Insights from Winston & Strawn

SEC Issues Additional Guidance on Cybersecurity

Last week the staff at the Securities and Exchange Commission (“SEC”) Division of Investment Management (the “Division”) issued additional guidance for registered investment advisers and registered investment companies regarding cybersecurity. A copy of that guidance ­ IM­2015­02 ­ can be found here. The Division had previously identified cybersecurity as an important issue for both investment advisers and investment companies as they increase their use of technology and the risk of cyber attacks increase. This new guidance follows on the heels of the February publication by the Office of Compliance Inspections and Examinations of a summary of its observations from examining a number of broker dealers and investment advisers under its cyber security initiative (see here or see our February 9th newsletter discussing the prior release here).

The staff set forth specific measures that it expects investment advisers and investment companies to consider while addressing cybersecurity including (i) conducting periodic reviews of various key components of the firm’s technology and security controls, (ii) creating a strategy designed to “prevent, detect and respond to cybersecurity threats”; and (iii) executing the cybersecurity strategy through written policies and procedures and employee training. Key components to be considered under the first prong include assessment of the: type of information collected and/or stored as well as the technology used to do so, internal and external IT threats, potential effects of a security breach, and the current processes and controls and their effectiveness.

The staff also recommended that firms consider implementing cybersecurity policies as part of their compliance obligations under the securities laws. For example, the staff noted that an adviser’s compliance program “could address cybersecurity risk as it relates to identity theft and data protection, fraud and business continuity.” Compliance programs should be customized based on the size and scope of the firm, but should also take into account cybersecurity risk posed by the firm’s third party service providers.

In light of the financial data breaches that have received significant media attention in the last year, and the SEC’s stated focus, registered investment advisers and investment companies should pay close attention to this new guidance and reassess their compliance programs against the staff’s recommendations.

Sterling Sears

Feature: Pay Versus Performance

Last Wednesday the SEC published for comment proposed rules that would require companies to disclose the relationship between executive compensation and the financial performance of a company.  Mandated by the Dodd­Frank Wall Street Reform and Consumer Protection Act (the “Dodd­Frank Act”), the “pay versus performance” rule would require a company to disclose executive pay and performance information for itself and companies in a peer group in a table and to tag the information in an interactive data format. The proposed disclosure would be required in proxy or information statements in which executive compensation disclosure is required. The information would be disclosed in a new table that lists: (1) the actual compensation paid to the principal executive officer, which would be the total compensation as disclosed in the summary compensation table already required in the proxy statement with adjustments to the amounts included for pensions and equity awards; (2) an average of the reported amounts for the remaining named executive officers; (3) the company’s total shareholder return (“TSR”) on an annual basis; and (4) the TSR of the companies in a peer group, also on an annual basis.

The disclosure would be required for the last five fiscal years, except that smaller reporting companies would only be required to provide disclosure for the last three fiscal years. In addition, smaller reporting companies would not be required to present a peer group.

Using the information presented in the table, companies would be required to describe the relationship between the executive compensation actually paid and the company’s TSR, and the relationship between the company’s TSR and the TSR of its selected peer group. This disclosure could be in the form of a narrative, graph, or a combination of the two.

The proposal includes a phase­in period. Companies, other than smaller reporting companies, would be required to provide the information for three years in the first proxy statement or information statement in which they provide the disclosure, adding another year of disclosure in each of the two subsequent annual proxy filings that require this disclosure. Smaller reporting companies would initially provide the information for two years, adding an additional year in their subsequent annual proxy or information statement that requires this disclosure.

Comments should be submitted within 60 days after publication in the Federal Register, which is expected during the week of May 4, 2015. SEC Press Release.

In her remarks introducing the proposal at the SEC’s open meeting, SEC Chair Mary Jo White mentioned the issues in the reports in which she is most interested. They include: whether TSR is the optimal measure of financial performance; whether there are other measures that would provide useful information to shareholders that would be consistent with the statutory mandate to take into account changes in the stock value and any distributions; whether shareholders are likely to use the information with respect to investments or voting decisions; whether shareholders are likely to use this information to compare the companies in which they invest; and finally, whether investors in smaller reporting companies will use this information and the costs to these companies of providing this information. White Statement.

Concurring in the publication of the proposal, SEC Commissioner Luis A. Aguilar cited studies which suggested an inverse correlation between executive pay and company performance. While acknowledging that in some respects the proposal is simply requiring disclosure of already disclosed data, he noted that the proposed rule requires that the data be presented in a manner designed to help shareholders correlate the company’s executive compensation with the company’s financial performance. Aguilar Statement.

Dissenting from the decision to propose the rule was SEC Commissioner Daniel M. Gallagher, who suggested a more prudential approach. Instead of a “pay for performance” rule, Gallagher would prefer one which required large firms to disclose how they evaluate the executive compensation actually paid as it relates to the firm’s financial performance. In that way, “[i]nvestors would be able to evaluate whether they agree with the company’s determination of what “;pay” and “performance” mean, as well as the company’s assessment of the relationship between the two.”

Gallagher also questioned the use of TSR to measure performance. In his view, TSR may overemphasize short­ term performance at the expense of long­term shareholder value creation. Gallagher Statement.

FINRA – Regulatory Matters at a Glance

Please click here to view a summary of the regulatory notices, rule filings, guidance and the like published by the Financial Industry Regulatory Authority (“FINRA”) during the previous month,

Banking Agency Developments

Federal Reserve Board Publishes Repot on Banking Applications Activity

On April 30th, the Federal Reserve Board released its Semiannual Report on Banking Applications Activity, which provides aggregate information on proposals filed by banking organizations and reviewed by the Federal Reserve. The report covers the period from July 1, 2014 to December 31, 2014. Federal Reserve Board Press Release.

Conditions Improving in OCC Southern District

On April 30th, the Office of the Comptroller of the Currency (“OCC”) reported improving conditions among community national banks and federal savings associations in the nine states that make up the OCC’s Southern District. OCC Press Release.

Rules for Appraisal Management Companies Are Adopted

On April 30th, six federal financial regulatory agencies issued a final rule that implements minimum requirements for state registration and supervision of appraisal management companies (“AMC”). An AMC is an entity that provides appraisal management services to lenders or underwriters or other principals in the secondary mortgage markets. The new rule will be effective 60 days after publication in the Federal Register, which is expected shortly. Joint Agency Press Release.

OCC Workshops

The OCC will host a workshop in Raleigh, North Carolina June 8­10, 2015 for directors of national community banks and federal savings associations. The Building Blocks for Directors workshop introduces new bank directors to the OCC’s approach to supervision and provides experienced bank directors with a review of core concepts. The workshop combines lectures, discussion, and exercises to provide practical information on the roles and responsibilities of board participation. The workshop focuses on directors’ duties and core responsibilities, discusses major laws and regulations, and increases familiarity with the examination process. OCC Raleigh Workshop Press Release. The following week the OCC will host two workshops in Jacksonville, Florida. The Risk Governance workshop on June 16, 2015 provides practical information for directors to effectively measure and manage risks. The workshop also focuses on the OCC’s approach to risk­based supervision and major risks in the financial industry. The Compliance Risk workshop on June 17, 2015 discusses the critical elements of an effective compliance risk management program. The workshop also focuses on major compliance risks and critical regulations. OCC Jacksonville Workshop Press Release.

Securities and Exchange Commission

Proposed Rules

Cross­Border Security­Based Swaps

On April 29th, the SEC published for comment proposed rules that would govern the application of certain requirements to security­based swap transactions connected with a non­U.S. person’s dealing activity in the United States. The proposed rules would require a non­U.S. company that uses U.S. personnel to arrange, negotiate, or execute a transaction in connection with its dealing activity to include that transaction in determining whether it is required to register as a security­based swap dealer. These transactions would also be subject to the reporting and public dissemination requirements under Regulation SBSR and, if the non­U.S. firm is a registered security­based swap dealer, to the external business conduct standards of Title VII of the Dodd­Frank Act. The proposed rules also address certain other matters, including who is required to report certain transactions involving non­U.S. persons. Comments should be submitted within 60 days after publication in the Federal Register, which is expected during the week of May 4. SEC Press Release. In her comments introducing the proposal, SEC Chair Mary Jo White noted the improvements the proposed rule makes to previously proposed rules. She noted that by focusing on dealing activity, the approach proposed here should facilitate the ability of market participants to apply the proposed rule. White noted, “Under today’s proposal, a non­U.S. dealer would need to look only to where its own personnel or its agent’s personnel engage in certain market­facing activity with respect to a particular security­based swap transaction. If those personnel are located in a U.S. branch or office, various Title VII requirements would and should apply to the transaction.” White Statement. SEC Commissioner Kara M. Stein noted that some questions remain unanswered regarding cross­border security­ based swaps, such as, “[i]If a security­based swap is executed in the U.S. but booked, for example, in Europe, does it make sense that the swap should be subject to the U.S. clearing mandate? . . . Moreover, when combined with appropriate substituted compliance, might that be one of the best ways to strengthen the regulatory floor internationally?” Stein Statement.


Two Trust Indenture Act CDIs Withdrawn

On April 24th, the Division of Corporation Finance withdrew two Compliance and Disclosure Interpretations (“CDI”) related to the Trust Indenture Act. Both CDI 202.01 and 203.01 concerned beneficial ownership interests in a trust administered pursuant to a “pooling and servicing agreement.” Outdated or Superseded CDIs.

Other Developments

SEC Chair Discusses Whistleblower Program

On April 30th, SEC Chair Mary Jo White gave a talk at Northwestern University School of Law entitled “The SEC as Whistleblower Advocate.” White acknowledged that many view whistleblowers with ambivalence and that this ambivalence can manifest itself in an unlawful response by an employer. The SEC, as evidenced by its recent enforcement actions, is cracking down on that misconduct. In addition, the agency has intervened in several private cases to argue that the anti­retaliation protections of the Dodd­Frank Act should apply to individuals who internally report potential securities laws violations as well as to those who make disclosures directly to the SEC. And White defended the SEC’s enforcement action against KBR, Inc. for using improperly restrictive language in confidentiality agreements that could interfere with the whistleblowing process. See In the Matter of KBR, Inc., SEC Release No. 34­74619. Contrary to what some have claimed, that proceeding was not an example of rulemaking by enforcement. SEC “Rule 21F­17,” White noted, “clearly states that no action may be taken to impede an individual from communicating directly with the SEC staff about possible securities law violations, including by enforcing or threatening to enforce confidentiality agreements that could be read to limit such communications. . . . And enforcing a rule for the first time does not mean that we are engaged in rulemaking by enforcement.” The SEC is also concerned by reports that some firms may be requiring employees to either forego whistleblower awards or to affirm that they have not reported misconduct to the SEC as a condition to receiving a severance payment. White Remarks.

Crafting Settlements

On April 30th, the Wall Street Journal noted how banks settling with the Commodity Futures Trading Commission have crafted their consents so that they can avoid having to seek waivers of automatic disqualification provisions from the SEC. Crafty Settlements.

Money Market Fund Guidance

On April 29th, Crane Data discussed the SEC’s April 22, 2015 money market fund guidance, focusing on issues related to the disclosures required by Rule 2a­7(h)(10)(iii) (website disclosure of shadow NAV) for funds with portfolio securities maturing in 60 days or less. MMF Guidance (registration required).

Management Disconnect (the Accounting Version)

On April 27th, Compliance Week summarized the recent remarks of Brian Croteau, the SEC’s deputy chief accountant, concerning persistent findings of deficiencies in the effectiveness of management review controls. Croteau speculates on why this is so, asking whether a possible disconnect exists between how companies implement the SEC’s guidance on this issue and how auditors apply the Public Company Accounting Oversight Board’s audit alert regarding this matter. Disconnect.

As Cyber Threats Evolve, So Does the Guidance

On April 27th, Accounting Today analyzed CF Disclosure Guidance: Topic No. 2, in which the Division of Corporation Finance presented its views regarding disclosure obligations relating to cybersecurity risks and cyber incidents, and how that guidance has evolved since it was first published in 2011. Evolving Guidance.

Missing Element

On April 26th, Reuters noted that a representative from the retail brokerage industry was missing from the SEC’s list of members named to its Market Structure Advisory Committee,. Committee Member.

DERA Researches Securities­Based Swaps

On April 24th, the Division of Economic and Risk Analysis published “Single­Name Corporate Credit Default Swaps: Background Data Analysis on Voluntary Clearing Activity.” The paper analyzes metrics related to notional amounts, liquidity, and pricing data availability and how those metrics may affect the criteria the SEC is required to consider when determining whether to require mandatory central clearing of security­based swaps.

Compliance Outreach Seminars

The SEC announced the schedule for the Compliance Outreach Program regional seminars the agency is giving in six cities later this year. The seminars are jointly sponsored by the SEC’s Office of Compliance Inspections and Examinations, Division of Investment Management, and Division of Enforcement’s Asset Management Unit. The events provide an opportunity for SEC staff to share information about risks, priorities, and deficiencies observed in examinations or investigations and to discuss how senior executives and compliance professionals have addressed such matters. SEC Press Release.

Commodity Futures Trading Commission

End­User Trade Option Exemption Proposed

On April 30th, the Commodity Futures Trading Commission (“CFTC”) published for comment a proposed rulemaking that would reduce reporting and recordkeeping requirements for trade option counterparties that are neither swap dealers nor major swap participants (“Non­SD/MSPs”), including commercial end­users that transact in trade options in connection with their businesses. The proposal would eliminate the Form TO annual notice reporting requirement for otherwise unreported trade options in CFTC Regulation 32.3(b). Instead, a Non­ SD/MSP would only need to provide notice to the CFTC’s Division of Market Oversight (“DMO”) within 30 days after entering into trade options (whether reported or unreported) that have an aggregate notional value in excess of $1 billion in any calendar year. Such notice could also be filed early upon the Non SD/MSP’s reasonable expectation to reach such levels. Comments should be submitted within 30 days after publication in the Federal Register, which is expected during the week of May 4. CFTC Press Release.

Global Markets Advisory Committee to Meet

The CFTC’s Global Markets Advisory Committee will hold a public meeting on May 14, 2015. The meeting will focus on issues related to assessing clearinghouse safeguards and the CFTC’s proposal on the cross­border application of its margin requirements for uncleared swaps. The meeting will consist of two panels. The first panel will discuss clearinghouse capital contributions as well as clearinghouse stress testing. The second panel will discuss the CFTC’s proposal regarding cross­border application of its margin requirements for uncleared swaps. 80 FR 23506.

Federal Rules Effective Dates

May 2015 ­ July 2015

Commodity Futures Trading Commission

May 26, 2015             Residual Interest Deadline for Futures Commission Merchants. 80 FR 15507.

Federal Deposit Insurance Corporation

July 1, 2015               Restrictions on Sale of Assets of a Failed Institution by the Federal Deposit Insurance Corporation. 80 FR 22886.

Federal Reserve Board

May 15, 2015             Regulations Q, Y, and LL: Small Bank Holding Company Policy Statement; Capital Adequacy of Board­Regulated Institutions; Bank Holding Companies; Savings and Loan Holding Companies. 80 FR 20153.

Securities and Exchange Commission.

June 19, 2015            Amendments for Small and Additional Issues Exemptions Under the Securities Act (Regulation A). 80 FR 21805.

June 15, 2015            Nationally Recognized Statistical Rating Organizations. 79 FR 55077.

[This rule is effective November 14, 2014; except the amendments to Sec. 240.17g­3(a) (7) and (b)(2) and Form NRSRO, which are effective on January 1, 2015; and the amendments to Sec. 240.17g­2(a)(9), (b)(13) through (15), Sec. 240.17g­5(a)(3)(iii)(E), (c)(6) through (8), Sec. 240.17g­7(a) and (b), and Form ABS­15G, which are effective June 15, 2015. The addition of Sec. Sec. 240.15Ga­2, 240.17g­8, 240.17g­9, 240.17g­ 10, and Form ABS Due Diligence­15E are effective June 15, 2015.]

May 18, 2015             Regulation SBSR­Reporting and Dissemination of Security­Based Swap Information. 80 FR 14563.

Security­Based Swap Data Repository Registration, Duties, and Core Principles. 80 FR 14437.

Exchanges and Self­Regulatory Organizations

The Depository Trust Company

Rule Proposed to Mitigate Settling Bank Risk

On April 29th, the SEC provided notice of The Depository Trust Company’s (“DTC”) filing of proposed revisions to the DTC Settlement Service Guide to provide that any Settling Bank that does not timely acknowledge its end­of­ day net­net settlement balance or notify DTC of its refusal to settle for one or more participants for which it is the designated settling bank, would be deemed to have acknowledged its end­of­day net­net settlement balance.

Comments should be submitted within 21 days after publication in the Federal Register, which is expected during the week of May 4. SEC Release No. 34­74830.

Financial Industry Regulatory Authority


On April 30th, Reuters summarized the prepared testimony which Financial Industry Regulatory Authority (“FINRA”) CEO Richard Ketchum is expected to deliver to a House Financial Services subcommittee. Ketchum will tell lawmakers that FINRA will not proceed with its Comprehensive Automated Risk Data System until industry concerns have been resolved. Ketchum Testimony.

Overseeing the Supervisor

On April 30th, Think Advisor discussed the findings of a Government Accountability Office (“GAO”) report on the SEC’s oversight of FINRA. The GAO found that the SEC’s risk­based supervision of FINRA should be made more robust. Supervision.

Miami International Securities Exchange

Enhancements to Order Type Functionality Proposed

On April 24th, the SEC provided notice of the Miami International Securities Exchange’s filing of proposed amendments to Rule 515. The proposed changes would add additional enhancements to the functionality of two order types ­ Customer Cross Order and Qualified Contingent Cross Order ­ that the Exchange believes should be included in the Rules prior to deployment of the Qualified Contingent Cross Order functionality. Both order types were included in the original MIAX Rules that were approved as part of its registration as a national securities exchange. Comments should be submitted on or before May 21, 2015. SEC Release No. 34­74809.


Changes to Listing Manual for Early Stage Companies Proposed

On April 30th, the SEC provided notice of the New York Stock Exchange’s filing of proposed amendments to Sections 312.03(b) and 312.04 of the NYSE Listed Company Manual to exempt early stage companies from having to obtain shareholder approval before issuing shares to related parties, affiliates of related parties, or entities in which a related party has a substantial interest. Comments should be submitted within 21 days after publication in the Federal Register, which is expected during the week of May 4. SEC Release No. 34­74849.

Proposed Elimination of Certain Order Type Combinations Is Approved

On April 23rd, the SEC approved NYSE Arca’s proposed rule change to reorganize, revise and clarify the order type and order modifier definitions found in NYSE Arca Equities Rule 7.31; make certain conforming and clarifying changes to Rules 7.35, 7.36, 7.37, and 7.38; and eliminate certain order type functionality from the restructured rule. SEC Release No. 34­74796.

Industry News

A Source of Strength

On May 1st, Seton Hall Law School professor Stephen J. Lubben, writing for DealBook, asked why regulators have yet to write Dodd­Frank Act­authorized rules implementing the “source of strength” doctrine, which requires bank holding companies to support their regulated banks. The employment of that doctrine would subject bank holding companies to the Dodd­Frank Act’s orderly liquidation authority thus ending the quandary of how to address the failure of a large financial institution that includes an insured depository institution. A Source of Strength.

Fed Governor Supports Scaled Regulation

On April 30th, Reuters summarized the recent remarks of Federal Reserve Board Governor Daniel Tarullo. Tarullo called for scaled regulation of banks easing, for example, the capital rules for banks with $10 billion or less in assets and exempting them from proprietary trading prohibitions. Scaled Regulation.

International Regulators Assess Algorithmic Trading Risks

On April 30th, the Senior Supervisors Group, which is comprised of senior financial supervisors from 10 countries, issued a report that assesses risks associated with algorithmic trading and identifies risk­based control principles and questions for supervisors and supervised firms to consider when assessing the current control environment. New York Fed Press Release.

Layering Suspensions

On April 30th, Bloomberg reported CME Group has suspended two traders for “layering,” placing buy and sell orders in an effort to create the appearance of market activity with no intent of completing the transactions. The technique was allegedly used by Navinder Singh Sarao, the British trader who is currently under arrest in the U.K. Suspensions.

Annuity Trends

On April 30th, Investment News highlighted recent trends in new variable annuity contracts. Annuities.

On­Line Brokerage Is Liable

On April 28th, Reuters reported that a divided FINRA arbitration panel ruled that online brokerage firm Interactive Brokers LLC is responsible for the risky day­trading activities of Robert Dillard, whose actions caused a trust fund for which he was the trustee to lose $725,000. Liability of Brokerage.

Super­Sized Incentives for Annuity Sellers

On April 28th, Senator Elizabeth Warren announced she has sent letters to the largest annuity providers asking about incentives they provide to the brokers who sell annuities and the possible conflicts of interest such incentives may create. Warren Press Release. The incentives cited by Warren include “NFL Super Bowl­Style” rings with rubies and diamonds, and trips to resorts. Incentive Examples.

Spoofing Proof

On April 27th, DealBook reviewed the spoofing charges levelled against Navinder Singh Sarao, the British futures trader accused of contributing to the May 6, 2010 flash crash, and the difficulty of proving those charges. Spoofing Proof.