Sep. 26, 2019

Engaging With the California Consumer Privacy Act: How Hedge Fund Managers Can Evaluate Whether They Are Subject to the New Law (Part One of Two)

The California Consumer Privacy Act of 2018 (CCPA or Act) is set to become largely effective on January 1, 2020. At first blush, hedge fund managers – particularly those without offices in the state of California – may be tempted to assume that a privacy statute designed to protect “California consumers” does not apply to them. Upon closer inspection of the Act, however, many private fund managers are coming to appreciate the broad reaches of the CCPA and recognizing that the Act may in fact apply to their advisory businesses, requiring them to comply with various affirmative notice obligations and subjecting them to potential private litigation for failing to implement and maintain reasonable security practices and procedures. In a recent interview with the Hedge Fund Law Report, Ropes & Gray partner Melissa Bender and counsel Catherine Skulan discussed how the CCPA will affect the businesses of private fund managers. This first article in our two-part series presents their insights on how fund managers can determine whether they are subject to the CCPA, including a detailed discussion of how the carve-out for entities subject to the Gramm-Leach-Bliley Act will provide some, but likely not complete, relief from compliance with the CCPA. The second article will provide their thoughts on how fund managers can complete data-mapping exercises and outline next steps for managers that believe they are subject to the CCPA. For more on data privacy regimes, see “How Fund Managers Should Prepare for the Cayman Islands Data Protection Law” (Sep. 12, 2019); and “How Fund Managers Can Navigate the E.U. General Data Protection Regulation and the Cayman Islands Data Protection Law” (Aug. 9, 2018).

Non‑Disclosure Provisions in Settlement Agreements in the Wake of #MeToo

The #MeToo movement first gained traction in October 2017 following high-profile sexual abuse allegations against movie producer Harvey Weinstein. In the months that followed, hundreds of thousands of people posted their own stories of sexual harassment and abuse to social media using #MeToo, thus spurring legislators to act quickly in response. One area on which legislators focused was the use of non-disclosure provisions in confidential severance, separation and settlement agreements. In a guest article, Morgan Lewis partner Leni D. Battaglia discusses recent laws enacted in the states of California, New Jersey and New York – where many private fund managers have offices and employees – that restrict the use of non-disclosure provisions in settlement and other agreements with employees, as well as provides practical guidance on how fund managers can draft compliant non-disclosure provisions in those agreements. See “What Fund Managers Need to Know About the Legislative Response to #MeToo” (May 3, 2018); and “How Investment Managers Can Prevent and Manage Claims of Harassment in the Age of #MeToo” (Dec. 14, 2017). For additional insight from another Morgan Lewis partner on employment matters, see our three-part series: “Best Practices for Fund Managers to Develop an Employee Discipline Framework That Fosters Predictability in the Face of Inconsistent Laws” (Feb. 8, 2018); “Best Practices for Fund Managers When Investigating and Documenting Employee Discipline” (Feb. 15, 2018); and “Best Practices for Fund Managers to Ensure a Fair Process When Disciplining Employees” (Feb. 22, 2018).

How Fund Managers Can Navigate the Final Changes to GIPS 2020 and Prepare for Its Implementation (Part One of Two)

The Global Investment Performance Standards (GIPS) are voluntary standards for the calculation and reporting of investment performance. An updated version of those standards (GIPS 2020) takes effect at the beginning of next year. A recent program hosted by K&L Gates and The Spaulding Group explained the fundamental changes included in GIPS 2020, ways those changes differ from the August 31, 2018, exposure draft and steps advisers should take to prepare for the new regime. The program featured Jennifer Barnette, vice president of The Spaulding Group; Michael S. Caccese, K&L Gates management committee chair; and Michael W. McGrath, partner at K&L Gates. This article, the first in a two-part series, synthesizes the panelists’ insights on, among other topics, the new GIPS framework; composites versus pooled funds; and the use of money-weighted returns in calculating and presenting performance. The second article will discuss GIPS reports, portability of track records, carve-outs, verification standards, advertising guidelines and other issues of particular relevance to fund managers. See “The Ins and Outs of GIPS Compliance: What Hedge Fund Managers Need to Know About the Voluntary Standards and Pending Revisions” (Aug. 30, 2018).

Strategies and Tactics for Conducting an Effective Tabletop Exercise (Part Two of Two)

In a recent webinar, entitled “Conducting an Effective Tabletop Exercise,” the Hedge Fund Law Report, along with its sister product, the Cybersecurity Law Report, investigated how firms should develop and conduct tabletop exercises – necessary tools for testing the functionality of a firm’s incident response plan and identifying gaps and other weaknesses in the firm’s cyber preparedness. The program was moderated by Shaw Horton, Associate Editor of the Hedge Fund Law Report, and featured Luke Dembosky, partner at Debevoise & Plimpton and former DOJ prosecutor; John “Four” Flynn, chief information security officer of Uber; and Jill Abitbol, Senior Editor of the Cybersecurity Law Report. This article, the second in a two-part series, outlines ways advisers can successfully conduct tabletop exercises, including their content and scope; participant engagement; common errors; and follow-up. The first article addressed how fund managers can effectively develop tabletop exercises, including whether they should be conducted in-house or externally; who should participate; what role counsel should play; and how frequent and long they should be. See “Panel Addresses Regulatory Compliance and Practical Elements of Cybersecurity Testing”: Part One (May 21, 2015); and Part Two (May 28, 2015).

Lack of Auditor Independence Continues to Plague Advisers Under the Custody Rule

Rule 206(4)‑2 – the so-called “custody rule” – under the Investment Advisers Act of 1940 requires SEC-registered investment advisers that are deemed to have custody of client funds and securities under the rule to have those assets verified through a surprise annual examination. In lieu of the surprise examination, an adviser to a pooled investment vehicle may engage an “independent public accountant” to conduct an annual audit of the fund’s financial statements and deliver the audited financials to investors within 120 days after the end of the fund’s fiscal year. Other SEC regulations require broker-dealers, public issuers and certain employee benefit plans to file financial statements that have been prepared by an independent auditor. Lack of auditor independence, even if inadvertent, can result in a violation of these requirements. The SEC recently imposed significant sanctions on an accounting firm that allegedly caused numerous violations of the custody rule and other SEC rules by 15 of its clients by performing audits when it was not actually independent. The SEC claimed that these deficiencies were caused by poor quality controls around auditor independence, including inadequate procedures, systems and training. This article analyzes the relevant independence requirements and the terms of the settlement order. See “Advisers Must Ensure Auditor Independence to Satisfy Custody Rule” (Nov. 1, 2018); and “The Importance of Exercising Due Diligence When Hiring Auditors and Other Vendors” (Jun. 21, 2018).