Dec. 21, 2023

Compliance Corner Q1‑2024: Regulatory Filings and Other Considerations Hedge Fund Advisers Should Note in the Coming Quarter

This twenty-seventh installment of the Hedge Fund Law Report’s quarterly compliance update highlights upcoming filing deadlines and reporting requirements fund managers should be aware of during the first quarter of 2024. This guest article by ACA Group consultants Grazia Gatti, Luis Garcia and Dan Campbell also discusses highlights of the SEC’s 2024 Examination Priorities, new Form SHO requirements for advisers and the amended timing of beneficial ownership reporting. For more from the ACA, see “Improving Compliance Programs With Gap Analysis and Risk Assessments” (Oct. 26, 2023).

CFTC Enforcement Advisory Portends Higher Penalties, Admissions and Greater Use of Monitors

The CFTC Division of Enforcement (Division) recently released an enforcement advisory (Advisory) containing guidance for its staff on topics including penalty amounts; imposition of monitors or consultants; and required admissions of misconduct. By taking a tougher approach to certain resolutions, the Division seeks to ensure accountability and minimize future misconduct. This article examines the Advisory and associated statements by CFTC Director of Enforcement Ian McGinley and Commissioner Christy Goldsmith Romero, with commentary from former CFTC attorney Elizabeth Lan Davis, now a partner at Davis Wright Tremaine LLP. See “CFTC Enforcement Report Reflects Strong Focus on Digital Assets” (Dec. 22, 2022).

Hedge Fund Founder Challenges Firm’s Post-Employment Access to His Home Computer

In an action filed in the U.S. District Court for the Southern District of New York (Court) arising out of a messy hedge fund divorce, the founder of the hedge fund alleged that his former firm wrongfully accessed his home computer after terminating his employment, thereby violating the Computer Fraud and Abuse Act (CFAA), the Stored Communications Act (SCA) and the Wiretap Act and committing common law property torts. In response, the firm entities and principals asserted that the founder had breached a covenant not to compete and other employment-related duties; misappropriated trade secrets; and violated the CFAA, the SCA and the Defend Trade Secrets Act. Following cross-motions for summary judgment, the Court dismissed most of the founder’s claims and certain firm counterclaims, as well as its novel defense that it required access to the founder’s computer to comply with its regulatory obligations. This article discusses the Court’s decision, with commentary from Akin Gump partners Peter I. Altman, Natasha G. Kohne and Richard J. Rabin. See “HFLR Program Looks at Recent Developments and Trends in Employment Law Relevant to Fund Managers” (Jul. 26, 2018); and “Best Practices for Fund Managers to Mitigate Litigation and Regulatory Risk Before Terminating Employees” (Feb. 9, 2017).

Considerations for Managing Third-Party Cyber Risks

No matter how much a company invests in its own cybersecurity program, vulnerabilities at a vendor or other third party can lead to compromises of the company’s data and potentially significant liabilities. Managing third-party risk and the responsibility of overseeing vendors is a challenge for many companies. Based on insights presented during a Davis Wright Tremaine webinar, this article addresses regulatory obligations for managing third-party risks; identifying and prioritizing those risks; and core elements of an effective third-party risk management program, including documenting those efforts. See “Checklist for Framing and Assessing Third-Party Privacy and Information Security Risk” (Sep. 28, 2023).

SEC Charges Boyfriend and Broker With Trading on Inside Information From Girlfriend’s Computer

The SEC and FINRA have powerful tools to detect abusive trading practices, and insider trading remains a perennial target for them. The SEC recently commenced a civil enforcement action against the CCO of an international payment processing company and a stockbroker acquaintance for trading on the basis of material nonpublic information (MNPI) pertaining to public companies that were acquisition targets. Notably, the CCO obtained MNPI about the four potential transactions from the unattended computer of his live-in girlfriend, an investment bank employee who was working from home during the pandemic. The action illustrates the considerable challenges investment firms face in monitoring the conduct of their remote employees. This article details the SEC’s allegations and the parallel criminal charges. See “Risk Alert Cites Compliance Issues Regarding Advisers’ Handling of MNPI” (May 19, 2022); as well as our two-part series on insider trading regulatory and enforcement environments: “SEC Information Gathering and Enforcement” (Jul. 8, 2021); and “Appropriate Policies and Procedures” (Jul. 15, 2021).