Financial Services Alert - April 12, 2011 April 12, 2011
In This Issue

Federal District Court Cites Absence of Loss Causation in Dismissing Section 11 and Section 12(a)(2) Claims Based on Mutual Fund’s Mortgage-Related Securities Holdings

The United States District Court for the Southern District of New York dismissed claims under Section 11 and 12(a)(2) of the Securities Act of 1933 against a mutual fund’s sponsor and related parties (collectively, the “Sponsor”) asserting misrepresentations in the fund’s offering documents, holding that plaintiff’s losses could not be causally connected to those purported misrepresentations.  The complaint claimed, among other things, that statements in the fund’s offering documents about the fund’s objectives of maintaining a diversified portfolio, seeking liquidity and investing in high quality debt securities were misleading because of the fund’s extensive investments in mortgage-related securities, resulting in subsequent declines in the fund’s share price during the subprime mortgage crisis.

In simple terms, Sections 11 and 12(a)(2) permit a plaintiff to bring a claim for depreciation in the value of a security based on a material misstatement or material omission (in a mutual fund’s registration statement in the case of Section 11, and in a prospectus or oral statement in the case of Section 12(a)(2)).  While loss causation is not a required element of Section 11 or 12(a)(2) claims, those claims are subject to an affirmative defense that the depreciation was not caused by the alleged misstatement or omission.  The court noted that if this lack of a causal connection were apparent on the face of the complaint, the court could dismiss the complaint. 

The court cited two cases as principal authority on this issue of loss causation:  Dura Pharmaceuticals, Inc. v. Broudo, 544 U.S. 336 (2005), and Lentell v. Merrill Lynch & Co., 396 F.3d 161 (2d Cir. 2005).  The court reasoned that both these decisions stood for the proposition that in order for there to be loss causation, “the disclosure of the facts hidden by the material misstatement, whether by a ‘corrective disclosure’ theory or by a ‘materialization of the risk’ theory, must negatively affect the value of the security.” 

Applying this precedent, the court concluded that whatever the Sponsor may have said about the diversification, liquidity and credit quality of the fund’s portfolio, it was “simply irrelevant to loss causation.”  The court stated that in Section 11 and 12(a)(2)’s statutory scheme, “it is crucial that there be a revelation of the concealed risk and that the revelation caused a depreciation in the value of the security.”  For mutual funds, the court noted that the fund’s share price is not determined by secondary market securities trading.  Rather, the fund’s net asset value is calculated according to a formula dictated by the Investment Company Act of 1940 that depends on the value of the underlying securities.  The fund’s NAV thus accurately reflected the value of investments that the fund held at any given time, and could not have been inflated by alleged misstatements or omissions in the prospectus.  The court agreed that the defendants had successfully shown that the declines in the fund’s share price were caused by the decline in value of the fund’s holdings, not the misrepresentations and omissions alleged by the plaintiff.  While the purportedly false statements about the fund’s composition may have induced the plaintiff to purchase shares, “that proves only transaction causation, not loss causation.”  The court rejected the plaintiff’s “run on the fund” argument for the same reason, finding that significant redemption activity prompted by the fund’s declining share price may have put pressure on the fund to liquidate, but the liquidation caused losses because of the decreasing value in the fund’s underlying securities. 

On the basis of the foregoing, the court concluded that the defendants were entitled to dismissal of the complaint.  The court acknowledged that while certain federal district courts had taken a similar approach, In re Morgan Stanley Mutual Fund Securities Litigation, No. 03 Civ. 8208 (RO), 2006 WL 1008138 (S.D.N.Y. Apr. 18, 2006) and In re Salomon Smith Barney Mutual Fund Fees Litigation, 441 F. Supp. 2d 579 (S.D.N.Y. 2006), others had issued decisions supportive of the plaintiff’s approach to loss causation, citing In re Charles Schwab Corp. Securities Litigation, 257 F.R.D. 534 (N.D. Cal. 2009); In re Evergreen Ultra Short Opportunities Fund Securities Litigation, 705 F. Supp. 2d 86 (D. Mass. 2010); and Rafton v. Rydex Series Funds, No. 10-CV-01171-LHK, 2011 WL 31114 (N.D. Cal. Jan. 5, 2011).

SEC Settles Administrative Proceedings Against CCO and Other Brokerage Executives over Violations of Regulation S-P

The Securities and Exchange Commission (the “SEC”) settled administrative proceedings against the former president, the former chief compliance officer (the “CCO”) and the former national sales manager of a Tampa-based brokerage firm (the “Firm”) that was winding down its operations.  The SEC found that the Firm’s former president authorized the former national sales manager to transfer private information regarding Firm customers to a broker-dealer where the national sales manager was subsequently employed without giving the customers reasonable notice and opportunity to opt out of the transfer of their personal information as required under Regulation S-P.  The SEC also found that the means by which customer account information was transferred to a successor broker-dealer violated Regulation S‑P’s provisions that require a broker‑dealer to protect customer information against unauthorized access and use (the “Safeguard Rule”) and that the Firm’s overall policies and procedures for protecting the confidentiality of customer information were inadequate.  This article provides highlights of the SEC’s findings with respect to violations of the Safeguard Rule.

Regulation S-P Safeguard Rule.  Section 30(a) of Regulation S-P requires every broker‑dealer registered with the SEC to adopt written policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information.  The policies and procedures should be designed to: (i) insure the security and confidentiality of customer records and information; (ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. 

Violations Involving Transfer of Customer Account Information.  As the Firm was winding down its business operations, the Firm’s former president authorized the former national sales manager to transfer information from more than 16,000 Firm accounts to the sales manager’s new firm by downloading customer names, addresses, account numbers and asset values to a thumb drive that was physically removed from the Firm.  The SEC found that these acts placed customer information at an impermissible risk of unauthorized access and misuse in violation of the Safeguard Rule.  The SEC also found that the Firm violated the Safeguard Rule because, although it knew that there was a reasonably foreseeable risk that its departing registered representatives would disclose customer nonpublic personal information to successor brokerage firms, the Firm did not adopt any written policies or procedures addressing the transfer and protection of such information.

Inadequate Policies and Procedures for Protecting Customer Information .  The SEC criticized the Firm’s policies and procedures for safeguarding customer information as too general and vague, observing that they merely recited the Safeguard Rule, only provided examples of safeguards that “may be adopted,” and failed to set forth specific policies and procedures to protect customer information.  The SEC cited the fact that the Firm failed to instruct its registered representatives how to protect customer information or enumerate steps needed to ensure compliance with the Safeguard Rule, and did not set forth steps for following up on breaches or potential breaches of customer information security uncovered by the Firm and its registered representatives.  The SEC also cited the fact that although the policies and procedures referenced a “Designated Principal” responsible for monitoring and testing the Firm’s safeguards on an annual basis to indentify the foreseeable risks warranting improvements or adjustments to the safeguards, no such person was ever named as the “Designated Principal.”

Inadequate Response to Compliance Failures.  As a basis for its findings, the SEC noted the theft of laptop computers from three Firm employees and the unauthorized use of password credentials by a former employee to obtain confidential customer information, although no reports of misuse of customer information were subsequently received by the Firm.  In 2006, a Firm laptop containing nonpublic personal information of 1,120 Firm customers, including in some cases dates of birth and social security numbers, was stolen from one of the Firm’s franchise offices.  The Firm filed a police report regarding the theft and considered, but did not send, a letter to the affected customers notifying them of the theft.  Nearly two years later, two other Firm laptop computers were misappropriated from registered representatives in separate incidents.  The representatives stated that the laptops did not contain any customer information; the Firm took no further steps concerning the stolen laptops, which were not recovered.  In 2007, a terminated registered representative misappropriated another employee’s computer password credentials and was able to monitor the employee’s e-mails for at least three months, and possibly, as much as a year after termination.  In response to the breach, the Firm instructed the employees of the office where the incident occurred to change their computer password credentials, but failed to implement a firm-wide policy requiring employees to change their password credentials on a periodic basis.  The Firm did not take any additional steps to address the matter and did not contact law enforcement authorities to report the breach, despite a recommendation to do so by the Firm’s IT department.

Oversight by the CCO.  Between July 2005 and February 2009, the CCO was responsible for oversight of the Firm’s written policies and procedures designed to address the Safeguard Rule.  His responsibilities included, in part, annual review of the policies and procedures to ensure their adequacy.  The CCO was informed of the laptop computer thefts and the unauthorized use of an employee’s password credentials.  However, despite supervising two annual reviews of the Firm’s policies and procedures, the CCO failed to direct the Firm to supplement the procedures for safeguarding customer information so as to ensure compliance with the Safeguard Rule.

Sanctions.  In addition to being censured and ordered to cease and desist from violations of Regulation S‑P, each of the former executives agreed to pay penalties, $20,000 each in the case of the former president and former national sales manager and $15,000 in the case of the former chief compliance officer.  The press release announcing the settlement orders commented that these proceedings marked the first time that the SEC had assessed financial penalties against individuals solely on the basis of Regulation S-P violations.

FINRA Requests Comment on New Rule 3190 Governing Use by Member Firms of Third-Party Service Providers

FINRA has published Regulatory Notice 11‑14 requesting comment on a proposed new Rule 3190, which is intended to clarify the scope of a member firm’s obligations and supervisory responsibilities for functions or activities outsourced to third-party service providers.  The proposed rule would specifically address the use of third-party service providers to perform functions or activities related to the member’s regulated business as a broker-dealer, and would except ministerial activities performed on behalf of a member.

Background

In 2005, the NASD issued guidance, in Notice to Members 05‑48, concerning the responsibilities of member firms when outsourcing activities.  The NASD noted that, while broker-dealers have long outsourced regulated activities and functions, for example, in clearing arrangements with registered clearing firms, the NASD had observed an increase in other kinds of outsourcing arrangements, including arrangements with unregulated entities, such as data service providers, and regulated entitles, such as transfer agents.  The NASD, together with the New York Stock Exchange, conducted a survey of member practices with respect to outsourcing and found that, although firms generally had informal procedures to screen service providers for proficiency and otherwise supervise their activities, there was a lack of written procedures to monitor outsourcing service providers.

The NASD’s guidance included a discussion of the continued accountability and supervisory responsibility of the outsourcing firm for the activities and functions performed by the third-party provider, the need for written supervisory policies and procedures and activities and functions that may not be outsourced.  Of particular interest was the discussion of the outsourcing of supervisory and compliance activities.  The NASD stated that a member may not contract its supervisory and compliance activities away from its direct control.  However, a member may outsource certain activities that support the performance of its supervisory and compliance responsibilities.  For example, a member may use a computer software program designed by a service provider to detect excessive trading in customer accounts, provided that the member makes its own determination that the system is current and reasonably designed to achieve the desired compliance.

Proposed Rule 3190

FINRA states that it has continued to receive numerous questions concerning outsourcing and that proposed Rule 3190 is intended to clarify the obligations and supervisory responsibilities of member firms using outsourcing arrangements.  The proposed rule contains the features described below.

General Requirements

  • The use of a third-party service provider to perform functions or activities related to the member’s business as a regulated broker-dealer does not relieve the member of its obligation to comply with applicable securities laws and regulations and SRO rules.  The member may not delegate its responsibilities for, or control over, any functions or activities performed by a third-party service provider.  (Third-party service providers, for purposes of the proposed rule, would include affiliates of the member.)
  • Members are required to have written policies and procedures governing the use of third-party service providers.
  • No service provider may engage in functions or activities that require registration unless the service provider is appropriately registered.

Due Diligence

The member firm must have procedures for ongoing due diligence of third-party service providers sufficient to determine whether:

  • the third-party service provider is capable of performing the outsourced activities; and
  • the member can achieve compliance with applicable laws and rules with respect to the outsourced activities.

Special Provisions for Clearing or Carrying Members

Clearing and carrying members must vest an associated person with the authority and responsibility for:

  • the movement of customer proprietary cash or securities;
  • the preparation of net capital or reserve formula computations; and
  • the adoption or execution of compliance or risk management systems.

Clearing and carrying members must have enhanced due diligence procedures that would allow them to take prompt corrective action where necessary to achieve compliance and would require that the member approve any transfer of duties by a third-party service provider to a sub-vendor.  Finally, clearing and carrying members would be required to notify FINRA of all outsourcing agreements with third-party service providers.  Notice would be required to be made of all such arrangements within three months of the effective date of the rule and thereafter within 30 days after entering into such an arrangement.

Exceptions

The proposed rule would provide exceptions from its requirements for ministerial activities on behalf of the member not otherwise prohibited by applicable securities laws or regulations or SRO rules and for activities of clearing brokers pursuant to a carrying agreement approved under soon-to-be-adopted Rule 4311 (replacing NASD Rule 3230).

The proposed rule does not specifically address some matters discussed in NTM 05‑48.  In particular, the proposed rule and the proposing notice do not address the use of compliance consultants to provide compliance software, training materials, form policies and procedures and updates on new laws, rules and interpretations; nor do they address the nature of the due diligence member firms must exercise with respect to persons they consult for effective and current compliance and supervisory systems.

The comment period for proposed Rule 3190 expires on May 13, 2011.

Division of Investment Management Suggests Providing Additional Time for Implementation of Changes to Adviser Registration and Compliance Requirements Resulting from Dodd-Frank Act

The SEC has made available on its website a letter from Robert E. Plaze, Associate Director of the SEC’s Division of Investment Management, to the President of the North American Securities Administrators Association.  The letter states that the Division expects the SEC to consider providing additional time for advisers affected by the new registration requirements resulting from the Dodd-Frank Act to come into compliance with those requirements.  Specifically, the letter suggests that the SEC may extend until the first quarter of 2012 the date by which mid-sized advisers must transfer to state regulation.  The letter also notes that while the Division expects to issue final rules regarding new exemptions for advisers to “venture capital” funds and advisers to “private funds” with less than $150 million in assets under management in the United States prior to July 21, 2012 (see the November 24, 2010 Goodwin Procter Client Alert for a discussion of the SEC’s rule proposals regarding those exemptions and related matters), the SEC may extend the date by which those advisers must comply with the obligations of a registered investment adviser under the Investment Advisers Act of 1940 until the first quarter of 2012.  Further action would be required before any possible extension of time is effective.

SEC and CFTC Publish Joint Study on Feasibility of Mandating Algorithmic Descriptions for Derivatives

The SEC and CFTC delivered to Congress a joint staff study on “the feasibility of requiring the derivatives industry to adopt standardized computer-readable algorithmic descriptions which may be used to describe complex and standardized financial derivatives” as mandated by Section 719(b) of the Dodd-Frank Act.  As described in the accompanying press release, the joint study concludes that current technology is capable of representing derivatives using a common set of computer-readable descriptions, and standardized computer-readable descriptions are feasible for at least a broad cross-section of derivatives.  The joint study contemplates that other financial regulators and the U.S. Treasury’s Office of Financial Research, along with each regulator’s staff, may engage in a series of public‑private initiatives to foster collaboration between regulators and the derivatives industry, working towards representing a broader cross-section of derivatives in computer‑readable form.

FINRA Delays Implementation Date for New Know-Your-Customer and Suitability Rules

On April 8, 2011, FINRA filed a notice of a proposed change that would delay the implementation date for FINRA Rule 2090 (Know Your Customer) and FINRA Rule 2111 (Suitability) from October 7, 2011 to July 9, 2012.  In its filing, FINRA noted that numerous member firms had requested a delay in the implementation date to allow additional time to determine the types of systems and procedural changes they need to make, to implement the changes and to educate associated persons and supervisors regarding compliance with the rules.  The proposed rule change delaying the implementation date was designated as a “non-controversial” rule change that is effective immediately upon filing.  FINRA provided guidance concerning the new Know-Your-Customer and Suitability rules in Regulatory Notice 11-02.