Edward Eisert

Senior Counsel

New York


Read full biography at www.orrick.com
Edward G. Eisert, a senior counsel in the New York office, is a member of the Corporate Group. He focuses his practice on investment management, financial products and regulatory compliance.

He represents U.S. and non-U.S. domiciled financial institutions in a wide array of matters spanning his practice specialties. Ed’s experience includes the structuring and re-structuring of private investment funds and other financial products; the formation and operations of investment advisers and broker-dealers; cross-border broker-dealer, investment adviser and bank regulatory issues; and advice regarding applications of blockchain technology and the regulation of digital assets.

Before joining Orrick, Ed was the General Corporate Counsel of Fiduciary Trust Company International, a subsidiary of Franklin Templeton Investments, and also served as the initial AML Compliance Officer of Fiduciary Trust.

Posts by: Edward Eisert

SEC Office of Compliance Inspections and Examinations Publishes Observations on Cybersecurity and Resiliency Practices

 

On January 27, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued observations gleaned from its examinations related to cybersecurity and operational resiliency practices taken by market participants (the “Observations”). The Observations impact the entire securities industry because OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.

The Observations cover a broad range of operations in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They highlight specific examples of cybersecurity and operational resiliency practices and controls that organizations have taken to safeguard against threats and respond in the event of an incident.

Organizations subject to examination by OCIE should expect that the primary elements highlighted will be a focus of routine, as well as targeted examinations. The Observations are best regarded as a set of “best practices” that should be considered by regulated organizations in developing, implementing and monitoring the effectiveness of their own compliance programs.

The following are selected excerpts from the Observations that we believe are the most significant. A complete copy of the Observations can be found here.

Governance and Risk Management

OCIE emphasized that effective compliance programs “start with the right tone at the top.” As a top priority of any examination, senior leaders should be committed to improving their organization’s cyber posture through working with others to understand, prioritize, communicate, and mitigate cybersecurity risks.

OCIE observes that a key element is the incorporation of a governance and risk management program that generally includes, among other things: (i) a risk assessment to identify, analyze, and prioritize cybersecurity risks to the organization; (ii) written cybersecurity policies and procedures to address those risks; and (iii) the effective implementation and enforcement of those policies and procedures.

Access Rights and Controls

OCIE observes that “access rights and controls” are used to identify and determine who are the appropriate users within an organization who should have access to organization systems based on job responsibilities. Access controls generally include: (i) understanding the location of data, including client information, throughout an organization; (ii) restricting access to systems and data to authorized users; and (iii) establishing appropriate controls to prevent and monitor for unauthorized access.

Data Loss Prevention

“Data loss prevention,” as conceived by OCIE, typically includes a set of tools and processes an organization uses to ensure that sensitive data, including client information, is not lost, misused, or accessed by unauthorized users.

Mobile Security

Mobile devices and applications may create additional and unique vulnerabilities. Examples of the mobile security measures OCIE has observed include the following elements: (i) establishing specific policies and procedures for the use of mobile devices, including managing the use of mobile devices., e.g., the compliance program addresses the special concerns that are presented when employees are permitted to use their own mobile devices in performing business functions; (ii) implementing security measures; (iii) training employees, including training employees on mobile device policies; and (iv) effective practices to protect mobile devices.

Incident Response and Resiliency

OCIE notes the importance of a compliance program including the following elements: (i) the timely detection and appropriate disclosure of material information regarding incidents; and (ii) assessing the appropriateness of corrective actions taken in response to incidents. OCIE emphasized that an important component of an incident response plan is a business continuity plan and resiliency plan that addresses how quickly the organization could recover and again safely serve clients if the operations of the organization were materially disrupted.

Vendor Management

OCIE found that practices and controls related to vendor management generally include policies and procedures related to: (i) conducting due diligence for vendor selection; (ii) monitoring and overseeing vendors, and contract terms; (iii) assessing how vendor relationships are considered as part of the organization’s ongoing risk assessment process as well as how the organization determines the appropriate level of due diligence to conduct on a vendor; and (iv) assessing how vendors protect any accessible client information.

Training and Awareness

Training and awareness are key components of cybersecurity programs. Training provides employees with information concerning cyber risks and responsibilities and heightens awareness of cyber threats.

OCIE has observed the following practices used by organizations in the area of cybersecurity training and awareness: (i) training staff to implement the organization’s cybersecurity policies and procedures and engaging the workforce to build a culture of cybersecurity readiness and operational resiliency; (ii) providing specific cybersecurity and resiliency training, including preventive measures in training, such as identifying and responding to indicators of breaches, and obtaining customer confirmation if behavior appears suspicious; (iii) monitoring to ensure employees attend training and assessing the effectiveness of training; and (iv) continuously re-evaluating and updating training programs based on cyber-threat intelligence.

SEC Proposes Amending the Definition of “Accredited Investor”

 

On December 18, the Securities and Exchange Commission by a three to two vote, voted to propose amendments to the definition of “accredited investor,” one of the principal tests applied under the federal securities laws for determining who is eligible to participate in transactions that are not required to be registered with the SEC. Such transactions are commonly referred to as “private capital markets” transactions. In the words of the SEC, the proposal “seeks to update and improve the definition to more effectively identify institutional and individual investors that have the knowledge and expertise to participate in our private capital markets.”

In announcing the proposal, Jay Clayton, Chairman of the SEC, asserted that: “The current test for individual accredited investor status takes a binary approach to who does and does not qualify based only a person’s income or net worth. . . The proposal would add other means for natural persons to qualify to participate in our private capital markets based on established, clear measures of financial sophistication . . . .” For example, natural persons could qualify as accredited investors based on their professional knowledge and experience, as evidenced by them having obtained professional certifications. Another welcomed aspect of the proposal highlighted by the Chairman is that it “specifically recognizes that certain organizations, such as tribal governments, should not be restricted from participating in private capital markets” transactions if they meet certain investment thresholds. Proposed Rule.

Posted in SEC

SEC Announces Three New Rulemakings

 

On September 26, the Securities and Exchange Commission (SEC) announced three significant rulemakings. Summarized in a Public Statement by Chairman Jay Clayton, they are designed to achieve the following objectives.

  • The Modernization of the Approval Framework for ETFs. This new rule: “(1) sets forth a clear and consistent framework that will allow exchange-traded funds (ETFs) meeting certain standardized conditions to come to market without obtaining an individualized exemptive order, and (2) amends certain forms to enhance disclosures for investors.”
  • The Expansion of “Testing-the-Waters” Communications to All Issuers. This new rule: “will extend to all issuers the flexibility provided by the JOBS Act to communicate with institutional investors about potential IPOs and other registered offerings to better gauge market interest.”
  • The Enhancement of the Regulation of the OTC Markets. These proposed amendments to the rules governing the publication of quotations for over-the-counter (OTC) securities are “designed to better protect investors from fraud and manipulation, while at the same time facilitating more efficient OTC trading in certain well-capitalized issuers.”

Chairman Clayton emphasized that these rulemakings “share common themes.” Foremost, they “modernize decades-old regulations . . . taking account of our experience, advances in communications technology and changes in the operation of our markets.” Significantly, these “common sense actions better align our regulations with the preferences and investor protection interests of our long-term Main Street investors, while also facilitating capital formation.”

Amendments to the Volcker Rule are Adopted but Leave Much to be Done

 

On September 18, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (the Board), the Federal Deposit Insurance Corporation, the Securities and Exchange Commission and the Commodity Futures Trading Commission  (collectively, the Agencies) adopted amendments to the 2013 rules (the 2013 Rules) under Section 13 of the Bank Holding Company Act (BHC), commonly known as the Volcker Rule (the 2019 Amendments).

The Volcker Rule and the 2019 Amendments.  The Volcker Rule imposes complex restrictions on the ability of a “banking entity” and a “nonbank financial company” supervised by the Board to engage in proprietary trading and to have certain interests in, or relationships with, non-registered, private funds, such as hedge funds and private equity funds (each, a Covered Fund).[i] As stated in the Release adopting the 2019 Amendments (the Release),[ii] the “amendments are intended to provide banking entities with clarity about what activities are prohibited and to improve supervision and implementation of section 13.”   The Release provides that banking entities must comply with the final amendments by January 1, 2021 and that the 2013 Rules will remain in effect until their compliance date. Alternatively, the Release provides that a banking entity may voluntarily comply, in whole or in part, with the 2019 Amendments prior to the compliance date, “subject to the agencies’ completion of necessary technological changes.”

The 2019 Amendments are based upon the amendments proposed by the Agencies in May 2018 (the 2018 Proposal). As was the case with respect to the 2018 Proposal, the most significant aspects of the 2019 Amendments relate to the proprietary trading provisions of the Volcker Rule, and specifically the definition of “trading account.”[iii]  An analysis of the trading provisions is beyond the scope of this overview. The following is a brief summary of the provisions of the 2019 Amendments that relate specifically to “Covered Funds.”

Covered Fund Provisions. As noted in the Release, the restrictions imposed on banking entities with respect to a Covered Fund are “designed to ensure that banking entities do not rescue investors in those funds from loss, and do not guarantee nor expose themselves to significant losses due to investments in or other relationships with these funds.”[iv] The 2019 Amendments, however, are a work-in-progress; they do not cover any aspects of the Covered Fund provisions of the 2018 Proposal for which specific rule text was not proposed.

The Release notes that: “the [A]gencies intend to issue an additional notice of proposed rulemaking that would propose additional, specific changes to the restrictions on covered fund investments and activities and other issues related to the treatment of investment funds under the regulations implementing section 13 of the BHC Act.”[v]

For example, the 2018 Proposal sought comment on the Volcker Rule’s general approach to defining the term “Covered Fund,” as well as the existing exclusions from the Covered Fund definition and potential new exclusions from this definition.” However, “[i]n light of the number and complexity of issues under consideration,” the Agencies did not take definitive action on those  issues and merely stated their intent “to address these and other comments received on the covered fund provisions in a subsequent proposed rulemaking.”[vi]

Notwithstanding this vacillation, the Agencies did adopt as proposed the few specific Covered Funds changes in the 2018 Proposal, including:

Risk-Mitigating Hedging: The 2019 Amendments permit banking entities to acquire and retain ownership interests in Covered Funds to hedge certain customer-driven transactions, including for fund-linked products. The Agencies also adopted without change the elimination of the requirement that a risk mitigating hedging transaction “demonstrably” reduces or otherwise significantly mitigates the relevant risks.[vii]

Market Making and Underwriting: The Agencies eliminated the aggregate fund limit and the capital deduction requirement for the value of ownership interests in third-party Covered Funds acquired or retained in accordance with the underwriting or market-making exemption (i.e., Covered Funds that the banking entity does not advise or organize and offer. The Agencies stated that they believe that this change will better align the compliance requirements for underwriting and market making involving Covered Funds with the risks those activities entail.[viii]

Solely Outside the United States: The 2013 Rule imposed several conditions on the availability of the exemption that permits foreign banking entities to acquire or retain an ownership interest in, or act as sponsor to, a Covered Fund, provided that those activities and investments occur solely outside of the United States and certain other conditions are met. Those conditions included that “no financing for the banking entity’s ownership or sponsorship is provided, directly or indirectly by any branch or affiliate that is located in the United States or organized under the laws of the United States or of any State.”  The Agencies adopted without change the proposal to remove the financing condition.[ix]

More to Come, But When? As noted above, the amendment of the Volcker Rule with respect to the Covered Fund issues is a work-in-progress without any deadline for completion. In the meantime, banking entities and their counterparties having relationships and holding interests in a Covered Fund must continue to proceed cautiously taking into consideration the complex provisions of the 2019 Amendments.

Please do not hesitate to contact Edward G. Eisert, Senior Counsel, at [email protected] with any questions that arise.


[i] As defined in the 2013 Rules, a “covered fund” includes:  “an issuer that would be an investment company, as defined in the Investment Company Act of 1940 . . . but for section 3(c)(1) or 3(c)(7) of that Act . . . .” and certain commodity pools under the Commodity Exchange Act.

[ii] A copy of the entire Release can be found here

[iii] As stated in the Release: “The definition of ‘trading account’ is a threshold definition that determines whether the purchase or sale of a financial instrument by a banking entity is subject to the restrictions and requirements of section 13 of the BHC Act and the 2013 rule.”  The BHC, in turn, provides a complex definition of “trading account” to mean: “any account used for acquiring or taking positions in [certain securities and instruments] principally for the purpose of selling in the near term (or otherwise with the intent to resell in order to profit from short-term price movements), and any such other accounts as the [A]gencies, by rule determine.”  IV. Section by Section Summary of the Final Rule,  Subpart B—Proprietary Trading Restrictions.

[iv] Section I. Background.

[v] Section III.  Overview of the Final Rule and Modifications from the Proposal, A. The Final Rule.

[vi] IV. Section by Section Summary of the Final Rule, Subpart C – Covered Fund Activities and Investments, 1. Overview of Agencies’Approach to the Covered Fund Provisions.

[vii] IV. Section by Section Summary of the Final Rule, Subpart C – Covered Fund Activities and Investments,  3.  Section __.13:  Other Permitted Covered Fund Activities, a. Permitted Risk-Mitigating Hedges.

[viii] IV. Section by Section Summary of the Final Rule, Subpart C – Covered Fund Activities and Investments, 2.  Section _.11 Permitted Organizing and Offering, Undeerwriting and Market Making with Respect to a Covererd Fund.

[ix] IV. Section by Section Summary of the Final Rule, Subpart C – Covered Fund Activities and Investments, 3.  Section __.13:  Other Permitted Covered Fund Activities, b. Permitted Covered Fund Activities and Investments Outside the United States.

SEC Staff Observation from Examinations of Investment Advisers

 

On July 23, the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert on its “Observations from Examinations of Investment Advisers: Compliance, Supervision, and Disclosure of Conflicts of Interest.” The purpose of this Risk Alert is to raise awareness of certain compliance issues that OCIE observed by sharing the Staff’s observations from these examinations. The Risk Alert provides a good summary of the Staff’s observations across a broad range of compliance topics, but emphasized its specific observations relating to employees or prospective employees with disciplinary histories. As stated by the Staff: “the key takeaway is that OCIE encourages advisers, when designing and implementing their compliance and supervision frameworks, to consider the risks presented by hiring and employing supervised persons with disciplinary histories and adopt policies and procedures to address those risks.” Risk Alert.

Settlements of SEC Registration Charges with Two ICO Issuers Serve as Warning and Compliance Models

 

On November 16, the Securities Exchange Commission (“SEC“) announced settled charges against two companies that sold digital tokens in initial coin offerings (“ICOs“). According to the Press Release announcing these settlements, these are the Commission’s first cases imposing civil penalties solely for ICO securities offering registration violations. The remedies agreed to include the return of funds to harmed investors, the registration of the tokens as securities under the Securities Exchange Act of 1934, the filing of periodic reports with the Commission, and the payment of $ 250,000 as a monetary penalty. READ MORE

SEC Charges EtherDelta Founder with Operating an Unregistered Securities Exchange

 

On November 8, the Securities and Exchange Commission (“SEC“) announced that it has settled charges against Zachary Coburn, the founder of EtherDelta, a digital token trading platform. Significantly, this is the SEC’s first enforcement action based on findings that such a platform operated as an unregistered national securities exchange. The SEC has previously brought enforcement actions relating to unregistered broker-dealers and unregistered Initial Coin Offerings (“ICOs“), including some of the tokens traded on EtherDelta.

According to the SEC’s order, EtherDelta is an online platform for secondary market trading of ERC20 tokens, a type of blockchain-based token commonly issued in ICOs. The order found that Coburn caused EtherDelta to operate as an unregistered national securities exchange.

As stated in the Press Release and Order, EtherDelta provided a marketplace for bringing together buyers and sellers for digital asset securities through the combined use of an order book, a website that displayed orders, and a “smart contract” run on the Ethereum blockchain. Most notably, over an 18-month period, EtherDelta’s users executed more than 3.6 million orders for ERC20 tokens, including tokens that are securities under the federal securities law. Notably, the SEC did not identify the specific tokens it found to be securities or the salient characteristics thereof.

Therefore, EtherDelta acted as an online national securities exchange and was required to register with the SEC or qualify for an exemption.

The SEC’s investigation is ongoing.

DFS Authorizes Coinbase Global, Inc. to Form Coinbase Custody Trust Company LLC

 

On October 23, the Superintendent of the New York State Department of Financial Services (“DFS“) announced that the DFS has approved the application of Coinbase Custody Trust Company LLC, a wholly-owned subsidiary of Coinbase Global, Inc., to operate as a limited purpose trust company. The announcement also notes that Coinbase Inc. has held Money Transmitter and Virtual Currency licenses from DFS since January 2017 and DFS approved Coinbase Trust to offer secure custody services for six of the largest virtual currencies: Bitcoin, Bitcoin Cash, Ethereum, Ether Classic, XRP and Litecoin. Release.

CFTC Proposes to Streamline Regulations for Commodity Pool Operators and Commodity Trading Advisors

 

On October 9, the Commodity Futures Trading Commission (“CFTC“) unanimously approved proposed rules as a part of its KISS initiative to simplify regulations for commodity pool operators (“CPOs“) and commodity trading advisors (“CTAs“). The KISS initiative “requested public input on simplifying and modernizing the agency’s regulations to make them less burdensome and costly, while maintaining their regulatory benefits.” READ MORE

SEC Disapproves the Listing and Trading of Nine Bitcoin Related Exchange Traded Products

 

On August 22, 2018, the SEC released three Orders, acting through authority delegated to the Division of Trading and Markets, that disapproved: (i) a proposed rule change application by NYSE Acra, Inc. that would have permitted it to list and trade the shares of the ProShares Bitcoin ETF and the ProShares Short Bitcoin ETF; (ii) a proposed rule change application by NYSE Acra, Inc. that would have permitted it to list and trade shares of five exchange-traded products of the Direxion Shares ETF Trust II; and (iii) a proposed rule change application by the Cboe BZX Exchange, Inc. that would have permitted it to list and trade two classes of shares of funds of the GraniteShares ETP Trust. READ MORE