Investment Fund Law Blog

InvestmentFundLawBlog

Updates and Insights on Legal Issues Facing Fund Managers and Investors

Cyber Crimes Target Hedge Funds

Posted in Private Funds

Threats go way beyond simple theft of client information — Can you fend off a big heist?

Recently, the government identified hedge funds as a “weak link in the U.S. financial system’s defense against hackers and terrorists.” The messenger was no less than John Carlin, head of the Justice Department’s National Security Division, speaking at this year’s annual SALT hedge fund conference in Las Vegas. Since then, there have been reports that some of the biggest names in asset management and banking were affected by cyber-attacks. It is, in fact, a Who’s Who of asset managers, banks, and brokers.

This February, the SEC’s summary of its cybersecurity sweep has revealed that over three-quarters of the 100 brokers and advisers examined were subject to cyber-attacks, directly or through third-party service providers, even though upward of 80% of broker and adviser firms have implemented cybersecurity policies. The SEC followed up with guidance in April, making it clear that it intends to conduct more exams of advisers. These exams will be “more substantial,” with longer onsite visits and sit-down meetings with senior management.

Yet for all the heartburn caused by these SEC examinations, they seem to be only scratching the surface when it comes to the types of cyber-threats confronting hedge funds.

The SEC notes that it is focusing on protecting “client assets” by reviewing security measures such as password storage and the vetting of third parties. Those kinds of questions and exam goals indicate that the SEC is mostly interested in protecting against the theft of client data and information. But those are by no means the only potentially damaging threats faced by investment advisers nor are they the only ones that can impact investor assets.

As Carlin pointed out in his comments, hedge funds are a particularly desirable target for criminal cartels, foreign governments, and militaries around the world, basically anyone seeking profit, disruption in financial systems, or both. Hedge funds have valuable and vast assets, including their trading strategies and trades, as well as algorithms, in addition to those the SEC is worried about. Hedge funds are also easier to hack than banks, which have recently reinforced their cybersecurity defenses and, unlike most hedge funds, have teams available to handle the threats.

All hedge fund managers and investment advisers should therefore question how effective their cybersecurity controls are in light of the following real threats posed by cyber-criminals:

  • Hacking and stealing your strategy and algorithms. They will use your own and your employees’ handheld and portable devices, social media posts, and blogs, for phishing and otherwise hacking your internal systems. They will use high-frequency trading algorithms to steal your proprietary trade information in order to front-run you or otherwise engage in manipulative trading. They will steal and use your algorithms to replicate your strategy.
  • Blackmailing and extortion. They will hack and encrypt your data, and blackmail you for payment in return for your data. The Department of Justice is reportedly working with several hedge funds on just such cyber-extortion cases, as Carlin remarked.
  • Corrupting your data and crippling your trading process: They will use a form of malware that will intentionally distort or change data, making information unreliable at best or useless at worst. Perhaps even worse, the corruption of proprietary algorithms used to make investment decisions could go unnoticed for some time. In that event, advisers and their clients face losses, regulatory action, and reputational damage following the disclosure – likely mandatory — of such an incident.
  • Wiping your data: Perhaps the most dreaded of all attacks: hackers have repeatedly demonstrated their ability to literally wipe servers clean of data. Victims are left scrambling to reconstruct files either from scattered data backups or even paper records. This process is extremely laborious and time- consuming, and is not guaranteed in any way to completely restore records. In fact, this type of event is virtually guaranteed to put a broker/dealer or investment adviser out of business, as the reputational damage alone will likely be catastrophic.
  • Disrupting your operations: Too many companies take for granted the availability of their information technology systems. And, when those systems fail, managers tend to assume a technical fault that can be resolved quickly. As the cyber-attack on Sony Pictures proved, however, any company can be paralyzed by the deliberate introduction of malware, which also happened in 2013 to a large hedge fund. A well-crafted attack can render a company unable to do business for months at a time. Unfortunately, the tools and skills needed to conduct such an attack against you are readily available across the globe.

The key takeaway is this: just focusing on making sure hackers don’t break into accounts to steal investor information is not enough. There are many other ways hackers can wreak havoc, and the financial industry has to be prepared to respond to that wide variety of scenarios.

Stay tuned for our article on tips to prevent, detect and respond to cyber-attacks.

Ildiko Duckor is a partner and co-head of Pillsbury Winthrop Shaw Pittman LLP’s Investment Funds and Investment Management Practice. She specializes in hedge funds. She can be reached at ildiko.duckor@pillsburylaw.com or 415-983-1035.

Brian Finch (@BrianEFinch) is a partner in Pillsbury Winthrop Shaw Pittman LLP’s Public Policy Practice. He specializes in cybersecurity. He can be reached at brian.finch@pillsburylaw.com or 202-663-8062.

REMINDER: FBAR FinCEN Report 114 Filing Deadline

Posted in Broker-Dealers, Investment Advisers, Private Funds, Registered Investment Companies

A U.S. person with a financial interest in or signature authority over a foreign bank, securities (including brokerage account, margin account, mutual fund, trust) or other financial account in another country that has an aggregate value exceeding $10,000 at any time during the 2014 calendar year must file FinCEN Report 114 by June 30, 2015. FinCEN Report 114 supersedes Form TD F 90-22.1. Individuals filing the report must file electronically through the BSA E-Filing System.

For additional information on filing FBAR, see the Treasury Department’s FBAR E-Filing FAQs and the BSA E-Filing System FAQs.

If you need assistance, please call an attorney in our Investment Funds and Investment Management group.

BE-10 Deadline Extended

Posted in Investment Advisers, Private Equity, Private Funds

The Bureau of Economic Analysis (BEA) has extended the deadline to file Form BE-10, Benchmark Survey of U.S. Direct Investment Abroad, to June 30, 2015, for all new filers.

For information on Form BE-10 filing, please read our recent article HERE.

Further information on BE-10 is available at the BEA website.

 

Fintech and Finance: How to be Part of the Fintech Investment Boom

Posted in Private Equity

This article was originally published in Tech City News on May 6, 2015.

Much has been made of the UK’s growing fintech industry. Research published by Accenture in 2014 showed the UK and Ireland enjoyed a growth rate outstripping the rest of Europe and Silicon Valley over the past five years.

However, the more mature US technology sector and investment culture means UK businesses lag behind their US counterparts in attracting the investment to move them through the stages of growth. So what can early-stage, consumer-facing fintech companies do to make themselves more attractive to investment from private equity houses and venture capitalists?

READ MORE…

SEC Proposes Rules to Modernize Reporting by Investment Advisers and Investment Companies

Posted in Advisory, Investment Advisers, Private Funds, Registered Investment Companies

The Securities and Exchange Commission (SEC) today proposed rules, forms and amendments to modernize and enhance the reporting and disclosure of information by investment advisers and investment companies.

Investment advisers. The investment adviser proposed rules would amend the investment adviser registration and reporting form (Form ADV), and Investment Advisers Act Rule 204-2. On Form ADV, the proposed rules would require investment advisers to provide additional information for the SEC and investors to better understand the risk profile of individual advisers and the industry. Investment advisers would be required to report, among other things, detailed information about their separately managed accounts, including assets under management and types of assets held in the accounts. The proposed amendments to Investment Advisers Act Rule 204-2 would require advisers to maintain records of performance calculations and communications related to performance.

Investment companies. The investment company proposed rules would enhance data reporting for mutual funds, ETFs and other registered investment companies.  The proposals would require a new monthly portfolio reporting form (Form N-PORT) and a new annual reporting form (Form N-CEN) that would require census-type information.  The information would be reported in a structured data format, which would allow the SEC and the public to better analyze the information.  The proposals would also require enhanced and standardized disclosures in financial statements, and would permit mutual funds and other investment companies to provide shareholder reports by making them accessible on a website.

Highlights of the investment adviser and investment company proposals are available HERE.

The SEC is requesting for comments which should be submitted to be received within 60 days from publication of the proposed rules in the Federal Register.

Have you filed your BE-10? Deadline is approaching

Posted in Client Alert, Investment Advisers, Private Equity, Private Funds
  • Mandatory reporting required by the Bureau of Economic Analysis on Form BE-10 – 2014 Benchmark Survey of U.S. Direct Investment Abroad
  • Investment managers, general partners, hedge funds and private equity funds are among those that may have to file

What is BE-10?

BE-10 is a benchmark survey of U.S. direct investment abroad, conducted once every five years by the Bureau of Economic Analysis (“BEA”) of the U.S. Department of Commerce. The purpose of the survey is to obtain economic data on the operations of U.S. parent companies and their foreign affiliates. The BE-10 survey is conducted pursuant to the International Investment and Trade in Services Survey Act, and the filing of reports is mandatory pursuant to Section 5(b)(2) of that Act. BE-10 reports are kept confidential and used for statistical analysis.

What is the filing deadline?

May 29, 2015 - if you are a U.S. Reporter (defined below) filing to report fewer than 50 Foreign Affiliates (defined below).

June 30, 2015 - if you are a U.S. Reporter filing to report 50 or more Foreign Affiliates.

Extensions. The BEA will consider reasonable requests for extensions if received before the applicable due date of the report. Extension requests should “enumerate the substantive reasons necessitating the extension” on the form provided by the BEA.

Who must file?

All U.S. persons that had direct or indirect ownership or control (each, a “U.S. Reporter”) of at least 10%[i] of the voting stock of a foreign business enterprise (a “Foreign Affiliate”) at any time during the entity’s 2014 fiscal year must file.

Any U.S. general partner or investment manager of a private fund could be a U.S. Reporter, and any hedge fund, private equity fund, or other private fund could be either a U.S. Reporter or a Foreign Affiliate, if they meet the above criteria.

READ MORE…

____________________

[i] A U.S. Reporter’s ownership interest in a Foreign Affiliate may be held indirectly through a directly held Foreign Affiliate that owned the given foreign enterprise. You must “look through” all intervening foreign enterprises in the chain to determine whether you hold a foreign business enterprise to the extent of 10% or more. To calculate your ultimate ownership percentage, multiply the direct ownership percentage in the first Foreign Affiliate by that first Foreign Affiliate’s direct ownership percentage in the second enterprise in the chain, multiplied by the direct ownership percentage for all other intervening enterprises in the ownership chain, until you reach the ownership percentage in the final foreign business enterprise. To illustrate, if a U.S. Reporter owned 50% of Foreign Affiliate A directly, and A owned 75% of foreign business enterprise B which, in turn, owned 80% of foreign business enterprise C, the U.S. Reporter’s percentage of indirect ownership of B would be 37.5% (the product of the first two percentages), its indirect ownership of C would be 30% (the product of all three percentages), and B and C (as well as A) would be considered Foreign Affiliates of the U.S. Reporter.

Read this article and additional publications at pillsburylaw.com/publications-and-presentations.

HEDGE FUND TITANS FALL AT HELM OF SEC CHARGES FOR IMPROPER EXPENSE ALLOCATIONS

Posted in Advisory, Investment Advisers, Private Funds

The expense provisions of many private fund governing documents are becoming longer and more detailed for good reason – increased Securities and Exchange Commission (SEC) scrutiny and prosecution relating to expense allocation and disclosure.

On April 29th, the SEC announced charges against Alpha Titans LLC, a hedge fund advisory firm, its principal, Timothy P. McCormack and its general counsel, Kelly D. Kaeser, for improper use of fund assets to pay expenses that were not previously disclosed to fund investors. According to the SEC, office rent, employee salaries and benefits and other expenses totaling more than $450,000 were paid by two affiliated private funds without adequate disclosure or authorization. The SEC further alleged that Alpha Titans, McCormack and Kaeser sent investors audited financials that did not disclose that approximately $3 million of expenses pertained to transactions involving affiliates of McCormack.

According to the SEC, the funds’ outside auditor, Simon Lesser, was aware of the manner in which expenses and assets were allocated, yet approved audit reports containing unqualified opinions that the financial statements were presented fairly. He was charged with engaging in improper professional conduct in connection with an audit of the funds’ financial statements. The advisory firm also was charged with custody rule violations relating to its distribution on non-GAAP-compliant financial statements.

All of the charges were settled without admission or denial of responsibility; however, not without significant cost. McCormack and Kaeser will be barred from the securities industry for one year and Kaeser will be unable to represent an SEC-regulated entity for one year. Lesser will be suspended from providing accounting services on behalf of an entity regulated by the SEC for at least three years. Substantial monetary penalties also were assessed and the advisory firm and its principal agreed to pay disgorgement and prejudgment interest.

The lesson for private funds, their advisers and outside auditors is simple. First, fund documents should clearly, accurately and thoroughly disclose the types and amounts of expenses to be charged to the fund or its investors. Second, fund managers must allocate expenses and use fund assets strictly in accordance with the relevant provisions in the fund documents. Finally, outside auditors must be diligent in reviewing expense allocations and the use of fund assets to determine compliance with fund documents.

There should be no doubt that the risk of non-compliance is real.

Cybersecurity Guidance Issued by the SEC’s Division of Investment Management

Posted in Advisory, Investment Advisers, Registered Investment Companies

The Division of Investment Management (the “Division”) of the Securities and Exchange Commission issued a cybersecurity guidance identifying cybersecurity of registered investment companies (“funds”) and registered investment advisers (“advisers”) as an important issue. Recognizing the rapidly changing nature of cyber threats and consequently, the necessity for funds and advisers to protect sensitive information including information of fund investors and advisory clients, the Division is suggesting a number of measures that funds and advisers may wish to consider in addressing the issue. To mitigate cybersecurity risk, the Division suggests that funds and advisers: 1) conduct a periodic assessment of their technology system and security controls and processes to identify potential cybersecurity threats and vulnerabilities, 2) create a strategy that is designed to prevent, detect and respond to cybersecurity threats, and 3) implement the strategy through written policies and procedures, training of officers and employees, and investor and client education. In addition, the Division also suggests that funds and advisers may wish to consider reviewing their operations and compliance programs whether they have measures in place that mitigate their exposure to cybersecurity risk, as well as assessing whether protective cybersecurity measures are in place at service providers that they rely on in carrying out their business operations.

A full version of the cybersecurity guidance is available HERE.

Please call an Investment Funds and Investment Management attorney with your inquiries regarding your firm’s cybersecurity risks and compliance procedures that address them.

INVESTMENT ADVISER CONFLICTS OF INTEREST – BlackRock Censured; Compliance Officer Personally Liable

Posted in Advisory, Investment Advisers, Private Funds

On April 20, 2015, the Securities and Exchange Commission (“SEC”) issued an order against an investment advisory firm and its former chief compliance officer, for violating Sections 206(2) and 206(4) and rule 206(4)-7 of the Investment Advisers Act and rule 38a-1 of the Investment Company Act. The SEC charged BlackRock Advisors LLC with breaching its fiduciary duty by failing to disclose a conflict of interest involving the outside business activity of one of its top-performing portfolio managers, Daniel J. Rice III. BlackRock agreed to be censured and to settle the charges by paying a $12 million penalty and engaging an independent compliance consultant to conduct an internal review.

During his tenure as an energy sector portfolio manager at BlackRock, Rice founded an oil and gas exploration and production company, formed a joint venture with a public company held in his managed funds, and acquired a second public company also held in BlackRock portfolios. BlackRock learned of Rice’s outside business activity, but allowed him to continue his involvement. The SEC found that BlackRock failed to report the conflicts of interest to the board of directors of the affected registered funds or advisory clients and failed to monitor and reassess Rice’s outside business activity after discovering the conflicts of interest. The SEC also censured BlackRock for failing to maintain and implement internal policies regarding the outside activities of employees. While Blackrock’s policies required employees to report potential conflicts and to seek pre-approval before serving on a board of directors, the firm failed to outline how employees’ outside activities would be assessed for conflicts purposes or to identify the individuals responsible for assessing outside activities.

Additionally, the SEC found BlackRock’s former chief compliance officer personally liable for causing the failure by BlackRock funds to report material compliance matters—namely Rice’s violation of BlackRock’s private investment policy—to their board of directors. The ex-officer agreed to pay a $60,000 civil penalty to settle the charge.

If you have question concerning your firm’s internal policies on the outside business activities of employees, please reach out to your Pillsbury attorney contact.

Department of Labor Ups Fiduciary Responsibility in ERISA Proposal

Posted in Advisory, Investment Advisers, Private Funds

On April 14, 2015, the Department of Labor issued its much anticipated re-proposal of regulations defining and expanding the persons who are treated as ERISA fiduciaries.  Under the proposal, subject to certain exceptions, all persons who  provide investment advice or recommendations for a fee to an employer-sponsored  retirement plan, plan fiduciary, plan participant, IRA or IRA owner would be deemed “fiduciaries”.  Other than investment education and “order taking”, most other investment sales related activities will result in fiduciary status.  Some of these advisors are subject to federal securities laws, others are not.

Being a fiduciary means that the advisor must provide impartial advice and put the client’s best interest first and must not accept any compensation payments creating conflicts of interest unless the payments qualify for an exemption (newly proposed) intended to ensure that the customer is adequately protected.  If the regulations are finalized, compliance with the terms of the new exemption will be a necessary condition for continuing many of the compensation practices currently in use by the investment industry.

We expect to issue a Client Alert on the Proposal and new Rule.  If you have any questions, please feel free to contact our Funds or Employee Benefits attorneys.