Presentation on theme: "Wherefore the Breach? FINRA’s Losing Battle Enforcing Arbitrated Chinese-Wall Protections of Consumer Inventors Over Investment Banking Conflict of Interest."— Presentation transcript:
Wherefore the Breach? FINRA’s Losing Battle Enforcing Arbitrated Chinese-Wall Protections of Consumer Inventors Over Investment Banking Conflict of Interest Joseph Little, J.D., Saint Leo University Richard Kelso, M.B.A., Ph.D., University of South Florida David Persky, M.S., J.D., Ph.D., Saint Leo University Bryan Reagan, M.S., Ph.D., Saint Leo University
Security Policies Bryan Reagan, M.S., Ph.D., Saint Leo University
“… the term ‘security policy’ is widely abused to mean a collection of a managerialist platitudes…” Ross Anderson, Ph.D. Professor in Security Engineering at the University of Cambridge Security Engineering, page. 139
Two Most Popular Security Models Bell-Lapadula polices are based on military and intelligence community command structures. (Hierarchical/Vertical) Chinese wall policies are used to avoid allegations of conflict of interest within an organization. (Lateral/Horizontal)
Bell-Lapadula Security Model Based on a hierarchy of Security Clearances, based on central authority and concentrated power Currently used by Post WW II NATO Terminology in popular usage/culture Provides multi-level security but not multi-lateral Allow for circumstances such as the Wiki-leaks scandal for with Pvt. Bradley Manning (U.S. Army) was sentenced to 35 years imprisonment in August 2013.
Bell-Lapadula Model Requirements 1.Definition: Security Level – A relative raking of the level of the level of trust needed to access documents (information), or the trust given to an agent (person, program,) as specified by a set of fully ordered classes: Open < Confidential < Secret < Top Secret 2.Definition: Simple Security Principle – no agent may read a document of a higher security level. (a.k.a. No Read Up or NRU). 3.Definition: *-Property – no agent may write data to a lower level using information from a higher level (a.k.a. No Write Down or NWD).
Bell-Lapadula Security Levels Definition: Security Level – A relative raking of the level of the level of trust needed to access information, specified by a set of fully ordered classes. Open < Confidential < Secret < Top Secret All documents have a security level classification. All Agents (persons, software) also have security level clearances.
Bell-Lapadula Simple Security Definition: Simple Security Principle – no agent may read a document of a higher security level. (a.k.a. No Read Up or NRU ). A general has Top Secret clearance, and hence may read documents which are Open, Confidential, Secret, and Top Secret. A payroll clerk has Confidential clearance, and may read documents which are Open or Confidential, but may not read documents which are Secret or Top Secret.
Bell-Lapadula *-Property Definition: *-Property – no agent may write data to a lower level using information from a higher level (a.k.a. No Write Down or NWD ). An analyst is examining documents which are classified as Secret. Any report he generates from those documents must be classified as either Secret (same level) or Top Secret (up a level). A pay clerk is generating a spreadsheet from payroll data, which is confidential. That spreadsheet now must be considered confidential.
Code words & Compartmentalization The Bell-Lapadula model can be extended by adding code words (cell designations) to Top Secret clearance, so only processes with that codeword label may access that material. By default, processes (people) are locked out of cells until they are explicitly given access. For example, an Military Officer may have access to Top Secret information about a weapon system (code word Hellfire), but not access to the president’s travel itinerary (code word Golftour).
The Problem with Compartmentalization Employees with long careers, scan have access to a large number of code words/cells. For example, Aldrich Ames, a senior analyst at the CIA, had access to a large number of cells and was able to betray most of the U. S. agents operating within the Soviet Union (Anderson, 2001, p. 163).
Limiting Liability and Culpability The purpose of a Chinese Wall is to prevent allegations of conflict of interest, in the case of an organization which services clients who are in competition with each other, or insider trading in the case of financial institutions who may invest in clients (Brewer & Nash, 1989, p. 206). Was used in investment banking before discussed in Brewer and Nash’s paper in 1989.
Chinese Wall Security Policies In Chinese Wall Security Policies (lateral security policies): Clients/task are partitioned into groups which are assumed to mutually compete. Employees are assigned to at most one job in each group, and may never be assigned to another job in that group. Chinese Wall policies are based upon deliberate separation of power/information.
Chinese Wall Security Definition: Chinese Wall Security Policies have the following properties: 1.Definition: Chinese Wall Simple Security Principle – an agent may have access to a client’s documents if and only if it has not and may not access any of that client’s competitor’s documents. 2.Definition: Chinese Wall *-Property – an agent may only write a documents associated with a client if and only if it has not and may not read of documents associated with the client’s competitors.
Representation We say an agent may represent a client if it may read and write documents associated with that client while following the Chinese Wall Simple Security Principle and Chinese Wall *-Property. An agent represents a client if it actually accesses the client’s documents and follows the Chinese Wall Simple Security Principle and Chinese Wall *-Property.
“Heisenberg” & “Marriage” Effects By default, any employee can potentially access any document if he has never accesses a competitors documents. Once an employee has accessed a document, they are now forever committed to never access a document of one of that companies competitor. Hence employees are now forever committed to that client and must forsake all others in that sector.
FINRA What is it? David Persky, M.S., J.D., Ph.D., Saint Leo University
FINRA The largest independent regulator for all securities firms doing business in the United States Headquarters: Washington, D.C. Employees: 3,400 Firms regulated: 4,070 Registered reps regulated: 636,710 Regional offices in 20 cities
FINRA mission: Protect investors by making sure the United States securities industry operates fairly and honestly; maintain fairness in the U.S. capital market Provide regulatory oversight for all securities firms that do business with the public Provide professional training, testing and licensing of registered persons
FINRA Mission, cont’d. Arbitration and mediation (ADR) Market regulation, by contract, for NYSE, NASDAQ, American Stock Exchange LLC and International Securities Exchange, LLC and industry utilities.
FINRA Regulatory activities: Trading in equities, corporate bonds, securities futures and options Licensing individuals and admitting firms to the industry Writing and enforcement of rules Examining firms for compliance with rules; deter misconduct and help firms pre-empt risk and stay in compliance
FINRA Educate investors for investor protection and market integrity Provide the essentials so investors can make informed, wise financial decisions and avoid financial fraud Provide trade reports
FINRA Nearly 6 Billion shares traded in U.S. equities markets monitored daily 30 Billion transactions processed daily to build as complete picture of market trading in U.S. as possible
FINRA Discipline & enforcement: 2014: 1,397 disciplinary actions; fines levied totaling $134 million; restitution to harmed investors in the amount of $32.3 million
FINRA Disciplinary Actions: Broker permanently barred from industry: Took $89,000 from elderly customer’s account Authorized to pay client’s rent and other expenses 36 checks written to himself w/o customer’s knowledge and deposited funds into his personal account
FINRA Disciplinary Actions: Broker barred from industry: - converted more than $924,750 from customer’s trust account w/o client’s knowledge or permission - funds transferred to broker’s daughter’s account - funds used for broker’s family’s personal benefit - provided false documents: daughter was related to client
FINRA Disciplinary Actions: (cont.) Broker converted funds from brokerage account of clients: his parents barred by FINRA and ordered to repay $1.45 million, plus interest in restitution to parents funds transferred into accounts in broker’s name convinced his parents to agree to sell securities to purchase an annuity and used funds for other purposes.
FINRA: other services Central Registration Depository: Central database of records for all firms and individuals involved in the U.S. securities industry BrokerCheck: database where investors can research professional backgrounds of current and former FINRA registered brokerage firms and brokers
FINRA - Ombudsman Assists in the resolution of issues/concerns for all parties Designated neutral and promotes fair processes and fair administration of the processes All proceedings are confidential
FINRA vs. Citigroup A case study of failed enforcement of Chinese-Wall security measures to combat conflicts of interest Joseph Little, J.D., Saint Leo University
The Problem Conflicts of interest: No wall exists. Citigroup research analysts offering different stock research/advice to institutional clients vs. private clients. Favoritism/selective disclosures
The Problem Continues Insufficient supervision of communication Analysts promoting stocks of companies that do business with investment banking. Result: millions lost by small, private clients of the company. Analysts helping with IPO presentations
The Proposal A foundation is laid: Let’s build a wall. 2003 court settlement- analysts barred from communicating with bankers unless accompanied by a compliance officer. Software designed to create cyber wall.
The Result The wall is built, but the wall is “porous”. Citigroup admission-inadequate guidance for “permissible communications” with bank clients. Differing, nonpublic research selectively shared in “idea dinners” with analysts/select clients.
Tools For More Effectiveness Third-party compliance monitoring Discipline sufficient to deter repeat violations- prosecution referrals to SEC Limitation of settlements without Admission or denial of accusations
Communications and Ethics in Insider Trading Richard Kelso, M.B.A., Ph.D., University of South Florida
Insider Trading Undermines the securities marketUndermines integrity of the companyCan cost billions of dollars
Chinese Wall B E C D A The ethical barrier between different divisions of a financial (or other) institution to avoid conflict of interest. The "wall" is thrown up to prevent leaks of corporate inside information Non-public leaks could influence the advice given to clients making investments Clients must be able to trust in Chinese Walls Might allow staff to take advantage of facts that are not yet known to the general public
Solutions 1 Compliance Officer Independent Third Party Salary not based on Firm’s Income Monetary Incentive 2 Ethics and Compliance Training Mandatory for ALL employees Eliminate Accidental Insider Trading Strengthens Reputation 3 Zero Tolerance Policy Contract terminated without pay Fear-tactic Policy written into new contracts “The Chinese Wall prevents insider trading!” —Nobody
Thank You Joseph Little, J.D., Saint Leo University Richard Kelso, M.B.A., Ph.D., University of South Florida David Persky, M.S., J.D., Ph.D., Saint Leo University Bryan Reagan, M.S., Ph.D., Saint Leo University