Insights from Winston & Strawn
SEC Issues Additional Guidance on Cybersecurity
Last week the staff at the Securities and Exchange Commission (“SEC”) Division of Investment Management (the “Division”) issued additional guidance for registered investment advisers and registered investment companies regarding cybersecurity. A copy of that guidance IM201502 can be found here. The Division had previously identified cybersecurity as an important issue for both investment advisers and investment companies as they increase their use of technology and the risk of cyber attacks increase. This new guidance follows on the heels of the February publication by the Office of Compliance Inspections and Examinations of a summary of its observations from examining a number of broker dealers and investment advisers under its cyber security initiative (see here or see our February 9th newsletter discussing the prior release here).
The staff set forth specific measures that it expects investment advisers and investment companies to consider while addressing cybersecurity including (i) conducting periodic reviews of various key components of the firm’s technology and security controls, (ii) creating a strategy designed to “prevent, detect and respond to cybersecurity threats”; and (iii) executing the cybersecurity strategy through written policies and procedures and employee training. Key components to be considered under the first prong include assessment of the: type of information collected and/or stored as well as the technology used to do so, internal and external IT threats, potential effects of a security breach, and the current processes and controls and their effectiveness.
The staff also recommended that firms consider implementing cybersecurity policies as part of their compliance obligations under the securities laws. For example, the staff noted that an adviser’s compliance program “could address cybersecurity risk as it relates to identity theft and data protection, fraud and business continuity.” Compliance programs should be customized based on the size and scope of the firm, but should also take into account cybersecurity risk posed by the firm’s third party service providers.
In light of the financial data breaches that have received significant media attention in the last year, and the SEC’s stated focus, registered investment advisers and investment companies should pay close attention to this new guidance and reassess their compliance programs against the staff’s recommendations.
Feature: Pay Versus Performance
Last Wednesday the SEC published for comment proposed rules that would require companies to disclose the relationship between executive compensation and the financial performance of a company. Mandated by the DoddFrank Wall Street Reform and Consumer Protection Act (the “DoddFrank Act”), the “pay versus performance” rule would require a company to disclose executive pay and performance information for itself and companies in a peer group in a table and to tag the information in an interactive data format. The proposed disclosure would be required in proxy or information statements in which executive compensation disclosure is required. The information would be disclosed in a new table that lists: (1) the actual compensation paid to the principal executive officer, which would be the total compensation as disclosed in the summary compensation table already required in the proxy statement with adjustments to the amounts included for pensions and equity awards; (2) an average of the reported amounts for the remaining named executive officers; (3) the company’s total shareholder return (“TSR”) on an annual basis; and (4) the TSR of the companies in a peer group, also on an annual basis.
The disclosure would be required for the last five fiscal years, except that smaller reporting companies would only be required to provide disclosure for the last three fiscal years. In addition, smaller reporting companies would not be required to present a peer group.
Using the information presented in the table, companies would be required to describe the relationship between the executive compensation actually paid and the company’s TSR, and the relationship between the company’s TSR and the TSR of its selected peer group. This disclosure could be in the form of a narrative, graph, or a combination of the two.
The proposal includes a phasein period. Companies, other than smaller reporting companies, would be required to provide the information for three years in the first proxy statement or information statement in which they provide the disclosure, adding another year of disclosure in each of the two subsequent annual proxy filings that require this disclosure. Smaller reporting companies would initially provide the information for two years, adding an additional year in their subsequent annual proxy or information statement that requires this disclosure.
Comments should be submitted within 60 days after publication in the Federal Register, which is expected during the week of May 4, 2015. SEC Press Release.
In her remarks introducing the proposal at the SEC’s open meeting, SEC Chair Mary Jo White mentioned the issues in the reports in which she is most interested. They include: whether TSR is the optimal measure of financial performance; whether there are other measures that would provide useful information to shareholders that would be consistent with the statutory mandate to take into account changes in the stock value and any distributions; whether shareholders are likely to use the information with respect to investments or voting decisions; whether shareholders are likely to use this information to compare the companies in which they invest; and finally, whether investors in smaller reporting companies will use this information and the costs to these companies of providing this information. White Statement.
Concurring in the publication of the proposal, SEC Commissioner Luis A. Aguilar cited studies which suggested an inverse correlation between executive pay and company performance. While acknowledging that in some respects the proposal is simply requiring disclosure of already disclosed data, he noted that the proposed rule requires that the data be presented in a manner designed to help shareholders correlate the company’s executive compensation with the company’s financial performance. Aguilar Statement.
Dissenting from the decision to propose the rule was SEC Commissioner Daniel M. Gallagher, who suggested a more prudential approach. Instead of a “pay for performance” rule, Gallagher would prefer one which required large firms to disclose how they evaluate the executive compensation actually paid as it relates to the firm’s financial performance. In that way, “[i]nvestors would be able to evaluate whether they agree with the company’s determination of what “;pay” and “performance” mean, as well as the company’s assessment of the relationship between the two.”
Gallagher also questioned the use of TSR to measure performance. In his view, TSR may overemphasize short term performance at the expense of longterm shareholder value creation. Gallagher Statement.
FINRA – Regulatory Matters at a Glance
Please click here to view a summary of the regulatory notices, rule filings, guidance and the like published by the Financial Industry Regulatory Authority (“FINRA”) during the previous month,
Banking Agency Developments
Federal Reserve Board Publishes Repot on Banking Applications Activity
On April 30th, the Federal Reserve Board released its Semiannual Report on Banking Applications Activity, which provides aggregate information on proposals filed by banking organizations and reviewed by the Federal Reserve. The report covers the period from July 1, 2014 to December 31, 2014. Federal Reserve Board Press Release.
Conditions Improving in OCC Southern District
On April 30th, the Office of the Comptroller of the Currency (“OCC”) reported improving conditions among community national banks and federal savings associations in the nine states that make up the OCC’s Southern District. OCC Press Release.
Rules for Appraisal Management Companies Are Adopted
On April 30th, six federal financial regulatory agencies issued a final rule that implements minimum requirements for state registration and supervision of appraisal management companies (“AMC”). An AMC is an entity that provides appraisal management services to lenders or underwriters or other principals in the secondary mortgage markets. The new rule will be effective 60 days after publication in the Federal Register, which is expected shortly. Joint Agency Press Release.
The OCC will host a workshop in Raleigh, North Carolina June 810, 2015 for directors of national community banks and federal savings associations. The Building Blocks for Directors workshop introduces new bank directors to the OCC’s approach to supervision and provides experienced bank directors with a review of core concepts. The workshop combines lectures, discussion, and exercises to provide practical information on the roles and responsibilities of board participation. The workshop focuses on directors’ duties and core responsibilities, discusses major laws and regulations, and increases familiarity with the examination process. OCC Raleigh Workshop Press Release. The following week the OCC will host two workshops in Jacksonville, Florida. The Risk Governance workshop on June 16, 2015 provides practical information for directors to effectively measure and manage risks. The workshop also focuses on the OCC’s approach to riskbased supervision and major risks in the financial industry. The Compliance Risk workshop on June 17, 2015 discusses the critical elements of an effective compliance risk management program. The workshop also focuses on major compliance risks and critical regulations. OCC Jacksonville Workshop Press Release.
Securities and Exchange Commission
CrossBorder SecurityBased Swaps
On April 29th, the SEC published for comment proposed rules that would govern the application of certain requirements to securitybased swap transactions connected with a nonU.S. person’s dealing activity in the United States. The proposed rules would require a nonU.S. company that uses U.S. personnel to arrange, negotiate, or execute a transaction in connection with its dealing activity to include that transaction in determining whether it is required to register as a securitybased swap dealer. These transactions would also be subject to the reporting and public dissemination requirements under Regulation SBSR and, if the nonU.S. firm is a registered securitybased swap dealer, to the external business conduct standards of Title VII of the DoddFrank Act. The proposed rules also address certain other matters, including who is required to report certain transactions involving nonU.S. persons. Comments should be submitted within 60 days after publication in the Federal Register, which is expected during the week of May 4. SEC Press Release. In her comments introducing the proposal, SEC Chair Mary Jo White noted the improvements the proposed rule makes to previously proposed rules. She noted that by focusing on dealing activity, the approach proposed here should facilitate the ability of market participants to apply the proposed rule. White noted, “Under today’s proposal, a nonU.S. dealer would need to look only to where its own personnel or its agent’s personnel engage in certain marketfacing activity with respect to a particular securitybased swap transaction. If those personnel are located in a U.S. branch or office, various Title VII requirements would and should apply to the transaction.” White Statement. SEC Commissioner Kara M. Stein noted that some questions remain unanswered regarding crossborder security based swaps, such as, “[i]If a securitybased swap is executed in the U.S. but booked, for example, in Europe, does it make sense that the swap should be subject to the U.S. clearing mandate? . . . Moreover, when combined with appropriate substituted compliance, might that be one of the best ways to strengthen the regulatory floor internationally?” Stein Statement.
Two Trust Indenture Act CDIs Withdrawn
On April 24th, the Division of Corporation Finance withdrew two Compliance and Disclosure Interpretations (“CDI”) related to the Trust Indenture Act. Both CDI 202.01 and 203.01 concerned beneficial ownership interests in a trust administered pursuant to a “pooling and servicing agreement.” Outdated or Superseded CDIs.
SEC Chair Discusses Whistleblower Program
On April 30th, SEC Chair Mary Jo White gave a talk at Northwestern University School of Law entitled “The SEC as Whistleblower Advocate.” White acknowledged that many view whistleblowers with ambivalence and that this ambivalence can manifest itself in an unlawful response by an employer. The SEC, as evidenced by its recent enforcement actions, is cracking down on that misconduct. In addition, the agency has intervened in several private cases to argue that the antiretaliation protections of the DoddFrank Act should apply to individuals who internally report potential securities laws violations as well as to those who make disclosures directly to the SEC. And White defended the SEC’s enforcement action against KBR, Inc. for using improperly restrictive language in confidentiality agreements that could interfere with the whistleblowing process. See In the Matter of KBR, Inc., SEC Release No. 3474619. Contrary to what some have claimed, that proceeding was not an example of rulemaking by enforcement. SEC “Rule 21F17,” White noted, “clearly states that no action may be taken to impede an individual from communicating directly with the SEC staff about possible securities law violations, including by enforcing or threatening to enforce confidentiality agreements that could be read to limit such communications. . . . And enforcing a rule for the first time does not mean that we are engaged in rulemaking by enforcement.” The SEC is also concerned by reports that some firms may be requiring employees to either forego whistleblower awards or to affirm that they have not reported misconduct to the SEC as a condition to receiving a severance payment. White Remarks.
On April 30th, the Wall Street Journal noted how banks settling with the Commodity Futures Trading Commission have crafted their consents so that they can avoid having to seek waivers of automatic disqualification provisions from the SEC. Crafty Settlements.
Money Market Fund Guidance
On April 29th, Crane Data discussed the SEC’s April 22, 2015 money market fund guidance, focusing on issues related to the disclosures required by Rule 2a7(h)(10)(iii) (website disclosure of shadow NAV) for funds with portfolio securities maturing in 60 days or less. MMF Guidance (registration required).
Management Disconnect (the Accounting Version)
On April 27th, Compliance Week summarized the recent remarks of Brian Croteau, the SEC’s deputy chief accountant, concerning persistent findings of deficiencies in the effectiveness of management review controls. Croteau speculates on why this is so, asking whether a possible disconnect exists between how companies implement the SEC’s guidance on this issue and how auditors apply the Public Company Accounting Oversight Board’s audit alert regarding this matter. Disconnect.
As Cyber Threats Evolve, So Does the Guidance
On April 27th, Accounting Today analyzed CF Disclosure Guidance: Topic No. 2, in which the Division of Corporation Finance presented its views regarding disclosure obligations relating to cybersecurity risks and cyber incidents, and how that guidance has evolved since it was first published in 2011. Evolving Guidance.
On April 26th, Reuters noted that a representative from the retail brokerage industry was missing from the SEC’s list of members named to its Market Structure Advisory Committee,. Committee Member.
DERA Researches SecuritiesBased Swaps
On April 24th, the Division of Economic and Risk Analysis published “SingleName Corporate Credit Default Swaps: Background Data Analysis on Voluntary Clearing Activity.” The paper analyzes metrics related to notional amounts, liquidity, and pricing data availability and how those metrics may affect the criteria the SEC is required to consider when determining whether to require mandatory central clearing of securitybased swaps.
Compliance Outreach Seminars
The SEC announced the schedule for the Compliance Outreach Program regional seminars the agency is giving in six cities later this year. The seminars are jointly sponsored by the SEC’s Office of Compliance Inspections and Examinations, Division of Investment Management, and Division of Enforcement’s Asset Management Unit. The events provide an opportunity for SEC staff to share information about risks, priorities, and deficiencies observed in examinations or investigations and to discuss how senior executives and compliance professionals have addressed such matters. SEC Press Release.
Commodity Futures Trading Commission
EndUser Trade Option Exemption Proposed
On April 30th, the Commodity Futures Trading Commission (“CFTC”) published for comment a proposed rulemaking that would reduce reporting and recordkeeping requirements for trade option counterparties that are neither swap dealers nor major swap participants (“NonSD/MSPs”), including commercial endusers that transact in trade options in connection with their businesses. The proposal would eliminate the Form TO annual notice reporting requirement for otherwise unreported trade options in CFTC Regulation 32.3(b). Instead, a Non SD/MSP would only need to provide notice to the CFTC’s Division of Market Oversight (“DMO”) within 30 days after entering into trade options (whether reported or unreported) that have an aggregate notional value in excess of $1 billion in any calendar year. Such notice could also be filed early upon the Non SD/MSP’s reasonable expectation to reach such levels. Comments should be submitted within 30 days after publication in the Federal Register, which is expected during the week of May 4. CFTC Press Release.
Global Markets Advisory Committee to Meet
The CFTC’s Global Markets Advisory Committee will hold a public meeting on May 14, 2015. The meeting will focus on issues related to assessing clearinghouse safeguards and the CFTC’s proposal on the crossborder application of its margin requirements for uncleared swaps. The meeting will consist of two panels. The first panel will discuss clearinghouse capital contributions as well as clearinghouse stress testing. The second panel will discuss the CFTC’s proposal regarding crossborder application of its margin requirements for uncleared swaps. 80 FR 23506.
Federal Rules Effective Dates
May 2015 July 2015
Commodity Futures Trading Commission
May 26, 2015 Residual Interest Deadline for Futures Commission Merchants. 80 FR 15507.
Federal Deposit Insurance Corporation
July 1, 2015 Restrictions on Sale of Assets of a Failed Institution by the Federal Deposit Insurance Corporation. 80 FR 22886.
Federal Reserve Board
May 15, 2015 Regulations Q, Y, and LL: Small Bank Holding Company Policy Statement; Capital Adequacy of BoardRegulated Institutions; Bank Holding Companies; Savings and Loan Holding Companies. 80 FR 20153.
Securities and Exchange Commission.
June 19, 2015 Amendments for Small and Additional Issues Exemptions Under the Securities Act (Regulation A). 80 FR 21805.
June 15, 2015 Nationally Recognized Statistical Rating Organizations. 79 FR 55077.
[This rule is effective November 14, 2014; except the amendments to Sec. 240.17g3(a) (7) and (b)(2) and Form NRSRO, which are effective on January 1, 2015; and the amendments to Sec. 240.17g2(a)(9), (b)(13) through (15), Sec. 240.17g5(a)(3)(iii)(E), (c)(6) through (8), Sec. 240.17g7(a) and (b), and Form ABS15G, which are effective June 15, 2015. The addition of Sec. Sec. 240.15Ga2, 240.17g8, 240.17g9, 240.17g 10, and Form ABS Due Diligence15E are effective June 15, 2015.]
May 18, 2015 Regulation SBSRReporting and Dissemination of SecurityBased Swap Information. 80 FR 14563.
SecurityBased Swap Data Repository Registration, Duties, and Core Principles. 80 FR 14437.
Exchanges and SelfRegulatory Organizations
The Depository Trust Company
Rule Proposed to Mitigate Settling Bank Risk
On April 29th, the SEC provided notice of The Depository Trust Company’s (“DTC”) filing of proposed revisions to the DTC Settlement Service Guide to provide that any Settling Bank that does not timely acknowledge its endof day netnet settlement balance or notify DTC of its refusal to settle for one or more participants for which it is the designated settling bank, would be deemed to have acknowledged its endofday netnet settlement balance.
Comments should be submitted within 21 days after publication in the Federal Register, which is expected during the week of May 4. SEC Release No. 3474830.
Financial Industry Regulatory Authority
FINRA Holds Its CARDS
On April 30th, Reuters summarized the prepared testimony which Financial Industry Regulatory Authority (“FINRA”) CEO Richard Ketchum is expected to deliver to a House Financial Services subcommittee. Ketchum will tell lawmakers that FINRA will not proceed with its Comprehensive Automated Risk Data System until industry concerns have been resolved. Ketchum Testimony.
Overseeing the Supervisor
On April 30th, Think Advisor discussed the findings of a Government Accountability Office (“GAO”) report on the SEC’s oversight of FINRA. The GAO found that the SEC’s riskbased supervision of FINRA should be made more robust. Supervision.
Miami International Securities Exchange
Enhancements to Order Type Functionality Proposed
On April 24th, the SEC provided notice of the Miami International Securities Exchange’s filing of proposed amendments to Rule 515. The proposed changes would add additional enhancements to the functionality of two order types Customer Cross Order and Qualified Contingent Cross Order that the Exchange believes should be included in the Rules prior to deployment of the Qualified Contingent Cross Order functionality. Both order types were included in the original MIAX Rules that were approved as part of its registration as a national securities exchange. Comments should be submitted on or before May 21, 2015. SEC Release No. 3474809.
Changes to Listing Manual for Early Stage Companies Proposed
On April 30th, the SEC provided notice of the New York Stock Exchange’s filing of proposed amendments to Sections 312.03(b) and 312.04 of the NYSE Listed Company Manual to exempt early stage companies from having to obtain shareholder approval before issuing shares to related parties, affiliates of related parties, or entities in which a related party has a substantial interest. Comments should be submitted within 21 days after publication in the Federal Register, which is expected during the week of May 4. SEC Release No. 3474849.
Proposed Elimination of Certain Order Type Combinations Is Approved
On April 23rd, the SEC approved NYSE Arca’s proposed rule change to reorganize, revise and clarify the order type and order modifier definitions found in NYSE Arca Equities Rule 7.31; make certain conforming and clarifying changes to Rules 7.35, 7.36, 7.37, and 7.38; and eliminate certain order type functionality from the restructured rule. SEC Release No. 3474796.
A Source of Strength
On May 1st, Seton Hall Law School professor Stephen J. Lubben, writing for DealBook, asked why regulators have yet to write DoddFrank Actauthorized rules implementing the “source of strength” doctrine, which requires bank holding companies to support their regulated banks. The employment of that doctrine would subject bank holding companies to the DoddFrank Act’s orderly liquidation authority thus ending the quandary of how to address the failure of a large financial institution that includes an insured depository institution. A Source of Strength.
Fed Governor Supports Scaled Regulation
On April 30th, Reuters summarized the recent remarks of Federal Reserve Board Governor Daniel Tarullo. Tarullo called for scaled regulation of banks easing, for example, the capital rules for banks with $10 billion or less in assets and exempting them from proprietary trading prohibitions. Scaled Regulation.
International Regulators Assess Algorithmic Trading Risks
On April 30th, the Senior Supervisors Group, which is comprised of senior financial supervisors from 10 countries, issued a report that assesses risks associated with algorithmic trading and identifies riskbased control principles and questions for supervisors and supervised firms to consider when assessing the current control environment. New York Fed Press Release.
On April 30th, Bloomberg reported CME Group has suspended two traders for “layering,” placing buy and sell orders in an effort to create the appearance of market activity with no intent of completing the transactions. The technique was allegedly used by Navinder Singh Sarao, the British trader who is currently under arrest in the U.K. Suspensions.
On April 30th, Investment News highlighted recent trends in new variable annuity contracts. Annuities.
OnLine Brokerage Is Liable
On April 28th, Reuters reported that a divided FINRA arbitration panel ruled that online brokerage firm Interactive Brokers LLC is responsible for the risky daytrading activities of Robert Dillard, whose actions caused a trust fund for which he was the trustee to lose $725,000. Liability of Brokerage.
SuperSized Incentives for Annuity Sellers
On April 28th, Senator Elizabeth Warren announced she has sent letters to the largest annuity providers asking about incentives they provide to the brokers who sell annuities and the possible conflicts of interest such incentives may create. Warren Press Release. The incentives cited by Warren include “NFL Super BowlStyle” rings with rubies and diamonds, and trips to resorts. Incentive Examples.
On April 27th, DealBook reviewed the spoofing charges levelled against Navinder Singh Sarao, the British futures trader accused of contributing to the May 6, 2010 flash crash, and the difficulty of proving those charges. Spoofing Proof.