Securities Trading of Regulators

As an employee of a securities regulator, conducting securities trading for personal account may pose a conflict of interest problem. Internal rules must be developed to prevent and detect sensitive trading activities.

The new Chairman of US SEC recently outlined a series of measures the agency is taking to strengthen its internal compliance program to guard against inappropriate employee securities trading.

The measures the agency is taking include:

1. The staff has drafted a set of new internal rules governing securities transactions for all SEC employees that will require preclearance of all trades. It also will, for the first time, prohibit staff trading in the securities of companies under SEC investigation regardless of whether the employee has personal knowledge of the investigation.
2. SEC is contracting with an outside firm to develop a computer compliance system to track, audit and oversee employee securities transactions and financial disclosure in real time.
3. SEC Chairman has signed an order consolidating responsibility for oversight of employee securities transactions and financial disclosure reporting within the Ethics Office. And, she has authorized the hiring of a new chief compliance officer.

The staff has drafted internal rules governing securities trading and has submitted those rules for clearance by the Office of Government Ethics.

Current agency rules prohibit, among other things, short selling, carrying securities on margin, engaging in options or futures transactions in instruments whose value is derived from an underlying security, and holding a security interest in broker-dealers and registered investment advisers. The current rules also mandate that employees hold stock that they purchase for at least six months to limit speculative activity. Further, SEC employees are required to report all trades within five days of receiving confirmations.

In addition to the existing rules, the newly-approved rules will:

• Require employees to pre-clear all their securities transactions to ensure, among other things, the company whose stock they are trading is neither being investigated by the SEC nor is involved in an IPO. Also, any employee with access to non-public information about a company's registration statement may not trade in that security.
• Prohibit ownership of securities in publicly-traded exchanges and transfer agents, in addition to existing prohibitions against owning securities in broker-dealers, registered investment advisers and others directly regulated by SEC.
• Require that all employees authorize their brokers to provide the agency with duplicate trade confirmation statements. Those statements would then be integrated into a new computerized system so that employees can more easily comply with reporting obligations and the ethics office can more effectively monitor compliance.
• Require employees to certify before any trade that they do not possess any non-public information about the company being traded.

As part of the pre-clearance and compliance process, periodic reviews will be conducted by supervisors to compare transactions against the employee's work projects to guarantee compliance with the rules.

SEC is contracting with an outside firm to develop a new agency-wide computer system that will enable the Ethics Office to pre-clear and track all employee securities transactions for compliance with the rules. The new system would automate employee reporting of personal securities transactions which would simplify the reporting process for employees and ensure accurate pre-clearance checks. It would also provide for easy verification of transactions by comparing reported trades against confirmation statements provided directly by each employee's brokerage firm. Further, the system would permit the Ethics Office to monitor transactions and detect any irregularities.

Finally, the new system would capture the trades of all employees in one system rather than a series of various handwritten forms that are not presently required from all agency personnel.

I suggest HKMA and SFC also publicize their internal employing trading rules for the sake of good corporate goverance.

Proxy Voting

The suspected "vote-rigging" case of PCCW has alerted us that the voting result could be manipulated even the so-called beneficial "shareholders" are present to vote by themselves. If proxy voting is used, then the conflict of interest problem may even be more inevitable.

US SEC recently charged INTECH Investment Management and its former chief operating officer David E. Hurley for violating the SEC's proxy voting rule for investment advisers by not sufficiently describing its proxy voting policies and procedures and failing to address a material potential conflict of interest.

The proxy voting rule requires registered investment advisers to adopt proxy voting policies and describe them to clients, including procedures to address material conflicts of interest that may arise between the adviser and its clients. The rule is designed to ensure that advisers vote proxies in their clients' best interests, and provide clients with information about how their proxies are voted. This is the first enforcement action taken by the SEC for a proxy voting rule violation.

INTECH managed institutional portfolios for pension plans, foundations, unions, public funds and public corporations. As part of its investment advisory services, INTECH exercised voting authority over many of its clients' securities or proxies. In connection with the proxy voting rule, which became effective 10 March 2003, INTECH adopted and implemented written proxy voting policies and procedures and provided them to its clients. Hurley reviewed and edited counsel's drafts of those policies and procedures.

SEC found that INTECH exercised voting authority over client securities without including in its policies and procedures how it would address material potential conflicts of interests. Specifically, INTECH chose a particular set of voting recommendations for all clients without addressing and describing in the policies and procedures its potential effect on INTECH's ability to retain and obtain business from a particular subset of its clients.

After receiving complaints from some of its union-affiliated clients about pro-management proxy votes, INTECH selected a third-party proxy voting service provider's guidelines to vote in accordance with AFL-CIO (Note) based proxy voting recommendations for all clients' securities. INTECH selected the guidelines that followed the AFL-CIO proxy voting recommendations at a time when it was participating in the annual AFL-CIO Key Votes Survey that ranked investment advisers based on their adherence to the AFL-CIO recommendations on certain votes.

When INTECH advised its clients about its proxy voting policies and procedures, it told clients that because it relied on a third-party proxy voting service, it did not expect that any conflicts would arise in the proxy voting process. Accordingly, INTECH's policies and procedures did not include how INTECH would address material potential conflicts of interests that may have arisen between its interests and those of its clients. INTECH also did not sufficiently describe its proxy voting policies and procedures to clients.

Without admitting or denying any of the findings, INTECH agreed to pay a penalty of US$300,000 and Hurley agreed to pay a US$50,000 penalty. In addition, SEC's order censures INTECH and Hurley and requires them to cease and desist from committing or causing any violations and any future violations.

Note: AFL-CIO stands for American Federation of Labor and Congress of Industrial Organizations, which is a national trade union center, the largest federation of unions in US, made up of 56 national and international unions (including Canadian), together representing more than 10 million workers.

Licensing of Compliance Officers

Before the SFO was finalized 7 years ago, I heard there had been a debate about whether requiring compliance officers to be licensed by SFC, i.e. creating a new regulated activity (RA10?) for them. The final conclusion was NO. Subsequently another query is whether SFC would licence compliance officers if they apply for them.

SFC has just released a new FAQ to address this enquiry, where SFC's answers are:

• Normally, SFC will not license back office staff, including compliance officers and in-house legal counsel.
• If a person who is employed by a licensed corporation in such a role does not perform functions that directly relate to the conduct of the regulated activity for which the corporation is licensed, SFC will neither license him as a representative nor approve him as a responsible officer.
• SFC takes the view that competent compliance officers or in-house legal counsel do not necessarily possess the qualifications and experience necessary to be approved as responsible officers. Frequently, they do not possess such qualifications and experience.
• SFC also considers that the functions of compliance officers and in-house legal counsel are inherently different from those of epresentatives who are licensed to carry on regulated activities for the licensed corporation to which they are accredited.
• One of the primary functions of a licensed corporation's compliance officer or in-house legal counsel is to ensure regulatory compliance both on the part of the licensed corporation and also on the part of the licensed representatives accredited to it. As a matter of general principle, SFC considers it necessary for there to be segregation between the performance of this function and the performance of the activities that constitute the carrying on of regulated activities. Without such segregation, there would be inherent conflict arising out of a compliance officer or in-house legal counsel carrying on the regulated activities for which the corporation employing him is licensed and, at the same time, being responsible for supervising such activities for the purposes of regulatory compliance.
• This is underscored in SFC's Management, Supervision and Internal Control Guidelines, which states, "Management establishes and maintains an appropriate and effective compliance function within the firm which, subject to constraint of size, is independent of all operational and business functions, and which reports directly to the Management".
• As a matter of general principle, compliance officers and in-house counsel who are employed by a licensed corporation should refrain from carrying on the regulated activities for which the corporation is licensed.

Interestingly, for smaller firms who can't afford a full-time compliance officer, usually a responsible officer is also taking up the compliance role. Such conflict of interest is unavoidable.

Phishing Scams

US FINRA recently fined Centaurus Financial, Inc. (CFI) USD175,000 for its failure to protect certain confidential customer information. Centaurus was also ordered to provide notifications to affected customers and their brokers and to offer these customers one year of credit monitoring at no cost.

From April 2006 to July 2007, CFI failed to ensure that it safeguarded confidential customer information. Its improperly configured computer firewall - along with an ineffective username and password on its computer facsimile server - permitted unauthorized persons to access stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data. The firm's failures also permitted an unknown individual to conduct a "phishing" scam. When CFI became aware of the phishing scam, the firm conducted an inadequate investigation and sent a misleading notification letter to approximately 1,400 affected customers and their brokers.

On 15 July 2007, CFI's fax server was used by an unauthorized third party to host a phishing scam. Phishing scams are designed to trick computer users into divulging personal information such as usernames, passwords and bank and credit card information. A file simulating a popular Internet auction site was uploaded to CFI's fax server and over a three-day period there were 894 unauthorized logins by 459 unique IP addresses, most of them from recipients of a mass email sent by the perpetrators of the scam.

Following the discovery of the phishing scam, CFI sent a misleading letter to approximately 1,400 customers and their brokers, inaccurately stating that the unauthorized access was limited to one person and that information on the server was not openly available. The letter failed to state that other unauthorized logins had occurred and did not inform the customers that the unauthorized access was made possible by the inadequate firewall and weak username ("Administrator") and password ("password") on its computer fax server.

Phishing scam is a serious problem, but withholding of a serious problem is even more severe.