certain complex contracts (e.g., contracts with indeterminate deltas), temporary regulations issued in conjunction with the final regulations set forth a new “substantial equivalence test” for purposes of determining whether a complex NPC or ELI is a specified NPC or specified ELI. In a significant concession to taxpayers and to ease administrative compliance, the final regulations also provide that delta is tested only once upon the issuance of an NPC or ELI (rather than every time an NPC or ELI is acquired, as was provided in the proposed regulations). Dividend equivalent payments are determined on a gross basis and include amounts that expressly reference an actual or estimated dividend payment as well as amounts that are not expressly referenced but are implicitly taken into account in computing one or more terms in the transaction. One example of this is a price return swap (which provides for payments based only on the appreciation of the underlying stock but does not entitle the long party to payments based on dividends) because the pricing of the swap (or other swap terms) is presumed to reflect the estimated dividend payments. In general, the dividend equivalent payment amount for most Section 871(m) transactions will equal the per-share dividend amount paid on the underlying referenced stock multiplied by the number of shares referenced in the Section 871(m) transaction multiplied by the delta that was determined upon issuance (rather than the delta as of the date the dividend equivalent payment amount is determined, as was provided in the proposed regulations). The dividend equivalent payment amount for complex contracts is subject to a different calculation set forth in the temporary regulations. In another significant change in response to taxpayer comments, withholding on dividend equivalent payments generally will be required only when an actual payment is made or there is a final settlement of the Section 871(m) transaction. The proposed regulations, in contrast, provided for withholding on certain upfront payments and prepayments of purchase price and even if there was no actual payment made due to netting provisions or otherwise. The final regulations also adopted rules with respect to several other issues that were addressed in the proposed regulations, including certain exceptions to dividend equivalency and rules relating to qualified indices, combined transactions, derivatives referencing partnership interests, reporting obligations, and contingent and convertible debt instruments. The final and temporary regulations are generally effective Sept. 18, 2015. However, to ensure that brokers have adequate time to develop systems needed for implementation, the final and temporary regulations will generally apply to (i) Section 871(m) transactions that are issued on or after Jan. 1, 2017, and (ii) dividend equivalent payments made on or after Jan. 1, 2018, with respect to Section www.kramerlevin.com Funds Talk 9 NEW YORK 1177 Avenue of the Americas New York, NY 10036 212.715.9100 PARIS 47 avenue Hoche Paris 75008 +33 (0)1 44 09 46 00 SILICON VALLEY 990 Marsh Road Menlo Park, CA 94025 650.752.1700 www.kramerlevin.com 871(m) transactions issued on or after Jan. 1, 2016, and before Jan. 1, 2017. The current rules based on the factor test will remain in effect for Section 871(m) transactions that are issued before Jan. 1, 2016. n For more information, please contact: Barry Herzog bherzog@kramerlevin.com | 212.715.9130 Jason Tomitz jtomitz@kramerlevin.com | 212.715.9322