Author: Kelly McElroy

SEC Proposes Two New Cybersecurity Regulations

Posted on by Kelly McElroy

What You Need to Know

 

Summary of New Proposed Rule 10

 

Proposed Rule 10 would require all Market Entities (everyone but small broker-dealers) – referred to in the Rule as Covered Entities – to adopt written policies and procedures to address cybersecurity risks.  These written policies and procedures must include the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of the risk assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems and protect the Covered Entity’s information from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access the Covered Entity’s information systems;
  • Measures to detect, mitigate, and remediate any cybersecurity threats and vulnerabilities with respect to the Covered Entity’s information systems; and
  • Measures to detect, respond to, and recover from a cybersecurity incident and procedures to create written documentation of any cybersecurity incident and the response to and recovery from the incident.[1]

Proposed Rule 10 would also require immediate written electronic notice of a significant cybersecurity incident to the SEC and the filing of a new form SCIR.  The SCIR form would gather information about the significant cybersecurity incident and the Covered Entity’s efforts to respond to and recover from the incident.

Finally, the proposal would require Covered Entities to publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year on Part II of proposed Form SCIR. A Covered Entity would need to file the form with the SEC and post it on its website. Covered Entities that are carrying or introducing broker-dealers would also need to provide the form to customers at account opening, when information on the form is updated, and annually.

Summary of Proposed Amendments to Regulation S-P

The second proposed rule would amend Regulation S-P covering almost all Market Entities to create additional protections for customer information and create a federal minimum standard for data breach regulations.  The proposed amendments would require covered institutions to adopt an incident response program as part of their written policies and procedures under the safeguards rule. The proposal would require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, include procedures to assess the nature and scope of any such incident, and contain and control such incidents. The proposal would also apply certain requirements related to incident response to covered institutions’ relationships with third-party service providers.

The proposed amendments would require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide the notice as soon as practicable, but not later than 30 days after a covered institution becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. A covered institution would not need to provide the notification if the covered institution determines that the sensitive customer information was not actually and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience.

Additionally, the proposed amendments would enhance customer notification by:

  • Expanding the safeguards and disposal rules to cover “customer information,” a new defined term referring to a record containing “nonpublic personal information,” a term already in use for other components of Regulation S-P, about a customer of a financial institution. The proposed amendments would therefore apply both rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from a third-party financial institution about customers of that financial institution;
  • Requiring covered institutions to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • Conforming Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the 2015 Fixing America’s Surface Transportation Act, which would provide that covered institutions are not required to deliver an annual privacy notice if certain conditions are satisfied; and
  • Extending the safeguards rule to transfer agents registered with the Commission or another appropriate regulatory agency. In addition, the proposed amendments would extend the disposal rule from covering only transfer agents registered with the Commission to also transfer agents registered with another appropriate regulatory agency.

What You Need to Know Right Now

 

First – the proposed cybersecurity regulations are not yet final.  Market Entities have the opportunity to comment on the proposals.  This is a chance for Market Entities to influence the future of cybersecurity in the industry.  Some of the concerns raised by the SEC include conflict with state data breach laws.  Mark T. Uyeda, an SEC Commissioner, noted:

 

“lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”

 

These are just a few of the many topics that the SEC has opened for comments.  Numerous other issues exist.  The attorneys at Pastore LLC are highly skilled in both the financial sector and cybersecurity.  Pastore LLC can help you draft and file comments before the proposals become final.  Comments are due 60 days after the proposed rules appear in the Federal Register, which is expected to occur in the next 4 weeks.

 

Second – it is inevitable that some form of cybersecurity enhancement rules will be enacted in the near future.  Now is the time to start planning compliance.  The attorneys at Pastore LLC can assist you in formatting written policies and procedures.  Pastore LLC attorneys are creative and understand the overall data privacy, data breach and cybersecurity landscape.  Pastore LLC attorneys can work with internal compliance and legal departments to develop the best plan for a Market Entity’s needs.

 

Don’t wait!  Change is coming and Market Entities need to plan for the future regulations now.  Pastore LLC can help.

[1] Fact Sheet – Addressing Cybersecurity Risk to the U.S. Securities Markets.

SEC Examination Priorities 2023 Review

Posted on by Kelly McElroy

The SEC’s Division of Examinations (“EXAMS”) has published its priorities for 2023. EXAMS is responsible for overseeing registered investment advisers, exempt reporting advisers, broker-dealers and other SEC-regulated entities. Understanding the publication will help examined practitioners prepare themselves for the future and avoid unexpected noncompliance.

EXAMS articulated the priorities to promote their four primary goals: (1) promote compliance; (2) prevent fraud; (3) monitor risk and (4) inform policy. Each area of focus should support these “four pillars.”

  1. Recently Adopted Rules

Marketing Rule (Advisers Act Rule 206(4)-1)

Registered investment advisers (“RIAs”) must adopt and implement written policies and procedures that prevent violations. They must also be able to demonstrate that they had a reasonable basis for believing the material facts they put forth.

Derivatives Rule (Investment Company Act Rule 15f-4)

Funds must adopt and implement policies and procedures to manage their derivatives risks and prevent violations. This should include a risk management program, board oversight and complete and accurate disclosures.

Fair Valuation Rule (Investment Company Act Fair Valuation Rule 2a-5)

Funds must properly oversee the determinations of fair value and comply with policies and procedures of reporting and recordkeeping. EXAMS will also specifically look for adjustments to valuation methodologies.

  1. Private Funds

RIAs to private funds should be aware of (1) conflicts of interest; (2) calculations and allocation of fees and expenses; (3) the Marketing Rule; (4) use of alternative data (Advisers Act Section 204A); and (5) the Custody Rule (Advisers Act Rule 206(4)-2).

EXAMS notes that private funds exhibiting any of these specific risk characteristics will receive heightened scrutiny:

  • Highly-leveraged
  • Managed side-by-side with BDCs
  • Use of affiliated companies and advisery personnel to provide services to clients
  • Holding certain hard-to-value investments, such as crypto and real estate
  • Invested in or sponsor Special Purpose Acquisition Companies (SPACs)
  • Involvement in adviser-led restructurings
  1. Standards of Conduct

Broker-dealers and RIAs servicing retail investors must prioritize the investor’s best interest ahead of the firm’s or professional’s interests. Carefully manage, and fully disclose, conflicts of interest. Special attention is paid to more complex investment products and advice or recommendations given to certain vulnerable investors. EXAMS notes they will be looking for inappropriate attempts to waive or limit standards of conduct, such as hedge clauses. Lastly, ensure compliance with Form CRS (Client or Customer Relationship Summary).

  1. Environment, Social and Governance (ESG) Investments

Investments and strategies bearing the Environment, Social and Governance (ESG) label will be scrutinized to ensure they operate as set forth in disclosures. Any recommendations of such products for retail investors must be in the investor’s best interest.

  1. Informational Security and Operational Resiliency

Broker-dealers and RIAs must plan and act to safeguard against cyberattacks and other disruptions. EXAMS specifically notes the cybersecurity vulnerabilities associated with third-party vendors. They also note the need to consider climate-related risks.

  1. Crypto Assets and Emerging Financial Technology

New or never before examined registrants interacting with crypto-related assets should prepare for examination. EXAMS will specifically look for adequate standards of care and routine review, update and enhancement of compliance, disclosure and risk management practices. Firms employing digital engagement practices will also receive more scrutiny.

  1. Investment Advisers and Investment Companies

EXAMS will examine RIAs’ operations and compliance practices. Accuracy of regulatory filings is key and EXAMS expects consideration of current market factors in the related valuations. EXAMS will pay special attention to RIAs’ fee calculations and alternative revenue streams.

Exams emphasizes the fiduciary obligations of RIAs to registered investment companies. Funds with these specific characteristics will receive heightened scrutiny:

  • Turnkey funds
  • Mutual funds that converted to ETFs
  • Non-transparent ETFs
  • Loan-focused funds
  • Medium and small fund complexes that have experienced excessive staff attrition
  • Volatility-linked ETFs
  • Single-stock ETFs
  • New, unexamined or not recently examined investment companies
  1. Broker Dealers

EXAMS will focus on broker-dealers’ compliance and supervisory programs, including those for electronic communications and recording those communications. EXAMS note special interest in issues specific to equities, fixed income securities, over-the-counter securities and microcap securities.

  1. Clearing Agencies

Registered clearing agencies should emphasize procedures for risk management including maintaining sufficient financial resources, protecting against credit risks, managing member defaults and managing operational and other risks.

  1. Regulation SCI

EXAMS will focus on the security and reliability of certain technological trading platforms.

  1. Anti-Money Laundering

Firms must establish appropriate customer identification programs and satisfy their SAR filing obligations. EXAMS will examine for full compliance with the Bank Secrecy Act.

  1. Discontinuation of LIBOR

EXAMS notes the potential disruption that discontinuation of the London Interbank Offered Rate happening in mid-2023 may cause. EXAMS will assess whether broker-dealers and RIAs are prepared for the transition.

3 Ways Crypto Prepares for Looming Regulation

Posted on by Kelly McElroy

Uncle Sam is taking “internet money” seriously.

As a result, elected officials are spending more time talking about crypto.

Do you know what that means? Regulation will follow the buzz.

In an interview with Yahoo!, U.S. Rep. Jim Himes (D-Conn.) characterized the current crypto climate as a showdown with Securities Exchange Commission Chairman Gary Gensler: “We’re sort of in a vapor lock around this issue of the registration of entities, exchanges, etcetera with Gary Gensler at the SEC saying, ‘I don’t need more statute. I’ve got all the law I need. What I need is for people to comply.’ And, of course, many people are saying, ‘Well, we don’t agree with that, and we are not going to comply’. So that suggests we are going to need to figure out whether additional statute is necessary, and Gary Gensler is wrong or whether Gary Gensler just needs to do a lot more enforcement to get people to see his point of view, that they should be registering under existing law.”

To make things more interesting, former SEC Chair Jay Clayton disagrees with Gensler’s stance, asking the agency to provide guidance on the custody of tokenized assets. In an op-ed piece, Clayton said the SEC should take the next step and present guidelines for crypto assets.

In the meantime, Gensler has embraced regulation through enforcement. He firmly believes the existing security laws on the books are fine for crypto.

So, what’s the play?

Here are three moves that will help small/midsize crypto companies prepare for looming regulation:

Register With The SEC

There remains a cavalier mindset about crypto. And that needs to change.

Crypto is not like going outside and throwing the frisbee, even though there is social media chatter about “going to the moon.” It is not fun and games; Crypto is an actual financial asset that has value. The notion that crypto is a novel, foreign idea wrapped in technology needs to give way to reality.

To protect your company, now is the time to register with the SEC. Long-awaited regulation for cryptocurrency is on the horizon. It is better to prepare now to fit into the current scheme than sit on the sidelines.

Do not wait for the government’s final verdict. Err on the side of caution. It is better to fill out more paperwork and “over-comply” than wait one year later to have the Securities Exchange Commission come knocking. When the agency files a complaint against your company, your reputation could take a hit—along with a hefty legal bill.

Eliminate ‘Dirty’ Money

Part of crypto’s allure is its anonymity, which could make it a prime vehicle for fraudulent activity that includes funding for terrorism. The government will soon introduce regulations that strongly encourage crypto companies to have anti-money laundering programs in place.

No matter how small your company is, you will need to have a designated compliance officer on the payroll. This person can perform other duties, but they must have the title. They also must maintain written policies and procedures. The anti-money laundering plan should be well thought out and detailed, not a two-page report. Ideally, your compliance officer would have the proper credentials, such as the ALMA designation, and appropriate experience. Each organization involved in a chain of transactions involving “dirty money” is accountable.

Sens. Elizabeth Warren (D-Mass.) and Roger Marshall (R-Kan.) have introduced The Digital Asset Anti-Money Laundering Act of 2022, which extends the Bank Secrecy Act. The objective is to subject crypto companies to the same rules as banks and broker-dealers. The bill would address a gap with digital wallets and prohibit financial institutions from transacting with forms of technology that enhances anonymity. Last summer, the currency-mixer Tornado Cash was sanctioned by the U.S. Department of Treasury, alleging money laundering activity with North Korea.

Add A Layer of Governance

Governance is a big part of compliance.

Board members can play a pivotal role. You will need seasoned professionals in many areas, ranging from marketing to technology. Make sure you have board members with deep experience in finance, compliance and internal controls.

Know Your Customer (“KYC”) is a process that identifies your customers and their activities. From a corporate level, do you have the entity’s EIN, articles of incorporation and financial statements? For individual investors, should you recommend a volatile asset to an investor in her 90s? What’s the rest of the story? What are the procedures to address these situations?

Back in 2019, the Commodities Futures Trading Commission, Financial Crimes Enforcement Network and SEC classified crypto exchanges as money service businesses (MSBs), which means they must follow the Bank Secrecy Act of 1970, as well as the anti-money laundering and KYC rules.

While your staff manages the day-to-day operations, your board members can still be part of the mix. Give them oversight of key committees, such as risk and compliance, to provide another layer of review, which would protect the firm.

(Tyler Rutherford is an associate attorney at Pastore with expertise in regulatory compliance, contract law and corporate law. He represents a wide range of clients, including crypto and blockchain companies.)

Pastore represents founder of only Private Mountain Ski Club on the East Coast in Federal Court Settlement

Posted on by Kelly McElroy

Pastore LLC represented the founder of the only Private Mountain Ski Club on the East Coast in connection with a dispute in Federal Court.  The Club, which is the East Coast version of the Yellowstone Club, is located in southern Vermont.    The dispute centered around UCC Article 9 and the complex assignment of interests in a LLC under Connecticut law.   The founder had an economic interest in a Limited Liability Company, which had an economic interest in a $11M 6 pack bubble chair, and the founder assigned that interest to a GRAT Trust.   As part of the settlement, the GRAT Trust will receive a distribution from the Limited Liability Company.   Monies will also flow to a former club employee and real estate developers.

 

 

M&A Success: 4 Ways Companies Sidestep Regulatory, Emotional Challenges

Posted on by Kelly McElroy

On paper, mergers and acquisitions look thrilling.

Diversification. Expansion. Cost savings and larger margins—in less time with fewer dollars.

The promise of M&A can be intoxicating. But here’s a sobering thought: 70% to 90% of mergers fail, according to the Harvard Business Review.

For enterprise companies, regulatory hurdles can knock down the pending merger. Reuters reports that the U.S. Justice Department and Federal Trade Commission have attempted to stop more than 20 mergers since January 2021.

For small to mid-size firms, lack of preparation and purpose may kill the deal.

In theory, it’s a common belief that integration will decide which acquisitions move forward. But in practice, people are behind the numbers and processes.

Regardless of size, here are four ways to dramatically increase your chances at M&A success:

 

  1. Begin at The End

Clarity is a great place to start.

Why are you pursuing a merger? This answer should serve as the North Star because it will impact everything that follows in the process. While proper planning will be important, anticipation will be mission critical.

To advance the deal, think about the company’s building blocks in terms of resources and processes. Those two elements yield value and profit. Developing a clear understanding of these variables will allow you to promote and defend the deal—or arrive at better terms.

How would the pending merger impact the marketplace? How would the acquisition improve your company’s performance? Asking the tough, specific questions internally about what the end result will look like will help you anticipate opportunities to address. In M&A deals, being strategic means beginning at the end because it will ensure that every step along the way is tied to the desired outcome.

 

  1. Eliminate Emotion

 

Your exit strategy should be mapped out during the prep stage. This scenario represents the bare-minimum that you will accept in a negotiated agreement. Otherwise, you will walk.

This simple tactic removes emotion from the deal. Typically, negotiations that drag on tend to motivate players to hang on to finalize the deal for the wrong reasons, which may not be a logical fit with your original plan.

As part of a more logical approach, you should develop a list of specific commitments that you could offer to regulators, or the other party. These commitments should be specific, measurable, attainable and have a realistic time frame. Creating this list in advance will allow you to run the numbers and determine which items you can concede in the most cost-effective manner.

Game Theory is a normal part of negotiations, which is a dance that revolves around give and take. Make sure you understand the value of each move before you take it.

 

  1. Build Trust

 

Trust is a special kind of currency leveraged during M&A negotiations. So, spend it wisely.

Open communications will go a long way toward building a relationship with the other side. From the very beginning, you will need to provide prompt, purposeful and intelligent responses. Delaying a request could stir skepticism and trigger an unfavorable outcome. It’s not uncommon for parties to walk away at the onset if they have a bad “feeling,” which is often created from poor communications.

Anticipating inquiries is also imperative. As part of your preparation, you will need to envision the possible questions and pain points in advance so you can quickly provide an advantageous solution.

To continue building trust—it’s a process—you will need timely financial statements, including monthly, quarterly and annual statements, to show them that your financial house is in order. The worst thing that can happen is that they see something that surprises them.

Establishing open communications, built on transparency and honesty, is invaluable. In part, that means timely responses and organized financials.

 

  1. Stack the Deck

 

Take it from someone who played in the NFL, the teams with the best players tend to win.

In the M&A game, assemble a winning team of experts to increase your chances for success. A tax advisor and business consultant should be on the list and at least one consultant should be familiar with valuing companies in the target industry.

You will also need internal stakeholders, such as your chief finance officer and controller, to be part of your team. These employees, along with the chief operating officer, will be responsible for telling and supporting the story.

And your attorney will bring it all together and keep it moving along.

Collectively, your team will be accountable for building good faith and goodwill throughout the process. They will amplify the positive and address the challenging items directly to bolster the relationships that get the deal done.

Amid the columns of numbers strewn across spreadsheets, you will always find people.

To close your next M&A deal, start there to seal success.

 

(Paul Fenaroli is an Associate Attorney at Pastore. His practice focuses primarily on corporate law, contract law, employment law and regulatory compliance involving M&A activities.)

 

Pastore Alum Susan Bysiewicz Sworn in for Second Term as Connecticut LT. Governor

Posted on by Kelly McElroy

Susan Bysiewicz, the former Secretary of State for the state of Connecticut, was a partner with Pastore (then Pastore & Dailey) for several years, running the firm’s office in Glastonbury, CT. She left to run for Governor, and has been elected now to her second term as Lt. Governor. While at the Firm, Ms. Bysiewicz worked on corporate, banking and election law matters. A graduate of Yale University and Duke Law School, Ms. Bysiewicz serves with Connecticut Governor Ned Lamont.

Pastore Overcomes Summary Judgment Motion in Multi-Million Dollar Greenwich Hedge Fund Dispute

Posted on by Kelly McElroy

Earlier this month, Pastore successfully defended former hedge fund manager’s claims of unfair trade practices against investment vehicles established by heirs to a multi-billion dollar national retail company. Hon. Sheila Ozalis, presiding over the Stamford, CT Complex Litigation Docket, held that genuine issues of material fact exist as to whether defendants’ conduct was unfair and/or deceptive in a manner violating the Connecticut Unfair Trade Practices Statute.  Accordingly, plaintiff’s claims, which related to the unfair attempt to deflect an investment commitment from one of world’s largest hedge funds to a potentially competing fund, will proceed to trial.

FTX’s Bankruptcy Shines Light on Selling Trade Claims

Posted on by Kelly McElroy

In the wake of FTX’s downfall and bankruptcy filing, more crypto companies are expected to file for bankruptcy.[1] With a tumultuous year in the crypto world, creditors have been left with billions of dollars worth of claims. Unfortunately, bankruptcy proceedings can take years to resolve, thus leaving a creditor in a state of limbo and waiting to learn what portion of its claim will be paid out. As a result of this uncertainty, creditors may wish to consider selling their claims.[2] By selling a claim, a creditor can receive an upfront payment for the claim instead of monitoring the debtor’s bankruptcy case for years. Reconciling and distributing claims in the bankruptcy process is notoriously slow, particularly for very large debtors such as FTX.

Unlike stocks, bankruptcy claims are not sold or traded on the New York Stock Exchange. Instead, creditors must sell their claims through individually negotiated assignment agreements.[3] While there are no standardized forms for claim assignments, creditors tend to use assignment agreements that contain universally accepted terms in addition to negotiating the details, such as whether the buyer can force the creditor to repurchase the claim. Conveniently, creditors do not need to disclose the purchase price or other details of the assignment in the bankruptcy process.

While the prospect of quickly monetizing a claim may be enticing to a creditor, a creditor should consult an attorney to ensure that risks, such as the purchase price being returned to the buyer if the claim’s validity is questioned, are considered and mitigated. We are confident a market for FTX bankruptcy claims will emerge over the next 60 days.

[1] MacKenzie Sigalos and Rohan Goswami, Crypto firm BlockFi files for bankruptcy as FTX fallout spreads, CNBC (Nov. 28, 2022), https://www.cnbc.com/2022/11/28/blockfi-files-for-bankruptcy-as-ftx-fallout-spreads.html.

[2] Bruce S. Nathan and Scott Cargill, A Primer on Selling Bankruptcy Trade Claims, Business Credit (Feb. 2021), https://www.lowenstein.com/media/6418/nathanpluscargill-a-primer-on-selling-bankruptcy-trade-claims-business-credit-22021.pdf.

[3] Bankruptcy Claims Trading: What is it? How do I maximize my returns?, Nossaman (Mar. 25, 2010), https://www.nossaman.com/newsroom-insights-bankruptcy-claims-trading-what-how-do-i.

Pastore Negotiates Top Executive’s Separation from Publically Traded Boston Based Bio Tech Company

Posted on by Kelly McElroy

Pastore LLC successfully negotiated the separation of C-suite executive from a publically traded Boston based bio-tech company. Key issues involved the vesting of stock options and related plan documents, adherence to Rule 144 in the disposition of stock and the scope of non-competition agreements under Delaware law.