Can’t we just ask the regulator?: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{a|devil|{{image|Conundrum with Whiteboard|png|“Conundrum with Whiteboard”. {{vsr|1995}}}}}}It is well known and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way towards market governance.  
{{a|devil|{{wmc|Day 185 - West Midlands Police - PC Blakeman c.1962 (7493222314).jpg|}}}}{{smallcaps|It is well-known}} and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way to the future:  


“Do what thou wilt shall be the whole of the Law”.  
{{Quote|“''Do what thou wilt shall be the whole of the Law''”.}}


The world of modern finance was unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland scalping unwitting customers — “ripping customers’ faces off” was the vogue term, come to think of it —unrestrained by official hand.
Modern finance was once unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland, scalping unwitting customers — “ripping customers’ faces off” was the vogue term — unrestrained by official hand.  


This, contemporary [[thought leader]]<nowiki/>s believed, was best for everyone, in the long run. “Government is not the solution to our problem; government ''is'' the problem,” as Ronald Reagan famously put it.
This, contemporary [[thought leader]]<nowiki/>s believed, was best for everyone, in the long run. “Government is not the solution to our problem; government ''is'' the problem,” Ronald Reagan once famously put it. Javier Milei {{Plainlink|https://www.weforum.org/events/world-economic-forum-annual-meeting-2024/sessions/special-address-by-javier-milei-president-of-argentina/|did again — without attribution — at the WEF in 2024}}, but he feels like a man out of time.


In recent times this carefree impulse has fallen on stony ground. Of course it has: to survive its own auto-destruction, any new programme must self-organise: that founding spirit of optimistic anarchy will resolve to well-meant gentle governance which in time will calcify into impenetrable rules, etiquettes and ways of operating [[calculated]] to maintain the emergent power structure around the programme. This happened to the fifties, to rock ’n’ roll, in the noughties to the internet, it’s happening to crypto right now and will happen to AI at some point in the future — as long as Skynet doesn’t happen first.
For in recent times — President Milei’s remarks notwithstanding — this carefree impulse has fallen on stony ground. Of course it has: to survive its auto-destruction, any new programme must self-organise: its founding spirit of optimistic anarchy will resolve into well-meant, gentle governance which, in time, will freeze into an impenetrable tundra of rules, etiquettes and ways of behaving, all loosely [[calculated]] to maintain and strengthen the [[power structure]] as it emerges around the programme.


The financial markets are the same: the libertine laissez-faire of the eighties that made all this possible has given way to utter technocracy.  
This happened to the nineteen-fifties, to rock ’n’ roll, to the internet, it’s happening to crypto right now and, if Skynet doesn’t happen first, it will happen to [[AI]] before long.  


A freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that our every or financial impulse should be minutely monitored, reported, and regulated.  
The financial markets are the same, only on a loop: the free-wheeling 1920s gave way, via the shock of the Great Depression, to sober, careful regulation. From there a mid-century of cold war in the East and warm steady growth in the West gave way to the libertine laissez-faire eighties, the [[The End of History and the Last Man|End of History]] itself in the nineties, and that decayed into late-stage freewheeling techno-anarchy in the noughties. 
 
It all fetched up, back where it started, upon the rocks of the [[Global Financial Crisis]], whereupon the cycle began again. Detailed, rules-based regulation was back in style. 
 
Twenty years on, [[We are all Keynesians now|we are all technocrats now]]: a freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that, because it can be, our every financial impulse should be minutely monitored, reported, and ''regulated''. An industrial estate has taken root around this business of ''administering'' things.  
===The theory===
===The theory===
And that is fine. Being a pragmatist, it is not the [[Jolly Contrarian|JC]]’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical [[certainty]] requires them to be as plain, clear and actionable as they can be. The world is [[Certainty|uncertain]] and [[Complexity|non-linear]] enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt what we can and cannot do. We should not be held hostage for the consequence of acting in a case of genuine doubt.   
And that is fine. Being a pragmatist, it is not the [[Jolly Contrarian|JC]]’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical [[certainty]] requires them to be as plain, clear and actionable as they can be. The world is [[Certainty|uncertain]] and [[Complexity|non-linear]] enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt what we can and cannot do.  
 
Nor should we be held hostage for the consequence of the things we do when in honest and excusable doubt.   


Besides, wilfully leaving ''doubt'' in regulation creates an opportunity for doubt alleviators to extract ''rent''. Three-quarters of the UK’s £32bn legal services industry services the corporate sector.<ref>[https://docs.google.com/viewer?url=https%3A%2F%2Fwww.pwc.co.uk%2Findustries%2Fassets%2Fuk-legal-services-market-report-2022.pdf PWC UK Legal Services Market Report 2022]</ref>   
Besides, wilfully leaving ''doubt'' in regulation creates an opportunity for the enterprise of doubt alleviation to extract ''rent''. Three-quarters of the UK’s £32bn legal services industry services the corporate sector.<ref>[https://docs.google.com/viewer?url=https%3A%2F%2Fwww.pwc.co.uk%2Findustries%2Fassets%2Fuk-legal-services-market-report-2022.pdf PWC UK Legal Services Market Report 2022]</ref> That is easy to count. Less so is the difference it makes.  


Nor should rules be above criticism: times change, unintended consequences emerge, people make bad rules. Practitioners at the coal face are the first to apprehend them. They should not be loathe to point them out.   
Nor should rules be above criticism: times change, unintended consequences emerge and people make bad rules. Practitioners are the first to apprehend them. They should not be loathe to point them out.   


In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: everyone abides by the rules, and there is an easy and open process to challenge the ones that don’t work.
In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: every earnest firm abides by the rules, little time is therefore spent policing them, and there is an easy and open process to challenge the ones that don’t work.


===The reality===
===The reality===
The reality is that global regulation is a ''monstrous'' burden. Even sensible jurisdictions have a habit of mandating multiple regulators overseeing ostensibly the same territory ([[SEC]], [[CFTC]], FRB, FDIC in the US alone), and that is before we deal with the conundrum of cross-border regulation where conflicts and regulatory perimeters come into play, and the actions of supranational bodies such as the [[Basel Committee on Banking Supervision]].
The reality is different. Global regulation has become a ''monstrous, baffling, ineffective burden''. Even sensible jurisdictions mandate multiple regulators to oversee ostensibly the same territory ([[SEC]], [[CFTC]], FRB, FDIC in the US alone). That is before we deal with the conflicts of cross-border regulation and regulatory perimeters or the actions of supranational bodies such as the [[Basel Committee on Banking Supervision]].
 
This is licence enough for the advisory-industrial complex that has grown around money management, but it is made worse by regulators’ reluctance to be categorical, or even take a position on, what their own rules ''mean''.
 
Sure, regulators purport to render their rules in plain English, but often by way of aspiration rather than outcome. And, at the end of the day, if regulations ''are'' confusing the market, whether or not regulators believe it, this is reason enough to clarify them. If you can’t just rewrite them — a continually morphing regulatory textscape would be worse even than static rules no one understands — a regulator should at least be prepared to clarify and issue binding guidance about what its own rules to mean and how it intends to enforce them.
 
Continental tax authorities occasionally issue tax rulings. The SEC has been known to issue the odd “no-action letter”, more by way of forbearance from enforcement than enduring interpretation of its rules, though one eventually crystallises into the other. 
 
But these are exceptions. This is not, in the Anglo-Saxon markets, the done thing. There are no [[Bright-line test|bright lines]], after all. It is as if regulators are keeping the option to retrospectively smack down the regulated to suit the political climate. Perhaps they fear the [[precedent]] an erroneous ruling night create: their own staff — as prone to budget cuts, downskilling and outsourcing as the rest of us — might have no better idea what the rules are meant to mean than we do.
 
Perhaps the underfunded gamekeeper fears the poacher’s skill in finding loopholes and running around the spirit in which the rules were put in place.
 
Or, all of the above.
 
In any case, regulators will not generally tell you what they think their rules mean. On your own head be it. We think this is a pity.
 
Announcing ''after the fact'' what regulations mean and then prosecuting historical violations is, in essence, [[retrospective legislation]].
 
It also creates poor incentives all round. It ''encourages'' regulators to create ambiguous regulation — as you say,  this gives them [[plausible deniability]] should their subjects find loopholes — and it intermediates and institutionalises the [[advisory-industrial complex]].
 
An environment where merchants need professional advice to carry out [[Business as usual|their day-to-day business]] ''just to protect them from breaking the law'' is not working properly. Financial services, being concerned with lending colossal sums of money, has no shortage of call for lawyers already.
 
== JPMorgan, the NDA and the whistle-blowers ==
In related news we hear that, in January 2024, JPMorgan agreed to pay the [[SEC]] a US$18m fine for signing [[confidentiality agreement]]s that violated Rule 21F-17(a) of the [[Securities Exchange Act of 1934]].
 
This rule says no-one may not stifle “whistle-blowers”: citizens who wish to give the [[Securities and Exchange Commission|SEC]] information about possible securities law violations. Where this leads to conviction, whistle-blowers stand to be rewarded.
 
The settlement doesn’t seem to suggest that JPMorgan intended to, or actually did, use its NDAs to prevent anyone reporting securities violations. To the contrary, JPMorgan seems to have been rather good about self-reporting, whenever the need arose. Nor does the SEC allege anything ''was'' concealed from it. Rather, it is the [[The dog in the night time|dog in the night-time]]: since JPMorgan’s confidentiality agreements ''might'' have had that effect, or ''might'' have been used this way, the SEC [[Unknown unknown|can not now know what it does not know]].
 
That an NDA ''might'' have a “chilling effect” on a whistle-blower was enough of a pretext for the SEC to extract US$18m from JPMorgan. The threat of further action seems to have been enough of a pretext for JPM to just pay up. This all seems rather unfortunate for the rest of the market.
 
Firstly, be assured a wholesale re-engineering of the confidentiality agreement standard will shortly descend on us. NDAs are plenty long enough already: this will not make them shorter.
 
Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered.  The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. A universal principle is “you may disclose confidential information to regulators if asked, or compelled, to do so”.
 
This seems a prudent and reasonable standard.
 
Not according to the SEC, according to whom Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations ''if you feel like it''. Whether a regulator asks you or not. No-one is ''obliged'' to blow their whistle, however, so the market standard term would not, explicitly, allow that. You might try to get home with a general sweep-up like “this agreement is to be read to comply with all laws as they apply to the parties” but that is reaching a bit.
 
JPMorgan’s standard NDA — not, alas, the [[OneNDA]] — said:
{{Quote|“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”<ref>{{plainlink|https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf|SEC settlement order}}</ref>}}
Now as far as market standards go, this is pretty much on the money and, for US drafting, blessedly short: you can ''answer questions'' from regulators — with or without compulsion — but you can’t ''volunteer'' things they did not ask for. Well: it does not say you ''can'' volunteer things, at any rate. How this might be construed by a court is not the point: the “chilling effect” — the tendency to prevent disclosure in the first place — is all the SEC needed.  


This is licence enough for the military-industrial complex of legal, accounting and compliance advisors that have grown around the markets, but it is made worse by the reluctance of regulators to take a position on what their own rules mean. Continental tax authorities might occasionally issue, and agree to be bound by a tax ruling; the SEC issues the occasional “no-action letter” which is more by way of forbearance from enforcement of rules, rather than an interpretation of them. There are no [[Bright-line test|bright lines]].
Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a ''bad'' ''precedent''. Nothing in the {{Plainlink|https://www.sec.gov/news/press-release/2024-7|SEC’s press release}} indicates wilfulness on the bank’s part.  


Anyone in the business will know this is the aspiration of an utter fantasist. Anglo Saxon regulators wouldn’t dream of giving guidance, perhaps fearing the [[precedent]] an erroneous ruling night create, perhaps acknowledging that their own staff have no better idea what the rules are meant to mean than anyone else: they are as prone to budget cuts, outsourcing, and the dogma of management by data as anyone else.
So, firstly, JPMorgan is being fined, basically, for agreeing to a pretty standard NDA.


==== Cases in point ====
Secondly — a point Matt Levine makes with typical brio — is that this means that a securities law violation you can blow your whistle about — and be rewarded for under the whistle-blowing programme — is ''the very existence of a non-compliant NDA itself''.  
So we hear that JPMorgan has been fined for signing [[confidentiality agreement]]<nowiki/>s that violated Rule 21F-17(a) of the [[Securities Exchange Act of 1934]]<nowiki/>prohibiting action that impedes communication with the [[Securities and Exchange Commission|SEC]] about possible securities law violation. We don’t know the specifics, but it doesn’t seem to be alleged that Morgan intended this, or that it took any positive steps to enforce its NDAs in this way, but rather that the confidentiality agreements ''might'' have had that effect, or been used this way.


If that is right then we have a wholesale rewrite of confidentiality agreements about to descend on us. The NDA is a well understood beast: its principles are pretty standardised, even if their articulation is not. One principle is “you may disclose confidential information to a regulator if you are firmly asked for it, or compelled to do so”.
The NDA contravenes Rule 21F-17(a), after all. That is a violation of a securities law. You stand to gain by reporting it, in ostensible breach of its terms.


The SEC’s whistleblowing rule requires something more than that: you must be free to disclose information that may indicate securities law violations ''if you wish to''. There is no ''obligation'' on anyone to disclose violations, however, so an [[Confidentiality agreement|NDA]] drafted along market standard terms would not explicitly permit whistleblowing. You might try to get home if you have a general “this agreement is to be read to be consistent with all laws as they apply to the parties” but you are reaching a bit here.
But as above, in as much as they cleave to the market standard of only permitting disclosure to regulators when asked, ''all'' standard NDAs breach Rule 21F-17(a). Not because the market means to chill whistle-blowers, but because this ''never occurred'' to anyone before.


JP Morgan’s release said:
It would be interesting to know who planted the idea of this enforcement in the SEC caseworker’s head. We have all heard of lawyers chasing ambulances: here is the stranger case of an ambulance chasing lawyers.  
{{Quote|“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization, or as required by law.”<ref>{{plainlink|https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf|SEC settlement order}}</ref>}}
You can ''answer questions'' from regulators — without compulsion — but you can’t ''volunteer'' things they did not ask for.  


Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a ''bad'' precedent. Nothing in the {{Plainlink|https://www.sec.gov/news/press-release/2024-7|SEC’s press release}} about the fine indicates this is the case. So firstly, JPMorgan is being fined, basically, for agreeing pretty standard NDAs.
In another disturbing facet of US justice administration, JPMorgan has agreed to the settlement, a ''civil'' prosecution — don’t titter at the back, this is a thing in America — without admission or denial of liability, no doubt taking the pragmatic view that comparatively light fine, in financial services, is a doddle against the administrative hell and regulatory stress of contesting such a charge.  


Secondly, and it is a point Matt Levine makes with typical brio, this means that the securities law violation you can blow the whistle on — and be rewarded under the whistleblowing programme for — is ''the existence of the NDA itself''. The NDA contravenes Rule 21F-17(a), after all.
But in doing so, JPMorgan has acquiesced to a bad principle, thereby enacting it upon everyone else. Is ''every'' non-disclosure agreement fair game? Will there be a range of swingeing fines against other [[Broker|brokers]]? Would it change your answer if those made to sign such agreements had a direct financial incentive to shop their brokers to the SEC?


But as above, in as much as they cleave to the market standard of permitting disclosure to regulators when asked, ''all'' standard NDAs breach Rule 21F-17(a). Not because anyone meant to, but because this is a unique exception that has never occurred to anyone before. It would be interesting to know who planted the idea of this enforcement in the SEC’s head. We have all heard of lawyers chasing ambulances: here is an ambulance chasing the lawyers.  
Expect a flurry of activity in the NDA space, even repapering ones already executed, and — inevitably — the lengthening of an already tedious symbolic ritual. 
====What would a compliant NDA look like?====
Here is where a regulator’s reluctance to explain its own rules creates work for lawyers without reason. The advisory-industrial complex has just acquired another [[Ghost story|''ghost story'']]: a [[Tail event|tail-event]] risk which necessitates a four-eyes check of every NDA that goes out the door. In the prudent operation of a financial services organisation, this is nothing but sawdust in the gears. It addresses no real risk of mischief — no-one had any intention to suppress whistle-blowing in the first place, remember — and will do little to change the regulator’s attitude to {{Strike|rent|fine}} collection if, once more after the fact, it decides that whatever you put in your NDAs to cover the point still does not pass muster.


In another facet of US justice administration, JPMorgan has agreed to the settlement without admission or denial of liability — perhaps taking the pragmatic view than an eighteen million dollar fine is a drop in the ocean compared to the administrative time and burnt marital capital that it would take to contest such a charge. But in doing so Morgan has acquiesced to a bad principle, thereby enacting it on everyone else.
If we take it as read that JPMorgan’s infraction was formal and not substantive then surely the practical thing for [[SEC]] to do would be to warn them off and issue some new guidance to the industry, ''including acceptable contract wording'': to say, as long as your NDA provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority”


Expect a flurry of activity in the NDA space and — inevitably — the lengthening of an already tedious symbolic ritual.  
Were the SEC to give the remainder of the market clear guidance on how to act without the ongoing intermediation of the advisory-industrial complex, [[JPMorgan]] might not have suffered in vain.


{{sa}}
{{sa}}

Latest revision as of 08:04, 30 September 2024

In which the curmudgeonly old sod puts the world to rights.
Index — Click ᐅ to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

It is well-known and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way to the future:

Do what thou wilt shall be the whole of the Law”.

Modern finance was once unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland, scalping unwitting customers — “ripping customers’ faces off” was the vogue term — unrestrained by official hand.

This, contemporary thought leaders believed, was best for everyone, in the long run. “Government is not the solution to our problem; government is the problem,” Ronald Reagan once famously put it. Javier Milei did again — without attribution — at the WEF in 2024, but he feels like a man out of time.

For in recent times — President Milei’s remarks notwithstanding — this carefree impulse has fallen on stony ground. Of course it has: to survive its auto-destruction, any new programme must self-organise: its founding spirit of optimistic anarchy will resolve into well-meant, gentle governance which, in time, will freeze into an impenetrable tundra of rules, etiquettes and ways of behaving, all loosely calculated to maintain and strengthen the power structure as it emerges around the programme.

This happened to the nineteen-fifties, to rock ’n’ roll, to the internet, it’s happening to crypto right now and, if Skynet doesn’t happen first, it will happen to AI before long.

The financial markets are the same, only on a loop: the free-wheeling 1920s gave way, via the shock of the Great Depression, to sober, careful regulation. From there a mid-century of cold war in the East and warm steady growth in the West gave way to the libertine laissez-faire eighties, the End of History itself in the nineties, and that decayed into late-stage freewheeling techno-anarchy in the noughties.

It all fetched up, back where it started, upon the rocks of the Global Financial Crisis, whereupon the cycle began again. Detailed, rules-based regulation was back in style.

Twenty years on, we are all technocrats now: a freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that, because it can be, our every financial impulse should be minutely monitored, reported, and regulated. An industrial estate has taken root around this business of administering things.

The theory

And that is fine. Being a pragmatist, it is not the JC’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical certainty requires them to be as plain, clear and actionable as they can be. The world is uncertain and non-linear enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt what we can and cannot do.

Nor should we be held hostage for the consequence of the things we do when in honest and excusable doubt.

Besides, wilfully leaving doubt in regulation creates an opportunity for the enterprise of doubt alleviation to extract rent. Three-quarters of the UK’s £32bn legal services industry services the corporate sector.[1] That is easy to count. Less so is the difference it makes.

Nor should rules be above criticism: times change, unintended consequences emerge and people make bad rules. Practitioners are the first to apprehend them. They should not be loathe to point them out.

In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: every earnest firm abides by the rules, little time is therefore spent policing them, and there is an easy and open process to challenge the ones that don’t work.

The reality

The reality is different. Global regulation has become a monstrous, baffling, ineffective burden. Even sensible jurisdictions mandate multiple regulators to oversee ostensibly the same territory (SEC, CFTC, FRB, FDIC in the US alone). That is before we deal with the conflicts of cross-border regulation and regulatory perimeters or the actions of supranational bodies such as the Basel Committee on Banking Supervision.

This is licence enough for the advisory-industrial complex that has grown around money management, but it is made worse by regulators’ reluctance to be categorical, or even take a position on, what their own rules mean.

Sure, regulators purport to render their rules in plain English, but often by way of aspiration rather than outcome. And, at the end of the day, if regulations are confusing the market, whether or not regulators believe it, this is reason enough to clarify them. If you can’t just rewrite them — a continually morphing regulatory textscape would be worse even than static rules no one understands — a regulator should at least be prepared to clarify and issue binding guidance about what its own rules to mean and how it intends to enforce them.

Continental tax authorities occasionally issue tax rulings. The SEC has been known to issue the odd “no-action letter”, more by way of forbearance from enforcement than enduring interpretation of its rules, though one eventually crystallises into the other.

But these are exceptions. This is not, in the Anglo-Saxon markets, the done thing. There are no bright lines, after all. It is as if regulators are keeping the option to retrospectively smack down the regulated to suit the political climate. Perhaps they fear the precedent an erroneous ruling night create: their own staff — as prone to budget cuts, downskilling and outsourcing as the rest of us — might have no better idea what the rules are meant to mean than we do.

Perhaps the underfunded gamekeeper fears the poacher’s skill in finding loopholes and running around the spirit in which the rules were put in place.

Or, all of the above.

In any case, regulators will not generally tell you what they think their rules mean. On your own head be it. We think this is a pity.

Announcing after the fact what regulations mean and then prosecuting historical violations is, in essence, retrospective legislation.

It also creates poor incentives all round. It encourages regulators to create ambiguous regulation — as you say, this gives them plausible deniability should their subjects find loopholes — and it intermediates and institutionalises the advisory-industrial complex.

An environment where merchants need professional advice to carry out their day-to-day business just to protect them from breaking the law is not working properly. Financial services, being concerned with lending colossal sums of money, has no shortage of call for lawyers already.

JPMorgan, the NDA and the whistle-blowers

In related news we hear that, in January 2024, JPMorgan agreed to pay the SEC a US$18m fine for signing confidentiality agreements that violated Rule 21F-17(a) of the Securities Exchange Act of 1934.

This rule says no-one may not stifle “whistle-blowers”: citizens who wish to give the SEC information about possible securities law violations. Where this leads to conviction, whistle-blowers stand to be rewarded.

The settlement doesn’t seem to suggest that JPMorgan intended to, or actually did, use its NDAs to prevent anyone reporting securities violations. To the contrary, JPMorgan seems to have been rather good about self-reporting, whenever the need arose. Nor does the SEC allege anything was concealed from it. Rather, it is the dog in the night-time: since JPMorgan’s confidentiality agreements might have had that effect, or might have been used this way, the SEC can not now know what it does not know.

That an NDA might have a “chilling effect” on a whistle-blower was enough of a pretext for the SEC to extract US$18m from JPMorgan. The threat of further action seems to have been enough of a pretext for JPM to just pay up. This all seems rather unfortunate for the rest of the market.

Firstly, be assured a wholesale re-engineering of the confidentiality agreement standard will shortly descend on us. NDAs are plenty long enough already: this will not make them shorter.

Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered. The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. A universal principle is “you may disclose confidential information to regulators if asked, or compelled, to do so”.

This seems a prudent and reasonable standard.

Not according to the SEC, according to whom Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations if you feel like it. Whether a regulator asks you or not. No-one is obliged to blow their whistle, however, so the market standard term would not, explicitly, allow that. You might try to get home with a general sweep-up like “this agreement is to be read to comply with all laws as they apply to the parties” but that is reaching a bit.

JPMorgan’s standard NDA — not, alas, the OneNDA — said:

“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”[2]

Now as far as market standards go, this is pretty much on the money and, for US drafting, blessedly short: you can answer questions from regulators — with or without compulsion — but you can’t volunteer things they did not ask for. Well: it does not say you can volunteer things, at any rate. How this might be construed by a court is not the point: the “chilling effect” — the tendency to prevent disclosure in the first place — is all the SEC needed.

Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a bad precedent. Nothing in the SEC’s press release indicates wilfulness on the bank’s part.

So, firstly, JPMorgan is being fined, basically, for agreeing to a pretty standard NDA.

Secondly — a point Matt Levine makes with typical brio — is that this means that a securities law violation you can blow your whistle about — and be rewarded for under the whistle-blowing programme — is the very existence of a non-compliant NDA itself.

The NDA contravenes Rule 21F-17(a), after all. That is a violation of a securities law. You stand to gain by reporting it, in ostensible breach of its terms.

But as above, in as much as they cleave to the market standard of only permitting disclosure to regulators when asked, all standard NDAs breach Rule 21F-17(a). Not because the market means to chill whistle-blowers, but because this never occurred to anyone before.

It would be interesting to know who planted the idea of this enforcement in the SEC caseworker’s head. We have all heard of lawyers chasing ambulances: here is the stranger case of an ambulance chasing lawyers.

In another disturbing facet of US justice administration, JPMorgan has agreed to the settlement, a civil prosecution — don’t titter at the back, this is a thing in America — without admission or denial of liability, no doubt taking the pragmatic view that comparatively light fine, in financial services, is a doddle against the administrative hell and regulatory stress of contesting such a charge.

But in doing so, JPMorgan has acquiesced to a bad principle, thereby enacting it upon everyone else. Is every non-disclosure agreement fair game? Will there be a range of swingeing fines against other brokers? Would it change your answer if those made to sign such agreements had a direct financial incentive to shop their brokers to the SEC?

Expect a flurry of activity in the NDA space, even repapering ones already executed, and — inevitably — the lengthening of an already tedious symbolic ritual.

What would a compliant NDA look like?

Here is where a regulator’s reluctance to explain its own rules creates work for lawyers without reason. The advisory-industrial complex has just acquired another ghost story: a tail-event risk which necessitates a four-eyes check of every NDA that goes out the door. In the prudent operation of a financial services organisation, this is nothing but sawdust in the gears. It addresses no real risk of mischief — no-one had any intention to suppress whistle-blowing in the first place, remember — and will do little to change the regulator’s attitude to rent fine collection if, once more after the fact, it decides that whatever you put in your NDAs to cover the point still does not pass muster.

If we take it as read that JPMorgan’s infraction was formal and not substantive then surely the practical thing for SEC to do would be to warn them off and issue some new guidance to the industry, including acceptable contract wording: to say, as long as your NDA provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority”

Were the SEC to give the remainder of the market clear guidance on how to act without the ongoing intermediation of the advisory-industrial complex, JPMorgan might not have suffered in vain.

See also

References