Bridging The Week - December 2019

Katten Muchin Rosenman LLP
Contact

The Commodity Futures Trading Commission issued revised guidance for mandatory chief compliance officer annual compliance reports for futures commission merchants and swap dealers. However, the proposed recommendations are not as significant as a look-back on how compliance officers and CCO annual reports seemed to have become heightened targets of the CFTC’s Division of Enforcement in fiscal year 2019. Separately, a swap dealer was fined US $1 million by the CFTC for failing to make and retain audio recordings of certain oral communications of its swaps trading and related cash and forwards transactions for 20 business days. However, given the inadvertence of the incident and the firm’s self-discovery and response to its breakdown within just a few weeks, was this really a matter warranting an enforcement action, let alone a US $1 million fine? As a result, the following matters are covered in this week’s edition of Bridging the Week:

  • Based on Experience, CFTC Staff Makes Recommendations of Better Practices for FCMs’ and Swap Dealers’ Chief Compliance Officer Annual Compliance Reports (includes Compliance Weeds);
  • Registrant Penalized US $1 Million by CFTC After Finding and Fixing Inadvertent Short-Term Audio-Recording Breakdown (includes My View);
  • CFTC FY 2019 Enforcement Annual Report Highlights High Percentage of Cases Aimed at Promoting Market Integrity (includes Compliance Weeds); and more.

Please click here for the Video Version.

Article Version:

Briefly:

  • Based on Experience, CFTC Staff Makes Recommendations of Better Practices for FCMs’ and Swap Dealers’ Chief Compliance Officer Annual Compliance Reports: The Commodity Futures Trading Commission’s Division of Swap Dealer and Intermediary Oversight issued updated guidance on certain required elements of the chief compliance officer annual compliance reports that must be filed each year with the CFTC by futures commission merchants and swap dealers. DSIO generally framed its guidance in terms of deficiencies it believed should be corrected based on its review of 2018 CCO annual compliance reports.

DSIO principally addressed those portions of the CCO annual reports dealing with (1) areas for improvement; (2) prospective changes or improvements to compliance programs; (3) financial, managerial, operational and staffing resources; (4) material noncompliance issues; and (5) material changes to compliance policies and procedures. Staff also included recommendations regarding the CCO’s annual report’s certification requirement and other matters. (Click here to access relevant CFTC regulations regarding the CCO annual report, in CFTC Rule 3.3(e) and (f).)

All FCMs and SDs must appoint a CCO. Among the required duties of a CCO is to prepare and sign an annual compliance report. These reports must be filed with the Commission by no later than 90 days after each FCM’s and SD’s fiscal year-end and contain a certification by the firm’s CCO or chief executive officer that, to the best of his or her knowledge and reasonable belief, all information contained in the annual report is materially accurate and complete. Other CFTC-regulated entities also have obligations to submit CCO annual reports to the Commission (e.g., derivatives clearing organizations and swap execution facilities; click here to access CFTC Rule 39.10(c)(3) and (4)) and here to access CFTC Rule 37.1501(e) and (f)). However, the CFTC’s revised guidance is expressly applicable solely to FCMs and SDs (although the guidance is helpful to CCOs of all registered entities that must file an annual compliance report with the CFTC).

In its guidance, DSIO was most critical of FCMs’ and SDs’ discussions of “areas for improvement” (see CFTC Rule 3.3(e)(3)). Staff said that registrants “often” failed to provide context around why a matter warranted improvement, what the current status of the improvement was; and what CFTC regulation was associated with the matter. DSIO also observed that registrants “commonly” included their discussion of areas for improvement in the section of the CCO annual report dedicated to the FCM’s or SD’s assessment of the effectiveness of their policies and procedures (see CFTC Rule 3.3(e)(2)). However, said DSIO, areas for improvement are not restricted to policies and procedures or material noncompliance issues.

Moreover, noted DSIO, registrants must not only identify areas for improvement but also recommend changes for improvement. Although staff has seen recommendations set forth in different ways, it recommends including discussions of potential or prospective changes or improvements in a stand-alone section. Any recommendation that would require a change in resources dedicated to a firm’s compliance program should discuss the resources in this section of the CCO annual report.

DSIO also said that:

  • Information required regarding the financial, managerial, operational and staffing resources dedicated to the registrant’s compliance with the Commodity Exchange Act and CFTC regulations should include information specific to the registrant, even where information is ordinarily captured solely at a parent or consolidated level (see CFTC Rule 3.3(e)(4)). Likewise, if a registrant dedicates compliance resources to non-CEA and non-CFTC rules’ compliance, it must break out resources dedicated solely to CEA and CFTC regulations’ compliance. If required statistics are provided in the CCO annual report based on estimates, the basis of these estimates should be described. Any discussion of operational resources should include reference to relied-upon software and technology infrastructure; it is a best practice to reference such software by name if it is compliance-oriented, and describe how it is used and fits into the firm’s overall compliance program.
  • Any discussion of material noncompliance issues should include a discussion of the firm’s standard of materiality (see CFTC Rule 3.3(e)(5)). Registrants should note whether a material noncompliance issue was self identified or pointed out by an external entity (e.g., a self-regulatory organization). Similarly, any discussion of material changes to compliance policies and procedures must set the forth the firm's threshold for materiality (see CFTC rule 3.3(e)(6)).
  • If the registrant does not have an audit committee or equivalent body, it should note that in a statement in the CCO annual report (see CFTC Rule 3.3(f)(1)(ii)). Moreover, the certification required for all CCO annual reports must track the precise language of the relevant CFTC regulation. (see CFTC rule 3.3(f)(3)). The specific coverage period of all CCO annual reports should be included in the report.

For convenience, DSIO included a stand-alone checklist of common deficiencies in CCO annual reports and a list of all staff recommendations in an appendix to its guidance.

DSIO issued initial guidance regarding CCO annual reports in 2014. (Click here for background in the article “In Time for Christmas, CFTC Staff Gives FCMs, SDs and MSPs Gift of Time Extension to File CCO Annual Report; However, Adds Content Requirements as the Price” in the January 2, 2015 edition of Between Bridges.) The CFTC refreshed this guidance in 2018 when it amended its rules related to CCOs and their annual compliance reports. (Click here for background in the article "CFTC Amends Rules to Simplify CCO Duties and Annual Report Obligations of FCMs, SDs and MSPs" in the August 26, 2018 edition of Bridging the Week.)

DSIO’s guidance is also technically applicable to major swap participants; however, there are currently none registered.

Compliance Weeds: Since late 2018, the CFTC has expressly identified deficiencies in CCO annual reports in enforcement actions, and highlighted the role of compliance officers in contributing to their firms’ alleged regulatory violations.

In November 2018, Commerzbank AG agreed to pay a fine of US $12 million to the CFTC to resolve charges that, from December 31, 2012 through at least 2018, it failed to comply with various requirements for swap dealers, and for two years it filed chief compliance officer annual reports that did not “adequately disclose” deficiencies in compliance of which it was aware.

According to the CFTC, during “much” of the relevant time Commerzbank failed to have an “effective, bank-wide process” to evaluate whether its transactions with certain non-US persons were subject to requirements for swaps under applicable law. Additionally, the CFTC claimed that in 2015, Commerzbank filed a CCO annual report for 2014 that failed to identify material compliance issues identified for the bank in 2014 by an outside consultant that had been retained to evaluate its policies and procedures for adherence to applicable requirements. The CFTC also said that Commerzbank’s 2015 CCO annual report filed in 2016 did not disclose problems with the bank’s large trader reporting compliance that Commerzbank identified in March 2015.

(Click here for background in the article “Swap Dealer Agrees to Pay US $12 Million to CFTC for Noncompliance With Multiple Regulatory Requirements and Allegedly Filing Misleading Annual Compliance Reports” in the November 11, 2018 edition of Bridging the Week.)

More recently, RBC Capital Markets LLC – a registered futures commission merchant and a wholly owned indirect subsidiary of the Royal Bank of Canada – agreed to pay a fine of US $5 million to the CFTC for allegedly engaging in 385 instances of wash sales involving exchange for physical transactions in interest rate products from December 2011 through October 2015.

In addition to charging RBCCM with violations of applicable law and relevant CFTC regulations for failure to supervise, wash sales and conducting EFPs not in accordance with CME rules, the Commission claimed that the firm failed to disclose certain material compliance issues in its 2015 and 2016 CCO annual report, among other violations. (Click here for additional background in the article “CFTC Settles Avalanche of Enforcement Actions Alleging Failure to Supervise, Spoofing, Reporting Violations and Providing Misleading Information to the CFTC and FCMs” in the October 6, 2016 edition of Bridging the Week; see section “Purported Failure to Supervise”.)

At the same time the CFTC filed its enforcement action against RBCCM, it announced enforcement actions against two other registrants. In all three actions the CFTC singled out the acts of the compliance department and/or a compliance officer as contributing to a registrant’s alleged substantive violations.

In an action against The Northern Trust Company, a provisionally registered swap dealer, the CFTC charged the firm with a failure to comply with certain reporting requirements under CFTC rules. The Commission claimed that Northern Trust’s purported reporting issues were attributable to its “failure to devote adequate attention and resources to reporting solutions.” In addition to reporting violations, the CFTC charged Northern Trust with failure to supervise. The CFTC said that the swap dealer’s supervisory breakdown was aided, in part, because the firm “repeatedly hired compliance personnel for the [swap dealer] who possessed some financial industry and regulatory experience, but lacked the specific technical expertise necessary to ensure [swap dealer] compliance.” (For more details, reference the article in Bridging the Week identified above; see section “Claimed Reporting Infractions”.)

Likewise, the CFTC brought and settled enforcement actions against Classic Energy LLC, a registered introducing broker, and Mathew Webb, its former founder, president and sole member, for purportedly defrauding Classic’s customers by executing 63 block trades between customers and a Classic proprietary account based on nonpublic information and for trading opposite Classic’s customers in block trades without disclosing that Classic was acting as a counterparty and not as a broker – the category the clients expected. The CFTC charged Classic with failure to maintain records of block trades and failure to supervise. Among other things, the CFTC claimed that Classic’s compliance officer did not conduct sufficient checks of a system used by a third party retained to maintain audio recording of block trades for Classic to ensure that communications were being prepared and maintained as required.

Classic and Mr. Webb agreed together to pay an aggregate fine of US $1.5 million to resolve the CFTC’s enforcement action. (For more details, reference the article in Bridging the Week identified above; see section “Misappropriation Charged”.)

All these actions highlight the importance of FCMs and SDs getting it right in their CCO annual reports, and of compliance officers being well-trained, empowered and diligent.

  • Registrant Penalized US $1 Million by CFTC After Finding and Fixing Inadvertent Short-Term Audio-Recording Breakdown: Goldman Sachs & Co. agreed to pay a fine of US $1 million to resolve charges brought by the Commodity Futures Trading Commission that, on 20 consecutive business days in January and February 2014, it failed to make and retain audio recordings of certain oral communications of its swaps trading and related cash and forwards transactions. (Click here to access CFTC Rules 23.202(a)(1) and (b)(1) and here for CFTC Rule 23.203(b)(2).) GSC was obligated to make and retain such recordings as a swap dealer provisionally registered with the CFTC; at the time and now, GSC is also registered with the CFTC as a futures commission merchant, a commodity trading advisor and a commodity pool operator.

According to the CFTC, GSC’s failure was initiated by the firm’s installation of a security patch on certain software used in one of its offices. This installation required the shutdown and restart of its servers. However, as a result of this process, GSC’s hardware to record oral communications failed as did the hardware’s failsafe alarm meant to alert the firm of a failure and to start a backup recording system. The CFTC acknowledged that “[a]t the time, Goldman had followed the vendor’s configuration instructions and was unaware of the vulnerability of the recording hardware it utilized [to malfunction as it did].”

A few weeks later, following an internal move by certain personnel in the affected office, GSC tested its recording system and learned of the breakdown. The CFTC said that the firm re-engaged the recording system by early morning on the day following its discovery of the breakdown and instituted “a number of measures” to preclude a repeat error and to detect a breakdown promptly should it occur.

The CFTC claimed that GSC’s recording breakdown “impeded” a subsequent, unrelated investigation it conducted. However, the CFTC also conceded it was able to capture some of the relevant recordings through recorded lines in other GSC offices.

My View: In its FY 2019 annual report published on November 25, the CFTC’s Division of Enforcement wrote that a “strong enforcement program, is … about preserving market integrity, protecting customers, and deterring misconduct in the first place. It’s about being tough, but it’s also about being fair.” (Click here to access the DOE annual report.)

Unfortunately, even the best designed technology breaks down or fails to operate as intended from time to time. As a result, it seems unfair for the CFTC to bring this enforcement action against a company (let alone fine it US $1 million) where the firm relied on third-party hardware that malfunctioned; a backup system failed to kick in as designed through no fault of the firm; the company self-discovered its problem within a short time and promptly fixed it; and the firm on its own initiative revised its processes to help avoid a similar future issue.

As the CFTC’s Enforcement Division also wrote in its Annual Report, “it’s about allocating resources to ensure our efforts target the most pernicious forms of misconduct.” The CFTC said GSC’s failure to record and maintain certain oral recordings allegedly hindered an unrelated DOE investigation; this is unfortunate and may have warranted a warning or other similar measure. However, the firm’s overall conduct associated with this recording breakdown hardly seems sufficiently “pernicious” to have warranted more.

  • CFTC FY 2019 Enforcement Annual Report Highlights High Percentage of Cases Aimed at Promoting Market Integrity: In its fiscal year 2019 annual report published last month, the Commodity Futures Trading Commission’s Division of Enforcement noted that it had filed 69 enforcement actions and been awarded more than US $1.3 billion in fines, restitution and disgorgement in enforcement actions resolved during fiscal year 2019. The number of cases filed by the CFTC marked a slight increase over the number of cases filed during the prior five years (67.5) and the amount of sanctions was the fourth largest total in CFTC history.

The DOE claimed that during the last fiscal year, its priorities were the same as FY 2018: (1) ensuring market integrity, (2) protecting customers, (3) encouraging individual accountability, and (4) enhancing coordination with other regulators and criminal authorities. Fifty-one of the cases it brought addressed purported manipulative conduct and spoofing; commodities fraud; misappropriation of confidential information, trade allocation schemes and mismarking; and protection of customer funds, supervision and financial integrity,

Among other areas of focus, the DOE said it “aggressively” pursued purported misconduct involving digital assets regarded as “commodities” under applicable law as well as misappropriation of confidential information.

In its annual report, the DOE noted that the CFTC awarded over US $15 million in whistleblower awards last fiscal year.

Separately, the National Futures Association also issued its 2019 Annual Review. The NFA claimed its major accomplishments this year included (1) the announcement of its swap proficiency requirements for all persons acting as associated persons at swap dealers and registered APs engaged in swaps activities at futures commission merchants, commodity trading advisors and commodity pool operators; (2) its update of its BASIC system that captures registration and disciplinary information on firms and professionals in the derivatives markets; and (3) the amendment of its interpretive notice regarding the supervision of branch offices and guaranteed introducing brokers.

(Click here for background regarding NFA’s swap proficiency requirements in the article “NFA Seeks Smarter Swaps APs Through New Training Requirements” in the March 20, 2019 edition of Bridging the Week. Click here for background on the new supervisory requirements in the article “NFA Proposes Overhaul of Requirements for Supervision of Branch Offices and Guaranteed IBs” in the June 9, 2019 edition of Bridging the Week.)

Compliance Weeds: Through publication of its annual report, the CFTC’s DOE endeavors to be transparent about its priorities. Persons involved in US derivatives markets should use this publication to evaluate the adequacy of their policies and procedures to help ensure, at a minimum, they align with the DOE’s priorities.

Earlier this year, the DOE also issued a reference guide setting forth policies and procedures regarding the conduct of investigations, the prosecution and settlement of enforcement actions, and miscellaneous topics, such as ethics, confidentiality and records management.

The Enforcement Manual did not break any new ground. However, it is an additional useful tool for industry participants and represents another welcome effort by the DOE to be transparent. (Click here for further background on the Enforcement Manual in the article “CFTC Division of Enforcement Issues First Guide to Activities and Overview of General Policies and Procedures” in the May 12, 2019 edition of Bridging the Week.)

More Briefly:

  • Renowned Ethereum Backer Criminally Charged for Purportedly Traveling to North Korea and Training on Use of Cryptocurrencies and Blockchain to Evade Economic Sanctions: Virgil Griffith, whose LinkedIn site identifies him as being a research scientist for Ethereum (click here to access), was arrested and criminally charged with traveling to North Korea and providing North Korean officials with “valuable information” regarding blockchain and virtual currency technology and how to use such technologies to avoid economic sanctions and launder money. Mr. Griffith was specifically charged with violating the International Emergency Economic Powers Act (click here to access 50 U.S.C. § 1705(a)). Since adoption of IEEPA, US presidents and the Office of Assets Control of the US Department of Treasury have imposed sanctions on North Korea and certain of its officials and precluded the transfer of any technology to that country without a license.

According to an affidavit of a special agent of the Federal Bureau of Investigation incorporated in a complaint filed against Mr. Griffith in a federal court in New York City, Mr. Griffith surreptitiously travelled to North Korea in April 2019 through China after being denied approval to do so directly by the US Department of State. He presented at a conference there entitled “Blockchain and Peace,” and discussed, among other topics, how blockchain technology, including smart contracts, could be used to benefit North Korea.

If convicted, Mr. Griffin could be subject to imprisonment of up to 20 years.

  • Programmer for Flash Crash Spoofer Renews Motion to Dismiss CFTC Enforcement Action: Jitesh Thakkar, a programmer for flash-crash spoofer Navinder Sarao, and his software development firm, Edge Financial Technologies, Inc., renewed their motion for summary judgment to end the Commodity Futures Trading Commission enforcement action against them charging them with aiding and abetting Mr. Sarao's illicit conduct. The CFTC alleged that the defendants developed a “back-of-book” function for Mr. Sarao that automatically and continuously modified his spoofing orders by one lot to move them to the back of relevant order queues (to minimize their chance of being executed) and cancelled all his spoofing orders at one price level as soon as any portion of an order was executed.

    Defendants initially moved for summary judgment in September 2019 following the decision of the Department of Justice not to again prosecute them criminally after a jury failed to convict Mr. Thakkar of aiding and abetting Mr. Sarao's spoofing. The federal court hearing the CFTC's enforcement matter declined to grant the motion at the time saying the motion was premature, but invited defendants to refile it later. (Click here for details in the article "Court Denies Summary Judgment Motion of Purported Programmer for Flash Crash Spoofer – For Now" in the September 15, 2019 edition of Bridging the Week.)

​In again requesting an order for summary judgment, defendants argued that they have made a substantial additional production of documents since their last motion, including providing the CFTC – at Mr. Thakkar's own expense – with more than 800,000 pages of documents given to Mr. Thakkar by the DOJ during his criminal action.

In response, the CFTC asked that the court deny defendants' motion, arguing that there are still open discovery issues and that it desires to take the depositions of four former Edge employees who helped develop and test the software Mr. Thakkar purportedly designed for Mr. Sarao. The CFTC claimed that the results of the discovery and testimony could help "in shedding light" on Mr. Thakkar's understanding of Mr. Sarao's trading objectives.

  • SEC Again Proposes to Authorize Use of Derivatives by Registered Investment Companies: The Securities and Exchange Commission proposed new rules to formally permit registered investment companies – such as mutual companies, exchange-traded funds and business development companies – to transact in derivatives and certain other transactions notwithstanding other restrictions under applicable law. These rules are meant to replace a hodgepodge of staff guidance and industry practice that has enable funds to trade derivatives on an instrument-by-instrument basis, resulting in different funds handling the same derivatives differently.

The new rules are meant to provide a uniform set of conditions for registered funds to engage in derivatives transactions by requiring the adoption and maintenance of a written derivatives management program, and compliance with an outer limit on fund leverage based on a value at risk test that would cap a fund’s VaR to 150 percent of a designated reference index for the fund. There would be an exception from the management program requirement and VaR limit cap for funds that limit their derivatives exposure to 10 percent of their net assets or use derivatives solely to hedge certain currency risks. There would also be alternative conditions for certain leveraged or inverse funds.

The proposed rules would also mandate a set of due diligence and approval requirements for broker-dealers and investment advisers in connection with trades in shares of leveraged investment vehicles and include a hard cap on geared products’ employment of leverage at three times a specified market index. Commissioners Hester Peirce and Elad Roisman raised concerns regarding these restrictions, noting the sales practice requirements are proposed to apply even when an investor determines to invest in a geared ETF without input from a broker or investment adviser. According to the commissioners, “[t]he SEC protects investors not by limiting their right to access products available in public markets, but by ensuring that they have material information at the ready to make informed buy, sell and hold decisions.” (Click here to access Commissioners Peirce and Roisman’s statement.)

Comments will be accepted on the SEC’s proposal for 60 days following its publication in the Federal Register.

The SEC previously proposed a rule aimed at limiting the leverage registered investment companies could obtain through the use of derivatives transactions in 2015. (Click here for background in the article “SEC Considers New Rule to Restrict Use of Derivatives by Investment Companies” in the December 13, 2015 edition of Bridging the Week.)

  • NFA Proposes to Apply Rules Related to Discretionary Customer Accounts to Cleared Swaps; Reminds Exempt CTAs and CPOs to Affirm Exemptions: The National Futures Association proposed amendments to extend the reach of rules addressing discretionary customer accounts, customer information, risk disclosures and bunched offers to cleared swaps. A rule that applies to discretionary accounts is proposed to be renamed to include the word “discretionary” to make clear the amendments apply solely to a member’s customer activities and not principal-to-principal activities. (Click here to access NFA Rule 2-8.) Additionally, NFA’s interpretation regarding bunched orders for multiple accounts is also proposed to be updated to make clear that the average price of bunched orders may be rounded to the next price increment supported by the clearinghouse and accounting systems, provided any residual amounts in excess of one cent are paid to the impacted customers. (Click here to access NFA Interpretive Notice 9029.) Other amendments are also proposed.

Separately, NFA also reminded persons that claim certain exemptions from registration as a commodity trading advisor or commodity pool operator to affirm their exemption by February 29, 2020. Failure to do so will result in withdrawal of the exemption on March 1, 2020.

  • Nonmember Sanctioned by COMEX for Spoofing and Misusing Tag50 Identification of Another Trader: Igor Voronkovski was ordered by a Commodity Exchange, Inc. business conduct committee to pay a fine of US $60,000 and be permanently denied access to all CME Group exchanges for purportedly engaging in spoofing activities on one or more times from March to August 2017 involving gold and copper futures. Additionally, Mr. Voronkovski was alleged to use another person’s Tag50 identification when conducing his spoofing transactions, and fail to appear before a scheduled interview with staff.

Unrelatedly, Goldman Sachs & Co. LLC agreed to pay a fine of US $15,000 for entering into an exchange for risk on July 9, 2018, where the related positions allegedly did not have a “reasonable degree of price correlation” and “opposing market bias” to the exchange portion of the transaction and where in an exchange of option for option transaction the related component was not “reasonably equivalent” to the exchange element. Finally, Hong Yang agreed to pay a fine of US $25,000 and be suspended from access to all CME Group trading facilities for 30 days for permitting one or more persons to use his Tag50 identification for trading activity from October 9 through December 5, 2016.

For further information:

Based on Experience, CFTC Staff Makes Recommendations of Better Practices for FCMs’ and Swap Dealers’ Chief Compliance Officer Annual Compliance Reports:
https://www.cftc.gov/csl/19-24/download

CFTC FY 2019 Enforcement Annual Report Highlights High Percentage of Cases Aimed at Promoting Market Integrity:
https://www.cftc.gov/media/3081/ENFAnnualReport112519/download

NFA Proposes to Apply Rules Related to Discretionary Customer Accounts to Cleared Swaps; Reminds Exempt CTAs and CPOs to Affirm Exemptions:

Nonmember Sanctioned by COMEX for Spoofing and Misusing Tag50 Identification of Another Trader

Programmer for Flash Crash Spoofer Renews Motion to Dismiss CFTC Enforcement Action:

Registrant Penalized US $1 Million by CFTC After Finding and Fixing Inadvertent Short-Term Audio-Recording Breakdown:
https://www.cftc.gov/media/3086/enfgoldmansachs&co.llcorder112619/download

Renowned Ethereum Backer Criminally Charged for Purportedly Traveling to North Korea and Training on Use of Cryptocurrencies and Blockchain to Evade Economic Sanctions:
https://www.justice.gov/usao-sdny/press-release/file/1222646/download

SEC Again Proposes to Authorize Use of Derivatives by Registered Investment Companies:
https://www.sec.gov/rules/proposed/2019/34-87607.pdf
https://www.sec.gov/files/DERA_LETF_Economics_Note_Nov2019.pdf

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Katten Muchin Rosenman LLP | Attorney Advertising

Written by:

Katten Muchin Rosenman LLP
Contact
more
less

Katten Muchin Rosenman LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.