The SEC recently extracted a settlement from a hedge fund that raises difficult compliance-related questions for investment advisers. On August 21, 2017, Deerfield Management Company L.P. (“Deerfield”), a hedge fund and registered investment adviser, paid approximately $4.6 million to settle SEC charges that Deerfield failed to create and enforce policies and procedures reasonably designed to prevent the misuse of material, nonpublic information in violation of Section 204A of the Investment Advisers Act of 1940. The allegations centered on confidential information that Deerfield analysts had obtained from a political intelligence firm. The SEC had previously charged certain of those analysts with insider trading which is likely why the SEC took an aggressive posture with the firm.

The SEC ignored the concept of risk-based compliance controls

Although Deerfield had extensive compliance controls concerning interactions with experts from “expert networks,” the controls were less robust for dealings with more general types of research firms, such as political intelligence firms. Expert networks are companies that have affiliations with experts in various types of industries, some of whom may work at public companies. Expert networks make their experts available for consultation in return for a fee. When engaging with experts from expert networks, Deerfield’s compliance controls included conducting due diligence to evaluate the expert network’s compliance controls, providing oral admonitions to the expert not to disclose inside information, and summarizing the interaction in an internal database. In contrast, when engaging with research firms, Deerfield only required its analysts to demonstrate that the research firms “observe policies and procedures to prevent the disclosure of material non-public information.”  Deerfield’s compliance manual did not specify how this was to be done. Moreover, Deerfield employees were expected to identify potential issues of concern and report them to supervisors.

A few years ago the SEC scrutinized several hedge funds for using expert networks as a way to attempt to gain material, nonpublic information about the employers of certain of the experts.1 Therefore, it is not surprising that Deerfield, like many hedge funds, implemented enhanced controls around the use of expert networks. Indeed, the SEC surely would have criticized Deerfield had the firm not done so.

One of the bases for alleging that Deerfield’s controls were deficient with respect to consultations with research firms, including political intelligence firms, was that the controls were not as rigorous as the controls for consulting with expert network firms. Pointing to the heightened controls in place for utilizing the services of expert networks as a way of demeaning the controls in place for research firms seems like a false, misleading and troubling comparison. Unlike expert networks, research firms do not retain the services of other individuals employed by public companies, who often have access to their employer’s material, nonpublic information. As the risks of utilizing research firms and expert networks are fundamentally different, one would naturally expect that the control structures would also be different.

The charges are not consistent with the factual allegations

The SEC contended that Deerfield did not enforce its policies and procedures with respect to the engagement of a political intelligence firm (the “Research Firm”) because Deerfield supposedly ignored several purported red flags that suggested the Research Firm might be improperly sharing material, nonpublic information with Deerfield analysts. One such red flag was the fact that the Research Firm’s Chief Compliance Officer was also its political intelligence analyst. Despite the conflict of interest created by a Chief Compliance Officer overseeing their own work, Deerfield continued to work with the Research Firm.

The SEC also alleged that several communications with the Research Firm, which were forwarded to Deerfield management, including the Chief Compliance Officer and General Counsel, were red flags because they contained potential insider information. A careful reading of the selected examples, however, raises questions as to whether the emails actually were suggestive of the Research Firm providing material, nonpublic information in breach of confidentiality obligations. For example:

  • In July 2010, the Research Firm emailed several Deerfield analysts about a forthcoming Centers for Medicare and Medicaid Services (“CMS”) regulation, saying, “ . . . I just heard from a reliable CMS source the reg is likely coming out today after 4pm.”  Noticeably absent from the SEC’s allegations was any suggestion that the Research Firm had obtained and/or communicated the substance of the not-yet-released regulation.
  • In September 2010, a Deerfield analyst circulated a summary of a conversation he had with the Research Firm. The analyst noted that the Research Firm had a contact on the inside of a closed-door meeting, and that certain government regulations would be announced in 2011 to be implemented in 2012. The SEC did not explain how the Research Firm stating that regulations would be announced within the following year with an effective date another year after that constituted material, nonpublic information.
  • In September 2011, a Deerfield analyst emailed the Research Firm regarding an anticipated coverage decision by Medicare, asking, “Is it already public or did you just hear about it from CMS guys?”  The SEC did not allege that this information was non-public.

Far from being indicative of the Research Firm providing sensitive information in breach of confidences, the emails seem more consistent with a political intelligence firm providing insight derived from general market intelligence that it had been able to gather. It is hardly surprising that these three isolated emails did not trigger alarm bells within Deerfield’s management. This demonstrates the real risk of the SEC being willing to twist emails and other documents out of context to try to force a settlement as regulated entities, such as hedge funds, are often reluctant to litigate against their regulators.

The SEC further alleged that other communications between Deerfield and the Research Firm contained material, nonpublic information that resulted in trading activity by Deerfield. For example:

  • In May and June 2012, the Research Firm provided Deerfield analysts with specific information about confidential CMS plans to cut Medicare reimbursement rates for certain radiation oncology treatments. Deerfield then shorted the stock of two companies that offered products and services related to radiation oncology, resulting in a profit after CMS publically announced the rate cut.
  • In May and June 2013, the Research Firm provided Deerfield analysts with specific information regarding a proposed 12% reduction in Medicare reimbursement rates for certain kidney dialysis treatments, services and drugs. Deerfield then shorted the stock of a company that offered products and services related to kidney dialysis, resulting in a profit after CMS publically announced the 12% cuts.
  • In November 2013, the Research Firm then provided Deerfield with specific information regarding confidential CMS plans to implement the above-mentioned 12% cut over a four-year period, instead of at one time. Deerfield bought shares in a company that provided products and services related to kidney dialysis. The decision to phase-in the cuts over a 4-year period was received positively by the market, so Deerfield profited after CMS publically announced the plan.

As a result of this alleged insider trading, Deerfield realized almost $4 million in profits from May 2012 to November 2013. Deerfield agreed to a civil money penalty of $3,946,267, disgorgement of $714,110, and prejudgment interest of $97,585.

While the above emails may be suggestive that the Deerfield analysts engaged in insider trading, they do not support the allegation that Deerfield did not enforce its policies and procedures because there is no indication that Compliance personnel or others in management knew or should have known of the emails. The SEC alleged that Deerfield’s controls were flawed because Deerfield required its employees to self-report incidents of third parties improperly sharing information with them. That reasoning is seriously flawed. The SEC would surely be quick to fault any adviser’s policies that did not require employees to report instances of potential wrongdoing.

Moreover, the SEC’s allegation on this point is undercut by the comparison to Deerfield’s policies with respect to expert networks, which required analysts to describe their interactions with expert networks in a database. The SEC specifically praised Deerfield’s expert network’s policy for this feature. Aside from such data input necessarily being subjective and dependent on the employee’s discretion and accurate self-reporting, it is implausible to believe that an analyst who was going to engage in illegal insider trading would then consciously create a company record essentially confessing to the fact that he/she was receiving material, nonpublic information from a third party.

The practical reality of this enforcement action appears to be that the SEC was looking to for a way to hold Deerfield accountable for what the SEC believed to be illegal tipping and trading by the Research Firm and Deerfield analysts, respectively. In order to back into a theory of liability against the firm, the SEC apparently took a creative and aggressive view of evidence to justify bringing an enforcement action.

Practical implications for investment advisers

The manner in which the SEC justified bringing this enforcement action raises some difficult and troubling questions for investment advisers. Specifically, if an adviser is supposed to tailor its compliance policies and procedures to address known risks and areas of regulatory concern – as Deerfield did with expert networks – how does the adviser prevent the SEC from arguing that the adviser’s compliance controls were unreasonably designed because violations occurred in other parts of the business that did not present the same types of elevated risks? 2

While the SEC took a dim view of Deerfield’s alleged reliance on self-reporting by analysts, self-reporting is a necessary component of most compliance programs. To protect against scrutiny and second-guessing, advisers should provide regular training on their policies, including helpful tips and suggestions on what to look for and what to do. Including such practical guidance in the compliance manual is another technique that can create favorable impressions with the SEC. Finally, advisers would be well-served to implement practices that demonstrate they are actively looking for indicia of potential policy violations, such as targeted electronic communication reviews that may be focused not only on key words, but tied to timely trades.

1 See, e.g., SEC Charges Hedge Fund Firm CR Intrinsic and Two Others in $276 Million Insider Trading Scheme Involving Alzheimer’s Drug, U.S. Sec. & Exch. Comm’n Press Release (November 20, 2012), available at; see also SEC Charges Hedge Fund Managers and Traders in $30 Million Expert Network Insider Trading Scheme, U.S. Sec & Exch. Comm’n Press Release (February 8, 2011), available at

2 Regulators have often emphasized the importance of risk-based compliance protocols. See, e.g., Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the Compliance Week Conference, U.S. Dep’t of Justice (May 19, 2015), available at; see also U.S. Dep’t of Justice and U.S. Sec. & Exch. Comm’n, A Resource Guide to the U.S. Foreign Corrupt Practices Act at 56 (2012), available at