Can’t we just ask the regulator?: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
Line 41: Line 41:
In related news we hear that, in January 2024, JPMorgan agreed to pay the [[SEC]] a US$18m fine for signing [[confidentiality agreement]]s that violated Rule 21F-17(a) of the [[Securities Exchange Act of 1934]].  
In related news we hear that, in January 2024, JPMorgan agreed to pay the [[SEC]] a US$18m fine for signing [[confidentiality agreement]]s that violated Rule 21F-17(a) of the [[Securities Exchange Act of 1934]].  


This rule says one must not stifle “whistleblowers’: citizens who wish to inform the [[Securities and Exchange Commission|SEC]] about possible securities law violations they have witnessed. Where their information leads to conviction, whistleblowers stand to be rewarded.  
This rule says no-one may not stifle “whistleblowers”: citizens who wish to give the [[Securities and Exchange Commission|SEC]] information about possible securities law violations. Where this leads to conviction, whistleblowers stand to be rewarded.  


We don’t know the specifics, but the settlement doesn’t seem to suggest that Morgan intended to, or took any positive steps to, enforce its NDAs in this way. Rather that the confidentiality agreements ''might'' have had that effect, or been used this way. The very fact of an NDA might have a chilling effect on a whistleblower: that was enough for the SEC.
We don’t know the specifics, but the settlement doesn’t seem to suggest that JPMorgan intended to, or actually did, enforce its NDAs to prevent anyone reporting securities violations. To the contrary, JPMorgan seems to have been rather good about self-reporting, whenever the need arose. The SEC does not allege anything was concealed from it. Rather, its case was that JPMorgan’s confidentiality agreements ''might'' have had that effect, or ''might'' have been used this way.  


If that is right then a wholesale rewrite of confidentiality agreements is shortly to descend on us. Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered. The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. It is implicit. One principle is “you may disclose confidential information to a regulator if you are asked for it, or compelled to do so”.
That an NDA ''might'' have a “chilling effect” on a whistleblower: that was enough of a pretext for the SEC to extract US$18m from JPMorgan. The threat of further action seems to have been enough of a pretext for JPM to just pay up. This all seems rather unfortunate.


According to [[SEC]]’s worldview, Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations ''if you feel like it''. Whether a regulator asks you or not. No-one is ''obliged'' to be a whistleblower, however, so the market standard [[Confidentiality agreement|NDA]] would not, explicitly, permit you to blow your whistle. You might try to get home if you have a general “this agreement is to be read to be consistent with all laws as they apply to the parties” but that is reaching a bit.
Firstly, be assured a wholesale re-engineering of the confidentiality agreement standard will shortly descend on us. Make no mistake, they will not be shorter. Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered. The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. A universal principle is “you may disclose confidential information to regulators if asked, or compelled, to do so”.


JPMorgan’s standard NDA — not, alas, the OneNDA — said:
This seems a prudent and reasonable standard.
 
Not according to the SEC, according to whom Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations ''if you feel like it''. Whether a regulator asks you or not. No-one is ''obliged'' to blow their whistle, however, so the market standard term would not, explicitly, allow that. You might try to get home with a general sweep-up like “this agreement is to be read to be consistent with all laws as they apply to the parties” but that is reaching a bit.
 
JPMorgan’s standard NDA — not, alas, the [[OneNDA]] — said:
{{Quote|“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”<ref>{{plainlink|https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf|SEC settlement order}}</ref>}}
{{Quote|“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”<ref>{{plainlink|https://www.sec.gov/files/litigation/admin/2024/34-99344.pdf|SEC settlement order}}</ref>}}
As far as market standards go this is pretty much on the money, and for a US legal document, blessedly short: you can ''answer questions'' from regulators — with or without compulsion — but you can’t ''volunteer'' things they did not ask for. Rather, it does not say you ''can'' volunteer things.  
Now as far as market standards go this is pretty much on the money and, for a US legal document, blessedly short: you can ''answer questions'' from regulators — with or without compulsion — but you can’t ''volunteer'' things they did not ask for. Well: it does not say you ''can'' volunteer things, at any rate. How this might be construed by a court if tested is not the point: the chilling effect — the tendency to prevent disclosure in the first place — is all the SEC needed.
 
Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a ''bad'' ''precedent''. Nothing in the {{Plainlink|https://www.sec.gov/news/press-release/2024-7|SEC’s press release}} indicates any actual wilfulness on the bank’s part. So firstly, JPMorgan is being fined, basically, for agreeing to a pretty standard NDA.


Editorialising for a bit I know, right: who? me? then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a ''bad'' precedent. Nothing in the {{Plainlink|https://www.sec.gov/news/press-release/2024-7|SEC’s press release}} about the fine indicates this is the case. So firstly, JPMorgan is being fined, basically, for agreeing to pretty standard NDAs.
Secondly — a point Matt Levine makes with typical brio is that this means that a securities law violation you can blow your whistle about and be rewarded under the whistleblowing programme for — is ''the very existence of a non-compliant NDA itself''.  


Secondly, and it is a point Matt Levine makes with typical brio, this means that the securities law violation you can blow the whistle on — and be rewarded under the whistleblowing programme for — is ''the existence of the NDA itself''. The NDA contravenes Rule 21F-17(a), after all.
The NDA contravenes Rule 21F-17(a), after all. It is a breach of securities law. You stand to gain by reporting it, in ostensible breach of its terms.


But as above, in as much as they cleave to the market standard of permitting disclosure to regulators when asked, ''all'' standard NDAs breach Rule 21F-17(a). Not because anyone meant to, but because this is a unique exception that has never occurred to anyone before. It would be interesting to know who planted the idea of this enforcement in the SEC’s head. We have all heard of lawyers chasing ambulances: here is an ambulance chasing the lawyers.  
But as above, in as much as they cleave to the market standard of only permitting disclosure to regulators when asked, ''all'' standard NDAs breach Rule 21F-17(a). Not because anyone meant to chill whistleblowers, but because this ''never occurred'' to anyone before. It would be interesting to know who planted the idea of this enforcement in the SEC caseworker’s head. We have all heard of lawyers chasing ambulances: here is the stranger case of an ambulance chasing lawyers.  


In another facet of US justice administration, JPMorgan has agreed to the settlement without admission or denial of liability — perhaps taking the pragmatic view that a USD$18m fine is a drop in the ocean compared to the administrative time and burnt marital capital that it would take to contest such a charge. But in doing so, Morgan has acquiesced to a bad principle, thereby enacting it on everyone else.
In another facet of US justice administration, JPMorgan has agreed to the settlement, a civil prosecution, without admission or denial of liability — no doubt taking the pragmatic view that USD$18m fine is a doddle compared to the administrative time and burnt marital capital that it would take to contest such a charge. But in doing so, Morgan has acquiesced to a bad principle, thereby enacting it on everyone else.


Expect a flurry of activity in the NDA space and — inevitably — the lengthening of an already tedious symbolic ritual.   
Expect a flurry of activity in the NDA space and — inevitably — the lengthening of an already tedious symbolic ritual.   
====What would a compliant NDA look like?====
====What would a compliant NDA look like?====
Here is where the regulatory reluctance to flesh out your own rules creates work for lawyers without reason. If we take it as read that JPMorgan’s infraction was formal and not substantive — then surely a practical thing for SEC to do would be to issue some agreed-upon wording: say, as long as your NDA, in essence, provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority” then you give the remainder of the market clear guidance for which lawyers are not required, and [[JPMorgan]] shall not have suffered in vain.
Here is where the regulatory reluctance to flesh out your own rules creates work for lawyers without reason. If we take it as read that JPMorgan’s infraction was formal and not substantive — then surely the practical thing for SEC to do would be to warn them off and issue some agreed-upon wording to the industry: say, as long as your NDA provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority” then you give the remainder of the market clear guidance for which lawyers are not required, and [[JPMorgan]] shall not have suffered in vain.


{{sa}}
{{sa}}

Revision as of 15:53, 19 January 2024

File:Conundrum with Whiteboard.png
“Conundrum with Whiteboard”. (von Sachsen-Rampton, 1995)
In which the curmudgeonly old sod puts the world to rights.
Index — Click ᐅ to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

It is well-known and widely reported that regulations have grown in scope, density, interrelation and complication since those mad, dreamy Eighties days when rules were for birds and the Randian spirit of Aleister Crowley was the dominant fingerpost showing the way towards market governance.

“Do what thou wilt shall be the whole of the Law”.

The world of modern finance was unexplored: broken-fenced frontiers everywhere you looked, and you were free to wander the hinterland scalping unwitting customers — “ripping customers’ faces off” was the vogue term, come to think of it — unrestrained by official hand.

This, contemporary thought leaders believed, was best for everyone, in the long run. “Government is not the solution to our problem; government is the problem,” as Ronald Reagan once famously put it, and as Javier Milei did again — without attribution — at the WEF in 2024.

In recent times — President Milei’s remarks notwithstanding — this carefree impulse has fallen on stony ground. Of course, it has: to survive its auto-destruction, any new programme must self-organise: that founding spirit of optimistic anarchy will resolve to well-meant gentle governance which in time will calcify into impenetrable rules, etiquettes and ways of operating calculated to maintain the emergent power structure around the programme. This happened to the nineteen-fifties, to rock ’n’ roll, to the internet, it’s happening to crypto right now and will happen to AI at some point in the future — as long as Skynet doesn’t happen first.

The financial markets are the same, only on a loop: three free-wheeling 1920s gave way, via the shock of the Great Depression, to the carefully regulated mid-century of war with the East and steady economic growth in the West; that gave way to libertine laissez-faire of the eighties, the End of History itself in the 1990s which decayed into the late-stage freewheeling techno-anarchy of the noughties which fetched up upon the rocks of the Global Financial Crisis, whereupon the cycle began again.

We are all technocrats now: a freedom that once seemed hopeful and elegant now seems barbaric in its simplicity. We have become inured to the idea that, because it can be, our every financial impulse should be minutely monitored, reported, and regulated.

The theory

And that is fine. Being a pragmatist, it is not the JC’s motive to take sides in the cosmic debate: rather, to say, however heavily we frame our rules, good governance and our well-rehearsed imperative of juridical certainty requires them to be as plain, clear and actionable as they can be. The world is uncertain and non-linear enough: the guardrails we erect to protect each other from it should not be. We should not be left in doubt about what we can and cannot do.

We should not be held hostage for the consequence of action in a case of genuine doubt.

Besides, wilfully leaving doubt in regulation creates an opportunity for doubt alleviators to extract rent. Three-quarters of the UK’s £32bn legal services industry services the corporate sector.[1]

Nor should rules be above criticism: times change, unintended consequences emerge and people make bad rules. Practitioners at the coal face are the first to apprehend them. They should not be loathe to point them out.

In any sensible polity, rules carrying sanctions must be easy to understand, follow and challenge. The optimal scenario: everyone abides by the rules, and there is an easy and open process to challenge the ones that don’t work.

The reality

The reality is that global regulation is a monstrous, baffling burden. Even sensible jurisdictions mandate multiple regulators to oversee ostensibly the same territory (SEC, CFTC, FRB, FDIC in the US alone). That is before we deal with the conflicts of cross-border regulation and regulatory perimeters or the actions of supranational bodies such as the Basel Committee on Banking Supervision.

This is licence enough for the advisory-industrial complex of legal, accounting and regulatory advice that has grown around the markets, but it is made worse by regulators’ reluctance to be categorical, or even take a position, on what their own rules mean.

Sure, regulators purport to render their rules in plain English, but often by way of aspiration rather than outcome. And, at the end of the day, if regulations are confusing the market, whether or not regulators believe they should be, this is reason enough to clarify them. If you can’t just rewrite them — a continually morphing regulatory textscape might be even worse than static rules no one understands — then at least be prepared to clarify, through official guidance, what you take your own rules to mean and how you intend to enforce them.

Continental tax authorities might occasionally issue, and be bound by a tax ruling. The SEC has been known to issue the odd “no-action letter”, more by way of forbearance from enforcement, rather than enduring interpretation of its rules, though one eventually crystallises into the other.

But this is not, in the Anglo-Saxon markets, the done thing. There are no bright lines, after all. It is as if regulators are keeping the option to retrospectively smack down the regulated to suit the political climate. Perhaps regulators fear the precedent an erroneous ruling night create: their own staff, just as prone to budget cuts, downskilling and outsourcing, might have no better idea what the rules are meant to mean than anyone else.

Perhaps the underfunded gamekeeper fears the poacher’s skill in finding loopholes and running around the spirit in which the rules were put in place.

Probably all of the above. In any case, regulators will not generally tell you what they think their rules mean. We think this is a pity.

JPMorgan, the NDA and the whistleblowers

In related news we hear that, in January 2024, JPMorgan agreed to pay the SEC a US$18m fine for signing confidentiality agreements that violated Rule 21F-17(a) of the Securities Exchange Act of 1934.

This rule says no-one may not stifle “whistleblowers”: citizens who wish to give the SEC information about possible securities law violations. Where this leads to conviction, whistleblowers stand to be rewarded.

We don’t know the specifics, but the settlement doesn’t seem to suggest that JPMorgan intended to, or actually did, enforce its NDAs to prevent anyone reporting securities violations. To the contrary, JPMorgan seems to have been rather good about self-reporting, whenever the need arose. The SEC does not allege anything was concealed from it. Rather, its case was that JPMorgan’s confidentiality agreements might have had that effect, or might have been used this way.

That an NDA might have a “chilling effect” on a whistleblower: that was enough of a pretext for the SEC to extract US$18m from JPMorgan. The threat of further action seems to have been enough of a pretext for JPM to just pay up. This all seems rather unfortunate.

Firstly, be assured a wholesale re-engineering of the confidentiality agreement standard will shortly descend on us. Make no mistake, they will not be shorter. Downtrodden inhouse counsel, who already spend far too much time on NDAs (in that they spend any time at all) will not be cheered. The NDA is a well-understood beast: its principles are standardised, even if their articulation is not. A universal principle is “you may disclose confidential information to regulators if asked, or compelled, to do so”.

This seems a prudent and reasonable standard.

Not according to the SEC, according to whom Rule 21F-17(a) requires something more than that: you must be free to disclose information that may indicate violations if you feel like it. Whether a regulator asks you or not. No-one is obliged to blow their whistle, however, so the market standard term would not, explicitly, allow that. You might try to get home with a general sweep-up like “this agreement is to be read to be consistent with all laws as they apply to the parties” but that is reaching a bit.

JPMorgan’s standard NDA — not, alas, the OneNDA — said:

“[JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization or as required by law.”[2]

Now as far as market standards go this is pretty much on the money and, for a US legal document, blessedly short: you can answer questions from regulators — with or without compulsion — but you can’t volunteer things they did not ask for. Well: it does not say you can volunteer things, at any rate. How this might be construed by a court if tested is not the point: the chilling effect — the tendency to prevent disclosure in the first place — is all the SEC needed.

Editorialising for a bit — I know, right: who? me? — then unless JPMorgan wilfully meant to prevent whistleblowing, this seems like a bad precedent. Nothing in the SEC’s press release indicates any actual wilfulness on the bank’s part. So firstly, JPMorgan is being fined, basically, for agreeing to a pretty standard NDA.

Secondly — a point Matt Levine makes with typical brio — is that this means that a securities law violation you can blow your whistle about — and be rewarded under the whistleblowing programme for — is the very existence of a non-compliant NDA itself.

The NDA contravenes Rule 21F-17(a), after all. It is a breach of securities law. You stand to gain by reporting it, in ostensible breach of its terms.

But as above, in as much as they cleave to the market standard of only permitting disclosure to regulators when asked, all standard NDAs breach Rule 21F-17(a). Not because anyone meant to chill whistleblowers, but because this never occurred to anyone before. It would be interesting to know who planted the idea of this enforcement in the SEC caseworker’s head. We have all heard of lawyers chasing ambulances: here is the stranger case of an ambulance chasing lawyers.

In another facet of US justice administration, JPMorgan has agreed to the settlement, a civil prosecution, without admission or denial of liability — no doubt taking the pragmatic view that USD$18m fine is a doddle compared to the administrative time and burnt marital capital that it would take to contest such a charge. But in doing so, Morgan has acquiesced to a bad principle, thereby enacting it on everyone else.

Expect a flurry of activity in the NDA space and — inevitably — the lengthening of an already tedious symbolic ritual.

What would a compliant NDA look like?

Here is where the regulatory reluctance to flesh out your own rules creates work for lawyers without reason. If we take it as read that JPMorgan’s infraction was formal and not substantive — then surely the practical thing for SEC to do would be to warn them off and issue some agreed-upon wording to the industry: say, as long as your NDA provides that “nothing in this agreement is intended to prevent any person reporting possible legal violations to any regulatory authority” then you give the remainder of the market clear guidance for which lawyers are not required, and JPMorgan shall not have suffered in vain.

See also

References