Tag: compliance

Categories
Coffee and Regs

Cybersecurity Training, Talent and Diversity

Cybersecurity Training, Talent and Diversity

In this episode, Founder and CEO at CyberVista, Simone Petrella and CSS’s Director of Cyber IT Services, E.J. Yerzak discuss the importance of cybersecurity training, education, how to recruit talent and diversity in cyber and why compliance and cybersecurity are synonymous.
 

 

About Our Guest Speakers:


 
E.J. Yerzak CISA®, CISM®, CRISC™ assists firms in assessing and managing their cybersecurity risk – from network vulnerability scanning and penetration testing to onsite cybersecurity assessments and assistance in implementing the NIST cybersecurity framework. E.J. has authored articles and alerts on emerging regulatory and technology issues, and is regularly requested to speak as a cybersecurity expert at industry conferences.
 
 

Simone Petrella is CEO and Co-Founder of CyberVista. Previously, Simone was a Senior Associate at Booz Allen Hamilton where she helped build the firm’s cybersecurity practice in the commercial sector focusing on the creation of cyber fusion centers and the integration of cyber threat intelligence, security operations, and cyber defense operations into effective cyber security operations. For a decade she led the firm’s all source cyber threat intelligence business in the national security and Defense sectors, where she built out a threat capability and team with in depth subject matter expertise in all aspects of cyber threat intelligence, including intelligence support to both defensive and offensive operations. Her areas of specialty included predictive cyber intelligence based on an understanding of the threat adversary and developing service offerings to integrate intelligence into exercises to provide realistic cyber scenarios. Simone received her J.D. with honors from Catholic University’s Columbus School of Law and graduated from Georgetown University with a B.A. in Government and a M.A. in International Law and Policy. She is a member of Women in International Security and is admitted to the New York Bar. A native of New Jersey, she has resided in Washington D.C. since 2000.
 
Categories
This Week in FCPA

Episode 275 – the Happy Halloween edition


As we head to Halloween, Tom and Jay reflect on some of the top compliance and ethics stories on the Happy Halloween edition.

 Stories

1.     More on Credit Suisse and Tuna bonds.  Mike Volkov in Corruption Crime and Compliance. Tom in the FCPA Compliance and Ethics Blog. Tom and Matt Kelly in Compliance into the Weeds.
2.     What is FARA. Jamie Rosenberg starts a 2-part series in Grand Jury Target.
3.     Digital innovation and continuous improvement. Jim Deloach in CCI.
4.     Banks and FinTech.  Davis Polk lawyers in Compliance and Enforcement Blog.
5.     What will happen to exec clawbacks? Aaron Nicodemus in Compliance Week. (sub req’d)
6.     SARs and appalling inaction. Martin Kenney in the FCPA Blog.
7.     Board readiness for shareholder activism. Paul DeNicola in Harvard Law School Forum on Corporate Governance.
8.     Scrutiny of the Arts and Antiquities market. Linklaters client alert.
9.     Hiding evidence from regulations costs KPMG in UK. Risk and Compliance Platform Europe.
10.  The SEC on auditor independence. Matt Kelly in Radical Compliance.

 Podcasts and Events

11.  Compliance Week 2022 opens for registration. Sign up here.
12.  Ethisphere’s World Most Ethical Company awards for 2022 are open for submission. For more information on the Application Process, click here.
13.  Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 7, a Malodor on the Subway.
14.  This month on The Compliance Month, I visit with John Melican, Managing Director at Exiger on his journey to and from the CCO chair. In Episode 1, college and early professional career at NY County DA’s Office. In Episode 2, Melican moved into the corporate world and into compliance. In Episode 3, John moves into the CCO chair. In Episode 4, John talks about what he learned and how he uses that knowledge.
15.  How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out.  Purchase The Compliance Handbook, 2nd edition here.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Great Women in Compliance

Halloween Horror Stories


Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.
As a nod to Halloween Lisa and Mary host a joint episode after Fall break which contains Compliance horror stories – we couldn’t accommodate all of the poor practice ghosting stories in the hiring process – please step it up the integrity hiring teams!  The idea for this episode came about right at the beginning of the year when Mary was in conversation with GWIC and friend of the podcast Diana Trevley.  Diana suggested a horror story episode to mark Halloween and have a laugh about the disasters experienced by GWIC.
We’re very grateful to the numerous entries that we received and also offer heartfelt support to those going through horror stories that don’t have a humorous aspect.  Keep holding on.
Hear about compliance initiatives that were turned on their head, conflicts of interest come to life and life’s annoying moments in this episode.
The Great Women in Compliance Podcast is on the Compliance Podcast Network with a selection of other Compliance related offerings to listen in to.  If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.  Corporate Compliance Insights is a much-appreciated sponsor and supporter of GWIC, including affiliate organization CCI Press publishing the related book; “Sending the Elevator Back Down, What We’ve Learned from Great Women in Compliance” (CCI Press, 2020).
If you’ve already read the booked and liked it, will you help out other women to make the decision to leverage off the tips and advice given by rating the book and giving it a glowing review on Amazon?
As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners.
You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.
Join the Great Women in Compliance community on LinkedIn here.

Categories
Coffee and Regs

An ESG Fireside Chat with KPMG’s Kay Swinburne

An ESG Fireside Chat with KPMG’s Kay Swinburne

In this episode, Vice Chair of Financial Services at KPMG UK, and former parliamentarian, Dr. Kay Swinburne and CSS’s Chief Product Officer Ronan Brennan discuss the latest on ESG, level 2 SFDR and what investment managers need to be thinking about to prepare for 2022 implementation.
 

About Our Guest Speakers:


Dr. Kay Swinburne is Vice Chair of Financial Services KPMG UK, and previously served as Vice Chair of the European Parliament’s influential Economics and Monetary Affairs Committee, playing a pivotal role in shaping EU and global financial services legislation, including setting up the EU supervisory bodies (ESAs, SSM, SRM), capital markets union (EMIR, MiFID II, Prospectus, CCP Recovery & Resolution), and the broader banking union files. Prior to Kay’s career as an MEP, Kay worked in investment banking. Kay brings a unique insight to policy ‘behind the scenes’ and the reality of Brexit in the aftermath of 31 January 2020.
 

 

 
Ronan Brennan is the Chief Product Officer at Compliance Solutions Strategies (CSS). In his role, he has direct responsibility for the strategic evolution of the global suite of CSS products and regulatory content. Managing product in CSS involves ensuring the product suite is ready to support both the current and future compliance management and regulatory reporting needs of investment management and advisory firms globally. Ronan participates as a speaker in many industry events each year, in addition to publishing a company blog and development of thought leadership materials. Ronan has 26 years of experience in the technology sector, 21 of which have been spent in the investment data management and regulatory reporting space.
 
Categories
This Week in FCPA

Episode 274 – the Headed to the World Series edition


Either the Astros or Red Sox are headed to the World Series. Flashing lights in Fenway? What will the baseball gods decree? Tom and Jay reflect as they are back to review some of the top compliance and ethics stories on the Headed to the WS edition.
 Stories

  1. Credit Suisse and Tuna boats equals nearly $500 MM in fines. Harry Cassin in the FCPA Blog. Matt Kelly in Radical Compliance. Jaclyn Jaeger in Compliance Week (sub req’d)
  2. CCOs as problem solvers. Mike Volkov in Corruption Crime and Compliance.
  3. Testing compliance. Brandon Garrett in Compliance and Enforcement.
  4. 3rd party risk management and SOC 2. Eva Pittas in CCI.
  5. Activision promises compliance upgrades. Should we believe them? Jaclyn Jaeger in Compliance Week. (sub req’d)
  6. Is ESG reporting risky? Mike Munro explores in the FCPA Blog.
  7. Facebook fined for changing CCOs without reporting to the CMA. CMA Press Release.
  8. The intersection of compliance and IT. Kyle Martin in Risk and Compliance Matters.
  9. What does the oldest COI tell us about professional misconduct? Jeff Kaplan in the COI Blog.
  10. Contesting the narrative of compliance failures. Robert Barrington in GAB.

 Podcasts and Events

  1. Compliance Week is going ‘Inside the Mind of the CCO’. Participate in the survey here.
  2. Ethisphere’s World Most Ethical Company awards for 2022 are open for submission. For more information on the Application Process, click here.
  3. Are you exasperated? Then check, F*ing Argentina. In this podcast series co-hosts Tom Fox and Gregg Greenberg, author of F*ing Argentina explore the current American psyche of being overworked, over leveraged, overtired and overwhelmed. Find out about modern America’s exasperation with well…exasperation. In Episode 6, Billy Joel and exasperation.
  4. This month on The Compliance Month, I visit with John Melican, Managing Director at Exiger on his journey to and from the CCO chair. In Episode 1, college and early professional career at NY County DA’s Office. In Episode 2, Melican moved into the corporate world and into compliance. In Episode 3, John moves into the CCO chair.
  5. Why is the Texas Hill Country one of the most special places on earth? Check out the newest edition to the CPN, as Tom Fox celebrates the people, places and things of the Hill County. In Episode 1, he visits with Camp Stewart for Boys matriarch, Kathy Ragsdale.
  6. How does a Compliance Bible become a best-seller? Check out Tom’s appearance on the C-Suite Network’s Best Seller TV to find out. Purchase The Compliance Handbook, 2nd edition here.

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 4: Boeing

The final case on the Board’s expanding obligations regarding compliance oversight is Boeing, which was decided earlier this year. This action is yet more from the continuing fallout of the Boeing MAX 737 disaster. As Mike Volkov has noted “The Boeing 737 MAX scandal is a troublesome and disturbing case where corporate board oversight and responsibility was lacking.  The implications of the board’s failure resulted in the killing of innocent passengers and the grounding of Boeing’s 737 MAX.  Add to that a $2.5 billion settlement, a criminal case against a Chief Technical Pilot, and continuing safety and technical problems, and you have recipe for continuing disaster at Boeing.”
In this case, shareholders sued Boeing’s board, seeking to recover costs and economic losses associated with the crash of two 737 MAX jetliners. The allegations were that the directors failed to monitor aircraft safety before the crashes and then failed to respond to known safety risks after the first crash. The lawsuit seeks to hold the directors liable for the resulting loss of “billions of dollars in value.”
Here there were not allegations that the Board did not take compliance seriously or did not provide oversight of compliance but that the Board did not react swiftly and forcefully enough when the first MAX 737 crash occurred. The decision from the Court (the Court of Chancery not the Delaware Supreme Court) framed the question before it as follows, “The narrow question before this Court today is whether Boeing’s stockholders have alleged that a majority of the Company’s directors face a substantial likelihood of liability for Boeing’s losses. This may be based on the directors’ complete failure to establish a reporting system for airplane safety, or on their turning a blind eye to a red flag representing airplane safety problems.”
The Court noted that from 2011 until August 2019, the Board had five standing Committees to monitor and oversee specific aspects of the Company’s business: (1) Audit, (2) Finance, (3) Compensation, (4) Special Programs, and (5) Governance, Organization and Nominating. The Audit Committee was Boeing’s primary arbiter for risk and compliance. Specifically, it “evaluat[ed] overall risk assessment and risk management practices”; “perform[ed a] central oversight role with respect to financial statement, disclosure, and compliance risks”; and “receiv[ed] regular reports from [Boeing’s] Senior Vice President, Office of Internal Governance and Administration with respect to compliance with our ethics and risk management policies.” The Court went on to delineate a list of areas the Audit Committee covered, specifically including robust oversight over compliance.
However what the Boeing Board did not do was “implement or prioritize safety oversight at the highest level of the corporate pyramid. None of Boeing’s Board committees were specifically tasked with overseeing airplane safety, and every committee charter was silent as to airplane safety. The Board recognized as much: former director John H. Briggs, who retired in 2011, observed that the “board doesn’t have any tools to oversee” safety.” [emphasis supplied] The Court rather ominously then said “This stood in contrast to many other companies in the aviation space whose business relies on the safety and flightworthiness of airplanes.”
The Court went into a detailed discussion about what the Board did and more importantly did not do after the first MAX 737 crash (Lion Air crash). The Board did not initiate contact with management, did not do initiate any type of independent investigation or apparent do anything more than ‘Shirk Responsibility’. That final phrase comes from a section title from the Court’s opinion and reads “The Board Continues To Shirk Safety Oversight”.  [bold in original opinion] (Recovering trial lawyer insight-when a court writes something like that as a section heading, it is very ‘not good’ for the defendant). The Court was equally critical about the Board’s response after the second MAX 737 crash (the Ethiopian Airlines crash). Finally the Court found “The Board publicly lied about if and how it monitored the 737 MAX’s safety.” It really does not get any worse than that for a Board.
The Court’s opinion found that under Marchand, a Board must assess the risk profile of the company and manage the most critical risks all the way up to the Board level. At Blue Bell Ice Cream, it was food safety. At Boeing it is airline safety. At the Boeing Board, there was “no committee charged with direct responsibility to monitor airplane safety. While the Audit Committee was charged with “risk oversight,” safety does not appear in its charter. Rather, its oversight function was primarily geared toward monitoring Boeing’s financial risks.” This lack provided the basis for a Caremark claim as further refined by Marchand, et al.
Moreover, there was no Board monitoring system in place for safety. There was no mechanism to get whistleblower complaints about safety to the Board. Finally there was no independent evaluation by the Board on safety, “when safety was mentioned to the Board, it did not press for further information, but rather passively accepted management’s assurances and opinions.”
Some commentators see this as a decision based upon a new category of risk called “corporate trauma”. Herlihy and Savitt said, “The harsh decision reflects the court’s obligation to accept all the plaintiffs’ allegations as true in considering defendants’ motion to dismiss. Indeed, the court reaffirmed that failure-of-oversight claims remain “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” But the ruling nevertheless reconfirms the courts’ increasing willingness to subject directors to suit for corporate trauma.” Mike Volkov was more succinct noting, “At bottom, the Chancery Court is raising the stakes on board member accountability.”
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program. The decision in Boeing is yet a further expansion of Caremark, once again through Marchand. It stands for the proposition that a company must assess its risks and then manage those risks right up through the Board level.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 3: Hughes v. Hu

The next case on the Board’s obligations regarding compliance oversight is Hughes v. Hu. In this case, the plaintiffs’ claimed that the director defendants consciously failed to establish a system of oversight for financial statements and related-party transactions, “choosing instead to rely blindly on management while devoting patently inadequate time to the necessary tasks.” According to the plaintiffs’ assertions the defendants “breached their fiduciary duties by willfully failing to maintain an adequate system of oversight, disclosure controls and procedures, and internal controls over financial reporting.” Additionally, “The board of a Delaware corporation has a fiduciary obligation to adopt internal information and reporting systems that are ‘reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance’.”
The audit committee failed to meet often as required and when they met, the meetings were short and failed to devote adequate time and attention to the issues, especially in light of the known internal control issues. In addition, the audit committee frequently acted through written consent as opposed to addressing issues during in-person meetings. The outside auditor failed to report on key issues and when it did so, the audit committee failed to respond or follow up.
The court noted, “directors face a substantial threat of liability under Caremark if “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” For both potential sources, “a showing of bad faith conduct . . . is essential to establish director oversight liability.” A plaintiff establishes bad faith by “showing that the directors knew that they were not discharging their fiduciary obligations. Generally where a claim of directorial liability for corporate loss is predicated upon ignorance of liability creating activities within the corporation . . . only a sustained or systemic failure of the board to exercise oversight . . . will establish the lack of good faith that is a necessary condition to liability.” [citations omitted]
Moreover, “a director may be held liable if she acts in bad faith in the sense that she made no good faith effort to ensure that the company had in place any ‘system of controls.’” Significantly directors must “design context- and industry-specific approaches tailored to their companies’ businesses and resources.” Caremark also mandates “a bottom-line requirement that is important: the board must make a good faith effort—i.e., try—to put in place a reasonable board-level system of monitoring and reporting.” Finally, a Caremark claim can be stated by alleging that “an audit committee that met only sporadically and devoted patently inadequate time to its work, or that the audit committee had clear notice of serious accounting irregularities and simply chose to ignore them or, even worse, to encourage their continuation.”
What the court found was that the Company’s Audit Committee met sporadically, devoted inadequate time to its work, “had clear notice of irregularities, and consciously turned a blind eye to their continuation. As detailed in the Factual Background, the Company suffered from pervasive problems with its internal controls, which the Company acknowledged in March 2014 and pledged to correct. Yet after making that commitment, the Audit Committee continued to meet only when prompted by the requirements of the federal securities laws. When it did meet, its meetings were short and regularly overlooked important issues.”
For example, in May 2014, the Audit Committee convened for the first time after disclosing two months earlier that its “disclosure controls and procedures were not effective as of December 31, 2013, due to a material weakness.” The meeting lasted just forty-five minutes. During that time, the Audit Committee purportedly reviewed new agreements governing the Company’s related-party transactions with Kandi USA. Neither the agreements nor the review procedures were produced in response to the plaintiff’s demand for books and records, supporting a reasonable inference that they either did not exist or did not impose meaningful restrictions on the Company’s insiders. Three weeks later, the Audit Committee purportedly reviewed and approved a new policy that management had prepared governing related-party transactions. The Company also did not produce this policy in response to the plaintiff’s demand for books and records, supporting a reasonable inference that it too either did not exist or did not impose meaningful restrictions on the Company’s insiders.
After 2014, the Audit Committee did not meet again for almost an entire year. The committee next convened in March 2015, “spurred by the need to review the Company’s financial results for purposes of the 2014 10-K. The meeting lasted only fifty minutes. During this time, the Audit Committee ostensibly discussed the financial results and purportedly approved a new policy that management had prepared to govern related-party transactions involving the Joint Venture. It is reasonable to infer that the policy did not place meaningful restrictions on management and that the Audit Committee failed to establish its own monitoring system for related-party transactions. It is also reasonable to infer that during this fifty-minute meeting, the Audit Committee could not have fulfilled its responsibilities under the Audit Committee Charter for purposes of nearly a year’s worth of transactions.” The Audit Committee again did not meet for almost an entire year, not meeting until March 2016, again spurred by the need to review the Company’s financial results for purposes of the 2015 10-K. This meeting lasted just thirty minutes.
These chronic deficiencies support a reasonable inference that the Company’s Board of Directors, acting through its Audit Committee, failed to provide meaningful oversight over the Company’s financial statements and system of financial controls. Despite identifying Yu and Lewin as Audit Committee Financial Experts in 2015, the Company later disclosed in the 2016 10-K that it lacked personnel with sufficient expertise on US GAAP and SEC disclosure requirements for equity investments and related-party transactions. The directors charged with implementing a system to oversee the Company’s financial reporting thus lacked the expertise necessary to do so all along. Instead, the Audit Committee deferred to management, which dictated the policies and procedures for reviewing related-party transactions and hired and fired the Company’s auditor, even though management’s actions suggested that it was either incapable of accurately reporting on related-party transactions or actively evading board-level oversight.
The defendants alleged that the Company had the trappings of oversight, “including an Audit Committee, a Chief Financial Officer, an internal audit department, a code of ethics, and an independent auditor.” A plaintiff cannot meet its Caremark burden by pleading that board-level monitoring systems existed but that they should have been more effective. The Court found the plaintiffs’ allegations supported inferences that the Board members did not make a good faith effort to do their jobs. The Court stated, “The Audit Committee only met when spurred by the requirements of the federal securities laws. Their abbreviated meetings suggest that they devoted patently inadequate time to their work. Their pattern of behavior indicates that they followed management blindly, even after management had demonstrated an inability to report accurately.”
An Audit Committee can rely in good faith upon reports by management and other experts. In doing its job, the members of an Audit Committee will necessarily rely on management. But Caremark envisions some degree of board-level monitoring system, not blind deference to and complete dependence on management. The board is obligated to establish information and reporting systems that “allow management and the board, each within its own scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”
Finally, the Board never established its own reasonable system of monitoring and reporting, choosing instead to rely entirely on management. There were no Board meeting minutes to support the company’s rebuttals. As the Court noted, “The absence of those documents is telling because “[i]t is more reasonable to infer that exculpatory documents would be provided than to believe the opposite: that such documents existed and yet were inexplicably withheld.”” The documents that the Company produced indicated that the Audit Committee never met for longer than one hour and typically only once per year. Each time they purported to cover multiple agenda items that included a review of the Company’s financial performance in addition to reviewing its related-party transactions. On at least two occasions, they missed important issues that they then had to address through action by written consent. Clearly, the Board was not fulfilling its oversight duties.
The Hughes Court further delineated a Board’s obligations under Caremark. It cannot simply have the trappings of oversight, it must do the serious work required and have evidence of that work (Document, Document, and Document). Marchand required Boards to manage the risks their organizations face. Clovis Oncology requires ongoing monitoring by the Board. Hughes stands for the proposition that have the structures, policies and procedures in place is not enough. The Board must fully engage in oversight of a compliance program.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 2: Clovis Oncology

When the Delaware Supreme Court says of a Board of Directors collectively signed a company’s Annual Statement “with hands on their ears to muffle the alarms” you can rest assured the Board was seriously negligent in fulfilling its Caremark obligations. The Court’s decision in Clovis Oncology (Clovis or ‘the company’) laid out what a plaintiff must prove to create liability for a Board under the Caremark Doctrine. Not only must a Board have oversight of a corporate compliance function it must also provide oversight of that function.
The facts are so egregious on the monitoring requirement, the entire opinion could have been the basis for the original Caremark Doctrine. As the opinion stated the Board “breached their fiduciary duties by failing to oversee the Roci clinical trial and then allowing the Company to mislead the market regarding the drug’s efficacy. These breaches, it is alleged, caused Roci to sustain corporate trauma in the form of a sudden and significant depression in market capitalization.”
Clovis had no products and no sales but only the hope of the creation, marketing and sale of a new cancer drug, Roci. Clovis “relied solely on investor capital for all operations.” The potential success for Clovis “rested largely on one of its three developmental drugs, Roci, a cancer drug designed to treat a previously- untreatable type of lung cancer. Because of the estimated $3 billion annual market for drugs of its type, Clovis expected Roci to generate large profits if Clovis could secure FDA approval for the drug and shepherd it to market.” To get Roci to market, the company had to first perform clinical trials and then submit those findings to the Food and Drug Administration (FDA).
To perform the clinical trials, Clovis used a standard, well-known drug testing protocol called RECIST. A key component of the RECIST protocol was differentiating on the reporting on confirmed results v. non-confirmed results. During the trial, Clovis deviated from the RECIST protocol by improperly calculating the efficacy measurement based on both confirmed and unconfirmed results without differentiating between the two.  As a result, Clovis published inflated performance results, and included this information in raising capital in the private and public securities markets of over $500 million. Clovis also failed to properly disclose the drug’s side effects. Worse yet, Clovis made these same misrepresentations in its initial presentations to the FDA.
After its initial presentation to the FDA, the FDA requested additional information on the test results. It appears at that point the Board was made aware of significantly different results from the confirmed v. the non-confirmed categories. The stock dropped some 80% in a few days, wiping out over $1 billion in capitalization. The fallout of Clovis actions led the FDA to suspend its review of Rico, effectively ending the company’s efforts.
As noted, the Court found that the Board had made certain there was an overall compliance program. However, Caremark has a second prong which requires a Board to “monitor” its compliance program. The Court stated, “To state a claim under this prong, Plaintiffs must well-plead that a “red flag” of non- compliance waived before the Board Defendants but they chose to ignore it. In this regard, the court must remain mindful that “red flags are only useful when they are either waived in one’s face or displayed so that they are visible to the careful observer.  But, as Marchand makes clear, the careful observer is one whose gaze is fixed on the company’s mission critical regulatory issues.” For the Clovis Board, the compliance oversight should have been over Roci’s trials, clinical trial protocols and related FDA regulations governing that study.
The RECIST clinical trials protocol was “the crucible in which Roci’s safety and efficacy were to be tested. Roci was Clovis’ mission critical product. And the Board knew, upon completion of the TIGER-X trial, the FDA would consider only confirmed responses when determining whether to approve Roci’s NDA per the agency’s own regulations.” Moreover, the Clovis “Board was comprised of experts and the RECIST criteria are well-known in the pharmaceutical industry. Moreover, given the degree to which Clovis relied upon it when raising capital, it is reasonable to infer the Board would have understood the concept and would have appreciated the distinction between confirmed and unconfirmed responses. The inference of Board knowledge is further enhanced by the fact the Board knew that even after FDA approval, physicians (i.e., future prescribers) would evaluate Roci based on its” clinical trials.
Mike Volkov has stated of the Clovis decision, “The Clovis Court explained that “‘Delaware Courts are more inclined to find Caremark oversight liability at the board level when the company operates in the midst of obligations imposed upon it by positive law yet fails to monitor existing compliance systems, such that a violation of law, and resulting liability, occurs.’” The Clovis Court noted that when externally imposed regulations govern a company’s mission critical operations, the board must exercise a good faith effort to implement an oversight system, which “entails a sensitivity to ‘compliance issues[s] intrinsically critical’ to the company.”
The Clovis decision is another steppingstone in the creation of duties for a Board regarding compliance. Like the Board at Blue Bell Ice Cream, the Clovis Oncology Board had but one compliance obligation. At Blue Bell Ice Cream, it was food Safety. At Clovis Oncology it was compliance around the clinical trials and reporting results of its signature product, the drug Roci. While Blue Bell Ice Cream management did not even report its food safety results to the Board, senior management at Clovis made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results. This case then stands for the proposition that a Board must do more than simply accept what management says about compliance, it must monitor compliance. Here the Clovis management made material misrepresentations to the Board about the results of the clinal trial based upon the melding of unconfirmed results with confirmed results.

Categories
Coffee and Regs

Digital Assets: Trading & Compliance for Cryptocurrency

Digital Assets: Trading & Compliance for Cryptocurrency

In this episode, Director of Registered Investment Company Services, Allison Fraser and Director of Broker-Dealer Services & Private Funds, John Gentile discuss the latest on digital assets and cryptocurrency. Are they considered securities, what does the SEC’s risk alert mean for digital assets, and how should investment managers be thinking about cryptocurrency trading and compliance?

About Our Guest Speakers:


Allison Fraser provides compliance consulting services to investment advisers, registered investment companies and private investment funds, including conducting annual compliance program reviews and testing, developing risk assessments and preparing for SEC examinations. She also assists clients with drafting policies and procedures and preparing regulatory filings. On behalf of, the Compliance Services division of CSS, Allison served as the Chief Compliance Officer for a family of alternative funds registered under the Investment Company Act of 1940. Prior to joining CSS, Allison served as a Senior Vice President of Compliance at Northern Trust Investments, Inc. (“NTI”), the asset management subsidiary of The Northern Trust Company. In this capacity, she managed and administered the compliance due diligence program for NTI’s Multi-Manager Solutions and Outsourced Chief Investment Officer businesses. Allison also was the Chief Compliance Officer of two registered funds of hedge funds advised by NTI as well as a member of the funds’ Pricing and Disclosure Committees. Before joining NTI, Allison served as the Compliance Director for General Motors Asset Management, where she assisted with the administration of the compliance program for this registered investment adviser.
 

John Gentile is responsible for overseeing various types of broker-dealer and investment adviser consulting engagements, including conducting SEC/FINRA internal control reviews, anti-money laundering testing, written supervisory policy and procedures testing, and other consultation services. John is a frequent speaker at industry conferences on various compliance topics, including “Effective Supervision,” “Large Firm Testing,” FINRA Supervisory Control Rules” and “Anti Money Laundering Requirements for Broker Dealers under the PATRIOT Act.” In 1987 John joined the SEC as a Securities Compliance Examiner, becoming a Branch Chief in 1991. He became Assistant Regional Director in 1993, supervising a team of 20 broker-dealer managers and examiners. He also planned and conducted financial, operational, and sales practice examinations of the largest broker dealers and was among those responsible for a review of hedge funds’ impact on broker dealer internal controls. Before joining the SEC, John was a Financial Damage Analyst with PaineWebber Inc. Most recently from 2000-2007 John was an Executive Consultant, Broker-Dealer Services, at National Regulatory Services. John has an MBA from Fordham University and a BS in Finance from Central Connecticut State University. From 1995 to 2002, John was also a member of the Securities Industry Continuing Education East Coast Content Committee.
Categories
Daily Compliance News

October 18, 2021 the Better Salary edition


In today’s edition of Daily Compliance News:

  • Risk in municipal bonds?(NYT)
  • Goldman to own its business unit. (WSJ)
  • Pandora Papers lead to artifact repatriation. (WaPo)
  • Negotiating a better salary. (WaPo)