Financial Institution Regulation April 17, 2019

FINRA Issues New Guidance Regarding Customer Communications Relating to Departing Registered Representatives

By William E. Goydan and R. Andrew Austria

As recognized by new guidance from the Financial Industry Regulatory Authority (FINRA), the departure of a registered representative often prompts customer questions about the departing representative and the continued servicing of a customer’s account. In light of the continued frequency of movement of registered representatives from, or among, member firms, FINRA issued guidance on April 5, 2019, regarding what information it expects member firms to communicate to customers upon the departure of a registered representative.

Pursuant to FINRA Regulatory Notice 19-10, FINRA expects member firms to: (1) promptly and clearly communicate to affected customers how their accounts will continue to be serviced; and (2) subject to privacy and other legal requirements, provide customers with timely and complete answers, if known, to questions about a departing representative.

Under this new guidance, FINRA expects member firms to implement policies and procedures that “assure that the customers serviced by that registered representative are aware of how their account will be serviced at the member firm, including how and to whom the customer may direct questions and trade instructions following the representative’s departure and, if and when assigned, the representative to whom the customer is now assigned at the member firm.” As with all customer communications, FINRA expects that the information provided by member firms about a departing registered representative to be fair, balanced and not misleading.

Practical Considerations

As with any new guidance, firms should review their existing policies and procedures in order to assess the need for potential enhancements. With respect to FINRA’s expectation that firms will have policies and procedures designed to promptly provide information to customers related to the continued servicing of their accounts, a firm’s existing communications program should be reviewed to ensure that all of the necessary information listed above is in fact promptly communicated to customers. Furthermore, firms should also review their policies and procedures (as well as their training programs) regarding how to respond to customer inquiries relating to a departed registered representative. In light of this new guidance, as well as a matter of risk management, firms should consider practices and procedures that ensure consistent and timely responses to customer inquiries concerning a departed registered representative and that take into account applicable privacy and other legal requirements.

While FINRA’s recent guidance will likely become a new point of contention in arbitration and litigation involving departing registered representatives, a firm’s implementation of appropriate policies and procedures will help to mitigate litigation risk, as well as related regulatory inquiries and exposure.

Should you wish to discuss the requirements and/or implications of FINRA Regulatory Notice 19-10, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims March 22, 2019

Key Lessons for Colleges and Universities from Operation Varsity Blues

By George J. Terwilliger III, Joshua Davey and Lawrence J. Cameron

On March 12, 2019, the United States Attorney’s Office for the District of Massachusetts announced federal criminal charges in “Operation Varsity Blues,” the largest college admissions case ever prosecuted by the Department of Justice. Fifty people have been charged for their involvement in what prosecutors describe as a nationwide conspiracy to get the children of wealthy parents into elite colleges around the country. As alleged, wealthy parents paid tens of thousands of dollars to facilitate cheating on college entrance exams to increase their children’s test scores. Additionally, many of the parents are accused of paying hundreds of thousands of dollars in bribes to college officials to secure their children’s acceptance into colleges as athletic recruits using fabricated athletic credentials.

The defendants accused of facilitating these schemes, including the university officials, and college entrance exam proctors and examiners, have been charged with racketeering conspiracy under the federal RICO statute. The parents accused of paying the bribes have been charged with conspiracy to commit mail fraud and wire fraud. Other charges levied against various defendants include money laundering and tax fraud.

Potential Vulnerabilities for Colleges and Universities

Beyond the individuals implicated in the criminal investigation, certain allegations made by prosecutors create risk for colleges and universities. For example, prosecutors have alleged that certain bribe payments were used for the benefit of college athletics programs or were wired directly into college accounts.

Within days of the operation being made public, lawsuits were filed against many of the figures involved, including the colleges. A class-action lawsuit filed in the U.S. District Court for the Northern District of California against some of the colleges referenced in the charging documents should be of particular concern to schools around the country. That lawsuit alleges that the colleges at issue fraudulently represented that their admissions processes were neutral and merit-based, when they knew or should have known that some students were admitted through corruption.

Although DOJ has stated that the schools involved in Operation Varsity Blues are not the targets of their current investigation “right now,” plaintiffs’ lawyers throughout the country as well as state Attorneys General, and other state and federal prosecutors, could seek to pursue similar theories against schools throughout the country.

Recommendations In the Wake of Operation Varsity Blues

As the FBI put it when it announced these charges, these allegations “strike at the core of the college admissions process at universities across the country.” Based on the potential risks, colleges should consider a proactive approach. This should begin with having an outside assessment of all aspects of admissions policies and procedures to identify any processes in need of revision, as well as implementation of robust compliance procedures. Admission preferences, particularly related to athletics, should be a focus. Identifying and eliminating weaknesses and vulnerabilities in the admissions process may be critical in protecting colleges from regulatory and private civil action. Having this done strategically by outside legal counsel and within the confidentiality protections of attorney-client privilege is imperative.

In addition to thoroughly vetting their admissions processes, colleges and universities should also examine the controls and level of due diligence that they impose over the application process and consider requiring verification by parents and students of the accuracy of the information in the application and attestation by parents and students that no payments, contributions to third parties, gifts or favors have been made to anyone in connection with the admission process.

Conducting an internal review is particularly important in light of the potential for federal enforcement action. As we have previously commented, recent changes to DOJ’s enforcement policy favor those who self-investigate, make prompt voluntary self-disclosure of violations, fully cooperate with DOJ investigations, remediate swiftly and meaningfully, and implement effective compliance programs.

In view of the unprecedented focus on the integrity of the admission process by federal prosecutors, it should be expected that future related action will follow. Regulators, accrediting agencies, other state or federal prosecutors, alumni and aggrieved private parties may be contemplating whether to address the perceived inequities. Executive management of all educational institutions should take immediate steps to assess their vulnerabilities and implement prudent policies to regulate the admissions processes. Governing boards and the public will likely demand no less.

Finally, educational institutions should assess whether their insurance policies may provide coverage for “Varsity Blues” related investigations or litigation. Many institutions are ensured under the higher education equivalent of directors & officers’ liability policies. These policies go by different names, such as a “higher education non-profit liability policy,” and typically provide coverage for loss incurred on account of a “claim” arising out of a “wrongful act.” Policy definitions of “claim” vary, but may include civil litigation and governmental investigations. Many policies define “wrongful act” broadly to include any actual or alleged act, error, omission, misstatement, misleading statement, neglect or breach of duty, by an insured. Educational institutions may also have other types of insurance policies that may also provide coverage for these types of claims. Institutions should understand what coverage is available and be prepared to give notice promptly if a claim is asserted.

Immigration and Worksite Enforcement March 12, 2019

Employer Update: DHS Extends Temporary Protected Status and Work Authorization for El Salvador, Haiti, Sudan, and Nicaragua

By Susan C. Rodriguez and Matthew Orso

The Department of Homeland Security (DHS) announced on March 1, 2019, an extension of the Temporary Protected Status (TPS) for qualifying individuals from El Salvador, Haiti, Sudan, and Nicaragua. DHS also announced a nine-month automatic extension of these TPS beneficiaries’ Employment Authorization Documents (EADs), allowing beneficiaries to work in the United States until January 2, 2020. The Department took this action to ensure its continued compliance with the preliminary injunction order of the U.S. District Court for the Northern District of California in Ramos v. Nielsen, No. 18–cv–01554 (N.D. Cal. Oct. 3, 2018).

The announcement provided welcome news to employers awaiting word on whether they could continue to employ individuals with work authorization expiring on March 4, 2019. However, the January 2, 2020, extension could change in the future depending on the outcome of the lawsuit.

For now, employers should be prepared when reviewing employment documentation of new or current employees from these four countries. Taking an adverse employment action against a TPS beneficiary under the mistaken belief that they cannot work because their EAD card is expired can subject a company to investigation by the Department of Justice’s Immigrant and Employee Rights Section and can result in significant fines. Current employees from these four countries who are TPS beneficiaries need not provide any further documentation to continue working. However, employers must take steps to update these employees’ Form I-9s to remain complaint with federal law.

The Federal Register notice provides guidance to employers on updating Form I-9s for existing employees. Specifically, the notice instructs:

For Section 1, the employee should:

Draw a line through the work authorization expiration date in Section 1;
Write 1/2/20 above the previous date; and
Initial and date the correction in the margin of Section 1.

For Section 2, employers should:

Determine if the Employment Authorization Document (EAD) is auto-extended by confirming the EAD’s code category is A12 or C19 and has one of the following expiration dates:

7/22/2017
11/02/2017
1/5/2018
1/22/2018
3/9/2018

11/2/2018
1/5/2019
4/22/2019
7/22/2019
9/9/2019

If the EAD is auto-extended:

Draw a line through the expiration date in Section 2;
Write 1/2/20 above the previous date; and
Initial and date the correction in the Additional Information field in Section 2.

The notice also provides specific instructions for completing Form I-9s for new hires falling under TPS protected status.

This notice received little attention upon its release, but it has a far-reaching impact on employers throughout the United States. For employers and HR professionals, understanding and complying with this Federal Register notice will help mitigate risk and avoid potentially costly mistakes.

Sanctions, Trade Embargo, and Export Controls March 11, 2019

What the Venezuela Sanctions May Mean for Future Sanctions Programs

By Alex J. Brackett, Emily P. Gordy, Jeffrey M. Hanna and Patrick Rowan

When the Trump Administration designated Venezuelan state-owned oil producer Petreoleos de Venezuela (“PdVSA”) on January 28, 2019, pursuant to preexisting sanctions relating to the political situation created by the Maduro regime, it sent a significant but not unanticipated ripple through the global petroleum markets. The impact of the sanctions for commodities traders and petroleum refiners—particularly in the U.S. Gulf Coast, where PdVSA’s steady supply of heavy crude has long been a sizable staple feedstock—was fairly immediate, and appears to have had the intended effect of isolating PdVSA, impairing its production capabilities and reducing its cash revenues. According to industry reports, many of the larger commodity traders around the world have largely if not entirely backed away from trading in PdVSA crude, and PdVSA has been cut off from its primary sources of naphtha and other diluents it needs to move its heavy crude through pipelines. Whether the sanctions will have the intended political effect of forcing regime change in Venezuela remains to be seen.

Although at a high level the PdVSA sanctions are not functionally different from other OFAC sanctions designations, their political contours, the immediacy of the underlying humanitarian crisis in Venezuela, and the proximity and entanglement of PdVSA in U.S. markets—including the fact that one of PdVSA’s most valuable assets is the U.S.-based Citgo—makes them appear like a different creature. So, what can the Venezuela sanctions, as imposed against PdVSA, tell us about the future of U.S. sanctions?

Possibly, Nothing

All sanctions regimes, export controls, import controls and other forms of trade restriction are reflections of foreign policy. In the case of sanctions, their form and function tends to be highly particularized to the political situation at issue. The Venezuela sanctions appear unique in part because of the specific circumstances in which they are imposed: Maduro’s government is in crisis, Venezuela is a significant crude producer and exporter for the international oil market, and PdVSA is a critical element of the Venezuelan economy and of great symbolic importance to the Venezuelan people. Combine that with Venezuela’s physical proximity to the United States and the fact that the imposition of sanctions against PdVSA is cutting that company off from its biggest export market and cutting U.S. refiners off from one of their largest sources of feedstock, and you have a uniquely impactful sanctions action that is unlikely to be repeated.

It’s Complicated

Sanctions can be a blunt instrument, but they can also be a precise tool, as they appear to be here. The Venezuela sanctions continue a trend of applying incremental pressure to targeted sectors of an economy or particular operators in that sector, without going so far as to impose a comprehensive embargo against an entire country. Unlike the Russia/Ukraine sectoral sanctions, the Venezuela sanctions, through the PdVSA designation, went from incremental to exponential in the pressure being applied. But like the sectoral sanctions, the Venezuela sanctions are more complex in design and application. It is reasonable to expect that future sanctions programs will probably look more like the Venezuela sanctions and Russia/Ukraine sectoral sanctions than the Cuba embargo.

Sanctions to the Front

As of this writing, the Maduro regime remains in place and it is unclear whether the regime change being sought by the Trump Administration will occur—at least in a reasonably orderly fashion. Regardless of that outcome, the PdVSA designation has certainly impacted the political conversation, and moved Venezuela’s political and humanitarian crisis more to the forefront in terms of U.S. and international awareness and attention. As a result, it is possible that the current and future administrations will feel emboldened to consider the use of sanctions more liberally, particularly if Maduro does step aside without internal armed conflict or outside military intervention. On that point, we can’t ignore that the Trump administration has not shied away from applying sanctions and appears ready and willing to do so to further its foreign policy agenda.

For now, we remain relatively early in the life cycle of the PdVSA designation, with the first wind-down deadlines set to pass and the global commodities markets remaining in a wait-and-see posture. More time needs to pass before we will have a clear understanding of the likely political and economic trajectory of the situation in Venezuela, and that clarity may remain elusive. For now, we have to view the posture of the Venezuela sanctions as dynamic and subject to significant change with limited notice.

Compliance February 7, 2019

Positive FCA Enforcement Trend for Defense Contractors: DOJ Reaffirms Commitment to Exercise Statutory Authority to Dismiss

By Jeremy Byrum, Edwin O. Childs, Christina Egan and Todd R. Steggerda

Following recent changes to Department of Justice policy regarding individual accountability in government investigations of corporate wrongdoing, DOJ has recently further demonstrated its willingness to consider a flexible approach in applying the False Claims Act.

In a January 28, 2019 speech by Deputy Associate Attorney General Stephen Cox to the 2019 Advanced Forum on False Claims and Qui Tam Enforcement, DOJ reaffirmed its commitment to applying the so-called Granston Memo, which sets forth the factors under which DOJ may dismiss qui tam actions under the False Claims Act. False Claims Act enforcement remains a key DOJ enforcement priority, but DOJ is now expressly allowing government investigators to exercise discretion in identifying qui tam actions that should be dismissed.

Issued in January 2018, the Granston Memo described the DOJ’s exercise of its authority to dismiss qui tam cases brought under the False Claims Act pursuant to 31 U.S.C. § 3730(c)(2)(A). Authored by the Director of the DOJ’s Commercial Litigation Branch, Fraud Section, Michael Granston, the Memo was generally interpreted as a signal of DOJ’s greater willingness to consider dismissing certain qui tam matters pursuant to its statutory authority. Specifically, the Granston Memo set forth a list of seven factors under which the DOJ historically exercised its statutory right to dismiss qui tam actions:

Curbing meritless qui tam matters
Preventing parasitic or opportunistic qui tam actions
Preventing interference with agency policies and programs
Controlling litigation brought on behalf of the United States
Safeguarding classified information and national security interests
Preserving government resources
Addressing egregious procedural errors

The Granston Memo stated that these factors were neither exhaustive nor mutually exclusive, noting that “there may be other reasons for concluding that the government’s interests are best served by the dismissal of a qui tam action.” It further suggested that, although the DOJ may exercise its authority in connection with a decision not to intervene in a qui tam matter, it may also move to dismiss the matter at a later stage of litigation.

During his January 28 speech, Cox reiterated that DOJ views the Granston Memo as part of its “gatekeeping role,” advising that “when qui tam cases are non-meritorious, abusive, or contrary to the interests of justice, they impose unnecessary costs on the Department, on the judiciary, and on the defendants.” These “bad cases” result in bad case law and consume scarce DOJ time and resources. In this regard, Cox advised that DOJ views its ability to dismiss cases as “an important tool to protect the integrity of the False Claims Act and the interests of the United States.” Although he advised that DOJ has used this authority only sparingly, Cox specifically stated that DOJ has instructed its lawyers to consider dismissing qui tam cases when they are not in the DOJ’s best interests, as it has done on roughly two dozen matters since 2017.

Indeed, two recent matters demonstrate the DOJ’s willingness to use the Granston Memo factors to dismiss matters where a relator’s case is weak and dismissal is otherwise in the government’s interest.

First, in an amicus brief filed in opposition to a petition for certiorari in Gilead Sciences, Inc. v. United States ex rel. Campie, et al., the DOJ stated that it would dismiss the relators’ qui tam on remand pursuant to Section 3730(c)(2)(A). In the underlying case, the 9th U.S. Circuit Court of Appeals had decided that the relators had adequately pled the materiality element of the False Claims Act under the standard set forth in Health Services, Inc. v. United States ex rel. Escobar, even though the agency at issue had continued to accept and pay for products that failed to comply with certain regulatory requirements. Although the brief did not reference the Granston Memo by name, DOJ stated that its decision to dismiss the matter was based upon its own investigation of relators’ allegations, as well as the potential for “burdensome discovery and Touhy requests for [agency] documents and [agency] employee discovery (and potentially trial testimony), in order to establish ‘exactly what the government knew and when,’ which would distract from the agency’s public-health responsibilities.” Accordingly, the DOJ’s decision can reasonably be read as based on the Granston Memo’s priorities of preventing interference with agency policies and programs and preserving government resources (with the added bonus of preserving a materiality standard under the 9th Circuit decision that strongly benefits DOJ).

Second, in motions filed in December 2018, DOJ moved to dismiss 10 qui tam matters filed by a business that the DOJ contends was created primarily for the purpose of filing qui tamactions. These matters included: United States ex rel. SAPF, LLC, v. Amgen, Inc. and United States ex rel. SMSPF, LLC v. EMD Serono, Inc., both in the Eastern District of Pennsylvania; United States ex rel. SMSF, LLC v. Biogen, Inc., in Massachusetts; United States ex rel. NHCA-TEV, LLC v. Teva Pharma., in the Eastern District of Pennsylvania; United States ex rel. SCEF, LLC v. Astra Zeneca PLC, in the Western District of Washington; United States ex rel. Miller v. AbbVie, Inc., in the Northern District of Texas; United States ex rel. Carle, v. Otsuka Holdings Co., in the Northern District of Illinois; United States ex rel. CIMZNHCA v. UCB, Inc., in the Southern District of Illinois; United States ex rel. Health Choice Group, LLC v. Bayer Corp., in the Eastern District of Texas; and United States ex rel. Health Choice Alliance, LLC, also in the Eastern District of Texas. The relator had dismissed an 11th related action, United States ex rel. Health Choice Advocates, LLC v. Gilead, also in the Eastern District of Texas. DOJ justified the dismissal of the matters under Section 3730(c)(2)(A) based on the government’s interests in “preserving scarce government resources and protecting important policy prerogatives of the federal government’s healthcare programs,” similarly aligning with the Granston Memo factors.

Cox’s comments and these cases serve as strong indicators that DOJ is starting to exercise the discretion granted to government investigators in the Granston Memo to dismiss unmeritorious matters. While it remains to be seen how frequently and under what circumstances DOJ will exercise this discretion, defendants should analyze the application of the Granston Memo factors in any new matter to determine whether there is a possibility of terminating litigation at a stage that would avoid costly discovery and litigation.

For more information on McGuireWoods’ Government Contract Investigations and Enforcement team, please click here.

McGuireWoods’ Government Investigations & White Collar Litigation Department is a nationally recognized team of nearly 60 attorneys representing Fortune 100 and other companies and individuals in the full range of civil and criminal investigations and enforcement matters at both the federal and state levels. Our team is comprised of a deep bench of former senior federal officials, including a former Deputy Attorney General of the United States, former U.S. Attorneys, more than a dozen federal prosecutors, and an Associate Counsel to the President of the United States. Strategically centered in Washington, DC, our Government Investigations & White Collar Litigation Department has been honored as a Law360 Practice Group of the Year and earned the trust of international companies and individuals through our representation in some of the most notable enforcement matters over the past decade.

Compliance January 16, 2019

New Rules for Small Business Government Contractors

By Christian B. Nagel and Karlee Starr Blank

On Dec. 17, 2018, President Trump signed the Small Business Runway Extension Act of 2018 into law. It amends § 3(a)(2)(C)(i)(II) of the Small Business Act “by striking ‘3 years’ and inserting ‘5 years,’” so a contractor’s size will be measured by the annual average of its previous five years’ revenue, instead of the annual average of its previous three years’ revenue.

Notably, the amendment does not alter employee-based size standards, or the definition of a small business concern using a headcount rather than average revenue.

Implementation Timeline

In a recently issued SBA information notice, the Small Business Administration (SBA) indicated its position that the new five-year average is not effective until SBA issues a formal rule implementing the statute. While this legal theory may be open to challenge, it is important to note that SBA’s position would require that current contracts and solicitations continue to use the old three-year average until completion of the formal rulemaking process.

Background

According to a House Committee on Small Business report on the bill before its Dec. 17 signing, the purpose of the amendment is to “help advanced-small contractors successfully navigate the middle market as they reach the upper limits of their small size standard.” Since many small businesses have initially lean operating years, this change may allow overgrown businesses (i.e., other than small business concerns) to potentially qualify as small businesses when their earlier revenue is considered.

At the same time, if a qualified small business concern had higher revenues in, e.g., 2013 and 2014, it may no longer qualify as a small business concern when the two additional years’ revenue is added and measured against the applicable size standard(s) for the applicable revenue-based NAICS code(s). Pursuant to the Federal Acquisition Regulation (FAR), a change in size status “does not change the terms and conditions of the contract,” but the contracting officer “may require a subcontracting plan for a contract containing 52.219-9, Small Business Subcontracting Plan, if a prime contractor’s size status changes from small to other than small as a result of a size representation.”

The statutory amendment is intriguing, given SBA’s opposition to the change. On April 27, 2018, the SBA responded to a comment proposing a change in calculating average annual receipts using a five-year period rather than a three-year period. The commenter claimed that the change “would allow small businesses to plan and increase capacity before entering full and open competition and provide longer transition time from small business status to other than small business status.” SBA rejected that comment in the following response:

SBA does not adopt this comment. SBA believes that calculating average annual receipts over three years ameliorates fluctuations in receipts due to variations in economic conditions. SBA maintains that three years should reasonably balance the problems of fluctuating receipts with the overall capabilities of firms that are about to exceed the size standard.

Notwithstanding SBA’s stated opposition to the change, the bill passed in the House on Sept. 25 and in the Senate on Dec. 6. The bill went to President Trump’s desk on Dec. 11 and went into immediate effect on Dec. 17 when he signed it.

Ultimately, the Small Business Administration will need to update its size regulations — particularly, 13 C.F.R. § 124.104 — to resolve the inconsistency and clarify that the measurement period is five years, not three. There is no forecast as to when SBA will implement this change to its regulations, nor any indication of whether a similar revision will be made to FAR provisions, including FAR Part 19, on the subject of small businesses. (FAR 19.101(1)-(2) defines “Annual receipts” in terms of the concern’s “annual average gross revenue of the concern taken for the last 3 fiscal years.”)

For now, small businesses and overgrown, other than small business concerns operating in the federal contracting arena should consider recalculating their revenue over the past five years, and determine whether they meet the requirements to properly self-certify as small under any revenue-based NAICS Code they work under, and any SBA-administered program (e.g., 8(a), HUBZone and Economically-Disadvantaged Women-Owned Small Business). However, contractors should not be surprised to see contracting officers and SBA representatives continue to apply the old three-year average until a new SBA rule is implemented.

Given the harsh penalties for contractors who knowingly misrepresent their size for purposes of a procurement, it is crucial for all potentially affected businesses to understand the risks involved with aggressively applying the new five-year rule. (See FAR 19.301-1(d), which states: “The SBA’s regulations on penalties for misrepresentations and false statements are contained in 13 CFR 121.108 for small business, 13 CFR 124.501 for 8(a) small business, 13 CFR 124.1004 for small disadvantaged business, 13 CFR 125.29 for veteran or service-disabled veteran-owned small business, 13 CFR 126.900 for HUBZone small business, and 13 CFR 127.700 for economically disadvantaged women-owned small business concerns and women-owned small business (WOSB) concerns eligible under the WOSB Program.”)

As always, if a business determines that it no longer qualifies as small for certain NAICS code(s), or now qualifies as small under applicable NAICS code(s), the business must promptly update its certifications and representations on the System for Award Management and other federal procurement databases that rely upon self-reporting of small business status.

McGuireWoods has extensive experience advising clients on small business compliance matters, and has brought size protests on behalf of clients and defended protested concerns before SBA and its appellate authority, the Office of Hearings and Appeals. Please contact the firm’s government contracts team with any questions or to discuss further.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities January 2, 2019

SEC Charges Its First Robo Actions – Increasing Scrutiny of the Investment Platform

By Cheryl Haas, Emily P. Gordy and Natasha S. Cooper

It was never a question of if, but rather, when the Securities and Exchange Commission would launch its first charges against robo-advisors and what those charges would be. Following then-SEC Chairperson, Mary Jo White’s keynote address at the SEC-Rock Center on Corporate Governance in 2016, regulators have been carefully monitoring robo-advisors’ compliance with the Investment Advisers Act of 1940 (“Advisers Act”).[1] In two recent Orders, the SEC found Wealthfront Advisers made false statements about its tax-loss harvesting program (“TLH”), and found Hedgeable made false performance comparisons about its investment performance. Both robo-advisors were also found to be in violation of the Advisers Act for their marketing use on social media platforms.

False Statement in Whitepaper Description

Wealthfront designed its TLH program to incentivize clients to sell certain assets at a loss to create tax benefits. On its website, Wealthfront provided whitepapers outlining the TLH program. However, from October 2012 through mid-May 2016, Wealthfront falsely stated in the TLH whitepaper that it monitored all client accounts to avoid any transactions that might trigger a wash sale, which prevents the tax benefit of the TLH program. (A wash sale occurs when an investor sells a security at a loss but within 30 days of the sale, buys the same or substantially identical security.) The SEC found Wealthfront did not in fact monitor all of its client accounts to prevent a wash sale prior to mid-May 2016. In fact, at least 31 percent of accounts enrolled in the TLH program experienced a wash sale. Ultimately, the failure to monitor for and prevent wash sales led to slightly lower returns: The average Wealthfront client received fewer tax losses, obtaining overall 5.6 percent in annual harvesting yield versus 5.8 percent. Despite the relatively minor impact on customers, the SEC fined the robo-advisor $250,000 for, among other things, violating Section 206(2) of the Advisers Act, which prohibits transactions or business practices that operate as a fraud or deceit upon clients or prospective clients.

Misleading Advertising and Marketing Materials

A second robo-advisor, Hedgeable, was sanctioned for its misleading marketing through the use of its “Robo Index” created to compare the performance of Hedgeable, to other unaffiliated robo-advisors. Hedgeable’s misrepresentations were egregious. Featured on its website, the index incorrectly illustrated Hedgeable’s returns by failing to account for over 96 percent of Hedgeable’s clients in its calculations. Hedgeable failed to use actual performance data and various other risk factors when depicting the average returns for the comparison robo-advisors, thereby providing incorrect return projections for its competition robo-advisors.

The SEC also found Hedgeable’s online fact sheets to be misleading. The annual benchmark returns were not updated for certain years, leading clients to believe the model portfolio outperformed its benchmark greater than what actually occurred. Hedgeable also incorrectly calculated certain benchmark and portfolio returns for several ETFs in violation of Section 206(2) and Section 206(4) of the Adviser Act.

Compliance of Social Media Usage

Under Section 206(4) of the Advisers Act, it is “unlawful for any investment adviser…to engage in any act, practice, or course of business which is fraudulent, deceptive, or manipulative.” The SEC has made clear that these requirements are applicable to robo-advisors. Publishing, circulating, or distributing any advertisement that directly or indirectly provides a testimonial concerning the investment adviser that “contains any untrue statement of a material fact or which is otherwise false or misleading” is a violation of Rule 206(4)-1.

In addition to its findings with respect to Wealthfront’s TLH whitepapers, the SEC also found Wealthfront, willfully violated Section 206(4) of the Advisers Act and Rules 206(4)-1 by selectively republishing (“retweeting”) certain posts by other Twitter users that constituted positive testimonials about Wealthfront’s services. In some cases, Wealthfront knew or should have known that the Twitter users providing positive reviews had an economic interest in promoting Wealthfront, and Wealthfront failed to disclose the conflict of interest in violation of Rule 206(4)-3. These charges come as no surprise, following the SEC’s sanctions in July 2018 against two investment advisers and three investment adviser representatives for similar violations of Section 206(4) for soliciting, and publishing client testimonials on its various websites including Yelp and Facebook.

Similarly, the SEC found Hedgeable was in violation of Section 206(4) and the rules thereunder, for marketing false and misleading information on its “Robo-Index” through social media as well as its website.

Further, neither robo-advisor adopted and designed written policies and procedures with a scope that included certain social media usage in its compliance review of marketing materials and communications as required by Rule 206(4)-7.

Bottom Line

Ultimately, the SEC charged both robo-advisors with violations of the Advisers Act and required them to pay a fine. In addition, Wealthfront is required to notify its advisory clients of the Order and provide a copy of the Order to clients by January 20, 2019.[2] While, these Orders were not unique issues to robo-advisors, they serve as a reminder that the Advisers Act and its rules apply to robo-advisors. In fact, these Orders indicate that since robo-advisors are only available on electronic platforms, they may be more susceptible to misleading online marketing and social media ploys. Robo-advisors, therefore, should examine their compliance and supervision policies to ensure truthful and accurate data is being provided to clients, as well as ensuring social media platforms are being adequately monitored.

McGuireWoods’ experienced broker-dealer/investment adviser team will continue to monitor and report on important regulatory compliance updates. For more information, contact the authors of this article or any member of the team.

—

[1] See Financial Industry Regulatory Authority (FINRA) Report on Digital Investment Advice https://www.finra.org/sites/default/files/digital-investment-advice-report.pdf (2016). For state registered advisers, see, Massachusetts Securities Division Policy Statements: State-Registered Investment Advisers’ Use of Third-Party Robo-Advisers( http://www.sec.state.ma.us/sct/sctpdf/Policy-Statement-State-Registered-Investment-Advisers-Use-of-Third-Party-Robo-Advisers.pdf) and Robo-Advisers and State Investment Adviser Registration (April 1, 2016) (http://www.sec.state.ma.us/sct/sctpdf/Policy-Statement–Robo-Advisers-and-State-Investment-Adviser-Registration.pdf).

[2] Hedgeable was not also required to send its Order to advisory clients, which is most likely because the firm, as noted in the Order, is winding down its business and no longer meets the requirements to be an SEC registered adviser. Furthermore, Hedgeable is paying a significantly reduced penalty, as compared to Wealthfront, and has a payment plan, both factors indicative of reduced assets.

Financial Institution Regulation January 1, 2019

FINRA’s 2018 Report on Cybersecurity Practices – Preventing “Spear Phishing” and “Whaling” Attacks

By Emily P. Gordy

This article was originally posted on our sister publication, Password Protected.

On December 20, 2018, the Financial Industry Regulatory Authority (FINRA) released a report on cybersecurity practices for broker-dealers. Today’s post is the second in a series of summaries sharing essential, timely insight on how these practices impact your business. Please click here for the first post on cybersecurity practice impacts.

FINRA names “phishing” attacks as one of the most common cybersecurity threats raised by firms with the self-regulator. The goal of a phishing email is to manipulate the recipient into taking action. FINRA focuses on two types of phishing attacks in the report. The first is “spear phishing,” where the sender researches and targets the recipient(s) with a customized approach designed to get confidential information from the individual(s). The second is “whaling,” wherein the hacker sends targeted emails impersonating senior executives at the firm in order to set action in motion, typically wiring funds to specifically identified accounts.

There is no doubt that “spear phishing” and “whaling” are very real threats to financial institutions today. As the Securities & Exchange Commission (SEC) detailed in a recent investigation report, the FBI estimates that “’business email compromises’ have caused over $5 billion in losses since 2013, with an additional $675 million in adjusted losses in 2017 – the highest estimated out-of-pocket losses from any class of cyber-facilitated crime during this period.’”

While the SEC’s 21(a) Report focuses on risk and controls for public companies, the financial services industry, even the non-public company segment of the industry, faces the same risk and similar regulator expectations and requirements of effective controls to protect customer and firm information and assets. The SEC found that emails sent to firm staff from “fake” firm executives or vendors requested funds be wired to specified accounts. Employees at nine companies fell for the spoofed emails and, together, the issuers lost nearly $100 million.

The SEC’s 21(a) Report found that the schemes were “not sophisticated in design or the use of technology: instead they relied on … weaknesses in policies and procedures and human vulnerabilities that rendered the control environment ineffective.”

The phishing segment of FINRA’s Cybersecurity Report conveys information on two topics: (1) how they do it (what to watch for — sources and types of communications) and (2) suggested best practices to combat the threat.

On the “how they do it front,” FINRA details the different types of senders (entities and individuals), as well as the typical characteristics of phishing emails. Further, the Report, recognizing the increasing sophistication of such attacks, also details several different characteristics, as well as examples, of phishing communications. Whether the phisher is seeking customer personal identifiable information or fraudulent wire transfers, if firms develop policies and procedures and focus training on the types of senders (or hackers/phishers) to watch out for and the typical variations of such communications, this will mitigate risk that of employees falling victim to the scams.

Importantly, FINRA’s Report details a dozen best practices implemented by firms to combat the phishing threat. While we commend the review of the full list of best practices to firms, we wanted to emphasize four of the recommended effective practices.

Creating policies and procedures that address phishing practices including identifying such emails, what to do when such emails are suspected (e.g., do not click on links, notify technology and compliance, confirming wire transfers, etc.).
Establishing robust confirmation policies and procedures for executing transaction requests.
Periodic, mandatory training of employees and associated persons on phishing practices and policies and procedures for disseminating information. Training allows the firm to provide updates on new phishing tactics and remind everyone of the specifics of the anti-phishing policies and procedures as well as the risks to customers and the firm of noncompliance.
Developing remedial training and imposing consequences for those who repeatedly violate firm phishing protocols. Impressing the importance of everyone’s adherence to firm policies and procedures in this area is one way to close potential gaps that hackers can exploit. This includes following up when the firm is on notice of individuals who violate the policies.

These effective or best practices are similar to those highlighted in the SEC’s 21(a) Report. For example, the SEC ultimately concluded that, while the companies involved in the matter had implemented policies and procedures and training, “weaknesses in the policies and procedures and human vulnerabilities” needed to be factored into the development of controls specifically geared to cyber threats. The SEC emphasized the need to reassess internal controls through the lens of cyber-security threats. While it is always best if that reassessment can occur in advance of a cyber-event, at a minimum, taking steps to shore up payment authorization and verification requirements and enhance training after an event, as the issuers investigated by the SEC staff did, is imperative to protect customers and the firm.

Finally, FINRA, recognizing that successful attacks may start with the customers, recommends that firms also educate their customers and direct them to resources that help them protect themselves.

FINRA’s Report provides comprehensive information for firms to combat cyber-related frauds. While the scammers continue to alter their tactics and increase the sophistication of the scams, implementing internal controls and effective policies and procedures that stay ahead of the scams and implementing effective training provide important risk mitigation strategies.

Election and Political Law, Enforcement and Prosecution Policy and Trends December 19, 2018

Congressional Investigations: Beyond Sensational Headlines — Incoming House Leaders Announce Broad Investigative Priorities Targeting Business Community

By John Adams, Ryan M. Bernstein, Robert J. Bittman, Richard Cullen, Frank J. Donatelli, Louis D. Greenstein, Charles McIntyre, Kurt W. Meyers, Mona G. Mohib, Susan C. Rodriguez, L. F. Payne, Jr., Patrick Rowan, Todd R. Steggerda, Brian C. Wanglin and Robert K. Wasinger

In the politically explosive atmosphere of Washington, the talk of the town is focused on congressional investigations: who will be called before Congress, and when. Newspaper headlines blare the latest controversy — from use of personal emails for government business, to numerous investigations alleging corruption of current and former government employees, including several cabinet secretaries, and the continuing developments from Special Counsel Robert Mueller’s Russia investigation. But as the nation prepares for power in the House to change hands on Jan. 3, another question looms large: what does all this mean for the business community?

Though the priorities of incoming House committee chairs may be relegated to smaller print below the fold, according to their own public commentary and reporting, the new House is poised to commence oversight hearings and congressional inquiries aimed at key segments of the business community. This article highlights the prerogatives of some of the most important committees and industry areas likely to see significant activity from the new House of Representatives.

In the House Judiciary Committee, multiple press outlets report that incoming chair Rep. Jerry Nadler (D-N.Y.) will focus on a variety of healthcare issues, such as consolidation in three major areas — healthcare insurers, the hospital market, and pharmacy benefit managers — as well as investigating the Trump Administration’s decision not to defend the Affordable Care Act against a lawsuit from 20 Republican-led states. According to David Cicilline (D-R.I.), poised to chair the antitrust subcommittee, “We will get to work immediately to promote competition and address monopoly power in health-care markets.” Additionally, spurred by the most recent and widely publicized shootings at the Tree of Life Synagogue in Pittsburgh and the Marjory Stoneman Douglas High School in Parkland, Florida, Nadler will likely take up gun control as it relates to mass shootings, implicating the gun manufacturing industry and retail outlets. Finally, while Nadler said he will not move to impeach Justice Brett Kavanaugh, he indicated plans to examine other issues associated with Kavanaugh’s confirmation process.

Because the House Oversight and Government Reform Committee’s jurisdiction is broad, incoming chair Elijah Cummings (D-M.D.) is likely to investigate numerous issues spanning several industries. Media reports indicate that these investigations will include the high cost of prescription drugs; the continuing water crisis in Flint, Michigan; and Commerce Secretary Wilbur Ross’ decision to include a citizenship question on the 2020 census. On immigration, Cummings plans to investigate the Trump Administration’s policies on the separation of migrant children from their undocumented parents at the Mexican border. Press reports also confirm Cummings is expected to investigate the General Services Administration’s decision to keep the FBI headquarters in downtown Washington, D.C., as opposed to a suburban headquarters in Maryland or Virginia, thus preventing the land from being developed commercially, in potential competition with the Trump International Hotel.

In the House Financial Services Committee, press reports indicate that incoming chair Rep. Maxine Waters (D-C.A.) will investigate consumer finance issues involving the big banks and credit reporting agencies, as well as the Trump Organization’s ties to large financial institutions. While major legislation rolling back bank deregulation is unlikely given Republican control of the Senate, Waters likely will focus on financial institutions’ conduct — particularly, the conduct of the largest banks — toward consumers during the financial crisis. In Waters’ own words: “I have not forgotten that you sold us those exotic products. … What am I going to do to you? … I’m going to do to you what you did to us.”

There also will likely be substantial investigations activity focused on the energy and environmental arena. For example, incoming chair Rep. Raúl Grijalva (D-A.Z.) for the House Natural Resources Committee said he will hold hearings regarding rule changes promulgated by the Trump Administration, including rules addressing climate change, federal waters and waterways, the Endangered Species Act, and the Wilderness Act. Additionally, Rep. Frank Pallone (D-N.J.), who will take over the House Energy and Commerce Committee, said seismic testing, a process where compressed air is shot into the ocean to try to locate oil and gas deposits and is thought to be a precursor of offshore oil drilling testing, “has disastrous consequences for marine wildlife.”

News reports also indicate that incoming chair Rep. Richard Neal (D-M.A.) of the House Ways and Means Committee will lead the House’s consideration of the United States–Mexico–Canada Agreement (the revised NAFTA deal), which will affect the auto, tech, retail, agriculture, labor and environmental sectors of the economy, though reporting requirements will likely delay a vote until the beginning of the second quarter. Press reports also indicate that the House Energy and Commerce Committee plans to hold oversight hearings regarding transparency and data security at some of the nation’s biggest technology companies.

Other commentary suggests that House Education and Workforce Committee incoming chair Rep. Bobby Scott (D-V.A.) will likely examine Education Secretary Betsy DeVos’ efforts to overturn a variety of Obama-era education regulations, implicating the private and for-profit college industry, veterans hiring, and the defense industry writ large. Based on recent press and commentary from incoming House leadership, we also anticipate significant investigative activity from House Permanent Select Committee on Intelligence incoming chair Adam Schiff (D-C.A.), House Foreign Affairs Committee incoming chairman Elliot Engel (D-N.Y.), House Armed Services incoming chairman Adam Smith (D-W.A.), and House Transportation and Infrastructure Committee incoming chair Rep. Peter DeFazio (D-O.R.).

The public statements of the incoming House chairs make it clear that businesses will confront an active period for congressional investigations. In fact, such activity is likely to continue some of the pitched battles encountered during the Obama Administration, as well as open up new fronts.

For more detail regarding the stated priorities of these committees or more information about this article generally, please contact any of the authors or other members of our congressional investigations practice.

Enforcement and Prosecution Policy and Trends November 30, 2018

DOJ Loosens Yates Memo Requirements For Corporate Cooperation Credit

By Jonathan Marx and Brandon M. Santos

Yesterday, Deputy Attorney General Rod Rosenstein announced a series of changes to Department of Justice (DOJ) policy that clarified DOJ’s expectations for cooperation in investigations of corporate wrongdoing. The changes are sensible and should be welcomed by the business community as an improvement over the prior policy, commonly known as the Yates Memo.

As Rosenstein noted, the changes are intended to recognize how the Yates Memo has been applied on the ground, at least in many cases. Even so, the changes should provide companies with greater comfort in several respects.

Under the revised policy, corporations are now expected to identify individuals who were “substantially involved” in or responsible for the underlying misconduct. Whereas the Yates memo, at least on paper, required the cooperating company to identify for the government every individual in the organization involved in the misconduct – no matter their role in the organization or in the misconduct, before a settlement could be finalized. To be sure, that requirement was sometimes honored in the breach. But in combination, the threat of withheld cooperation credit on an all or nothing basis, plus the requirement that all potentially culpable individuals be identified before a settlement could be finalized, gave the government significant leverage to demand that target companies bend to the prosecutors’ view of the world about individual employees’ culpability. For companies, this dynamic sometimes created pressure to err on the side of over-inclusion in designating culpable individuals.

That pressure has not gone away, but it is lessened. The revised policy is an attempt, as Rosenstein recognized, to conserve resources – both for the government and the company involved – and prevent unnecessary delay in resolving corporate liability. For companies under investigation, this change may help to reduce the significant time and cost required to conduct an investigation deemed sufficient for cooperation credit. Now, if the government team disagrees with a target company about which employees are culpable and to what degree, the government attorneys have discretion to recommend partial cooperation credit as part of a settlement. More importantly, that discretion now exists as official DOJ policy, and not just an informal deviation from the rule.

Rosenstein also reported similar changes in civil cases. The new policy provides that corporate cooperation credit in civil cases can be awarded on a sliding scale – it need not be all or nothing. And in prepared remarks accompanying the rollout of the changes, Rosenstein noted that cooperation credit can still be awarded, in appropriate cases, where a company assists the government’s investigation, but the parties cannot reach agreement about the identity or culpability of every line employee potentially involved in misconduct. (Senior employees are different – as before, the company must identify all wrongdoers in senior management to receive any cooperation credit.)

All else equal, the changes modestly strengthen the hand of companies who sincerely seek to cooperate with the government to resolve investigations, but cannot reach agreement with the government over the role of particular individual employees in corporate misconduct. Companies now have a little bit more leeway to “agree to disagree” with the government about the status of lower-level employees while retaining the benefits of cooperation. Before, such a disagreement was (at least in principle) fatal to a successful settlement. Now it need not be. And that’s unquestionably a salutary development.

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS