SEC Issues Updated Disclosure Guidance on Cybersecurity

On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued updated interpretative guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The updated guidance reinforces and expands upon the prior guidance on cybersecurity disclosures issued by the SEC’s Division of Corporation Finance in October 2011. In addition to highlighting the disclosure requirements under the federal securities laws that public companies must pay particular attention to when considering their disclosure obligations with respect to cybersecurity risks and incidents, the updated guidance (1) emphasizes the importance of maintaining comprehensive policies and procedures related to cybersecurity risks and incidents, and (2) discusses the application of insider trading prohibitions and Regulation FD and selective disclosure prohibitions in the cybersecurity context. The guidance specifically notes that the SEC continues to monitor cybersecurity disclosures carefully through its filing review process.

Cybersecurity-Related Disclosures

Timely Disclosure of Material Nonpublic Information

In determining disclosure obligations regarding cybersecurity risks and incidents, companies should analyze the potential materiality of any identified risk and, in the case of incidents, the importance of any compromised information and the impact of the incident on the company’s operations. When assessing the materiality of cybersecurity risks or incidents, the SEC notes that the following factors, among others, should be considered:

  • Nature, extent, and potential magnitude (particularly as it relates to any compromised information or the business and scope of company operations), and
  • Range of possible harm, including harm to the company’s reputation, financial performance, customer and vendor relationships, and possible litigation or regulatory investigations (both foreign and domestic).

When companies become aware of a cybersecurity incident or risk that would be material to investors, the SEC expects companies to disclose such information in a timely manner and sufficiently prior to the offer and sale of securities. In addition, steps should be taken to prevent directors and officers (and other corporate insiders aware of such information) from trading in the company’s securities until investors have been appropriately informed about the incident or risk. Importantly, the SEC states that an ongoing internal or external investigation regarding a cybersecurity incident “would not on its own provide a basis for avoiding disclosure of a material cybersecurity incident.”

Risk Factors

In evaluating cybersecurity risk factor disclosure, the guidance encourages companies to consider the following:

  • the occurrence of prior cybersecurity incidents, including severity and frequency;
  • the probability of the occurrence and potential magnitude of cybersecurity incidents;
  • the adequacy of preventative actions taken to reduce cybersecurity risks and the associated costs, including, if appropriate, discussing the limits of the company’s ability to prevent or mitigate certain cybersecurity risks;
  • the aspects of the company’s business and operations that give rise to material cybersecurity risks and the potential costs and consequences of such risks, including industry-specific risks and third party supplier and service provider risks;
  • the costs associated with maintaining cybersecurity protections, including, if applicable, insurance coverage relating to cybersecurity incidents or payments to service providers;
  • the potential for reputational harm;
  • existing or pending laws and regulations that may affect the requirements to which companies are subject relating to cybersecurity and the associated costs to companies; and
  • litigation, regulatory investigation, and remediation costs associated with cybersecurity incidents.

The guidance also notes that effective communication of cybersecurity risks may require disclosure of previous or ongoing cybersecurity incidents, including incidents involving suppliers, customers, competitors and others.

MD&A of Financial Condition and Results of Operations

The guidance reminds companies that MD&A disclosure of cybersecurity matters may be necessary if the costs or other consequences associated with such matters represent a material event, trend or uncertainty that is reasonably likely to have a material effect on the company’s operations, liquidity or financial condition or would cause reported financial information not to be necessarily indicative of future results. Among other matters, the cost of ongoing cybersecurity efforts (including enhancements to existing efforts), the costs and other consequences of cybersecurity incidents, and the risks of potential cybersecurity incidents could inform a company’s MD&A analysis. In addition to the immediate costs incurred in connection with a cybersecurity incident, companies should also consider costs associated with:

  • loss of intellectual property;
  • implementing preventative measures;
  • maintaining insurance;
  • responding to litigation and regulatory investigations;
  • preparing for and complying with proposed or current legislation;
  • remediation efforts; and
  • addressing harm to reputation and the loss of competitive advantage.

The guidance further notes that the impact of cybersecurity incidents on each reportable segment should also be considered.

Business and Legal Proceedings

Companies are reminded that disclosure may be called for in the (1) Business section of a company’s SEC filings if cybersecurity incidents or risks materially affect a company’s products, services, relationships with customers or suppliers, or competitive conditions, and (2) Legal Proceedings section if a cybersecurity incident results in material litigation against the company.

Financial Statement Disclosures

The SEC expects that a company’s financial reporting and control systems would be designed to provide reasonable assurance that information about the range and magnitude of the financial impacts of a cybersecurity incident would be incorporated into its financial statements on a timely basis as the information becomes available. The guidance provides the following examples of ways that cybersecurity incidents and risks may impact a company’s financial statements:

  • expenses related to investigation, breach notification, remediation and litigation, including the costs of legal and other professional services;
  • loss of revenue, providing customers with incentives or a loss of customer relationship assets value;
  • claims related to warranties, breach of contract, product recall/replacement, indemnification of counterparties, and insurance premium increases; and
  • diminished future cash flows, impairment of intellectual, intangible or other assets; recognition of liabilities; or increased financing costs.

Board Risk Oversight

The securities laws require a company to disclose the extent of its board of directors’ role in the risk oversight of the company, including how the board administers its oversight function and the effect this has on the board’s leadership structure. To the extent cybersecurity risks are material to a company’s business, the disclosure should include the nature of the board’s role in overseeing management of that risk.

Cybersecurity-Related Policies and Procedures

Disclosure Controls and Procedures

The guidance encourages companies to adopt comprehensive policies and procedures related to cybersecurity and to regularly assess their compliance. Companies should evaluate whether they have sufficient disclosure controls and procedures in place to ensure that relevant information about cybersecurity risks and incidents is processed and reported to the appropriate personnel to enable senior management to make disclosure decisions and certifications and to facilitate policies and procedures designed to prohibit directors, officers, and other corporate insiders from trading on the basis of material nonpublic information about cybersecurity risks and incidents. Controls and procedures should enable companies to identify cybersecurity risks and incidents, assess and analyze their impact on a company’s business, evaluate the significance associated with such risks and incidents, provide for open communications between technical experts and disclosure advisors, and make timely disclosures regarding such risks and incidents.

The certifications and disclosures regarding the design and effectiveness of a company’s disclosure controls and procedures should take into account the adequacy of controls and procedures for identifying cybersecurity risks and incidents and for assessing and analyzing their impact. In addition, to the extent cybersecurity risks or incidents pose a risk to a company’s ability to record, process, summarize, and report information that is required to be disclosed in filings, management should consider whether there are deficiencies in disclosure controls and procedures that would render them ineffective.

Insider Trading

Companies and their directors, officers, and other corporate insiders should be mindful of compliance with insider trading laws in connection with information about cybersecurity risks and incidents, including vulnerabilities and breaches. The guidance urges companies to consider how their code of ethics and insider trading policies take into account and prevent trading on the basis of material nonpublic information related to cybersecurity risks and incidents. Specifically, the guidance suggests that as part of the overall investigation and assessment during significant cybersecurity incidents, companies should consider whether and when it may be appropriate to implement restrictions on insiders trading in their securities to avoid the appearance of improper trading during the period following a cybersecurity incident and prior to the dissemination of disclosure.

Regulation FD and Selective Disclosure

Companies are expected to have policies and procedures in place to ensure that any disclosures of material nonpublic information related to cybersecurity risks and incidents are not made selectively, and that any Regulation FD required public disclosure is made simultaneously (in the case of an intentional disclosure) or promptly (in the case of a non-intentional disclosure) and is otherwise compliant with the requirements of Regulation FD.


© 2018 Jones Walker LLP
This post was written by Monique A. Cenac and Brett Beter of Jones Walker LLP.

Supreme Court Limits Scope of Dodd-Frank Whistleblower Protections

On February 21, the US Supreme Court decided Digital Realty Trust, Inc. v. Somers (583 U.S. ____ (2018)), which resolved a circuit split related to whether the anti-retaliation provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, 124 Stat. 1376 (Dodd-Frank) extend to individuals who have not reported a securities law violation to the Securities and Exchange Commission and, therefore, falls outside of Dodd-Frank’s definition of a “whistleblower.”

Paul Somers alleged that Digital Realty Trust, Inc. (Digital Realty) terminated his employment shortly after reporting suspected securities-law violations to the company’s senior management. Somers filed a case in the US District Court for the Northern District of California (District Court) alleging that his termination amounted to whistleblower retaliation under Dodd-Frank. Digital Realty moved to dismiss the claim on the grounds that Somers did not qualify as a “whistleblower” for purposes of Dodd-Frank because (1) the statute defines a “whistleblower” as someone “who provides . . . information relating to a violation of the securities laws to the [SEC];” and (2) Somers failed to report the allegations to the SEC prior to his termination. The District Court denied Digital Realty’s motion and the Ninth Circuit affirmed on the grounds that Dodd-Frank’s whistleblower protections should be read to protect employees regardless of whether they provide information to the SEC.

Reversing the District Court and the Ninth Circuit, Justice Ruth Bader Ginsburg, writing for the Court, explained that Dodd-Frank’s whistleblower retaliation provisions do not extend to an individual who has not reported alleged securities law violations to the SEC. Citing Dodd-Frank’s definition of a “whistleblower,” the Court determined that the statute explicitly required an individual to report such violations to the SEC in order to receive whistleblower protections. The Court found this interpretation of the whistleblower definition to be corroborated by Dodd-Frank’s intended purpose of motivating individuals to report securities law violations directly to the SEC.

The text of the decision is available here.

©2018 Katten Muchin Rosenman LLP
Read more Litigation news on the National Law Review Litigation page.

Myths About Self-Consumption in MLMs

Recently, legislation has been introduced in Congress (the Blackburn-Veasey bill, H.R. 3409) that seeks to bring clarity and consistency to activities that distinguish illegal pyramids from legitimate multi-level marketing companies (“MLMs”).  A select few interest groups and certain regulators, who project a bias against MLMs, have spoken out against this legislation by relying on a false legal premise.

The false legal premise:  The opponents of the legislation, often non-lawyers, invariably make the bold assertion that for decades the courts have held that the critical difference between a legitimate MLM business and a pyramid scheme is that an MLM’s revenues must come primarily from the sale of products and services to retail customers unaffiliated with the business opportunity.  This assertion misrepresents the law.

The recently issued FTC Business Guidance Concerning Multi-Level Marketing[i] confirms the long-standing Koscot[ii]legal standard that a company is an illegal pyramid where “the payment by participants of money to the company in return for which they receive (1) the right to sell a product and (2) the right to receive in return for recruiting other participants into the program rewards which are unrelated to sale of the product to ultimate users.”[iii]

Critics of MLMs have argued that the italicized language means that the majority of an MLM’s revenue must come from product sales to persons who are not participants in the MLM.  They call these “retail sales,” implying that a “retail sale” does not include a participant buying her vitamins from her MLM company instead of CVS.  That is not what the Koscot opinion says.

Nor does the argument follow from the facts in Koscot.  There, the FTC found that the company was an illegal pyramid because high recruitment fees provided the primary basis for participant compensation.[iv]  The case did not turn on participants’ self-consumption of a large portion of the company’s product sales.  In fact, for over its first year of operation, the company had no products for its distributors to sell or consume.[v]

Shortly after Koscot, the case law clearly debunked the notion that self-consumption is the litmus test for determining if an MLM is an illegal pyramid.  After an exhaustive four-year investigation and extensive trial, the FTC ruled that Amway, the quintessential MLM, was not an illegal pyramid under the Koscot standard.[vi]  In doing so, the FTC acknowledged that a large portion of Amway’s products were “consumed by the distributors themselves rather than resold.”[vii]  

Did the FTC say that self-consumption by distributors were not sales to “ultimate users” as the term is used in Koscot?  No.  To the contrary, the FTC held that Amway was not an illegal pyramid even though its distributors self-consumed (that is, they were “ultimate users” of) a large portion of Amway’s product sales.

In re Amway is the seminal case for establishing that MLMs are not illegal pyramids where distributor compensation flows from product sales, including purchases by the distributors, that are not required as part of the cost to participate in the MLM.  Critics of MLMs often ignore In re Amway, or try to brush it aside with irrelevant distinctions, because it refutes their narrative that a large portion of product sales must come from purchases by non-distributors.

The MLM critics also tend to ignore another critical point in In re Amway:  “‘Pyramid’ sales plans involve compensation for recruiting regardless of consumer sales.In such schemes, participants receive rewards for recruiting in the form of ‘headhunting fees’ or commissions on mandatory inventory purchases by the recruits known as ‘inventory loading.’”[viii]These are the outcome-determinative factors in subsequent cases where companies were adjudged to be illegal pyramids.Yet anti-MLM advocates conflate and confuse these factors with dicta that was not outcome determinative.

Omnitrition[ix]is often misrepresented by those who would like to implicitly overrule In re Amway.  In Omnitrition, to become a “Supervisor,” a distributor was required to purchase thousands of dollars of product each month with only limited ability to return the product for a refund.  In other words, a large recruitment fee was disguised in the form of inventory loading.

The company defended itself by arguing it had written rules similar to those cited with approval in In re Amway.  The 9th Circuit noted a critical distinction:  Amway’s rules “served to encourage retail sales and prevent “inventory loading” by distributors.”[x]  Whereas, Omnitrition’s rules were weaker, and evidence was lacking that they actually worked.  While Omnitrition contains dicta that suggests purchases by distributors for their own use should not be considered “retail sales” to “ultimate users,” the Court’s decision turned on the company’s failure to prevent inventory loading.

MLM critics often seize upon and distort the dicta in Omnitrition to assert that the case established a legal requirement that a majority of an MLM’s sales must come from non-participants.  In fact, the 9th Circuit said no such thing.  Nor did the Court overrule or criticize In re Amway, where distributor self-consumption constituted a large portion of the company’s sales.  The Court repeatedly noted that in In re Amway the company actually “encouraged” retail sales.[xi]  The Court did not say that any particular amount of retail sales is required.

In the years following Omnitrition, repeated misrepresentations about the relevance of internal consumption by MLM participants led the FTC to issue an Advisory Opinion to clarify its position on the subject:

Much has been made of the personal, or internal, consumption issue in recent years. In fact, the amount of internal consumption in any multi-level compensation business does not determine whether or not the FTC will consider the plan a pyramid scheme.[xii]

The FTC further explained that “a multi-level compensation system funded primarily by payments made for the right to participate in the venture is an illegal pyramid scheme.”[xiii]  This Advisory Opinion was consistent with decades of case law where the sine qua non of an illegal pyramid scheme is that a participant’s compensation comes primarily from consideration paid by new participants for the right to participate in the enterprise, whether that consideration comes directly from registration fees or disguised as inventory loading.

Unable to refute the FTC Advisory Opinion, some MLM critics try to summarily dismiss it as “poorly worded”, and maintain their legal fiction regarding self-consumption by mischaracterizing subsequent FTC actions, such as BurnLounge, Vemma, and Herbalife.[xiv]  In fact, none of those actions support the MLM critics’ errant notions about internal consumption and sales to non-participants.

Nowhere in BurnLounge did the 9th Circuit say that a particular percentage of an MLM’s sales must be made to non-participants.  In fact, the Court explicitly rejected the FTC’s argument that “internal sales to other [participants known as Moguls] cannot be sales to ultimate users consistent with Koscot.[xv]  The Court also expressly noted that “when participants bought packages in part for internal consumption . . . , the participants were the ‘ultimate users’ of the merchandise.”[xvi]

What made BurnLounge’s Mogul program illegal is that a participant’s compensation actually came from mandatory music package purchases that were tied to an enrollment fee and were non-refundable in practice.  In other words, a participant’s compensation was dependent on the aggregate payments of new recruits to join the Mogul program.  Again, the 9th Circuit distinguished Amway’s MLM business model as legal because it conditioned rewards on voluntary product sales (including internal consumption) and not for “the mere act of recruiting,” and Amway’s rules discouraged inventory loading.[xvii] 

Vemma also does not support the narrative of MLM critics.  There, distributors were required to make large product purchases (a $600 initial purchase plus $150 per month); they were “very likely engaging in inventory loading”; and their bonuses were tied to purchases of products required to stay eligible for those bonuses.[xviii]  Those key findings convinced the court to issue a preliminary injunction.  But, citing BurnLounge, the court also noted that self-consumption by distributors are sales to ultimate users and do not prove that an MLM is a pyramid scheme.  As the 9th Circuit did in Omnitrition and BurnLounge, this court also distinguished Vemma from In re Amway because Amway enforced anti-inventory loading rules.[xix]

Herbalife involves a recent settlement between Herbalife and the FTC.  Any first year lawyer knows that a settlement agreement is not binding precedent on any other party.  The FTC also made this point clear in its 2004 Advisory Letter, where it explained that its consent orders “often contain provisions that place extra constraints upon a wrongdoer that do not apply to the general public. These ‘fencing-in’ provisions only apply to the defendant signing the order and anyone with whom the defendant is acting in concert. They do not represent the general state of the law.”[xx]  The FTC reiterated the same point again in its recently issued Guidance.[xxi]

Finally, the FTC’s new Guidance explicitly confirms that it is still correct “as stated in the 2004 ‘FTC Staff Advisory Opinion – Pyramid Scheme Analysis’ that ‘the amount of internal consumption does not determine whether the FTC will consider the MLM’s compensation structure unlawful.’”[xxii]

The foregoing discussion demonstrates that MLM critics rely on and advocate a false legal premise.  Decades of case law make it clear that internal consumption by MLM distributors constitutes sales to “ultimate users,” and is not a litmus test for an illegal pyramid.  Other court decisions[xxiii] and statute statutes[xxiv], which the MLM critics typically ignore, reach the same conclusion.

The Blackburn-Veasey bill (H.R. 3409) is consistent with decades of precedent that distributors’ purchases for their own consumption is a legitimate sale to an ultimate user.  The legislation also would provide new enforcement tools for the FTC to go after the type of inventory loading that was the crux of the pyramid findings in Omnitrition and Vemma.  Nor does the legislation restrict the FTC from stopping the BurnLounge type of registration-payment-based compensation scheme.  If the proposed legislation had been adopted prior to those cases, the ultimate decision in each case would not have changed.

What the proposed legislation would change is that, going forward, the federal courts would have a uniform legal standard for an illegal pyramid, and legitimate MLMs would not have to expend significant resources defending against lawsuits based on a false legal premise.

[i] Press Release, Fed. Trade Comm’n, FTC Staff Offers Business Guidance Concerning Multi-Level Marketing (Jan. 4, 2018),….

[ii] In re Koscot Interplanetary, Inc., 86 F.T.C. 1106, 1975 FTC LEXIS 24 (1975).

[iii] Id. at *166–67.

[iv] Id. at *162–64.

[v] Id. at *67–69.

[vi] In re Amway Corp., 93 F.T.C. 618, 1979 FTC LEXIS 390 (1979).

[vii] Id. at *95.

[viii] Id. at *97–98 (emphasis added).

[ix] See generally Webster v. Omnitrition Intern., Inc., 79 F.3d 776 (9th Cir. 1996).

[x] Id. at 783 (emphasis added).

[xi] Id. at 783–84 (emphasis added).

[xii] See Letter of James A. Kohm, Acting Dir. of Mktg. Practices at the U.S. Fed. Trade Comm’n, to Neil H. Offen, President of the Direct Selling Ass’n 1 (Jan. 14, 2004),….

[xiii] Id.

[xiv] FTC v. BurnLounge, Inc., 753 F.3d 878 (9th Cir. 2014); FTC v. Herbalife Int’l of Am., Inc., No. 2:16-cv-05217 (C.D. Cal. July 25, 2016); FTC v. Vemma Nutrition Co., 2015 U.S. Dist. LEXIS 179855 (D. Ariz. Sept. 18, 2015).

[xv] BurnLounge, Inc., 753 F.3d at 887.

[xvi] Id. at 887.

[xvii] Id. at 886.

[xviii] Vemma Nutrition Co., 2015 U.S. Dist. LEXIS 179855, at *11–13.

[xix] Id. at *4–8, *26–28.

[xx] Letter, supra note 13, at 3.

[xxi] Press Release, supra note 2.

[xxii] Id.  The Guidance discusses other factors that it will consider in evaluating MLMs, such as consumer demand, which raise new issues beyond the scope of this article.

[xxiii] See, e.g.Whole Living, Inc. v. Tolman, 344 F. Supp. 2d 739, 745–46 (D. Utah 2004) (“Defendants misread the relevant case law. A structure that allows commissions on downline purchases by other distributors does not, by itself, render a multi-level marketing scheme an illegal pyramid”); State ex rel. Miller v. Am. Prof’l Mktg., Inc., 382 N.W.2d 117, 120 (Iowa 1986) (“Although a supervisor or director obtains a commission by wholesaling to personal representatives and earns bonuses based on their output, these remunerations are directly related to products that are either consumed by the personal representatives or retailed to their customers.”).

[xxiv] See, e.g., Ga. Code Ann. § 16-12-38(b)(2); Idaho Code Ann. § 183101(6); Ky. Rev. Stat. Ann. § 367.830(5); La. Rev. Stat. Ann. § 51:361(1)(a); Mont. Code Ann. § 30-10-324(1)(b)(ii); Neb. Rev. Stat. § 87-302(12); Okla. Stat. tit. 21, § 1072(1)(a); S.D. Codified Laws § 37-33-8; Bus. & Com. § 17.461(1); Utah Code Ann. § 76-6a-2(1)(b); Va. Code Ann. § 18.2-239(1); Wash. Rev. Code Ann. § 19.275.020(1).

© Copyright 2018 Brinks, Gilson & Lione
This article was written by James R. Sobieraj of Brinks, Gilson & Lione

The Trump Administration Proposes A Budget Increase To Fight Healthcare Fraud

The Trump administration proposed a budget increase of 19 million to aid in the fight against health care fraud. This showcases the continued (and heightened) importance of anti-fraud programs, especially compared to the suggested $18 billion in cuts to other health-care related programs. If approved by Congress, the budget increase will result in an increase in fraud and employee investigations, which in recent years, has shown a good return on investment for the Federal government.

The remaining funds will go to the Health Care Fraud and Abuse Control Program (HCFAC). This program manages all federal, state, and local law enforcement activities linked to health-care fraud and abuse. This additional funding will be split between the Centers for Medicare & Medicaid Services, the Department of Justice and the Health and Human Services Office of Inspector General.

The budget proposal included several recommendations to Congress to help reduce the threat of fraud:

  • Cutting Medicare and Medicaid costs.
  • Punishing doctors or physicians filing claims with inadequate documentation.
  • Expanding Medicare’s previous program to include more services that have high risk for health fraud.
  • Permitting Medicaid Fraud to receive equal funds to investigate fraud in home-health care settings.
  • Halting the coverage and reimbursement of drugs prescribed to high risk patients or given by doctors with a history of overprescribing.

At a minimum, the proposal shows the Federal government’s continued emphasis on the importance (both financially and otherwise) of fighting non-compliant conduct. Providers should increase their compliance program efforts and ensure their programs are effective to minimize their risk of running afoul of applicable rules and regulations.

© Copyright 2018 Dickinson Wright PLLC
This article was written by Rose Willis of Dickinson Wright PLLC
For more Health Care news, check out our Health Law Twitter @NatLawHealthLaw

Democratic lawmakers seek information about reorganization of CFPB Office of Fair Lending

A group of Democratic Senators and House members have sent a letter to Mick Mulvaney and Leandra English expressing concern about Mr. Mulvaney’s announcement that he plans to reorganize the CFPB’s Office of Fair Lending (OFLEO).

Earlier this month, Mr. Mulvaney announced that he plans to transfer the OFLEOfrom the Supervision, Enforcement, and Fair Lending Division (SEFL) to the Director’s Office, where it will become part of the Office of Equal Opportunity and Fairness (OEOF).  At that time, Mr. Mulvaney stated that OFLEO “will continue to focus on advocacy, coordination, and education, while its current supervision and enforcement functions will remain in SEFL.”  The OEOF oversees equal employment, diversity, and inclusion at the CFPB, and has no enforcement or supervisory role.

In their letter, the Democratic lawmakers expressed concern that the reorganization will frustrate the CFPB’s efforts to protect consumers from unfair, deceptive, or abusive acts and practices and from discrimination.  They cited OFLEO’s role in “help[ing] design specialized oversight and support[ing] bank examiners in assuring that CFPB’s regulated institutions were complying with anti-discrimination laws” and in “work[ing] with the CFPB’s enforcement lawyers and the Department of Justice to bring lawsuits” when problems identified in examinations could not be resolved. They noted that OFLEO has “also counseled banks in their efforts to build good compliance systems” and comment that of the OFLEO’s functions to date, “only the counseling will be supplied after the reorganization, though in the absence of dedicated anti-discrimination enforcement, it’s not clear whether there will be continuing demand.”

The Democratic lawmakers seek written responses to the questions asked in their letter by March 1, 2018 as well as “a copy of all documents and communications relating to the decision to [reorganize the OFLEO].”  Among the questions asked by the lawmakers are:

  • Whether the CFPB performed “a legal analysis to determine whether stripping the OFLEO of its enforcement authority would hinder the CFPB’s ability to carry out its statutory mandate to provide oversight and enforcement of federal fair lending laws
  • How transferring the OFLEO to the Director’s Office will “modify the Bureau’s decision-making process with regard to enforcement and other actions to protect consumers from unfair discrimination”
  • Whether Mr. Mulvaney or any other CFPB employee discussed the reorganization before it was announced “with any outside entities—including lobbyists or representatives of the banking or financial services industry”
  • Whether the CFPB is considering any substantive changes to its approach to the enforcement of fair lending laws, including changes to the CFPB’s interpretation of such laws
Copyright © by Ballard Spahr LLP
This article was written by Barbara S. Mishkin of Ballard Spahr LLP
For more information on the CFPB, check out our finance twitter @NatLawFinance

SEC Announces Share Class Selection Disclosure Initiative

On February 12, 2018, the SEC Division of Enforcement announced the Share Class Selection Disclosure Initiative self-reporting initiative (the SCSD Initiative). The SCSD Initiative is in response to numerous enforcement actions filed against investment advisers for disclosure failures relating to advisers’ selection of mutual fund share classes that paid the adviser, or its related entities or individuals, a 12b-1 fee when a lower-cost share class of the same fund was available to clients.

Pursuant to Section 206(2) of the Investment Advisers Act of 1940 (the Advisers Act), advisers are prohibited from engaging in any acts or practices that operate as a fraud upon any client or prospective client. In addition, Section 206(2) imposes a fiduciary duty on investment advisers to act for their clients’ benefit and to make full disclosure of all material facts, including conflicts of interest. Furthermore, Section 207 of the Advisers Act makes it unlawful to willfully make any untrue statement of any material fact in a registration application or report filed with the SEC, or to willfully omit from such a registration application or report any material fact which should be included therein. Relying upon Sections 206 and 207 of the Advisers Act, the SEC recently pursued the numerous actions against investment advisers referenced above.

Who Should Consider Self-Reporting to the Division of Enforcement

The Enforcement Division describes a “Self-Reporting Adviser” as an adviser who received 12b-1 fees in connection with recommending, purchasing or holding 12b-1 paying share classes for its advisory clients when a lower-cost share class of the same fund was available to those clients, and failed to disclose “explicitly” in its brochure/brochure supplement(s) the conflict of interest associated with the receipt of such fees. The investment adviser received 12b-1 fees if:

  • It directly received the fees;
  • Its supervised persons received the fees; or
  • Its affiliated broker-dealer (or its registered representatives) received the fees.

So as to be sufficient, an adviser’s disclosure must clearly describe the conflicts of interest associated with making investment decisions in light of the receipt of 12b-1 fees, and selecting the more expensive 12b-1 fee paying share class when a lower-cost share class was available for the same fund. Additional information regarding adequacy of disclosures is provided in the various enforcement actions referenced in the announcement. In our third quarter 2017 Newsletter, DCS provides information regarding the administrative proceeding In the Matter of SunTrust Investment Services, Inc.,Investment Advisers Act Rel. No 4769 (September 14, 2017). Regarding the inadequacy of disclosures relating to 12b-1 fees retained by an adviser, the SunTrust Order provides the following:

STIS [SunTrust Investment Services] did not adequately inform its advisory clients of the conflicts of interest presented by its IARs’ share class selections and the receipt by STIS and the IARs of 12b-1 fees. STIS disclosed in its Form ADV Part 2A brochures for its investment advisory programs that STIS “may” receive 12b-1 fees as a result of investments in certain mutual funds and – for several STIS programs – that such fees presented a “conflict of interest.” However, STIS did not disclose in its Form ADV Part 2A brochures or otherwise that many mutual funds offered a variety of share classes, including some that did not charge 12b-1 fees and were, accordingly, less expensive for eligible investors. Moreover, STIS failed to disclose to affected clients that an IAR could purchase, hold, or recommend—and in certain instances did purchase, hold or recommend—mutual fund investments in share classes that paid 12b-1 fees to STIS, which STIS ultimately shared with its IARs as compensation, even though such clients also were eligible to invest in share classes of the same mutual funds that did not charge such fees and were less expensive.

When Must Investment Advisers Self-Report

To be eligible for the SCSD Initiative, an investment adviser must self report by notifying the Division of Enforcement by midnight EST on June 12, 2018. Notification can be made by email to or by mail to SCSD Initiative, U.S. Securities and Exchange Commission, Denver Regional Office, 1961 Stout Street, Suite 1700, Denver, Colorado 80294.

What Must Investment Advisers Self-Report

Within 10 business days from the date of its notification, an adviser must confirm its eligibility for the SCSD Initiative by submitting a completed questionnaire. Following is a summary of the information included in the questionnaire:

  • Identification and contact information;
  • To the extent applicable, identification and contact information for the affiliate broker-dealer;
  • Identification of the periods during which brochure(s) and brochure supplement(s) failed to include the necessary disclosures and copies of such forms;
  • The following information regarding each mutual fund that paid 12b-1 fees for investing or holding client assets (submitted in a provided Excel format):
    • Fund name;
    • Ticker symbol;
    • CUSIP;
    • Amount of year-end assets held by the adviser’s clients;
    • Total amount of 12b-1 fees incurred by the adviser’s clients (by each share class);
    • Amount of 12b-1 fees (if any) if the adviser’s clients assets had been invested in the lowest cost share class available;
    • Amount of 12b-1 fees in excess of the lowest cost share class;
    • Total 12b-1 fees received by the adviser, its supervised persons, an affiliated broker-dealer and/or the affiliated broker-dealer’s registered representatives; and
    • 12b-1 fees that the adviser plans to disgorge.
  • Any other facts that the adviser determines would be relevant to the Division of Enforcement’s understanding of the circumstances.

The Standardized Terms of Settlement

If an adviser meets the terms of eligibility for the SCSD Initiative and the Division of Enforcement decides to recommend enforcement action against the adviser, the following are the settlement terms to be recommended by the Division of Enforcement.

Types of Proceedings and Nature of Charges

The proceeding will be an administrative cease-and-desist proceeding under Sections 203(e) and 203(k) of the Advisers Act for violations of Sections 206(2) and 207 of the Advisers Act based on the adviser’s failure to disclose the conflict of interest. In an approved settlement, the adviser will neither admit nor deny the findings of the SEC.

Cease-and-Desist Order and Censure

The settlement will include an order to cease-and-desist from committing violations of Sections 206(2) and 207 of the Advisers Act, and a censure.

Disgorgement and Prejudgment Interest

The settlement will include disgorgement of the inappropriately received 12b-1 fees and prejudgment interest on such amounts. For eligible advisers, the Division of Enforcement will not recommend the imposition of a penalty.


Approved advisers will be required to acknowledge taking the following steps within 30 days of an approved settlement order:

  • Review and as necessary correct the disclosure documents;

  • Evaluate whether existing clients should be moved to a lower cost share class and move clients as necessary;

  • Evaluate, update if necessary and review for effectiveness the implementation of policies and procedures designed to prevent violations of the Advisers Act related to disclosures regarding mutual fund class share selection;

  • Notify all affected clients of the settlement terms; and

  • Provide to the SEC, no later than 10 days after completion, a compliance certification regarding the undertakings.

Individual Liability

The SCSD Initiative covers only advisers. The Division of Enforcement is providing no assurances as part of the program that individuals will be offered similar terms if they engaged in violations of federal securities laws. The Division of Enforcement may seek enforcement actions against such individuals and remedies beyond those provided for in the SCSD Initiative.

Entities That Do Not Take Advantage of the SCSD Initiative

For advisers that would have been eligible for the SCSD Initiative but did not participate, the Division of Enforcement expects in any proposed enforcement action to recommend additional charges and the imposition of penalties. The Division of Enforcement and the Office of Compliance Inspections and Examinations plan to continue to make mutual fund share class selection practices a priority.

© 2018 Dinsmore & Shohl LLP. All rights reserved.
This article was written by Kevin S. Woodard of Dinsmore & Shohl LLP
For more news on the SEC and other topics, check out our Finance Law Twitter @NatLawFinance

Documenting Backcharges on Construction Projects

It would be unusual for a large to medium scale construction project to be completed without the general contractor experiencing issues with at least some of its subcontractors or suppliers.

Under such circumstances, it is typical for back charges to be assessed by the general contractor against the subcontractor or supplier who failed to perform properly pursuant to the terms of their contract. If the possibility of litigation looms in the future concerning such issues, or even if it may not, it is suggested that the general contractor carefully document any potential back charges against the subcontractor or vendor.

The process discussed below will ensure that the back charges are appropriately documented and will give the general contractor the best chance of success in any potential future litigation or negotiations.

The most important issue that a contractor must be aware of when documenting back charges, is to provide appropriate notice to the subcontractor or vendor, as may be required by the terms of the subcontract. If the subcontractor is entitled to a time to cure any deficiencies, this opportunity must be given by the general contractor to the subcontractor or vendor. If the subcontractor properly cures the issue, than in that event, the matter is concluded. On the other hand, if the subcontractor or vendor fails to take remedial measures than the general contractor should take the following additional steps before assessing a back charge. It is important that these steps be carefully followed in order to provide the best chance of success in potential future litigation or negotiations.

The first thing that the general contractor should do is to notify the subcontractor or vendor in writing specifically what the issues are with the materials or services which were provided. This letter should spell out in great detail any and all issues with regard to the materials or services.

The next step is for the contractor to provide notice to the subcontractor or vendor and give them the ability to come to the project to inspect the purported issues prior to any remedial measures taking place. Once again, providing the opportunity to inspect is a very important step in this process.

The next step is to advise the subcontractor or vendor as to when the remedial measures will occur to remedy the deficient condition. This notification should be in writing and should also provide the subcontractor or vendor with the opportunity to be present to observe the remedial measures.

This may very well be the most important piece of documentation to be provided to the vendor or subcontractor and should be sent via certified, regular mail, or any other way in which the contractor can provide to the subcontractor or supplier.

While the remediation is proceeding, the general contractor should carefully videotape any and all remedial efforts, and take very detailed photographs with regard to the remediation process. It is also suggested that any and all invoices, timesheets, or other documents with regard to the back charge be stored in a separate folder and that all of these documents be provided to the defaulting subcontractor or vendor once the back charge work is completed.

The final step in the process would be to provide a complete back charge form to the vendor or supplier with all the relevant invoices which detail the total amount of the back charges. Thereafter, the contractor can deduct this amount from any amount which may be due the subcontractor or vendor.

This article was written by Paul W. Norris of Stark & Stark