Tag: Joseph Pastore

5 Reasons Why Your Non-Compete Agreement Doesn’t Work

Posted on by Kelly McElroy

The Federal Trade Commission is considering making non-compete agreements a federal issue by banning them.

According to research, one in five employees have a non-compete, which is about 30 million Americans. The FTC claims a ban would lead to better job opportunities and increase wages by $300 billion a year.

Companies would have to find another strategy to protect investments. But it could take years for a final outcome, accounting for passage and pending court challenges.

Right now, however, employers have a bigger concern: Are their existing non-compete agreements enforceable?

The answer presents a real issue for too many companies—and they don’t even know it.

Here are five common reasons why non-compete agreements fail:

 

Attorney Alert: No Consideration

This is one of the most common problems with enforceable non-compete agreements.

When you onboard a new employee, employers should make the signing of a non-compete agreement part of the process. To create a valid agreement, you must offer the new employee “consideration,” which means an exchange of value. Because you ask new employees to sign on day one, you can write into the agreement that the job and future compensation are consideration for the signature.

If you need an existing employee to sign a non-compete agreement, you will have to put more effort into it. Maybe it is a new title, more money and/or different responsibilities at the company. The “consideration” doesn’t have to be large, but it needs to be real and distinguishable.

Otherwise, you may have an unenforceable non-compete agreement that you assumed was valid.

 

Attorney Alert: Too Long in Duration

The objective of non-compete agreements is to protect the company, not to punish your employees. Asking for a non-compete for the rest of someone’s life is a non-starter.

Courts have ruled favorably, however, on shorter terms. Generally speaking, six months is practically a certainty. Yet, more than two years could get tricky. If it involves an acquisition, you may be able to get three years.

In any case, you should consult with your lawyer because these matters, especially the ones involving longer terms, tend to be decided on specifics. So, make a small investment to spend time with your trusted counsel—you will thank yourself later.

 

Attorney Alert: Reliance on a Template

Don’t fall for convenience and use a template for your non-compete agreement. And that goes for older, outdated forms your company has used since its inception.

Every industry is different. Every company is different. Types of proprietary information and confidential relationships vary quite a bit.

What if your company crosses state lines? What if your company has employees who work in different states? When it comes to law regarding non-compete agreements, each state makes the call.

Your leadership team should protect its interest by consulting with an attorney to ensure nothing is lost in the future.

 

Attorney Alert: No Assignment Provision

When acquiring a company, too many companies forget to obtain non-compete agreements from key personnel at the other company. This oversight can be costly.

One reason for the miscue, in part, is the assumption that the acquired company had included an assignment provision in their non-compete agreements. An assignment clause allows one party to transfer negotiated rights to another party—without re-opening negotiations.

Assignment provisions (i.e., Company A or assignee) can make things easier. Without them, you will have to ask the incoming employees to sign another non-compete agreement, which could prompt talks regarding more consideration.

Some states may prohibit or limit assignment clauses, so review them with your attorney.

 

Attorney Alert: Not Compliant With State Law

In addition to being a case-by-case matter, non-compete agreements hang on a state-by-state basis.

For example, these agreements are not enforceable in Oklahoma and California. Nine other states prohibit non-competes for employees who earn more than a set amount. Iowa and Kentucky only prohibit the agreements for health care workers.

In Connecticut, “reasonable” non-compete agreements are enforceable. But that means several details will have to be reviewed to determine validity: Is it too long or too restrictive? Is it fair? Does it prevent the employee from making a living?

Your lawyer will guide you down the right path.

 

(Joseph M. Pastore III is Chairman of Pastore, a law firm that helps corporate and financial services clients find creative solutions to complex legal challenges. He can be reached at (203) 658-8455 or jpastore@pastore.net.)

 

 

 

5 Reasons Why Business Partnerships Fail

Posted on by Kelly McElroy

William Proctor and James Gamble figured out how to do it in 1837.

Ben Cohen and Jerry Greenfield found out that success could be sweet in 1978.

Larry Page and Sergey Brin started their own brand of digital domination in 1998 before most knew what they were talking about.

Today’s stock market is filled with prosperous corporations that began with a business partnership. Although those who succeed tend to grab the headlines, all the rest fade away.

According to BLS data, 45% of new businesses fail during the first five years and 65% fail during the first ten years.

Hiring an attorney at the onset of a business partnership can dramatically increase your chances of a favorable outcome. Lawyers can help partners decide the best corporate structure and draft documents that will add clarity and resolve disputes to keep the organization moving forward.

Unfortunately, business partnerships that don’t work with a lawyer as their first step bear more uncertainty.

Here are the five most common legal claims that cause business partnerships to fail:

Attorney Alert #1: Breach of Partnership/Operating Agreement

Don’t enter into a business partnership without a written agreement that clarifies many important variables, such as your responsibilities, compensation and exit.

In fact, negotiating the partnership agreement should be part of your process to determine if this company is the best fit for you. The time spent on this dialogue will be invaluable.

For example, how are profits distributed? What happens when one partner doesn’t want to take the distribution in that year? Will you have the right of refusal when your partners bring forward a prospective partner? How will each partner exit without harming the interest of the company?

A thoughtful partnership agreement will go a long way to building stronger relationships—and mitigate one of the most common causes of failure for business partnerships.

Attorney Alert #2: Breach of Fiduciary Duty

Fiduciary duties are included in business partnerships.

The interests of the partnership, for instance, should be held paramount compared to your own self-interests. This is referred to as the Duty of Care. You should also avoid self-dealing situations where you benefit at the expense of your partners—also known as the Duty of Loyalty.

Failing to account for company funds, sharing trade secrets or acts that benefit a competitor are also examples of a breach of fiduciary duty.

In an attempt to mitigate this potential cause for business partnership failure, partners could be required to review their fiduciary duties in writing and sign their names periodically to keep these responsibilities top of mind.

Attorney Alert #3: Failure to Delineate Authority

When partners enter a business venture, it is often assumed that each partner will work an equal amount. And that’s why issues happen.

Andrews Campbell, who published “Collaboration Is Misunderstood and Overused” in the Harvard Business Review, writes that success depends on three circumstances:  1) partners need to be truly committed to working with each other, 2) partners have high respect for each other’s expertise, and 3) each partner has the skill to bargain with each other over cost and benefits.

The last circumstance could be the sole reason to hire an attorney to draft documents to increase the odds that the collaboration will be a success. For instance, each partner should clearly understand their responsibilities as part of operations and the leadership team. Blurred lines will lead to disagreements and a waste of time of redundancies.

A semblance of hierarchy needs to be established so the company can move forward. Delineated authority would ensure that all mission-critical areas are covered by the partners.

Attorney Alert #4: Gross Negligence

Partners are responsible for providing a certain standard of care. When that doesn’t happen and harm is caused, a matter of gross negligence can cause irreparable damage and end the partnership.

Mismanaging partnership funds, failing to abide by contracts and hiring unqualified, key personnel could trigger a claim of gross negligence.

A court would apply the business judgment rule, which is a standard that examines if the action in question was done in good faith with the care of a “reasonably prudent person” and with the understanding the partner is acting in the best interests of the company.

If gross negligence can be proven, unfortunately, it would knock down that level of protection.

Attorney Alert #5: Partnership Abandonment

When a partner decides to leave, it could trigger dissolution almost immediately, depending on the partnership agreement.

However, if the departing partner has not acted in the best interest of the partnership, it could be grounds for a lawsuit.

It may make sense to review the partnership agreement before resentment and business losses kick in. Often, a buy-out option is stated in well-drafted agreements and incorporation papers to lay the groundwork for a soft landing for all parties.

(Joseph M. Pastore III is chairman of Pastore, a law firm that helps corporate and financial services clients find creative solutions to complex legal challenges. He can be reached at (203) 658-8455 or jpastore@pastore.net.)

 

S.D.N.Y. Issues Ruling Regarding Cryptocurrency Regulation – The Ripple Effect

Posted on by Kelly McElroy

The U.S. District Court for the Southern District of New York recently issued a significant ruling regarding cryptocurrency regulation. In 2020, the U.S. Securities and Exchange Commission (the “SEC”) sued Ripple and two executives concerning Ripple’s XRP token and the sale thereof. The SEC alleged the XRP token was an unregistered security; thus, their sales of the XRP token amounted to illegal sales of securities. In response, Ripple argued that XRP was not a security. Judge Torres ruled that Ripple’s sales of XRP to institutional investors constituted an illegal sale of securities. However, the token was not considered a security when it was sold on digital asset exchanges to the general public. The distinction, according to the judge, depended on whether the buyers knew that their money could fund Ripple’s operations and result in the generation of potential profits. Certain elements of the case are still undecided, such as whether the two executives aided and abetted the illegal sales and can therefore be held responsible. However, there is already discussion emerging on this ruling, which may impact the SEC’s ongoing case against Coinbase, and within 24 hours following the ruling, XRP’s price increased by nearly 100%.

 

To read more:

https://www.wsj.com/articles/ripple-wins-early-dismissal-of-some-claims-in-sec-lawsuit-over-xrp-sales-f88f968f?ns=prod/accounts-wsj

https://www.marketwatch.com/story/ripple-token-not-a-security-in-retail-sales-judge-rules-in-partial-win-for-crypto-3228f499?mod=search_headline&mod=article_inline

https://www.coindesk.com/markets/2023/07/13/ripples-xrp-token-surges-28-after-court-rules-xrp-sales-arent-investment-contracts/

4 Legal Insights: How to Fund a Crypto Startup

Posted on by Kelly McElroy

The most recent cryptocurrency winter has ended, and the next bullish cycle has begun.

But not everything has been forgotten.

The government may attempt to regulate this burgeoning industry through the courts, as more tokens, exchanges and venture capital firms fail to pass muster. The short list of collapses in 2022—BlockFi, Three Arrows Capital, Celsius Network, TerraUSD/Luna and FTX—has sent chills through the most thrill-seeking investors.

As a member of the Connecticut Crypto Forum, which Pastore LLC has sponsored since last May, I have watched cryptocurrency startups succeed, while others have struggled.

On the surface, funding seems to be a big obstacle. However, garnering the needed financial support for a cryptocurrency startup is more of a series of actions than a single event—especially during these challenging times.

So, are you looking to fund a cryptocurrency startup? Let’s start with a summation: Don’t go out too early.

Now, here are four more insights to improve your chances for success:

Business Law Insight: Leverage A Big Problem

The problem with having a solution is that you first need a problem.

So, start there.

Bitcoin serves as an alternative payment system free of government control where people can send money over the internet. Ethereum created a place in a new financial ecosystem as a platform for programmatic contracts and applications. Besides being digital assets, they both have something else in common: The entire world is their market.

When developing a solution for a problem, you must think big and make sure it’s scalable. The target market must be worth 10s of millions in revenue per year. If it generates $250,000 annually, you will go nowhere.

The cryptocurrency idea may solve a problem for title insurance in real estate. It’s a two trillion-dollar industry. Maybe it solves a record-keeping issue in health care. That’s another enormous potential market.

Because people buy the story before they buy the stuff, articulating the problem and the solution in a succinct, meaningful way will monetize your effort.

Business Law Insight: Produce A+ Documents

Producing top-notch documents should put you on the short list with potential investors. Your lawyer will write this one with help from the company’s leadership team.

A private placement memorandum (PPM) is not necessarily required depending on the nature of the offering, but it’s essential. Unlike a business plan that serves as a marketing document, the PPM is straight to the point. It is a legal document that informs investors of securities for sale. Several key aspects are addressed in the document, such as a description of the securities, risk factors, biographies on the management team, financial statements and, perhaps, important contracts.

This document will go a long way towards attracting a network of cryptocurrency investors. You definitely don’t go out to the marketplace in general because it is not amenable to crypto-type investments and general solicitation may run afoul of the securities exemption you are relying on. You will need a group of savvy investors who understand and have experience with digital assets—not a scattershot approach in the marketplace.

Business Law Insight: Build A Credible Team

In the beginning, investors don’t buy ideas. They purchase a team.

Ideas are only worth something if they can be executed. So, choose wisely.

Build a team of professionals who understand the cryptocurrency space and who can leverage relationships within the industry. This type of network, albeit small at inception, will provide instant credibility for your startup.

Next, create a strong compliance program with legitimate personnel. Start with a chief financial officer or controller with cryptocurrency experience, as well as anti-money laundering expertise. Leverage established credentials, such as ALMA, CPA, CFA, to guide the selection process.

To create more oversight, select qualified board members with experience in finance and controls, as well as regulation to name a few areas. Make them part of governance by empowering them to manage the compliance committee and audit committee. If you are raising money domestically, they will ensure you don’t stray into offshore associations that could taint the enterprise.

Business Law Insight: Convince A Bank

You need an investment bank on your side. In fact, you can’t raise real money without one. You are beyond friends and family now.

Keep in mind that an investment bank with a well-regarded broker dealer business unit will conduct due diligence on your startup. To pass the test, your financial house needs to be in order.

Let’s begin with the basics, such as bylaws and resolutions. There is the certificate of incorporation or the certificate of formation if it’s a limited liability corporation. Don’t forget the operating agreement, including business-partner assignments, a business plan and a financial forecast.

The next phase includes your financials. To be more specific, timely financial statements are required because anything less begs for more questions and suspicion. Accountants need to be part of this mix—and an attorney with cryptocurrency experience to bring everything together.

(Christopher Kelly is an attorney at Pastore who has practiced corporate, transactional, fund employment and banking law for more than 30 years at sophisticated levels. He has worked on complex transactions aggregating in value of more than $10 billion, involving private stock and debt offerings, mergers and acquisitions and assets deals.)

 

Stock Options: What Corporate Execs Should Know About Amended Rule 10b5(1)

Posted on by Kelly McElroy

Corporate executives and other “insiders” are forbidden from trading on material, non-public information.

When it comes to stock options, every public filing and formal announcement from a publicly traded firm comes with a blackout period for “insiders.” So, how can executives realize their earned gains without the threat of insider trading?

The U.S. Securities and Exchange Commission (“SEC”) defines illegal insider trading as: “The buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, on the basis of material, non-public information about the security.

In an effort to provide guidance, the SEC enacted Rule 10b5-1 in 2000 to create a defense against insider trading if the following criteria are followed:

  • Enter into a Rule 10b5-1 plan in good faith.
  • Adopt a trading plan that is not within a blackout period.
  • Specify the timing, price and amount of your transactions.

In December 2022, the SEC enacted additional requirements for the 10b5-1 plans.

“Over the past two decades, though, we’ve heard from courts, commenters and members of Congress that insiders have sought to benefit from the rule’s liability protections while trading securities opportunistically on the basis of material nonpublic information,” said SEC Chair Gary Gensler. “I believe today’s amendments will help fill those potential gaps.”

The new requirements alter the steps that corporate executives and “insiders” must take to fall under the 10b5-1 safe harbor, such as:

  • As part of the 10b5-1 plan, executives must certify that they are not aware of any material non-public information about the issuer or its securities and that the plan is adopted in good faith.
  • The good faith requirements must be extended beyond adoption through the entire duration of the plan.
  • Directors and officers may not trade during the later of 90 days after plan adoption or modification or two business days after filing a Form 10-Q or Form 10-K. Insiders who are not directors or officers may trade after a 30-day period following adoption or modification.
  • The 10b5-1 defense is no longer applicable if the “insider” has more than one 10b5-1 plan for the same time period.
  • Issuers must make new disclosures in their reports, including names and titles of “insiders,” dates of plan adoption or termination and number of shares that are planned to be bought or sold.

Accordingly, corporate executives and “insiders” must be familiar with the above changes to the 10b5-1 plans.

How Stock Options Overtook Cash

Two decades ago, corporate executives were compensated mainly with cash and bonuses, while stock options were footnotes. But the drive to link pay and performance has increased over the years, putting equity at the forefront. According to a 2021 Associated Press study, a little more than a quarter of compensation for the typical CEO at an S&P 500 company came from salary or bonuses. At the top, cash makes up 5% of total compensation.

The shift to stock options carries more responsibility for corporate executives. Insider trading, for example, can cost up to 20 years in prison. Back in 2020, the SEC employed 1,300 staff members in its Enforcement Division and budgeted more than half a billion dollars to investigate and prosecute illegal insider trading cases.

An attorney with expertise in complex financial instruments like stock options can help you regain peace of mind about your compensation package.

(Joseph M. Pastore III is chairman of Pastore, a law firm that helps corporate and financial services clients find creative solutions to complex legal challenges. He can be reached at 203-658-8455 or jpastore@pastore.net.)

How to Use Specific Allocation Cost Basis to Manage Capital Gains Taxes on Cryptocurrency Gains

Posted on by Kelly McElroy

The cryptocurrency reporting rules have changed but compliance requirements have not been made any clearer. The recent changes in the tax reporting requirements have left crypto platforms, brokers, and traders with minimal guidance and exposed buyers and sellers to a potential tax trap.

This note illustrates a process by which taxpayers who engage in virtual currency transactions can properly report their taxable gains or losses, even in the absence of revised guidance from the IRS. This process, properly deployed, will save many taxpayers who sell cryptocurrency during the tax year substantial amounts of money in federal taxes.

Section 80603 of the Infrastructure Investment and Jobs Act, P.L. 117-58 (signed into law November 15, 2021) amends both Section 6045 and 6045A of the Internal Revenue Code to accomplish three significant changes in the tax law related to returns of brokers regarding digital assets:

  • Brings digital assets under the broker reporting requirements by:
    • Adding to the definition of “broker” for purposes of information reporting “any person who (for consideration) is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.” Code §6045(c)(1)(D)(effective for returns required to be filed and statements required to be furnished after December 31, 2023) and
    • At §6045(g)(3)(B)(iv), adding digital assets to the scope of covered securities for purposes of Code §6045(g)(2)(a). This addition has the effect of requiring the newly-expanded population of persons treated as brokers under the tax law to report the capital gains and losses of persons disposing of digital assets on Form 1099-B. Reg. §1.6045-1(d)(2)
  • Defines a digital asset as “any digital representation of value which is recorded on a cryptographically secured distributed ledger or any similar technology” and includes an exception deferring to other and further definitions as may be promulgated by the Treasury. §6045(g)(4)

Cryptocurrency exchanges, such as Binance, Coinbase Exchange, Kraken, KuCoin, and OKX are now explicitly required to provide information reporting on Form 1099-B. However, the IRS has recognized that the existing reporting regulations do not contemplate virtual currency and so, in Announcement 2023-2 (December 23, 2022), the Service relieved brokers from the new reporting requirements pending issuance of final regulations under the new law. Taxpayers, however, remain responsible for reporting the proceeds of the virtual currency dispositions.

Taxpayers must report the nature and magnitude of their gains and losses on dispositions of digital assets whether or not any exchange or platform reports their transactions. This leaves responsibility for accurate recordkeeping squarely, and exclusively, on the taxpayer disposing of the assets. Indeed, decentralized finance exchanges such as Idex and dYdX, which do not collect Know Your Customer information (See, 31 CFR 1023.220), and self-custody traders, which do not provide information reporting, have no present role in tax reporting.

On whatever form — 1099-B, 1099-K, or no reporting form at all  —  a taxpayer receives regarding information reported to the IRS about the proceeds from the disposition of digital assets, that information must be translated into its tax effects via Form 8949, then to Schedule D, and, ultimately, to Form 1040. This reporting array provides to the IRS information describing the assets, the dates of acquisition and disposition, basis calculation, and the resulting gain or loss from each asset disposition. It also serves to characterize the resulting gain or loss as ordinary or capital and, if capital, as either long or short term. See, Code §1222; Reg. §§1.6045-1(d)(2)(i) and (ii).  Capital gains, calculated using the netting rules of §1222(11), are, generally, taxed at more favorable rates than ordinary income. Code §§1(h)(1) and (j)(5).

Gains on the disposition of capital assets, including covered securities, are calculated by subtracting the cost or other basis of the property from the net amount realized from its disposition. See, Reg. §1.1011-1. This amount is reported by the exchange or broker on Form 1099-B and, in turn, by the taxpayer on Form 8949.

This two-step process includes a mathematical trap for the unwary, which the IRS tacitly acknowledges in its virtual currency FAQs released October 9, 2019 (IR-2019-167). These FAQs largely reflect the two methods of basis allocation provided in the regulations that are available to a taxpayer who sells less than their entire position in a virtual currency account. However, because the regulations (Reg. §§1.6045-1(d)(2)(i) and (ii)) were promulgated prior to the explicit addition of digital assets to the statutory information reporting scheme by Section 80603 of P.L. 117-58, the Service has issued this interim guidance to remind such taxpayers that their basis reporting for digital assets may be accomplished in either of two ways:

  • Identification of the specific units of virtual currency that were sold. Such specific identification must include

(1) the date and time each unit was acquired

(2) the taxpayer’s basis and the fair market value of each unit at the time it was acquired

(3) the date and time each unit was sold, exchanged, or otherwise disposed of, and

(4) the fair market value of each unit when sold, exchanged, or disposed of, and the amount of money or the value of property received for each unit or

  • If the taxpayer does not identify specific units of virtual currency, the units are deemed to have been sold, exchanged, or otherwise disposed of in chronological order beginning with the earliest unit of the virtual currency purchased or acquired; that is, on a first in, first out (FIFO) basis

FAQs 40 and 41.

Recall that Form 1099-B, when used by crypto exchanges and brokers for reporting sales of less than a taxpayer’s entire position, reports in Box 1(e) only the summary figure of cost or other basis, without specifying how that basis is calculated. The regulations and the FAQs prescribe that the FIFO method is the default basis reporting calculation in the absence of information adequate to support allocation of basis to specific units of digital currency.

Form 1099-B is, however, not the end of the taxpayer’s analysis. This is important because Form 8949, generally required to be filed with the return of a taxpayer who has sold capital assets (now, including digital assets) during the tax year, enables the taxpayer to correct the basis reported on Form 1099-B.  Brokers and exchanges will, as a rule, simply report out capital gain on a FIFO basis, potentially leaving inattentive taxpayers with a larger tax bill than they would have with proper figuring.

 

Here is how capital gains tax exposure can be unnecessarily inflated for a seller of digital assets who does not liquidate his or her entire position during the year.

The comparison may be illustrated with these pricing data from a popular digital currency over a recent period where a hypothetical taxpayer invested in a single unit of the asset each calendar month at its then-prevailing price.

Comparison of Capital Gains Tax on Sale of Virtual Currency Positions Using FIFO and Specific Information Basis Allocation

Comparison of Long Term Capital Gain Tax Using FIFO and Specific Identification Methods of Basis Allocation

A taxpayer who partially liquidates a digital currency position, then, should make strategic use of the Form 8949, whether or not the taxpayer receives an information statement from a broker or exchange. Note that for each transaction type for which Part I, Box (A), (B), or (C), or Part II, Box (D), (E), or (F) is checked, a separate Form 8949 must be filed.

The taxpayer should complete the appropriate part of the form (Part I for Short Term Capital Assets, Part II for Long Term Capital Assets) and enter in column (e) the appropriate basis allocation. If the taxpayer elects to use the Specific Identification method for a partially liquidated position, he or she should be prepared to document the claim with

  • The date and time each unit was acquired;
  • The basis and fair market value of each unit at the time acquired;
  • The date and time each unit was sold, exchanged or otherwise disposed of;
  • The fair market value of each unit when disposed of; and
  • The amount of money or the value of property received for each unit

FAQ 39.

In circumstances where the allocated basis of the liquidated asset varies from the amount stated in Box 1(e) on the Form 1099-B or other information statement, the taxpayer should enter Code B in column (f) and enter the amount by which the stated basis is being adjusted on the Form 8949. The current amount of gain or loss should then be entered in column (h).

The total amounts on Line 2 in Parts I and II of Form 8949 should then be transferred to Schedule D as follows:

  • If Part I, Box A is checked, transfer the amount in Part I, line 2 to line 1b of Schedule D
  • If Part I Box B is checked, transfer the amount in Part I, line 2 to line 2 of Schedule D
  • If Part I, Box C is checked, transfer the amount it Part I, line 2 to line 3 of Schedule D
  • If Part II, Box D is checked, transfer the amount in Part II, line 2 to line 8b of Schedule D
  • If Part II, Box E is checked, transfer the amount in Part II, line 2 to line 9 of Schedule D
  • If Part II, Box F is checked, transfer the amount in Part II, line 2 to line 10 of Schedule D

In conclusion, the responsibility of accurate capital gains reporting for digital asset transfers remains in the hands of the taxpayer. Because of the present gap between the statutory information reporting requirements and the associated regulations and forms, taxpayers must pay particular attention to how they elect and calculate basis in transactions that both were and were not reported to them or, in some circumstances, to the IRS, and whether such transactions affected long term or short-term capital assets. While taxpayers may, in most cases, benefit significantly from the Specific Identification method of basis allocation, they should be cautioned to invoke it only when they can meet the prescribed documentation to support that method. Otherwise, the default FIFO allocation should be used.

This note illustrates general principles only and is not intended as tax or legal advice. The reader is cautioned to discuss his or her specific circumstances with a qualified professional before taking any action.

5 Common Legal Claims: How RIAs Can Protect Themselves

Posted on by Kelly McElroy

As fiduciaries, Registered Investment Advisors (RIAs) must, at all times, serve the best interest of their clients and cannot place their own interests ahead of the interests of their clients. These obligations generally fall into two broad categories commonly referred to as the duty of care and duty of loyalty.

The Duty of Care requires an investment adviser to provide investment advice in the best interest of its client, based on the client’s objectives. The Duty of Loyalty requires RIAs to eliminate or disclose any possible conflict of interest involving themselves, their advice or their client.

In one way or another, most legal claims against RIAs stem from these two duties that serve as the underpinning of the profession. The Securities and Exchange Commission (SEC) recovered its largest amount of damages in fiscal year 2022 with RIAs and investment companies targeted for the most actions taken.

Clear communications and concise policies can help your firm prevent and mitigate the five most common legal claims against RIAs:

Breach of Fiduciary Duty

This is what happens when RIAs fail to exercise their responsibility to safeguard a client’s best interests. And it can be career-ending. It could come at the cost of a professional license in addition to financial damages.

The easiest way to mitigate any potential exposure is to be transparent. Make sure you disclose any possible conflicts of interest. Be crystal clear with your investment advice. Translate industry jargon into layman’s terms so your clients understand what is being said.

Working with an attorney on a new policy that prohibits self-dealing would be a good start.

Last year, the SEC ordered a dually registered RIA and broker-dealer to repay more than $800,000 to harmed clients for breach of fiduciary duty.

The SEC found the RIA did not adequately disclose conflicts regarding compensation that it received from the client investments, as well as a breach of its duty to provide best execution when it opted for a more expensive class of mutual funds when classes of more favorable value were available. In addition, the RIA failed to implement compliance policies and procedures designed to prevent such violations.

Negligence

Simply put, negligence means carelessness, while gross negligence means recklessness on a bigger scale of damages.

As a fiduciary, you have responsibilities. In other words, your clients expect you to perform your duties in a manner that doesn’t harm their financial interests.

Last year, a federal court in Massachusetts ruled against an investment advisor who defrauded two advisory clients when he recommended that they invest in a scam investment abroad. The SEC’s complaint alleged that the investment advisor ignored and failed to disclose warnings from two banks in Turkey that the opportunity was probably a scam. The court ordered the advisor to pay more than $500,000 in damages.

RIAs should work with an attorney to draft disclaimers that can help mitigate errors. Each state has differing laws on negligence and award amounts, so make sure your disclaimers comply with your state’s laws to ensure they are enforceable.

Cyber Security Failures

Protecting your clients from cyber security breaches means being proactive.

The SEC continues to add more consumer protections, which will make your research and planning more valuable to your business. In March, for example, the SEC proposed amending Regulation S-P to require “covered institutions”—including RIAs—to provide notice within 30 days to investors affected by certain types of data breaches. The original regulation, which was adopted in 2000, simply required investment professionals to notify their clients about how they use their financial information.

Creating policies and procedures is the best way to start building the framework for a program that will better protect all stakeholders. Written policies and procedures will ensure your IT team is protected because they will know how to safeguard the data, prepare for possible cyber attacks and how to best respond. Because technology connects all of us, the same standard should be used with all your vendors’ IT programs. Do they have similar polices in place? Ultimately, you will be responsible.

Ongoing stress-testing your systems will provide another layer of protection to your firm. Hire a company that will send fake “scam” emails to your employees and turn it into a teachable moment.

Remember when your bosses sent you emails asking you to buy them gift cards on behalf of the company—with the promise of being reimbursed? (They really didn’t.)

Failure to Disclose

Be transparent with your clients about matters that involve your financial relationships with vendors and investments. More specifically, make sure you state the details about how you are compensated when it involves your client recommendations.

In 2020, the SEC sued an investment advisory firm for defrauding its clients by failing to disclose financial conflicts of interest when recommending investments. The agency alleged the advisory firm recommended their client invest $16 million in four private real estate investment funds without disclosing their fund managers received $1 million from the funds, as well as incentives to keep their money invested. For two of the four funds, the undisclosed financial arrangement resulted in reduced returns.

Any client grievance—written or verbal—should be taken seriously, which would reduce the odds of the complaint becoming a docket item. The matter should be taken directly to your in-house compliance officer or attorney if you have outside counsel. Acknowledge receipt of the complaint to your client and provide a timetable for an outcome.

If the investigation has merit, the compliance officer should immediately contact an attorney, who can draft a legally binding agreement for resolution.

Making Up Unsubstantiated Claims

When it comes to attracting new clients, the truth is your friend.

Research your own investment history to ensure that you can substantiate every claim. If a specific fund has yielded 50% annual returns in the past, then that is something you can talk about—but stay away from what is possible in a perfect world.

Last year, the SEC filed a civil action against former investment advisors for alleged participation in a Ponzi scheme that raised more than $110 million from more than 400 advisors. The defendants received undisclosed compensation from the investment fund, which was recommended based on unsubstantiated claims.

When it comes to the five most common legal claims against RIAs, say what you mean and mean what you say. It will go a long way toward protecting your book of business.

(Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)

 

Regulation Could Pave the Way for Blockchain Settlement of Securities Transactions

Posted on by Kelly McElroy

While the U.S. ponders crypto and blockchain regulation, large institutional investors are building the infrastructure necessary to handle the possible private and sub-chain transaction methods likely coming with Web 3.0. Legislation is desperately needed to give certainty to entrepreneurs and large institutions planning for the block sub-chain and to the crypto industry generally. One likely outcome is the movement towards using blockchain technology to “settle” securities transactions. This is occurring now but may become widespread in the near future. With a traditional securities trade, settlement can take days, creating market and operational risk. With blockchain settlement, the settlement is instantaneous. For securities trades to be settled, the transaction information (transfer of ownership or payment) needs to be recorded in the blockchain. Investors communicate information to a peer-to-peer network. Thus, much of the risk is eliminated. Many large institutions are working on systems that would allow for such settlement techniques.

Regulation of blockchain would do a great deal to accelerate the growth of the industry, and provide legal security for its use. An article published by the DTCC titled “Will Blockchain Revolutionize Clearance and Settlement” provides a succinct overview of the history of the current clearing and settlement system.[1] Regulation is particularly needed to overcome some of the hurdles of blockchain settlement. The current clearing and settlement system for securities trading can be traced back to the 14th century when double-entry ledgers were invented.[2] The creation of the double-entry ledger revolutionized trading in Europe due to the ability to record multi-party transactions occurring over a span of time and across countries in a central location.[3] Decentralized, multilateral clearing continued for more than 300 years and was utilized by groups such as the London Clearing Club, the London and Amsterdam stock exchanges, and the Chicago Board of Trade.[4] As the trading volume and the number of counterparties increased, clearing started to become centralized.[5]

Moreover, prior to 1892, every exchange of cash for shares on the New York Stock Exchange (“NYSE”) had to be paid in full, with cash or a loan secured by the shares acquired in the transaction.[6] However, this system did not provide enough security to money markets and the banking system, which could be severely stressed during market volatility and surging trade volumes.[7] Thus, in 1892 the NYSE created the New York Stock Exchange Clearing House (“NYSE Clearing House”), which was later replaced by the Stock Clearing Corporation in 1920.[8] The NYSE Clearing House net down obligations on a member-by-member and security-by-security basis.[9] To resolve this, regulators and the U.S. securities industry created The Depository Trust Corporation (“DTC”), a central securities depository for storing all stock certificates traded in the U.S. market.[10] Over time, nearly all certificates were converted into electronic form, greatly streamlining the trading process and reducing the burden on the clearing and settlement system.[11] Moreover, the NYSE Clearing House was merged with Amex and NASDAQ clearing functions, culminating in the National Securities Clearing Corporation (“NSCC”).[12] This integration further reduced payment and transfer activity volume by enabling multilateral netting across the entire U.S. equity market.[13] In an effort to streamline the clearing process further, the DTC and NSCC were consolidated into The Depository Trust & Clearing Corporation.[14] Thus, clearing and settlement were able to take place in a single, vertically integrated entity.[15]

Blockchain can bring significant record-keeping improvements to the securities industry, but blockchain settlement only works if the settlement process is better regulated. Thanks to the self-enforcing contracts, blockchain technology could be the next step in the evolution of the clearing and settlement. As stated above, this would make settlement instantaneous, negating the need to post collateral, which would free up capital.[16] However, without regulation, this technology could require the U.S. market to be funded on a transaction-by-transaction basis, which would significantly hinder the liquidity and risk-mitigating benefits of the current system.[17] Further, the instantaneous settlement would prevent the ability to fund a trade on a secured basis because traders could only pledge transacted shares as collateral.[18] What this means is that all trades using blockchain must be prefunded and on an unsecured basis. This would severely limit market liquidity. Thus, regulation is necessary to allow the benefits of instantaneous blockchain settlement not to be overshadowed by the illiquidity effects of such settlement. If such creative regulation could be implemented, then blockchain for securities settlement can become widespread, creating the next evolution of securities trading.

 

[1] Will Blockchain Revolutionize Clearance and Settlement, DTCC (Mar. 10, 2021), https://www.dtcc.com/dtcc-connection/galleries/2021/march/10/will-blockchain-revolutionize-clearance-and-settlement.

[2] Id.

[3] DTCC, supra note 1.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] Id.

[12] Id.

[13] DTCC, supra note 1.

[14] Id.

[15] Id.

[16] Id.

[17] Id.

[18] Id.

Business Tax Records Here’s The Why and How of Documenting Shareholder Loans

Posted on by Kelly McElroy

Generally, the IRS accepts a taxpayer’s statement of taxable income simply by matching the taxpayer’s declarations in the return with the third party information the IRS has on file. Once that taxpayer is operating a business, however evaluation of the taxpayer’s income and expenses is largely on the honor system. That is, unless and until the taxpayer’s return is selected for examination by the IRS, the taxpayer’s assertions of business income and expenses are checked only, with few exceptions, by the taxpayer’s signature on the return averring the truth of the return under penalties of perjury.[1]  At that moment, Reg. §1.6001-1(a) changes its character from taxpayer shield to IRS sword. That regulation requires, in part, that taxpayers

keep such permanent books of account or records, including inventories, as are sufficient to establish the amount of gross income, deductions, credits, or other matters required to be shown by such person in any return of such tax or information.

Failure to keep suitable books of account exposes the taxpayer to both civil and criminal penalties.[2]  In situations where the taxpayer has no, or poor, business records, the IRS can use a number of indirect methods to determine income, one of the more common of which is examination of the taxpayer’s bank records.[3] It is worth noting here that the bank deposit analysis procedure is used by the IRS to establish income, but not deductible expenses.[4]

Hence, shareholders of closely held businesses whose records are incomplete often propound an alternative characterization of some of their records of bank deposits. These taxpayers, in an effort to avoid tax liability, sometimes claim that those deposits represent nontaxable loan proceeds from the business.[5]

__________________________

[1] Notable business income reporting to the IRS includes, among others, the Form 1099 series, including the new protocols for Form 1099-K, Payment Card and Third-Party Network Transactions. Pursuant to the amendments made to the de minimis exception for third party settlement organizations (e.g., eBay, PayPal, Etsy, CashApp, Venmo), such organizations must now report at a threshold of $600. IRC §6050W(e). The IRS, recognizing the considerable and disruptive burden this 2021 change in the law imposes, has suspended its enforcement for the 2022 tax year. Notice 2023-10 (IRB 2023-3, January 17, 2023).

[2] IRC §6662 provides for an addition to tax of 20% of the amount of underpayment resulting from negligence or intentional disregard of rules or regulations. So, for example, a taxpayer who does not keep proper records and consequently underpays tax due can be assessed an additional tax equal to 20% of the associated underpayment. This additional amount is, legally, a tax and not merely a penalty, and therefore accrues its own penalties and interest for late payment.  Under the Spies doctrine, 317 U.S. 492, 499 (1943), failure to keep proper books and records, coupled with an intent to evade tax, can also result in criminal penalties. IRC §7203 provides that the failure to keep proper records can, in and of itself, constitute a criminal misdemeanor, or, if such failure is willful, a felony.

[3] See, Internal Revenue Manual §4.10.4.6.2; Internal Revenue IRC§446(b); Nath v. Commissioner,  T.C. Memo 2023-22 (February 27, 2023); Cheam, et. al. v. Commissioner, T.C. Memo 2023-23 (February 27, 2023)

[4] Deductions from income are a matter of legislative grace and the burden for satisfactorily documenting deductible expenses lies squarely with the taxpayer. See, e.g. INDOPCO, Inc. v. Commissioner, 503 U.S. 79, 84 (1992); See also, Cohan v. Commissioner 39 F.2d 540 (2d Cir. 1930) (This case, still good law today, had as its plaintiff the famous actor, theatrical manager, and producer George M. Cohan, who, as reported in the case, kept no records associated with his claims for business expenses. Judge Learned Hand opined that the government’s proposition to treat the plaintiff as having had zero eligible expenses was possibly too draconian in the face of judicial confidence that he had some expenses. “Absolute certainty in such matters is usually impossible and is not necessary; the [government] should make as close an approximation as it can, bearing heavily if it chooses upon the taxpayer whose inexactitude is of his own making.” Cohan at 544; Price v. United States, 335 F.2d 671, 677 (5th Cir. 1964) (“the ‘bank deposits’ method assumes only that all money deposited in a taxpayer’s bank account during a given period constitutes taxable income.”)

[5] Loan proceeds, insofar as they are accompanied by an obligation to repay the loan, are not taxable income. See, e.g., Commissioner v. Tufts, 461 U.S. 300, 312 (1983); U.S. v. Kirby Lumber Co., 284 U.S. 1, 3 (1931). The taxpayer bears the burden of proving that bank deposits are non-taxable loan proceeds. Calhoun v. United States, 591 F.2d 1243, 1245 (9th Cir. 1978).

A business or individual tax return reports, in effect, two fundamental arithmetic issues — Income and Deductions (or Credits) — to arrive at taxable income.  The regulations require taxpayers to document both.[1] See my earlier article on some of the issues that arise in connection with insufficiently documented claims for deductions. Should the IRS elect, in the face of a taxpayer’s problematic record keeping, to measure income through a bank records analysis, the Service treats all of the bank deposits, less those that can be otherwise explained, such as transfers between accounts, as taxable income for purposes of determining any deficiency in tax paid unless the taxpayer is able to demonstrate to the contrary.[2]

Closely held businesses routinely transfer money to one or more of their shareholders, usually in the form of taxable dividends, but often as a loan, which must be paid back and so, therefore, is not taxable income to the shareholder receiving it.  The IRS has in place a two-step checklist its agents use to test a taxpayer’s claim that an otherwise unexplained bank deposit is a loan rather than taxable income:

  1. Verify that the interest rate equals at least the minimum Applicable Federal Rate pursuant to IRC 7872 [3]
  2. Determine whether the amounts advanced to the stockholder are bona fide loans or distributions of earnings and profits, which are taxable as dividends. This determination is based on the actions and intent of the parties at the time of the withdrawal and no single test or set formula can give a definite answer. Some of the factors to be considered include the following:
    1. Whether the amounts of the withdrawals are carried on the books as a loan receivable
    2. Whether the withdrawals were secured by collateral or accompanied by other indications of a bona fide loan, such as interest bearing notes and the observance of other ordinary loan formalities
    3. Whether both the stockholder and the corporation treat the withdrawals as indebtedness
    4. Whether interest is paid by the stockholder or charged by the corporation
    5. Whether the corporation had sufficient surplus to cover the withdrawals when they were made

______________________________

[1] Reg. Section 1.6001-1(a); See also, IRC Section 6001(a).

[2] See, Whatley v. Commissioner, 24 F.3d 1119 (9th Cir. 1994) (memorandum) (“Because the IRS’s determination was based on a bank deposit analysis, the [taxpayers] could only meet their burden by showing that the deposits came from a nontaxable source.”) The IRS burden in supporting a statutory Notice of Deficiency (NOD) for unreported income varies among the Circuits. For example, the First, Fourth, Sixth, and Seventh Circuit Courts of Appeal generally place the burden of persuasion on the taxpayer to demonstrate that the NOD is without factual foundation, whereas the Second, Third, Fifth, Seventh, Eighth, Ninth, and Tenth Circuits generally require the government to produce at least some factual foundation for the NOD before proceeding against the taxpayer.

[3] While this part of the test, as recited in §4.10.3.9.4.5 (March 1, 2003) of the Internal Revenue Manual, does not appear relevant to the determination of whether funds deposited of record in a bank account represent a loan or taxable income, it does signal that, when the service identifies a loan transaction, it will look for the possibility of imputed income under IRC §7872.  That statute imputes to the lender an income tax on the difference in interest due, if a positive number, between the Applicable Federal Rate (AFR) (as minuend) and the interest rate applicable to the subject loan (as subtrahend).  While the intricacies of determining the correct AFR to apply to a given loan are beyond the scope of this note, it is sufficient here to observe that the courts frequently invoke the statutory language of “below market loan” while exploring market-based interest rates that prevailed at the time of the claimed loan transaction.  Rather, the statute provides, generally, that a shareholder demand loan is a below-market loan if interest is payable at a rate less than the AFR, while a term loan is a below-market loan if the amount loaned exceeds the present value of all payments due under the loan using as discount rate the appropriate AFR for the month the loan is made. IRC §7872(f)(2). The issue of the actual interest rate, then, is less of a test for the validity of a claim that certain proceeds represent a non-taxable loan than it is for the ancillary issue of the separate income tax that may be due on the associated interest. The absence of any interest charge for the putative loan is an indicium of the absence of intent to repay and, hence, does not serve the taxpayer’s burden of demonstrating the non-taxability of any corresponding bank deposits.

  1. Whether the stockholder had the ability and intended to make repayment with interest at the time of the withdrawal
  2. The presence or absence of a maturity date
  3. The corporation, though prosperous, has not distributed dividends.

 

Courts interpreting taxpayer claims of non-taxable loan proceeds appearing in their bank accounts seek objective evidence of the taxpayer’s intent that the money was intended as a loan. These elements are but a portion of a facts and circumstances test and vary from the more prescriptive tests of the IRM:

 

  1. The existence or non-existence of a debt instrument;
  2. Provisions for security, interest payments, and a fixed payment date;
  3. Whether or not repayments of the loan were made;
  4. The taxpayer’s ability to repay the loan;
  5. The borrower’s receipt of compensation; and
  6. The testimony of the taxpayer.[1]

 

Each of these elements is instructive for the practitioner.

 

First, the existence of a written instrument memorializing the loan is fundamental evidentiary element.  The terms of such an instrument should be both arms-length and established contemporaneously with the loan. [2]

 

Second, as with the first test, the ordinary elements of a business loan include the responsibility of the lender to secure repayment and a fixed (or fixable) maturity date for the loan. Indeed, the absence of a due date for payment renders the transaction little more than a transfer of cash.[3]

 

Evidence of the borrower’s ability to repay and, indeed, a history of repayment of the debt stand to corroborate the intent of the parties to the transaction to have made a loan, rather than a taxable transfer of funds.[4]

 

In circumstances where the putative borrower is an employee of a corporate entity that stands as lender, the taxpayer’s burden of demonstrating that bank deposits were non-taxable loans, rather than compensation for services, is particularly fraught. Where a taxpayer sits, in effect, on both sides of a transaction, it is harder to sustain that burden. In such a case, and absent sufficient evidence to overcome the presumption that the bank deposits represent taxable income, the court will presume payments received by an employee are taxable compensation.[5]

__________________________

[1] See, Friedrich v. Commissioner, 925 F.2d 180, 182 (7th Cir. 1991) (affirming 52 T.C. Memo 1132 (July 31, 1989)); Matter of Uneco, Inc., 532 F.2d 1204, 1208 (8th Cir. 1976); In the Matter of Indian Lake Estates, Inc., 448 F.2d 574, 578-79 (5th Cir. 1971); Haber v. Commissioner, 52 T.C. 255 (1969), aff’d 422 F.2d 198 (5th Cir. 1970).

[2] See, Todd. V. Commissioner, 2011 T.C. Memo 123 (June 6, 2011) (a six month delay from the time of disbursement of the funds to the time of the execution of the promissory note, coupled with the failure of the parties to abide by the terms of the note rendered the promissory note of “little weight” in the view of the court).

[3] Not incidentally, under §3-108 of the Uniform Commercial Code, the absence of either a due date or provision that a debt instrument is payable on demand renders it non-negotiable, and, thereby, limits its value as an asset on the books of the lender.

[4] See, e,g, Fisher v. Commissioner, 54 T.C. 905, 911 (April 29, 1970) (“We think the conclusion is inescapable that there was no reasonable expectation, at the time the amounts in question were withdrawn from the corporation, that they would be repaid. Under all the circumstances it is our conclusion that there was no bona fide intention on the part of either the petitioner or the corporation that the amounts in question should be repaid. It should be added that, insofar as the record shows, no part of the withdrawals has been repaid and that, although the demand notes called for the payment of interest, no interest has ever been paid.”)

[5] See, Beaver v. Commissioner, 55 T.C. 85, 91 (October 20, 1970); Nath v. Commissioner, 2023 T.C. Memo 22 (February 27, 2023).

Finally, the courts receive self serving testimony from the taxpayer as to the taxpayer’s intent to treat the money received as a loan with due circumspection. In the same way, the taxpayer’s failure to introduce available witness testimony that would be expected to rebut the presumption of taxability is treated as, effectively, a concession that such witness would testify unfavorably to the taxpayer. [1]

 

In summary, once the IRS has determined that a taxpayer’s documentation is insufficient and elects to use bank records to establish income, the taxpayer’s burden in overcoming the resulting presumption that all of the deposits in the bank represent taxable income requires considerably more than the taxpayer’s mere assertion of the character of the deposited amounts.

 

Reliable, arm’s length documentation, that includes the ordinary components of debt instruments such as their contemporaneity with the distribution of the proceeds, maturity date, stated interest, and a repayment schedule is maxime res magni momentiare to courts evaluating the intent of the parties to treat the subject transaction as a loan. In addition, the credit environment, including the apparent ability of the ostensible borrower to repay the loan as agreed and the security given for the loan, actual repayment performance, and how well the facts and circumstances overcome a court’s inference that an employee of the lender likely received the money as a dividend or compensation, are all parts of the landscape that a practitioner advising someone operating a business that may lend its shareholders or employees money must consider.

DMS

__________________________

[1] See, Friedrich, 185 F2d. at 185.

SEC Proposes Two New Cybersecurity Regulations

Posted on by Kelly McElroy

What You Need to Know

 

Summary of New Proposed Rule 10

 

Proposed Rule 10 would require all Market Entities (everyone but small broker-dealers) – referred to in the Rule as Covered Entities – to adopt written policies and procedures to address cybersecurity risks.  These written policies and procedures must include the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of the risk assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems and protect the Covered Entity’s information from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access the Covered Entity’s information systems;
  • Measures to detect, mitigate, and remediate any cybersecurity threats and vulnerabilities with respect to the Covered Entity’s information systems; and
  • Measures to detect, respond to, and recover from a cybersecurity incident and procedures to create written documentation of any cybersecurity incident and the response to and recovery from the incident.[1]

Proposed Rule 10 would also require immediate written electronic notice of a significant cybersecurity incident to the SEC and the filing of a new form SCIR.  The SCIR form would gather information about the significant cybersecurity incident and the Covered Entity’s efforts to respond to and recover from the incident.

Finally, the proposal would require Covered Entities to publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year on Part II of proposed Form SCIR. A Covered Entity would need to file the form with the SEC and post it on its website. Covered Entities that are carrying or introducing broker-dealers would also need to provide the form to customers at account opening, when information on the form is updated, and annually.

Summary of Proposed Amendments to Regulation S-P

The second proposed rule would amend Regulation S-P covering almost all Market Entities to create additional protections for customer information and create a federal minimum standard for data breach regulations.  The proposed amendments would require covered institutions to adopt an incident response program as part of their written policies and procedures under the safeguards rule. The proposal would require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, include procedures to assess the nature and scope of any such incident, and contain and control such incidents. The proposal would also apply certain requirements related to incident response to covered institutions’ relationships with third-party service providers.

The proposed amendments would require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide the notice as soon as practicable, but not later than 30 days after a covered institution becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. A covered institution would not need to provide the notification if the covered institution determines that the sensitive customer information was not actually and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience.

Additionally, the proposed amendments would enhance customer notification by:

  • Expanding the safeguards and disposal rules to cover “customer information,” a new defined term referring to a record containing “nonpublic personal information,” a term already in use for other components of Regulation S-P, about a customer of a financial institution. The proposed amendments would therefore apply both rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from a third-party financial institution about customers of that financial institution;
  • Requiring covered institutions to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • Conforming Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the 2015 Fixing America’s Surface Transportation Act, which would provide that covered institutions are not required to deliver an annual privacy notice if certain conditions are satisfied; and
  • Extending the safeguards rule to transfer agents registered with the Commission or another appropriate regulatory agency. In addition, the proposed amendments would extend the disposal rule from covering only transfer agents registered with the Commission to also transfer agents registered with another appropriate regulatory agency.

What You Need to Know Right Now

 

First – the proposed cybersecurity regulations are not yet final.  Market Entities have the opportunity to comment on the proposals.  This is a chance for Market Entities to influence the future of cybersecurity in the industry.  Some of the concerns raised by the SEC include conflict with state data breach laws.  Mark T. Uyeda, an SEC Commissioner, noted:

 

“lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”

 

These are just a few of the many topics that the SEC has opened for comments.  Numerous other issues exist.  The attorneys at Pastore LLC are highly skilled in both the financial sector and cybersecurity.  Pastore LLC can help you draft and file comments before the proposals become final.  Comments are due 60 days after the proposed rules appear in the Federal Register, which is expected to occur in the next 4 weeks.

 

Second – it is inevitable that some form of cybersecurity enhancement rules will be enacted in the near future.  Now is the time to start planning compliance.  The attorneys at Pastore LLC can assist you in formatting written policies and procedures.  Pastore LLC attorneys are creative and understand the overall data privacy, data breach and cybersecurity landscape.  Pastore LLC attorneys can work with internal compliance and legal departments to develop the best plan for a Market Entity’s needs.

 

Don’t wait!  Change is coming and Market Entities need to plan for the future regulations now.  Pastore LLC can help.

[1] Fact Sheet – Addressing Cybersecurity Risk to the U.S. Securities Markets.