Canada: Directors fiduciary duty in a pandemic: You need a protocol!
COVID-19 has had and will continue to have impacts on virtually every corporation in Canada and globally.
On January 1, 2020, the California Consumer Privacy Act (CCPA) came into effect. The CCPA is the most comprehensive privacy law in the US which does not have a federal law equivalent to the EU’s GDPR — the European General Data Protection Regulation. The CCPA has a wide sweep in terms of its application to all businesses with at least US$25m in gross annual revenue that collect personal information from “consumers”. In the private fund context, managers will need to assess the potential coverage of the CCPA for the funds, fund advisors and fund sponsors.
The definition of “personal information” is also broad: information that “identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This definition includes email addresses.
The CCPA requires covered businesses that collect personal information about California residents to:
The California Attorney General may assess civil penalties of up to US$2,500 per unintentional violation, and US$7,500 per intentional violation. A business is not liable if it cures any non-compliance within 30 days after being notified of alleged non-compliance. The CCPA also creates a private right of action which is for consumers whose personal information has been subjected to unauthorized access or disclosure as a result of the covered business failure to maintain reasonable data security procedures. A consumer must give a business 30 days’ written notice and an opportunity to cure prior to bringing an action. A consumer may seek statutory damages in an amount of not less than US$100 and not more than US$750 per consumer per incident, or actual damages, whichever is greater, as well as an injunction or any relief a court deems appropriate.
Importantly, the CCPA provides an exemption for any information collected pursuant to the Gramm-Leach-Bliley Act of 1999 (GLBA), a federal law which covers the use of customers’ information obtained by financial institutions. Fund managers and fund sponsors are therefore exempt from the CCPA with regard to the information they have already obtained from existing investors. This exemption was most likely necessary as a matter of federal law pre-empting state law. However, the GLBA does not cover prospective investors, so the CCPA applies to fund managers and fund sponsors, as well as, brokers and solicitation agents that are engaged currently in raising capital for their new funds or follow-on funds. The CCPA also covers B2B contacts.
For EU-based fund managers and fund sponsors that are subject to the GDPR, compliance with the GDPR does not ensure CCPA compliance because there are significant differences in the requirements with regard to each statute’s definitions and scope.
The SEC’s Regulation BI that strengthens brokers’ standard of care with new customer disclosures and federal regulations, comes into effect on July 1, 2020. The SEC has stated that it will not provide a grace period for brokers that are not in compliance with Regulation BI on that date. Brokers throughout the US are currently gearing up with implementing policies and procedures to comply with Regulation BI. Brokers are preparing Forms CRS (Customer Relations Statement) that are required to be filed with the SEC and distributed to customers. Brokers are also engaged in extensive training programs for their registered representatives. The SEC’s OCIE (Office of Compliance Inspections and Examinations) has been checking with brokers since last year on their progress toward compliance with Regulation BI. OCIE has stated that starting on July 1, it will be assessing compliance with Regulation BI, particularly as it relates to conflicts of interest disclosures.
The US Court of Appeals for the Fifth Circuit in Cochran v. SEC (case number 19-10396) will rule on the removal protections for the SEC’s Administrative Law Judges (ALJs). In the US Supreme Court’s 2018 decision, Lucia v. SEC, the Supreme Court held that ALJs are federal government employees who are subject to the Appointments Clause of the Constitution and who must be appointed by the President or the SEC Commissioners. The Supreme Court did not decide whether the Constitution prohibits the statutory “for cause” removal protections that the US Congress provided for ALJs so that ALJs had some independence from each administrative agency. As Justice Breyer said in the Lucia case, the elimination of the ALJs tenure protections would “risk transforming ALJs from independent adjudicators into dependent decision makers, serving at the pleasure of the SEC Commissioners.”
Since the US Supreme Court’s case in Lucia v. SEC, Steven Peikin, the SEC’s co-enforcement director, has stated that insider trading cases and financial fraud cases are now brought before federal district courts while lesser cases are brought before SEC ALJs. If the Supreme Court eventually strikes down the ALJ job protections (as would be consistent with its holding in Lucia v. SEC), the SEC’s administrative enforcement program based on ALJ hearings would be placed in jeopardy.
In Liu v. SEC, the Supreme Court will decide this Spring whether the SEC can keep its powers of disgorgement in enforcement actions. In its 2017 Kokesh v. SEC case, the Supreme Court stripped the SEC of its ability to seek disgorgement as a form of equitable relief. The Kokesh ruling held that the SEC’s collection of disgorgement should be subject to the five year statute of limitations on civil penalties. In 2019, the SEC collected US$3.2bn in disgorgements compared to about US$1bn in civil penalties. The SEC frequently uses the threat of disgorgement in settlement negotiations. Although five justices questioned the SEC’s authority to seek disgorgement during oral argument in the Kokesh case, the Supreme Court did not formally take a position.
On January 21, 2020, Attorneys General from 23 States and the District of Columbia filed an amicus brief with the Supreme Court in connection with the Liu case supporting the SEC’s authority to seek disgorgement in civil actions. The amicus brief cited direct financial harm to the States and a substantial weakening of the SEC’s enforcement authority if the Supreme Court rules against the SEC.
On February 19, 2020, the SEC issued an order relating to an application by Blackstone Alternative Investment Funds (a multi-series Trust) and Blackstone Alternative Investment Advisors LLC (Advisor and together with the Trust, Applicants) for exemptive relief from the in-person meeting requirements under Section 15(c) of the Investment Company Act of 1940, as amended (1940 Act). The notice for the order stated that “[t]he requested exemption would permit the Trust’s board of trustees [(Board)] to approve new sub-advisory agreements and material amendments to existing sub-advisory agreements” for the Trust’s series (including by adding or removing sub-advisors) pursuant to “any means of communication that allows [Board members] to hear each other simultaneously during the meeting.” In support of the requested relief, the notice indicated the Applicants’ assertions that: the Board typically meets in person only once per quarter; and between such meetings, “market conditions may change or investment opportunities may arise such that the Advisor” wants to change sub-advisors. Citing administrative and cost burdens, as well as inherent delays, associated with holding additional in-person meetings, the Applicants contended that the relief would allow the Board to act more quickly and efficiently, and with less expense, to make changes to a series’ sub-advisors.
On January 14, 2020, BlackRock founder and CEO Larry Fink issued his annual letter to CEOs (Letter), in which he expressed his belief that the risks associated with global climate change will fundamentally reshape finance, noting that “climate risk is investment risk.” The Letter indicates that capital markets will need to adapt to new climate-adjusted realities as awareness increases regarding how climate change will impact economic growth and long-term investment. The Letter states that “because capital markets pull future risk forward, we will see changes in capital allocation more quickly than we see changes to the climate itself. In the near future – and sooner than most anticipate – there will be a significant reallocation of capital.” In the Letter, Mr. Fink further indicated that, as fiduciaries, asset managers have an important role to play in helping clients to address such climate risks. The Letter states that “sustainable investing is the strongest foundation for client portfolios going forward” and “sustainability- and climate-integrated portfolios can provide better risk-adjusted returns to investors.”
On January 27, 2020, the Office of Compliance Inspections and Examinations (OCIE) issued what it referred to as its “Cybersecurity and Resiliency Observations,” which consisted of a listing of what it considers essentially to be best practices in responding to and addressing cybersecurity threats based upon the extensive examinations that it has conducted of participants in the financial services industry. In describing its reasons for releasing its observations, OCIE indicated that its observations were intended to highlight specific examples of cybersecurity and operational resiliency practices and controls that industry participants have taken to attempt to safeguard against cyber threats and respond in the event of an incident.
OCIE has been focusing on the following seven areas with descriptions of the agency’s observations as to how firms can integrate these observations into their cybersecurity programs.
OCIE first addressed matters with respect to governance and risk management and noted that: “Effective cybersecurity programs start with the right tone at the top, with senior leaders who are committed to improving their organization’s cyber posture through working with others to understand, prioritize, communicate and mitigate cybersecurity risks.” Among the approaches to implement effective governance and risk management processes, OCIE observed the following:
In the area of access rights and controls, which deal with the determination of the appropriate users for access to organization systems and related controls to limit access as appropriate, OCIE observed the following:
With respect to data loss prevention, which includes the establishment of tools and processes to ensure that sensitive data, including client information, is not lost, misused or accessed by unauthorized users, OCIE noted as follows:
As it relates to mobile security in connection with mobile devices and their related applications, OCIE commented on the following protective measures:
OCIE made the following observations with respect to the appropriate approach to incident responses and resilience as it relates to business continuity planning:
As it relates specifically to addressing strategies regarding resiliency, OCIE observed that:
In connection with relationships with and reliance upon third-party vendors, OCIE observed as follows:
Noting the critical importance of effective employee training to generate better awareness of their activities and to create a culture of cyber awareness and readiness, OCIE noted the following:
On November 25, 2019, the SEC approved for publication a three-part rule proposal related to the use of derivatives and certain other transactions by registered investment companies (i.e., open-end funds other than money market funds; closed-end funds; and ETFs and business development companies). The proposal includes: (1) new Rule 18f-4 under the 1940 Act; (2) new rules relating to leveraged/inverse funds and vehicles, including sales practices rules under the Securities Exchange Act of 1934 (the Exchange Act) and the Investment Advisors Act of 1940 (the Advisors Act) and a related rule amendment to Rule 6c-11 under the 1940 Act relating to leveraged/inverse exchange-traded funds; and (3) related fund reporting form amendments (i .e, Form N-PORT, Form N-LIQUID, Form N-CEN and Form N-2).
Rule 18f-4 would provide an exemption from the applicable restrictions on issuing “senior securities” under Sections 18 and 61 of the 1940 Act, allowing funds to enter into certain transactions that create leverage, subject to certain specified conditions. Rule 18f-4 would treat separately a fund’s “derivatives transactions” (i.e. transactions in derivatives instruments involving a potential future payment or delivery obligation and short sale borrowings), reverse repurchase agreements and other “similar financing transactions,” and unfunded commitment agreements, and would subject each category of fund transactions to different conditions.
For most funds engaging in derivatives transactions, the conditions would require that: (i) the fund adopt and implement a written derivatives risk management program; (ii) the board (including a majority of directors who are not interested persons of the fund) approve a derivatives risk manager, who would be required to administer the fund’s derivatives risk management program and provide certain reports to the board; and (iii) the fund comply with limits on fund leverage risk such that the fund’s value at risk (VaR) could not exceed 150 percent of the VaR of a “designated reference index” that the derivatives risk manager identifies, or the fund’s VaR not exceed 15 percent of the value of the fund’s net assets if there is no appropriate index. A fund that only trades a limited amount of derivatives as specified in the rule would not need to adopt a derivatives risk management program or be subject to the risk management limits, subject to certain different conditions. A fund that is a “leveraged/inverse investment vehicle” would not be required to comply with the limit on fund leverage risk requirements, subject to alternative conditions.
A fund would be permitted to enter into reverse repurchase agreements and similar financing transactions if the fund complies with the asset coverage requirements under section 18 of the 1940 Act with respect to such transactions on an aggregate basis with any other senior securities representing indebtedness when calculating the asset coverage ratio.
A fund would be permitted to enter into an unfunded commitment agreement if the fund reasonably believes, at the time it enters such agreement, that it will have sufficient cash and cash equivalents to meet its obligations with respect to all of its unfunded commitment agreements as they come due, subject to certain limitations and guidelines.
The SEC proposed Rule 15l-2 under the Exchange Act and Rule 211(h)-1 under the Advisors Act - new “sales practices” rules that would require broker-dealers and investment advisors, as well as their associated persons who are natural persons, to exercise specified due diligence on “retail investors” prior to approving their account for trading in inverse/leveraged investment vehicles or placing or accepting such trades from a retail investor. The proposed rules also would require firms to adopt written sales practices, policies and procedures specific to these investments, and to maintain certain records. Significantly, the proposed sales practices rules would apply without regard to whether a recommendation or investment advice is provided to the retail investor, and so would apply even to self-directed brokerage transactions.
As a related matter, the SEC is also proposing to rescind Release 10666 (the asset segregation currently required for certain transactions under the SEC’s prior guidance relating to the use of transactions that create leverage), and SEC staff are reviewing certain of its other guidance in this area for possible withdrawal.
The proposing release states that the SEC would expect to provide a one-year transition period after the publication of any final rule in the Federal Register, while funds prepare to come into compliance with Rule 18f-4 before Release 10666 is withdrawn. The proposing release sets forth a number of requests for comment regarding each element of the proposed rule changes. The public comment period will remain open through March 24, 2020.
On November 7, 2019, OCIE issued a Risk Alert in which it discussed “the most often cited deficiencies and weaknesses” observed by its staff during its most recent examinations of nearly 300 investment companies registered under the 1940 Act. The Risk Alert also provides staff observations following OCIE’s review of money market funds and target date funds. The Risk Alert covers a two-year period and provides general compliance observations applicable to funds as well as more specific observations regarding money market funds and target date fund compliance.
According to the Risk Alert, the most frequently cited deficiencies involving funds related to: (i) the Fund Compliance Rule (Rule 38a-1 under the 1940 Act); (ii) disclosure to investors; (iii) the board approval process for advisory contracts (pursuant to Section 15(c) of the 1940 Act); and (iv) fund Codes of Ethics (Rule 17j-l under the 1940 Act).
On January 7, 2020, OCIE announced its examination priorities for 2020. Consistent with prior years, OCIE’s priorities focus on the protection of retail investors, including seniors and those saving for retirement. In addition, OCIE indicated that it will also be focusing its examinations on compliance by broker-dealers and investment advisors with the SEC’s newly adopted Form CRS Relationship Summary and applicable standards of conduct under Regulation Best Interest (Regulation BI) and the Interpretation Regarding Standard of Conduct for Investment Advisors.
The priorities relevant to investment companies and investment advisors also include examinations related to:
COVID-19 has had and will continue to have impacts on virtually every corporation in Canada and globally.
As business resumes in the workplace and circumstances change, American companies must be ready.