California Assembly Passes Strict Data Privacy Rules, Giving Consumers More Control

California consumers will have more control over their personal data than residents of any other state under a new law set to take effect Jan. 1, 2020, the Associated Press reports.

Under the law, companies must tell customers upon request what personal data they’ve collected, why it was collected and what categories of third parties have received it. Consumers will also be able to ask companies to delete their information and refrain from selling it.

The law, which is similar to the new privacy regulations applied in the European Union, may lead other states to make changes, says Cynthia Larose, a cybersecurity expert at the law firm Mintz Levin.

“It’s going to be impractical for companies to maintain two separate sets of privacy protections — one for California and one for everyone else,” says Larose, as quoted by the AP.

The move by California came after large breaches in recent years at Target, Equifax and other companies. Facebook also has faced intense criticisms amid revelations that Republican-linked consulting firm Cambridge Analytica collected data from millions of users without consent.

The bill gives companies the ability to offer discounts to customers who allow their data to be sold and charge those who opt out a reasonable amount based on how much the company makes selling the information. It also prohibits companies from selling data from children younger than 16 without consent.

Gov. Jerry Brown signed the measure just hours after lawmakers passed it with no dissenting votes in a last-minute scramble to persuade San Francisco real estate developer Alastair Mactaggart to remove a similar initiative from consideration for the November ballot. Mactaggart withdrew it shortly after the law was signed.

The bill will likely be amended before it takes effect.

Assemblyman Jay Obernolte of Hesperia, Calif., said he thinks the parts of the bill allowing people to sue companies over data breaches are too broad.

TechNet, a technology lobbying group, urged lawmakers to provide “meaningful privacy protections for Californians while also allowing all the benefits and opportunities consumers expect from U.S. technology to continue.”

Lateral Hiring of Law Firm Partners Changing Pyramid Structure

As the largest law firms ramp up efforts to lure partners away from their competitors, observers note that law firm partnership is a radically different prospect than it once was.

The largest U.S. law firm, Kirkland & Ellis, announced earlier this month that it was hiring a partner from competitor Allen & Overby. The reaction within London was ho-hum, indicating how routine poaching has become, a Financial Times commentator wrote in the May 16 edition.

Law partnerships were granted for life, it seemed, but now the market for lateral hires has heated up to the point that one firm, Freshfields Bruckhaus Deringer, passed reforms to retain partners by paying them six times more than their juniors.

“It is time to accept that the law business has moved on from the era of pyramid-shaped firms with small equity partnerships at the top and multitudes of junior lawyers below working all hours to join the elite,” writes John Gapper. Now, the pyramid is narrowing at the bottom and the rise of non-equity partners is widening the pyramid at the top.

Traditionally, especially in London, firms have given the same compensation to partners of similar age, a practice called lockstep. Lockstep is declining, and “true partnership is fading,” Gapper says.

The result of this is a shift in client-lawyer relationship, observers say. “People in this industry are oblivious to what is going on. A profound change is taking place in the nature of the social contract among the law firm, the lawyer and the client,” Bruce MacEwen, president of New York-based legal consultant Adam Smith, told the Financial Times.

Companies are increasingly taking on routine law work themselves and paying outside firms for only complex issues. But until about 10 years ago, corporations often turned over work on an entire transaction to a single firm that used lawyers on the path to partnership to do much of the heaving lifting. This system trained juniors to become partners, but now companies are “wary of overpaying juniors.”

As existing partners share more money and rewards, questions are being raised relating to who is training future leaders and whether firms built on lateral hires can survive. “True legal partnerships that develop all of their employees are built more sturdily. They were designed to work, and to keep on working, across generations. But the pyramids are not being built any more,” Gapper writes, in conclusion.

EY Reaches Settlement with Partner Who Alleges Sexual Harassment

New York-based EY (FY16 gross revenue of $11.2 billion) has reached a confidential settlement with Jessica Casucci, a tax partner who alleged that another EY partner sexually harassed and groped her in 2015 and that the firm didn’t take the matter seriously, the Wall Street Journal reported May 3.

Casucci filed a complaint in April with the Equal Employment Opportunity Commission. Her complaint stated that John Martinkat made inappropriate comments and grabbed and squeezed her at a conference in Orlando, Fla., in 2015 in front of other colleagues.

“Jessica Casucci and EY have reached a fair and equitable confidential settlement of this matter that involves Jessica leaving the firm,” EY said in a statement. “We are pleased to have reached this resolution.” The settlement was first reported by the New York Post.

Martinkat, who wasn’t part of the EEOC complaint, has been fired from EY, an EY spokesman said. He had been placed on administrative leave last month, around the time Casucci, a partner since 2014, filed her complaint in which she alleged that Martinkat had groped her, lifted her over his shoulder and made lewd and sexual comments during the incident.

Casucci said in the complaint that she was “terrified, upset and deeply offended” and that EY took little or no action against Martinkat when she reported the incident to EY in 2016. The firm showed a “lack of concern for sexual assault and harassment,” she said in the complaint.

He also said her career was damaged because she had to “completely reinvent her career,” by moving to a different EY team and specialty, and declining work on certain projects to avoid Martinkat.

Mandatory Partner Retirement Age Gets Scrutiny in Australia

The Australian arm of EY has decided to maintain its requirement that partners retire at 60.

CEO Tony Johnson told The Australian Financial Review that the decision was made after discussions with the firm’s partners, despite legal opinion that the clause violates the Age Discrimination Act.

“In consultation with elected representatives of the partnership, we recently considered the relevance of the retirement age and it was determined that it continues to operate as an appropriate marker to help partners plan and transition their lives financially and professionally,” he said. He added that “partner retirement and transition is also fundamental to effective succession planning across the organization.”

The Age Discrimination Act, which extends to partnerships, was introduced in 2004. It was widely believed that the law would eliminate mandatory retirement clauses. The Financial Review has been reporting that the clauses were often used at Big 4 accounting firms. KPMG agreements, for example, “expect” partners to retire at 58 and allows the CEO to determine if they continue beyond that age.

Questions were raised during a Senate inquiry into the future of work, during which an EY director, Louise Rolland, testified May 4. “The whole thing around EY’s situation, and I hope I’m not talking out of turn here, is that there has been a tradition in professional services firms to maintain a retirement age for partners,” she said.

Meagan Lawson, CEO of the NSW Council on the Aging, said the continued existence of retirement clauses among the big four had been a “genuine shock to me.”

“I think it’s clearly out of step with community standards at this point. We used to be a lot more accepting of sexual harassment too but we’re not anymore – and I think this is in the same vein.”

She said studies showed many people wanted to work beyond 60 and 65 and she was “genuinely surprised that people haven’t objected to this or taken action through the Age Discrimination Commissioner.”

EY Faces Sexual Harassment Complaint

New York-based EY (FY16 gross revenue of $11.2 billion) is facing a sexual harassment complaint from one of its partners, according to CNBC. Jessica Casucci, partner since 2014, claimed multiple senior colleagues had witnessed a male partner lift her up and sexually harass her at a conference in Orlando, but did nothing to stop him.

Casucci said in her complaint that she was subject to harassment by multiple partners at the firm in addition to the unwanted advances in Florida by a tax partner in 2015. She claims her career suffered after the incident, because she sought to distance herself from the partner by turning down projects and had to “completely reinvent her career.”

“In this day and age, when a woman shows the courage to stand up and complain about physical sexual harassment at work, one would expect her complaint to be treated with the utmost care and urgency,” says Casucci’s attorney, Michael Willemin.

In addition to the events at the Orlando conference, she alleged that another partner repeatedly asked her sexually inappropriate questions before a speaking engagement, while another employee regularly stared at and commented on women’s appearances, including Casucci.

EY said in response to the claim that it was “committed to a workplace free of discrimination and harassment of any kind. The individual who is the subject of the charge has been placed on administrative leave pending the completion of our investigation. We take all allegations of sexual harassment seriously.”

Consulting Now ‘Cash Cow’ for Big 4, Raising Conflict Questions

In the last five years, the Big 4 have come to rely on revenues generated from advisory services, but offering consulting and auditing services within the same firm is raising an old debate about conflict of interest.

As a group, the Big 4 accounting firms saw 42% of their global fiscal 2017 revenue come from consulting and advisory work. From 2012 to 2017, audit revenue grew by only 3%. Consulting and other advisory services grew by 44%, or from $39 billion to $56 billion, according to the Wall Street Journal.

“While consulting can be lucrative – it tends to be more customized, creative and driven by corporate clients than auditing is – the presence of the business at audit firms has been a concern for years,” writes reporter Michael Rapoport in the April 7 edition. “Investors fear it could cause the firms to take their eyes off the ball when it comes to their core auditing responsibilities and that it would be harder for an audit firm to be impartial if it is also reaping large consulting fees from the same client.”

The fears, raised during the early 2000s amid the demise of Enron and Arthur Andersen, are being revived in the U.K. Following Enron and other U.S. corporate accounting scandals, the Sarbanes-Oxley reform legislation prevented firms from providing many kinds of consulting services to audit clients. However, firms can still do both for clients outside the U.S., as well as provide consulting to any companies they don’t audit.

Now, following accounting scandals in the U.K., Stephen Haddrill, chief executive of the Financial Reporting Council, told the Financial Times that authorities should consider breaking up the Big 4, which audit nearly all the largest U.K. companies, so that corporate auditing is separated from consulting. That way, separate firms would only perform audits.

Deloitte and EY have voiced opposition. For example, Mark Weinberger, EY’s global chairman, says that having auditing and consulting together gives auditors easier access to technology and expertise about their clients’ businesses, the Journal reported. It “provides the structure, breadth and depth of technical skills and industry expertise necessary to deliver high-quality audits.” KPMG didn’t comment, but PwC’s U.K. firm said it was “open to ideas.”

While some industry observers think the move could improve audits while sparking competition, there’s been no push in the U.S. – at least lately – for audit-only firms, the Journal reports. The change would be complicated, as regulations differ from country to country. Also, Big 4 member firms in each country are legally separated from others in the same network.

IRS Reminds Taxpayers Cryptocurrency Income Is Taxable

Virtual currency transactions are taxable by law just like transactions in any other property. The IRS has issued guidance in IRS Notice 2014-21 for use by taxpayers and their return preparers that addresses transactions in virtual currency, also known as digital currency.

Taxpayers who do not properly report the income tax consequences of virtual currency transactions can be audited for those transactions and, when appropriate, can be liable for penalties and interest.

Virtual currency, as generally defined, is a digital representation of value that functions in the same manner as a country’s traditional currency. There are currently more than 1,500 known virtual currencies. Because transactions in virtual currencies can be difficult to trace and have an inherently pseudo-anonymous aspect, some taxpayers may be tempted to hide taxable income from the IRS.

Notice 2014-21 provides that virtual currency is treated as property for U.S. federal tax purposes. General tax principles that apply to property transactions apply to transactions using virtual currency. Among other things, this means that:

  • A payment made using virtual currency is subject to information reporting to the same extent as any other payment made in property.
  • Payments using virtual currency made to independent contractors and other service providers are taxable, and self-employment tax rules generally apply. Normally, payers must issue form 1099-MISC.
  • Wages paid to employees using virtual currency are taxable to the employee, must be reported by an employer on a form W-2 and are subject to federal income tax withholding and payroll taxes.
  • Certain third parties who settle payments made in virtual currency on behalf of merchants that accept virtual currency from their customers are required to report payments to those merchants on form 1099-K, payment card and third-party network transactions.
  • The character of gain or loss from the sale or exchange of virtual currency depends on whether the virtual currency is a capital asset in the hands of the taxpayer.

Doing Business in Europe? New Privacy Rules Go into Effect May 25

The General Data Protection Regulation (GDPR), which replaces the 1998 Data Protection Act, is a new series of privacy regulations that apply to anyone who stores or processes personal information of European Union citizens or residents, regardless of a company’s physical presence in Europe. An implementation deadline of May 25, 2018 has been set by the European Union, and North American firms who deal with clients overseas need to be in compliance or face hefty fines.

The GDPR defines personal information as anything that can be used to identify a person – an identification number, bank account number, or simply a name and email address. If personal data is involved in a data breach then the individual must be notified within 72 hours of discovery. Under the GDPR, individuals have other enhanced rights including:

  • The right to erasure, also known as the right to be forgotten. An individual has the right to request their data be deleted, including any backups or cloud storage.
  • The right to be informed. Firms are obligated to provide fair processing information, typically through a privacy notice, which is written in clear language rather than legal jargon.
  • The right to object. Individuals can object to the processing of their data and to direct marketing.

Organizations that process personal data must have a lawful basis for doing so. GDPR outlines six bases, including fulfilling a necessary contractual obligation for clients or obtaining explicit (rather than implied) consent. Firms must determine the lawful basis, and document it, before processing.

If one thing is clear about the GDPR, it’s that whatever you do, it must be documented. This documentation could be the duty of a Data Protection Officer (DPO), which organizations are required to appoint in some circumstances, such as when information is processed on a large scale. The DPO has responsibility for data protection compliance and is the first point of contact for any data protection activities. The GDPR allows for this position to be an existing employee, as long as there is no conflict of interest and the professional duties are compatible.

Questions your firm should be asking: 1) Is your privacy notice written clearly? 2) Do your processes uphold privacy by design? 3) Do you have a breach notification plan? 4) Do you engage a third party to process any personal data?

Those found in violation of the GDPR could be fined up to 4% of their annual revenue, or €20 million, whichever is greater. However, according to the European Commission, the most important aspect of the GDPR is that it allows for client trust and confidence that their sensitive personal information is being handled with appropriate care. Only 15% of people feel they have complete control over the information they provide online, the commission says.

Helpful resources:

New York Accountant Pleads Guilty in Stock Manipulation Scheme

Shaun Greenwald, president of a New York accounting firm, pleaded guilty before U.S. District Judge John Michael Vazquez to one count of securities fraud conspiracy and one count of tax fraud conspiracy.

From 2014 to 2016, Greenwald, Joseph Taub and others conspired to manipulate securities prices of numerous public companies by coordinating trading in dozens of brokerage accounts that they secretly controlled.

These “straw accounts” were held in the conspirators’ own names, the names of their family members and the names of entities they controlled. Many of the accounts were opened in the names of individuals who neither controlled the accounts nor traded the securities held in the accounts.

The fraudulent trades typically involved two types of straw accounts. First, a “winner account” purchased a large block of shares in a particular security. Next, a “loser account” placed multiple small orders in the same security to create upward pressure on the stock price. Once the price of the security moved higher due to the loser account’s manipulative orders, the conspirators sold their large position in the winner account and the shares from any executed trades in the loser account. While the loser accounts would generally lose money, the conspirators expected the gains from the winner accounts to more than make up for them.

Taub was one of Greenwald’s clients. As part of the scheme, Greenwald opened brokerage accounts in his name or entities that he controlled. However, the vast majority of the funding for these accounts was provided by Taub, which Greenwald concealed on the account opening forms.
Greenwald also admitted that he performed accounting services for the conspiracy, including calculated the taxes on profits made from the straw accounts. While Taub did provide the account holders funds for the taxes on his portion of the straw account profits, he failed to declare any of this income on his tax returns.

Each count to which Greenwald pleaded guilty is punishable by a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gross gain or loss from the offense. Sentencing is scheduled for June 5, 2018. Taub was charged by complaint on Dec. 12, 2016.

Study: SOX Regulations Not Enough to Overcome ‘Alumni Effect’ in Audits

New research shows that auditors are more accommodating to clients who once worked at a Big 4 firm, threatening auditor independence and professional skepticism.

The so-called “alumni effect,” was outlined in a paper published in the March issue Accounting Horizons, a journal of the American Accounting Association.

In the wake of high-profile accounting scandals at Enron, Global Crossings and other companies in the early 2000s, lawmakers passed the Sarbanes-Oxley Act (SOX), which banned accounting firms from performing audits if a top financial or accounting executive of the client was employed by the auditor during the preceding year. After all, top executives of Enron and Global Crossings were alumni of their companies’ external auditors.

However, the new research suggests that SOX is not effective in eliminating the threat to independence.

In a controlled experiment with three different conditions, audit managers assessed the potential impairment of goodwill. The study says: “The results indicate that auditors are more likely to make a judgment that agrees with the client’s position when the CFO is a former engagement partner from their firm, and are more confident in the CFO’s position when the CFO is a former Big 4 partner, whether from their own firm or another firm, than when the CFO is not identified as having any affiliation with any audit firm.”

The study says 76% adopt the client’s position if the client’s CFO is a former colleague at their Big 4 audit firm, while only 44% do so if the CFO is not. The alumni effect occurs even if it has been two years since the CFO left the audit firm, double the minimum required in the U.S.

“Obviously, a one-year or two-year cooling-off period is not enough to avoid the alumni effect, particularly if it requires overcoming social bonds that colleagues often develop,” says Michael Favere-Marchesi of Simon Fraser University’s Beedie School of Business, who was quoted in CFO.com. Favere-Marchesi conducted the study with Beedie colleague Craig Emby. “It may be that five or 10 years would be enough. Alternatively, it may be that audits of companies where a CFO or other higher-up is a former engagement partner should be banned entirely, as some research on auditor independence has suggested.”

These conclusions are based on an online experiment involving 140 managers of Big 4 firms in Canada and the U.S. The managers all received the same background information about a corporate client and its industry as well as a draft of the current year’s financial statement. Three experimental conditions were set regarding the CFO’s background, and the key issue was the valuation of goodwill, an asset on corporate balance sheets that arises when a firm purchases a company for more than the fair value of its net assets.

“Being told the CFO had formerly been a Big 4 partner inclined participants to agreement on goodwill impairment but not nearly as much as the alumni effect did,” CFO.com reported. “And least likely of all to be swayed were participants whose CFO had neither alumnus status nor Big 4 imprimatur.”

The study authors urge regulators for “a more robust cooling-off period covering a wider range of management positions,” noting that the possibility of a longer period has been raised by the SEC’s PCAOB.