This article appeared in the Journal of Investment Compliance, Vol. - - PDF document

This article appeared in the Journal of Investment Compliance, Vol. 8, No. 3 (Sept. 2007), pp. 5-18. The SEC’s Enforcement of Procedures to Prevent Insider Trading by Brian A. Ochs When the Securities and Exchange Commission and other regulators filed enforcement actions against ten investment banks in 2003 for conflicts of interest that tainted their investment research, the settlements were the subject of a major media blitz, including a joint press release, a press conference, and separate statements by then SEC Chairman William Donaldson and the

• Commission. In March of this year, when Banc of America Securities (“BAS”) paid $20 million

in disgorgement and penalties to settle a similar SEC action relating to conflicts of interest in research on three companies, the announcement took a distinct back seat in the Commission’s press release. Instead, the press release trumpeted the Commission’s finding that BAS failed to prevent its traders from gaining access to and trading on information in the firm’s research reports, including information about upgrades and downgrades, before the reports were made public – for which the SEC fined BAS an additional $6 million.1 That the Commission chose to spotlight BAS’ “breakdown in its internal controls” (to quote the SEC) relating to the dissemination and use of material nonpublic information over the Commission’s findings that BAS issued misleading research was no accident. The SEC has made cracking down on insider trading and other misuses of confidential information by securities professionals an enforcement priority.2 Earlier this year, the SEC’s examination staff initiated a broad inquiry of major broker-dealers to explore whether employees were leaking information about large trades to favored clients such as hedge funds in order to enable those clients to front-run the trades.3 The examination staff has also recently identified deficiencies among hedge fund advisers with respect to insider trading policies and other compliance policies

1 See Press Release, “SEC Enforcement Action Against Banc of America Securities for Failing

to Safeguard Nonpublic Research Information and Publishing Fraudulent Research; Firm to Pay $26 million” (Mar. 14, 2007), available at http://www.sec.gov/news/press/2007/2007-42.htm (“BAS Press Release”); Banc of America Securities LLC, Exchange Act Release No. 55466, 2007 SEC LEXIS 492 (Mar. 14, 2007).

2 See, e.g., SEC v. Barclays Bank PLC, et al., Litig. Release No. 20132, 2007 SEC LEXIS 1170

(May 30, 2007); Press Release, “SEC Charges Two Securities Professionals with Insider Trading” (May 10, 2007), available at http://www.sec.gov/news/press/2007/2007-93.htm; Press Release, “SEC Charges Credit Suisse Investment Banker with Insider Trading” (May 3, 2007), available at http://www.sec.gov/news/press/2007/2007-85.htm; Press Release, “SEC Charges 14 in Wall Street Insider Trading Ring” (March 1, 2007), available at http://www.sec.gov/news/press/2007/2007-28.htm.

3 See “SEC is Looking at Stock Trading” The New York Times (Feb. 6, 2007).

and procedures designed to address the use of nonpublic information to make investment decisions for fund and personal accounts.4 As part of this focus, the SEC’s enforcement staff is scrutinizing with renewed vigor the roles and responsibilities of securities firms for the protection of confidential information. The BAS case was the third major action in less than a year in which the SEC faulted securities firms for lapses in their procedures designed to prevent trading on material nonpublic information.5 The Director of the SEC’s Enforcement Division took the occasion of the settlement with BAS to emphasize that the Commission is “determined to plug the improper leak of information on Wall Street,” and that “firms must have appropriate safeguards on all their nonpublic information, including upcoming research reports.”6 The SEC’s recent actions have been brought under section 15(f) of the Securities Exchange Act of 1934 (“Exchange Act”) and section 204A of the Investment Advisers Act of 1940 (“Advisers Act”),7 companion provisions that require brokers, dealers, and investment advisers that are registered with the Commission to “establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of such [broker, dealer, or investment adviser’s] business, to prevent the misuse” of material nonpublic

• information. These requirements are not new – they were enacted as part of the Insider Trading

and Securities Fraud Enforcement Act of 1988 (“ITSFEA”),8 and since the early 1990’s the SEC has brought a number of enforcement actions charging their violation. However, in the past, most of the cases brought under sections 15(f) and 204A sanctioned firms either for not having procedures at all, or for narrowly-focused failures in the implementation of existing procedures. In contrast, the SEC’s recent cases against BAS and Morgan Stanley illustrate the increasing willingness of the Enforcement staff to engage in both a broad and a deep examination of the information barriers, transaction reporting requirements, trading surveillance, and other processes by which a regulated firm is expected to safeguard material nonpublic information in its possession. Thus, in any case involving misuse of confidential information by employees of brokers, dealers, or investment advisers, the SEC is poised to look not only at the conduct of the

4 See Andrew J. Donohue, Director, Division of Investment Management, U.S. Sec. and Exch.

Comm’n., “Remarks Before the 4th Annual Hedge Funds and Alternative Investments Conference” (May 23, 2007), available at http://www.sec.gov/news/speech/2007/spch052307ajd.htm (“Donohue Remarks”).

5 See also Morgan Stanley & Co. Incorporated and Morgan Stanley DW Inc., Exchange Act

Release No. 54047, 2006 SEC LEXIS 1465 (June 27, 2006); SEC v. Friedman, Billings, Ramsey & Co., et al., Litig. Release No. 19950, 2006 SEC LEXIS 3009 (Dec. 20, 2006).

6 BAS Press Release, supra note 1. 7 15 U.S.C. §78o(f) (2006); 15 U.S.C §80b-4a (2006). 8 Pub. L. No. 100-704.

individual violators, but also at whether the firm took appropriate actions to protect the

• information. Indeed, actual misuse of information may not even be necessary to spur an

enforcement investigation and possible sanctions; the SEC fined Morgan Stanley $10 million “due to a systemic breakdown in this critical compliance function”9 in a case where “there was no evidence that material nonpublic information was misused as a result of that failure.”10 Moreover, firms that fail to vigorously maintain and enforce reasonable procedures to protect against misuse of material nonpublic information may not only face stiff penalties, but may also lose the benefit of legal defenses to insider trading liability should employees engage in such

• conduct. Given the SEC’s current enforcement emphasis on this area, it is essential that brokers,

dealers, and investment advisers look critically at whether they are taking adequate steps to protect the confidential information that they may handle on a daily basis. This article reviews the SEC’s implementation and enforcement of section 15(f) of the Exchange Act and section 204A of the Advisers Act. Part I discusses the legislative history of these provisions and reviews SEC and staff pronouncements relating to procedures for the protection of material nonpublic information. Although Congress granted the SEC authority to require brokers, dealers, and investment advisers to adopt specific policies or procedures to implement sections 15(f) and 204A, the SEC has largely refrained from doing so. Instead, the Commission and the staff have published general guidance on certain of the elements of effective procedures, while leaving firms with flexibility to adopt procedures that are appropriate to their particular business operations. The lack of regulation in this area makes it all the more important that brokers, dealers, and investment advisers understand and appreciate the Commission’s approach to enforcement

• f sections 15(f) and 204A because it is through enforcement actions that the Commission has in

large part articulated it expectations for firm compliance. After a brief discussion in Part II of the potential consequences, from an enforcement perspective, of a firm’s failure to satisfy the requirements of section 15(f) or section 204A, Part III describes the SEC’s enforcement program in this area and distills guidance for securities firms from the SEC’s actions. As will be seen below, the fact that the Commission permits firms flexibility to adopt procedures that are best suited to their particular operations and risks does not equate with a lax view of a firm’s obligations under sections 15(f) and 204A. To the contrary, the SEC’s enforcement actions have made it abundantly clear that the Commission’s flexible approach to the statutory requirements also means that the Commission places high expectations on brokers, dealers, and investment advisers to design procedures that take into account the unique and myriad ways that information may be subject to abuse in the context of each firm’s particular business model. Further, the SEC places a high priority on firms not merely having adequate written policies and procedures, but, just as importantly, ensuring that their policies and procedures are vigorously enforced.

9 Exchange Act Release No. 54047, 2006 SEC LEXIS 1465 at *4. 10 Testimony of Linda Chatman Thomsen Concerning Insider Trading before the U.S. Senate

Committee on the Judiciary (Sept. 26, 2006), available at http://www.sec.gov/news/testimony/ts092606lct.htm.

I. Background Legislative History of Sections 15(f) and 204A Congress enacted ITSFEA in response to the wave of insider trading scandals that implicated some of the most prominent firms and individuals on Wall Street during the mid- 1980’s. Congress saw “a clear need for an institutional, rather than merely individual, response to this problem.”11 Accordingly, ITSFEA imposed “an affirmative statutory obligation for every broker, dealer, and investment adviser to design effective procedures to restrict and monitor access to [material nonpublic] information and prevent insider trading,” and also “expand[ed] the potential exposure to civil penalties … beyond the primary insider trading violators to securities firms and other ‘controlling persons’ who knowingly or recklessly fail to take appropriate measures to prevent insider trading violations by their employees.”12 The requirement that brokers, dealers, and investment advisers establish, maintain, and enforce procedures reasonably designed to prevent the misuse of material nonpublic information was enacted as section 15(f) of the Exchange Act and section 204A of the Advisers Act.13 These provisions were intended to complement existing supervisory requirements by “promot[ing] more rigorous supervision of associated persons of broker-dealers and investment advisers who have access to confidential, market-sensitive information.”14 The legislative history also makes clear Congress’ intention that “broker-dealers and investment advisers must not only adopt and disseminate written policies and procedures to prevent the misuse of material, nonpublic information, but also must vigilantly review, update, and enforce them.”15 ITSFEA did not require firms to adopt any specific policies and procedures, as Congress recognized that the question of what policies and procedures are appropriate for a firm may involve consideration of the firm’s particular business operations and organizational structure.16 However, the legislative history indicates that Congress expected all firms subject to sections 15(f) and 204A to “adopt policies and procedures appropriate to restrict communication of nonpublic information and to monitor its dissemination, such as restraining access to files likely to contain such information; providing continuing education programs concerning insider trading; restricting or monitoring trading in securities relating to which the firm’s employees

11 H.R. Rep. No. 910, 100th Cong., 2d Sess. 14-15 (1988) (“House Report”). 12 Id. at 15. 13 The provision for civil insider trading penalties against controlling persons was enacted as part

• f section 21A of the Exchange Act, 15 U.S.C. §78u-1. See discussion, infra.

14 House Report at 21. 15 Id. 16 Id. at 22.

possess nonpublic information; and vigorously monitoring and reviewing trading for the account

• f the firm or individuals.”17

The SEC Staff’s 1990 Report Sections 15(f) and 204A also granted the SEC rulemaking authority to require that firms adopt specific policies or procedures reasonably designed to prevent the misuse of material nonpublic information. Except for the provision in rule 204A-1 under the Advisers Act (promulgated in 2004) that certain investment advisory personnel report their personal securities transactions and that firms review such reports (see discussion below), the SEC has never mandated that firms employ specific procedures. Instead, the Commission has historically taken the position that firms should have flexibility to tailor their policies and procedures to their specific circumstances.18 Following the enactment of ITSFEA, the SEC’s Division of Market Regulation undertook a comprehensive review of information wall policies and procedures at broker-dealers. In a report issued in 1990 (the “Division Report”), the staff concluded that improvements in procedures could best be effectuated by self-regulatory examinations, supplemented by Commission oversight, rather than by rulemaking.19 Nonetheless, the Division Report (which focused on equity securities) articulated certain “minimum standards” for procedures to protect against abuses. These included: (1) the maintenance of watch lists and restricted lists and the corresponding review of proprietary and employee trading in securities on those lists; (2) formally structuring and memorializing procedures rather than relegating them to “a loose mixture of internal memoranda, excerpts from employee manuals, and certifications;” (3) clear documentation of actions taken pursuant to the firm’s procedures in order to facilitate subsequent reviews and compliance efforts; (4) the implementation of procedures for the restriction or review of proprietary trading when the firm is in possession of material, nonpublic information; (5) a central role for the compliance department in administering procedures, including monitoring significant interdepartmental communications of nonpublic information, the placement and removal of securities from watch

• r restricted lists, and trade surveillance; and (6) employee training.20

17 Id. 18 Id. 19 Report by Division of Market Regulation, Broker-Dealer Policies and Procedures Designed to

Segment the Flow and Prevent the Misuse of Material Non-Public Information, [1989-1990 Transfer Binder] Fed. Sec. L. Rep. (CCH) ¶84,520 at 80,617 (March 1990).

20 Id. at 80,625-80,627. In 1991 the NASD and the NYSE issued a joint memorandum that

elaborated on the Division Report and provided additional guidance to members concerning the “minimum elements” of procedures relating to (1) memorializing firms’ procedures and documentation of actions taken pursuant to such procedures; (2) review of employee and proprietary trading; (3) supervision of inter-departmental communications; and (4) employee

• training. See NTM 91-45, Joint Memo on Chinese Wall Policies and Procedures (June 21,

1991).

Section 204A and Market Timing Enforcement Actions Since the passage of ITSFEA, the Commission has only invoked its rulemaking authority under sections 15(f) or 204A one time. In 2004, the Commission adopted rule 204A-1 under the Advisers Act as part of the Commission’s regulatory response to the spate of enforcement actions alleging various violations of fiduciary duties on the part of investment advisers.21 These included market timing actions in which (among other charges) the Commission determined that mutual fund advisers had violated section 204A by selectively disclosing nonpublic information about portfolio holdings to market timers, or by failing to prevent portfolio managers and other associated persons from using such portfolio information to engage in market timing themselves.22 Rule 204A-1 requires all registered investment advisers to adopt codes of ethics that include, among other things, standards of business conduct reflecting the fiduciary obligations of the adviser and its supervised persons; provisions requiring advisory personnel to comply with the federal securities laws; provisions requiring the adviser’s “access persons”23 to report, and the adviser to review, personal securities holdings and transactions on a periodic basis; and provisions requiring pre-clearance of personal investments by such access persons in IPO’s and private placements.24 As proposed, rule 204A-1 also would have required that advisers’ codes of ethics restrict access to information about securities recommendations and clients’ securities holdings and transactions to persons with a need to know such information in order to perform their duties. This proposal reflected the SEC’s view that “tight controls on access to sensitive client information are a first line of defense against misuse of that information.”25 The final rule eliminated this requirement in deference to the practical problems of segregating employees,

21 See Investment Adviser Codes of Ethics, Advisers Act Release No. 2256, 2004 SEC LEXIS

1413 at *4 (July 2, 2004) (“Final Rule Release”).

22 See e.g., Alliance Capital Management, L.P., Advisers Act Release No. 2205, 2003 SEC

LEXIS 29 (Dec. 18, 2003); Putnam Investment Management LLC, Advisers Act Release No. 2192, 2003 SEC LEXIS 2712 (Nov. 13, 2003).

23 Under the rule, an adviser’s “access persons” are supervised persons who have access to

nonpublic information regarding any clients' purchase or sale of securities, or nonpublic information regarding the portfolio holdings of any reportable fund, or who are involved in making securities recommendations to clients, or have access to such recommendations that are

• nonpublic. 17 C.F.R. §275.204A-1(e)(1) (2006). All directors, officers, and partners of an

investment adviser whose primary business is giving investment advice are presumed to be access persons. Id.

24 17 C.F.R. §275.204A-1 (2006). 25 Investment Adviser Codes of Ethics, Advisers Act Release No. 2209, 2004 SEC LEXIS 135 at

*12. (Jan. 20, 2004).

particularly in smaller advisory firms with limited office space.26 However, the Commission reminded advisers in the Final Rule Release of their obligations under section 204A to maintain and enforce policies and procedures reasonably designed to prevent the misuse of material nonpublic information. Further, the Commission made clear that such information includes not

• nly information about corporate issuers but also nonpublic information about the adviser’s

securities recommendations, and client securities holdings and transactions.27 To the same effect, in promulgating rule 38a-1 under the Investment Company Act, which requires investment companies to adopt compliance procedures and to oversee the compliance procedures of their advisers and other service providers, the Commission instructed that procedures to protect material nonpublic information should include not only prohibitions against trading portfolio securities, but also “address other potential misuses of nonpublic information, including the disclosure to third parties of material information about the fund’s portfolio, its trading strategies, or pending transactions, and the purchase or sale of fund shares by advisory personnel based on material, nonpublic information about the fund’s portfolio.”28 As noted, rule 204A-1 requires an investment adviser’s “access persons” to periodically report their personal securities holdings and transactions, and the adviser to review those reports. Procedures for reporting and review of employee personal trading have long been recognized to be a critical element of policies and procedures to protect against misuse of material nonpublic information.29 Consistent with the approach of permitting firms flexibility to design procedures that are suited to their particular risks and operations, the Commission did not require that advisers implement specific procedures concerning reporting and review of personal trading.30 However, in adopting rule 204A-1, the Commission urged all advisers to consider implementing certain procedures that the Commission found to be typical in existing advisers’ codes of ethics. These included:

26 Final Rule Release, supra note 21 at *8. 27 Id. 28 Compliance Programs of Investment Advisers and Investment Companies, Advisers Act

Release No. 2204, 2003 SEC LEXIS 2980 at *35 (Dec. 17, 2003).

29 See Division Report, supra note 19. See also rule 17j-1 under the Investment Company Act,

which requires similar personal holdings and transaction reporting for access persons of advisers to investment companies. Whereas rule 17j-1 focuses on preventing abuses in connection with portfolio securities held or to be acquired by an investment company, rule 204A-1 is broader, and includes reporting of holdings and transactions in shares of funds managed by the adviser. Rule 204A-1 thus is intended to help advisers and the SEC’s examiners identify market timing or

• ther abusive trading by persons with access to nonpublic information about a fund’s portfolio.

Final Rule Release at *28, *47.

30 Final Rule Release, supra note 21 at *11.

• Requiring prior written approval before access persons can place securities

transactions;

• Maintenance of lists of issuers of securities that the advisory firm is analyzing or

recommending for client transactions, and prohibitions on personal trading in securities of those issuers;

• Maintenance of “restricted lists” of issuers about which the advisory firm has inside

information, and prohibitions on any trading (personal or for clients) in securities of those issuers;

• “Blackout periods” when client securities trades are being placed or recommendations

are being made and access persons are not permitted to place personal securities transactions;

• Reminders that investment opportunities must be offered first to clients before the

adviser or its employees may act on them and procedures to implement this principle;

• Prohibitions or restrictions on “short-swing” trading and market timing;
• Requirements to trade only through certain brokers, or limitations on the number of

brokerage accounts permitted;

• Requirements to provide the adviser with duplicate trade confirmation and account

statements; and

• Procedures for assigning new securities analyses to employees whose personal

holdings do not present apparent conflicts of interest.31 In the same release, the Commission also instructed advisers on the elements of an appropriate review of personal securities holding and transaction reports: “Review of personal securities holding and transaction reports should include not

• nly an assessment of whether the access person followed any required internal

procedures, such as pre-clearance, but should also compare the personal trading to any restricted lists; assess whether the access person is trading for his own account in the same securities he is trading for clients, and if so whether the clients are receiving terms as favorable as the access person takes for himself; periodically analyze the access person's trading for patterns that may indicate abuse, including market timing; investigate any substantial disparities between the quality of performance the access person achieves for his own account and that he achieves for clients; and investigate any substantial disparities between the

31 Id. at *12-*15.

percentage of trades that are profitable when the access person trades for his own account and the percentage that are profitable when he places trades for clients.”32 II. Potential Consequences of a Failure to Establish and Enforce Reasonable Procedures Consistent with the general trend in SEC enforcement cases, penalties for violations of sections 15(f) and 204A have increased dramatically in recent years. In 1994, when Gabelli & Company, a broker-dealer, and its investment adviser affiliate, GAMCO Investors, settled one of the first enforcement actions brought under sections 15(f) and 204A, the Commission fined each entity $50,000.33 As noted above, within the past year Morgan Stanley and BAS paid penalties

• f $10 million and $6 million respectively for failing to maintain and enforce adequate

procedures to safeguard material nonpublic information. Further, as a condition of settlement, the SEC normally requires the settling firm to retain an independent consultant to review and recommend improvements to the firm’s procedures under section 15(f) or section 204A. Securities firms are not alone at risk for violations. Senior officers who have responsibility for implementing a firm’s compliance procedures may be charged with causing or aiding and abetting the firm’s violations of sections 15(f) or 204A – or in some circumstances as “controlling persons” responsible for the firm’s conduct under section 20(a) of the Exchange Act – and can be subject to injunctions or cease-and-desist orders, financial penalties, and suspensions or bars from associating with a broker-dealer or investment adviser.34 In addition to the prospect of an SEC enforcement action charging violations of sections 15(f) or 204A, brokers, dealers, or investment advisers that fail to maintain or enforce the required information procedures also face potential liability for insider trading or other violations as a result of their employees’ misuse of confidential information. For example, in May of this year Barclays Bank paid over $10 million to settle fraud charges arising out of the bank’s proprietary trading in distressed debt securities based upon inside information.35 The SEC alleged that the firm’s trader obtained material nonpublic information about the issuers of the securities through his service as Barclays representative on bankruptcy creditors committees. Barclays Bank was not a registered broker-dealer and therefore was not subject to the requirements of section 15(f)). Nevertheless, the SEC’s case against the bank was premised on

32 Final Rule Release, supra note 21 at *34-*35. 33 Gabelli & Company, Inc. and GAMCO Investors, Inc., Exchange Act Release No. 35057,

1994 SEC LEXIS 3744 (Dec. 8, 1994).

34 E.g., Friedman, Billings, Ramsey., 2006 SEC LEXIS 3009 (chairman/CEO and compliance

director of broker-dealer charged as “controlling persons” with violations of section 15(f)); Van

• D. Greenfield and Blue River Capital LLC, Exchange Act Release 52744, 2005 SEC LEXIS

2892 (Nov. 7, 2005) (principal of broker-dealer caused and aided and abetted firm’s violations of section 15(f)).

35 Barclays Bank, 2007 SEC LEXIS 1170.

the facts that management knew that that the trader was continuing to trade in the securities of issuers for which he served on creditors committees, and the firm’s Compliance Department – although it knew that the Distressed Debt Desk received restricted information about such issuers – “failed to impose informational barriers or otherwise enforce policies to prevent” the trader from trading in the issuers’ securities.36 In addition, firms that fail in their compliance obligations under sections 15(f) and 204A may lose the benefit of certain defenses to substantive liability that the federal securities laws make available to them. Specifically:

• Section 20(a) of the Exchange Act provides that any person who exercises “control”
• ver another person who commits a violation may be held jointly and severally liable

for the violation “unless the controlling person acted in good faith and did not directly

• r indirectly induce the act or acts constituting the violation or cause of action.37

Under many court decisons, whether a broker-dealer can claim the defense of “good faith” in the event of violations by an associated person may depend on whether the entity can demonstrate that it established appropriate supervisory mechanisms and controls to prevent the violation.38

• Section 21A of the Exchange Act provides that a district court may assess an insider

trading penalty of up to three times the illegal trading profits against a broker, dealer,

• r investment adviser as a “controlling person” of an inside trader in circumstances

where the entity “knowingly or recklessly failed to establish, maintain, or enforce any policy or procedure required by section 15(f) … or section 204A … and such failure substantially contributed to or permitted the occurrence of the act or acts constituting the violation.”39

• Rule 10b5-1(c)(2) under the Exchange Act provides an affirmative defense to insider

trading liability for entities whose employees engage in potentially violative trading

36 Barclays Bank, Complaint at ¶¶ 19, 20 (May 30, 2007), available at

http://www.sec.gov/litigation/litreleases/2007/lr20132.htm; see also Goldman, Sachs & Co., Exchange Act Release No. 48436, 2003 SEC LEXIS 2100 (Sept. 4, 2003) (finding firm liable for insider trading through firm’s proprietary accounts in part because firm did not have adequate section 15(f) procedures to prevent trading (discussed below)).

37 15 U.S.C. §78t(a) (2006). 38 E.g., Harrison v. Dean Witter Reynolds, Inc., 974 F.2d 873, 881 (7th Cir. 1992), cert denied,

509 U.S. 904 (1993); Newton and Company v. Texas Commerce Bank, 630 F.2d 1111, 1120 (5th

• Cir. 1980)

39 15 U.S.C. §78u-1(b)(1)(B) (2006). It appears that the SEC has only brought one case to obtain

an insider trading penalty based on a securities firm’s reckless failure to establish or enforce section 15(f) or 204A procedures. See SEC v. Haddad, et al., Litigation Release No. 13473, 1992 SEC LEXIS 3294 (Dec. 17, 1992).

• n their behalf. The defense requires the entity to demonstrate both that the

individual making the investment decision was unaware of the inside information at the time of the trading, and that the entity “had implemented reasonable policies and procedures, taking into consideration the nature of the person’s business, to ensure that individuals making investment decisions would not violate the laws prohibiting trading on the basis of material nonpublic information.”40 Thus, the absence of adequate compliance with sections 15(f) or 204A will deprive the firm of reliance on this affirmative defense.

• Rule 14e-3 under the Exchange Act prohibits trading in advance of an upcoming

tender offer based upon information about the offer obtained from inside sources. However, rule 14e-3(b) provides an affirmative defense to liability for entities based

• n circumstances similar to those set forth in rule 10b5-1(c)(2).

Thus, a firm that cannot demonstrate full compliance with sections 15(f) or 204A may find its legal position compromised on a number of fronts in the event of an SEC investigation into potential trading abuses at the firm. III. The SEC’s Enforcement of Sections 15(f) and 204A As noted above, sections 15(f) and 204A require brokers, dealers, and investment advisers to “establish, maintain, and enforce written policies and procedures reasonably designed, taking into consideration the nature of such [broker, dealer, or investment adviser’s] business, to prevent the misuse” of material nonpublic information. Thus, the statutory terms frame the issues in any SEC investigation. Does the firm maintain written procedures? Are the written procedures reasonably designed to safeguard material nonpublic information? In particular, are the procedures designed with a view toward the specific structure and business activities of the firm? Has the firm taken reasonable steps to enforce its written procedures? The enforcement actions the SEC has filed illustrate the breadth of the Commission’s interest in this area. Although some actions have involved firms that did not have any procedures at all, in most cases the subject firms had written procedures, but the SEC found significant gaps in the coverage of the procedures, or failures on the part of the firm to enforce its

• procedures. The cases run the gamut of the processes by which securities firms handle

confidential information, including, for example, practices for selecting issuers to be placed on watch lists or restricted lists;41 practices for the dissemination of confidential information within the firm, and failures to limit or monitor dissemination;42 and failures to surveil employee and

40 17 C.F.R. §240.10b5-1(c)(2) (2006). 41 E.g., Morgan Stanley, 2006 SEC LEXIS 1465; Certain Market Making Activities on Nasdaq

(Order as to J.P. Morgan Securities, Inc.), Exchange Act Release No. 34-40910, 1999 SEC LEXIS 59 (Jan. 11, 1999); Friedman, Billings, Ramsey, 2006 SEC LEXIS 3009; Gabelli & Company, 1994 SEC LEXIS 3744.

proprietary trading.43 Firms that have been subject to enforcement actions have ranged from small broker-dealers and investment advisers with under 10 employees44 to some of the largest and most prominent names in the financial services industry.45 Thus, there is no clear or easy roadmap to the particular issues on which the SEC may focus in any given case. A lack of vigilance either in establishing appropriate written procedures

• r at any point in the process of implementing procedures may result in an SEC investigation,

and possibly an enforcement action, in particular if a trading problem occurs that prompts the SEC’s interest and spotlights a shortcoming in the firm’s conduct. However, with this caveat, a review of the cases suggests a number of common themes to which the Commission has returned time and again. Procedures should take into account the specific structure of the firm, including particular business operations or informational risks. The SEC places great weight on the statutory mandate that procedures be “reasonably designed, taking into consideration the nature

• f” the firm’s business.

The SEC’s parallel actions against Goldman, Sachs and MFS turned on the Commission’s view that the firms’ written procedures for the protection of confidential information did not sufficiently take account of particularized risks that were inherent in how the firms obtained and used certain information. The Commission’s orders found that, on the morning of October 31, 2001, Goldman, Sachs traders and MFS fund managers purchased quantities of 30-year U.S. Treasury bonds based on material nonpublic information that the Treasury Department was about to announce the suspension of future bond issuances.46 In each case, the information was obtained from a Washington, D.C.-based political consultant who was under retainer to the firms, and who tipped his contacts at the firms with the information minutes before the Treasury Department’s news embargo was lifted. The SEC found that because Goldman, Sachs and MFS made regular use of such paid consultants to provide information on

42 E.g., Banc of America Securities, 2007 SEC LEXIS 492; Friedman, Billings, Ramsey, 2006

SEC LEXIS 3009; Fox-Pitt Kelton, Inc., Exchange Act Release No. 37940, 1996 SEC LEXIS 3219 (Nov. 12, 1996).

43 E.g., Banc of America Securities, 2007 SEC LEXIS 492; Morgan Stanley, 2006 SEC LEXIS

1465; Van D. Greenfield, 2005 SEC LEXIS 2892.

44 E.g., Hutchens Investment Management and William Hutchens, Advisers Act Release No.

2514, 2006 SEC LEXIS 1039 (May 9, 2006); Van D. Greenfield, 2005 SEC LEXIS 2892.

45 In addition to the Banc of America Securities and Morgan Stanley cases, see Goldman, Sachs,

2003 SEC LEXIS 2100; Massachusetts Financial Services Company, Advisers Act Release No. 2165, 2003 SEC LEXIS 2103 (Sept. 4, 2003); J.P. Morgan Securities, 1999 SEC LEXIS 59.

46 Goldman, Sachs, 2003 SEC LEXIS 2100; Massachusetts Financial Services Company, 2003

SEC LEXIS 2103. The author worked on the Goldman, Sachs and MFS matters while employed at the SEC.

political, financial, budgetary, and regulatory developments, the firms’ procedures should have specifically addressed the potential for such consultants to tip the firms with material nonpublic

• information. In the absence of such specific guidance, the Commission determined that the

firms’ procedures were not “reasonably designed” to prevent the misuse of material nonpublic information within the meaning of sections 15(f) and 204A. The SEC’s recent injunctive action against Friedman, Billings, Ramsey & Co. (“FBR”), and the firm’s former Chairman/CEO and former Compliance Director, illustrates how strictly the Commission applies this requirement. The SEC sued FBR for insider trading, failing to maintain and enforce appropriate information procedures (section 15(f)), and unregistered sales

• f securities as a result of FBR’s short-selling securities of CompuDyne Corporation during the

period when FBR was acting as placement agent for a PIPE47 offering by CompuDyne, and before the PIPE was publicly-announced. With regard to the section 15(f) claim, the SEC’s complaint charged that, although FBR had policies and procedures relating to the handling of material nonpublic information, “those policies and procedures were not appropriately tailored to the nature of FBR’s business, in connection with serving as a placement agent for a PIPE

• ffering, ….”48 The interesting thing to note is that the SEC faulted FBR for not having

procedures appropriately “tailored” to a PIPE offering even though the Commission acknowledged that FBR had never previously worked on a PIPE; the CompuDyne transaction was FBR’s first PIPE engagement.49 The Director of the SEC’s Division of Investment Management, commenting recently on the need for hedge fund advisers to have appropriately “tailored” insider trading policies, noted that the staff considers factors such as “the affiliations of investors in the hedge funds and the likelihood that those investors could be mined for non-public information, as well as the types of investment strategies a hedge fund follows, such as distressed debt and bank loan participations, as well as the use of long/short equities.”50 Procedures should address the potential for violations created by the multiple roles of

• personnel. The need for procedures to address the “multiple roles” of persons who both have

access to material nonpublic information and the capacity to influence trading decisions has been a consistent theme of the SEC’s enforcement actions. The SEC alleged that FBR’s procedures were not adequately tailored to the CompuDyne PIPE offering because they did not account for the fact that the firm’s Chairman/CEO and head trader controlled the firm’s market making in CompuDyne stock at the same time that their positions gave them access to material nonpublic information about the offering. The CEO

47 “PIPE” is an acronym for “Private Investment in Public Equity.” 48 Friedman, Billings, Ramsey, Complaint at ¶3 (“FBR Complaint”), available at

http://www.sec.gov/litigation/litreleases/2006/lr19950.htm.

49 Id. at ¶19. 50 Donohue Remarks, supra note 4.

learned about the offering through his service on FBR’s underwriting committee, and the head trader learned about it because he was also a member of FBR’s institutional sales staff and participated in the sale of shares in the offering. Thus, according to the SEC, FBR failed to establish procedures “to address, in the context of a PIPE offering, the flow of material nonpublic information from [the underwriting and sales departments] to [the trading department] resulting from FBR employees serving in multiple roles within the firm.”51 In a number of cases, the issue of “multiple roles” has arisen because the firm’s written procedures did not effectively govern the head of the firm, who had a unique dual role that encompassed both access to issuer information and transactions for firm or customer accounts.52 However, as the SEC’s action against FBR illustrates, the presence of lower-level officials (such as FBR’s head trader) in “multiple roles” can also suggest the need for procedures that address the flow and use of information in the specific context of those roles. Another example is found in the SEC’s recent proceeding against BAS for violations of section 15(f). The SEC’s Order faulted BAS for, among other things, failing “to establish specific policies and procedures to address the conflicts created by the multiple roles and activities performed by the firm’s” Marketing Director for Equity Research. These included serving as liaison between the firm’s sales and research departments, helping to shape research coverage, and providing advice to the firm’s position traders. The Marketing Director thus routinely learned material nonpublic information about forthcoming research reports from analysts, and also interacted regularly with the firm’s traders.53 The importance of effective controls on the internal dissemination of material nonpublic information. Failures to limit the dissemination of confidential information among sales and trading personnel figured prominently in the SEC’s recent cases against BAS and FBR. According to the SEC’s Order, BAS had policies and procedures that were intended to prevent the firm’s research from being released to sales and trading staff for their use until the information was made public. However, the practices at BAS were “contrary to the firm’s stated policies” because sales and trading personnel frequently obtained advance information about not- yet-public research, including upgrades and downgrades, through various firm distribution channels.54 The SEC specifically noted that, notwithstanding its formal policies, BAS regularly disseminated documents summarizing forthcoming research to sales and trading personnel, and

51 Id. at ¶21. 52 In addition to the SEC’s allegations regarding the dual role of FBR’s chairman and CEO, see

Gintel Asset Management, Inc., Advisors Act Release No. 2079, 2002 SEC LEXIS 2868 (Nov. 8, 2002); DePrince, Race, & Zollo, Inc. and John D. Race, Advisers Act Release No. 2035, 2002 SEC LEXIS 1517 (June 12, 2002); Guy P. Wyser-Pratte, et al., Exchange Act Release No. 44283, 2001 SEC LEXIS 885 (May 9, 2001); Gabelli & Company, 1994 SEC LEXIS 3744.

53 Banc of America Securities, 2007 SEC LEXIS 492. 54 Id.

also broadcast to the trading floor sales meetings at which forthcoming research changes were discussed.55 Similarly, the SEC’s complaint against FBR alleged that the firm had a policy requiring that material nonpublic information only be disseminated to employees with a “need to know.” However, in the case of the CompuDyne PIPE offering, the firm did not enforce its policy. Internal e-mails and other information that were intended to assist in selling shares in the PIPE, and that therefore should have limited to the institutional sales staff, were instead widely disseminated, in some instances to the entire firm.56 Written policies and procedures must be effectively implemented; the need for procedures to check the procedures. The SEC’s determination that BAS and FBR failed to follow their own policies regarding the internal dissemination of material nonpublic information reflects a broader issue; it is not sufficient for a firm to have written policies and procedures if the firm does not also ensure that its policies and procedures are scrupulously followed. The SEC’s recent action against Morgan Stanley illustrates the importance the SEC places on a firm setting up monitoring systems to ensure that its procedures to protect material nonpublic information are functioning and effective. Morgan Stanley’s trading surveillance processes were the principle focus of the SEC’s action. Although Morgan Stanley had written policies requiring surveillance of trading in securities that were placed on the firm’s watch list, the SEC took Morgan Stanley to task for surveillance lapses relating to hundreds of thousands of employee accounts and certain of the securities of several thousand issuers on the watch list over a multi-year period. Notably, many of the failures the SEC identified in the Morgan Stanley case appear to have resulted from mere errors in the implementation of Morgan Stanley’s surveillance procedures: e.g., a mistaken belief on the part of the Control Group (the unit within the firm’s Compliance Department that was responsible for trading surveillance) that a particular surveillance report captured all relevant employee trading from legacy Dean Witter; account coding errors that resulted in some employee accounts being excluded from surveillance; failures

• n the part of certain compliance units to forward to the Control Group information about

employee trading in outside accounts; and errors in entering CUSIP numbers into the company’s mainframe system for watch list securities. Nonetheless, the inadvertence of many of the violations did not counterbalance what the SEC characterized as a “systemic breakdown in this critical compliance function.”57 The SEC also faulted Morgan Stanley for lacking a “system of accountability” to ensure that employees were properly following the firm’s prescribed steps for adding issuers to the

55 Id. 56 FBR Complaint, supra note 48 at ¶¶22-26. 57 Morgan Stanley, 2006 SEC LEXIS 1465.

watch list.58 Morgan Stanley’s procedures required employees in the business units to notify the Control Group if they anticipated receiving material nonpublic information, and the assigned Control Group analyst to then determine whether the information was material and the issuer should be placed on the watch list. However, the SEC determined that Morgan Stanley should also have implemented a “process for checking to ensure that all material transactions were reported to the Control Group.”59 Further, the assigned Control Group analyst should not have been left with “sole discretion” to determine whether a given transaction was material (see below regarding the issue of discretion), and the Control Group should have tracked all referrals, whether or not they resulted in an issuer being added to the watch list.60 Thus, a key lesson of these cases – in particular the Morgan Stanley case – appears to be that the SEC expects firms to implement checks and cross-checks to ensure that their section 15(f) and 204A procedures are functioning properly. Procedures should limit employee discretion; the need to provide personnel with clear and specific guidance. The SEC has repeatedly made clear that a policy is inadequate when it begins from the premise that an individual should conduct a “self-evaluation” of whether he or she has obtained material nonpublic information and “self-report” that information to the Compliance or Legal Department. This has especially been found to be the case when the individual involved is a senior or controlling officer of the firm,61 but the principle applies in

• ther circumstances as well. Thus, in a case against J.P. Morgan, the SEC described as “flawed”

procedures that required the Compliance Department to be informed whenever a trader received material nonpublic information from an investment banker.62 The problem, according to the Commission, was that the procedure left the determination of materiality – and therefore whether a report to Compliance was required – in the hands of the trader and the investment banker. The SEC wrote that “Whenever a trader is given nonpublic information concerning an investment banking engagement, the trader’s continued ability to transact in the relevant securities should be evaluated by compliance personnel or legal counsel with appropriate training and knowledge.63 The SEC’s recent action against Morgan Stanley made clear that the Commission’s concern about limits on employee discretion does not stop once the matter has been turned over to compliance or legal staff. As noted above, Morgan Stanley’s procedures apparently took the

58 Id. 59 Id. 60 Id. 61 See Gintel Asset Management, 2002 SEC LEXIS 2868; DePrince, Race, & Zollo, 2002 SEC

LEXIS 1517; Guy P. Wyser-Pratte, 2001 SEC LEXIS 885; Gabelli & Company, 1994 SEC LEXIS 3744.

62 J.P. Morgan Securities, 1999 SEC LEXIS 59. 63 Id.

materiality determination (and therefore the issue of whether an issuer should be added to the firm’s watch list) away from the business unit personnel and placed it in the hands of the firm’s Control Group analysts. However, the Commission found this procedure to be inadequate because it gave each analyst “sole discretion in determining whether a given transaction was material.”64 Subsequently, the Commission noted, Morgan Stanley instituted a system for reviewing all materiality determinations. For similar reasons, the Commission criticized Morgan Stanley’s procedures that governed the Control Group’s reviews of trading in watch list securities. Although the firm provided Control Group analysts with a list of factors to consider in determining whether trades may have been improper, the SEC found that “providing only a list of factors without any specific guidance regarding how or when they should be considered was inadequate written guidance.”65 The Commission thus faulted Morgan Stanley for leaving it to “the discretion of the individual analyst conducting surveillance to determine which factors, if any, to consider in the context of reviewing a particular trade.”66 The importance of documentation. As noted above, the 1990 Division Report issued by the SEC’s Division of Market Regulation indicated the importance of firms documenting their actions in order to facilitate subsequent reviews and compliance efforts. The SEC strongly reiterated this concern in its action against BAS. The Commission found that “BAS failed adequately to establish procedures to track the actual release times for its equity research. BAS therefore could not effectively monitor or investigate for potential misuse of that information because it was unable accurately to determine when its material nonpublic research information became public.”67 Similarly, in the Morgan Stanley case, the SEC criticized the firm’s failure to track all notifications to the Control Group regarding issuer information whether or not the Control Group determined to add the issuer to the firm’s watch list. Inadequate documentation of transactions also played a role in one of the earliest cases brought under section 15(f), the SEC’s action against Gabelli & Company. The case focused on informational risks that were present because Mario Gabelli, the head of the firm and de facto chief investment officer, also served as the chairman and CEO of a public company. The practice at the firm was to place the issuer on the firm’s restricted list the day before the company’s board meetings and press announcements. Among the reasons the SEC identified for finding this practice to be “ineffective” was the fact that no records were kept concerning when and how the firm was notified of a board meeting or press release.68 (The SEC also found that there was no correlation between when the company was put on the restricted list, and when Gabelli actually received material nonpublic information.)

64 Morgan Stanley, 2006 SEC LEXIS 1465. 65 Id. 66 Id. 67 Banc of America Securities, 2007 SEC LEXIS 492. 68 Gabelli & Company, 1994 SEC LEXIS 3744.

IV. Conclusion Although the SEC has a long history of bringing cases under section 15(f) of the Exchange Act and section 204A of the Advisers Act, the agency is now approaching enforcement of these statutes with increased vigor. Recent cases make clear that brokers, dealers, and investment advisers face the possibility of stiff sanctions if they are lax toward their

• bligation to establish, maintain, and enforce written policies and procedures to prevent the

misuse of material nonpublic information. Most importantly, firms need to ensure that their written procedures are tailored to specific informational risks that are engendered by their particular business operations; are being implemented properly and effectively; and limit the discretion granted to individual employees, even compliance and legal staff.