Category: Securities Law

Changes to Conditions of SEC Rule 10b5-1 Obligations

New amendments to insider-trading regulations are about to go into effect. SEC Rule 10b5-1 has long provided an affirmative defense to insiders who trade under a written plan adopted in good faith and who lack material nonpublic information (MNPI).

Over the years, pundits have noticed that trades under Rule 10b5-1 plans have been unusually profitable, suggesting that some insiders might have misused these plans. As a result, in December 2022, the Securities and Exchange Commission announced amendments and new disclosure requirements to address perceived abuses. Below are the significant provisions that go into effect on February 27, 2023.

New Good-Faith Requirements

Companies have always had to act in good faith when they adopt a Rule 10b5-1 plan. The new amendments extend that obligation, requiring insiders to continue to act in good faith throughout the duration of the plan. See 17 C.F.R. § 10b5-1(c)(1)(ii)(A). This means that insiders not only need to act in good faith when creating a plan but also have an obligation to avoid opportunistic trades or timing disclosures that coincide with trades under the plan.

While this is a heightened requirement, it is not clear who will bear the burden of pleading good faith during any ensuing litigation. The regulation is framed as an affirmative defense, but at least one court had previously interpreted the old regulation as placing the burden on the plaintiff to plead facts specifying that a plan was not entered into in good faith or was part of a plan to evade the regulations. [1] It is not clear how courts will interpret the new regulation and whether they will require a pleading of scienter or bad faith for this new obligation.

Director and Officer Certifications

Directors and officers must now certify that (1) they are unaware of any material nonpublic information about the security or issuer and (2) they are adopting the plan in good faith and not as a part of a plan or scheme to evade the regulations.

Cooling-Off Periods

The amendments impose various “cooling-off periods” for trades under Rule 10b5-1 plans, which could vary based on the identity of the trader. These “cooling-off periods” start when a company adopts a new plan or modifies a plan to alter the sale or purchase price, the ranges, the amount of securities sold or purchased, or the time of the trades.

Directors or officers cannot trade under a plan until the later of (a) 90 days after the plan’s adoption or after certain modifications or (b) two business days after filing a Form 10–Q or Form 10–K [2] that discloses the financial results of a quarter in which the plan was adopted or modified (subject to no more than 120 days). Anyone else (non-officers or non-directors) faces a 30-day cooling-off period after any adoption or modification of a plan. [3]

Multiple or Overlapping Plans

A Rule 10b5-1 defense will not be available to anyone who enters multiple or overlapping plans at the same time. This prohibition includes three exceptions:

First, a series of separate contracts with different broker-dealers acting on behalf of a non-issuer may be treated as a single plan if the plans, taken together, meet the regulation’s other conditions.

Second, a non-issuer may enter into one subsequent plan for the purchase or sale of any security of the issuer on the open market. But trading cannot begin until after all trades under the earlier starting plan are completed or expired, pending the effective cooling-off period.

Third, eligible sell-to-cover transactions will not be considered outstanding or additional plans under this section. The SEC defines an eligible sell-to-cover transaction as a contract, instruction, or plan that “authorizes an agent to sell only such securities as are necessary to satisfy tax withholding obligations arising exclusively from the vesting of a compensatory award, such as restricted stock or stock appreciation rights, and the insider does not otherwise exercise control over the timing of such sales.”

Single-Trade Plans

The final condition imposed by the amendment is the addition of § 10b5-1(c)(1)(ii)(E), which limits the affirmative defense for non-issuers to one single-trade plan designed to affect the open-market purchase or sale of the total amount of securities as a single transaction during a twelve-month period. As with the prior condition, this regulation does exclude eligible sell-to-cover transactions.

Takeaways

Companies, directors, and officers who intend to use a Rule 10b5-1 plan to insulate themselves from accusations of insider trading need to revisit their plans. They need to ensure that the plan articulates a cooling-off period and that the plan includes the director-officer certification. Participants in the plan need to ensure they are conducting themselves in good faith, that they are not joining multiple competing plans during the same period, and that they are abiding by the new restrictions on single-trade plans. Rule 10b5-1 is a powerful tool to insulate insiders from liability, and it is imperative to align these plans with the new regulations.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

For more Financial, Securities & Banking legal news, click here to visit the National Law Review.

ENDNOTES

[1] Arkansas Pub. Emps. Ret. Sys. v. Bristol-Myers Squibb Co., 28 F.4th 343, 356 n.4 (2d Cir. 2022).

[2] Foreign issuers, Form 20-F or Form 6-K.

[3] The SEC did not impose cooling-off periods on issuers but has suggested that it is investigating whether such a period is appropriate.

Australia: ASIC Reveals 2023 Enforcement Priorities

The Australian Securities and Investments Commission (ASIC) has revealed its key enforcement priorities for 2023. This year, ASIC has signalled an expanded focus on enforcement activity targeting:

  • sustainable finance practices and disclosure of climate risks;
  • financial scams;
  • cyber and operational resilience; and
  • investor harms involving crypto-assets.

In its release, ASIC has emphasised that the regulator’s prioritisation of monitoring in these areas intends to “address misconduct, market integrity threats and consumer harms in sectors including financial services, retail and crypto-assets.”

The warning coincides with this month’s release of ASIC’s enforcement and regulatory report that highlights the major uptick in enforcement and regulatory actions taken by ASIC during the last half of 2022, including:

  • 173 criminal charges being laid and $76.3 million in civil penalties imposed;
  • heightened action against money laundering risks;
  • the issuance of 22 design and distribution obligations (DDO) stop orders to prevent consumers and investors being targeted by products inappropriate to their objectives, financial situation and needs; and
  • the regulator’s first action for greenwashing and consequential issuance of infringement notices for misleading sustainability-related statements.

Another priority of ASIC for the coming year is to increase its transparency to industry and streamline its interactions with the entities it regulates. For the first time, ASIC has released a regulatory developments timetable setting out projected timeframes for ASIC regulatory work, such as the publication of draft or final guidance, and the anticipated making of a legislative instrument. ASIC’s release of these key enforcement priorities and regulatory developments timetable gives us a clear indication of ASIC’s intention to continue its heightened level of surveillance and enforcement action into 2023.

Article By Matthew J. Watts and Rebecca Mangos of K&L Gates

For more securities legal news, click here to visit the National Law Review.

Copyright 2023 K & L Gates

Was This The Least Transparent Report In SEC History?

Professor Alexander I. Platt at the University of Kansas School of Law has just released a draft of a forthcoming paper that takes the Securities and Exchange Commission to task for the lack of transparency in its whistleblower program, Going Dark(er): The SEC Whistleblower Program’s FY 2022 Report Is The Least Transparent In Agency History.  As Professor Platt notes in a footnote, I have been complaining about the whistleblower’s lack of transparency since at least 2016.  See Five Propositions Concerning The SEC Whistleblower Program.  Last summer, I observed that “There is certainly no dearth of irony in a federal agency dedicated to full disclosure cloaking in secrecy a billion dollar awards program”.

Professor Platt offers four possible reasons for the SEC’s lack of transparency: (1) resource constraints; (2) lack of respect for public participation and accountability; (3) data problems; and/or (4) an intent to bury something controversial or embarrassing.  My concern is, and has been, that whatever the reason(s), the SEC’s lack of transparency creates an ideal substrate for fraud.  Unless the SEC drops its cloak of secrecy and exposes its whistleblower program to public scrutiny, it is highly likely that the next article will be about how the whistleblower program was used and abused.

Article By Keith Paul Bishop of Allen Matkins Leck Gamble Mallory & Natsis LLP

For more SEC and securities legal news, click here to visit the National Law Review.

© 2010-2023 Allen Matkins Leck Gamble Mallory & Natsis LLP

Caremark Liability Following the SEC’s New ESG Reporting Requirements

Recent developments in the Court of Chancery concerning a corporate board’s duty to monitor and provide oversight over a corporation’s operations, so-called Caremark claims, are likely to intersect with the Securities and Exchange Commission’s (“SEC”) proposed new ESG disclosure obligations to create a new category of corporate risk.  In this article, we discuss the recent trends in Delaware law that have led to a revitalization of Caremark and the SEC’s current proposals for enhanced ESG disclosure, the intersection of which can be expected to result in litigation and other corporate risk, and some commonsense steps corporations can take to mitigate this potential new category of risk.

The “Caremark” Doctrine

One of the more notable developments in Delaware case law in recent years has been the revitalization of “Caremark duty” claims.  Caremark actions traditionally were notoriously difficult to plead—in explaining the doctrine, the Chancery Court famously called it “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”  In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 967 (Del. Ch. 1996). In recent years, however, the Delaware courts have breathed new life into the Caremark doctrine by allowing these types of claims to proceed to discovery.

Specifically, the Caremark doctrine was returned to potency in 2019 following the Delaware Supreme Court’s decision in Marchand v. Barnhill, 212 A.3d 805 (Del. 2019).  Although Marchand did not change the Caremark standard, it demonstrated the Delaware courts’ greater willingness to permit Caremark claims to pass the motion to dismiss phase if they could be plausibly pled.  Marchand ultimately laid the groundwork for a number of subsequent rulings demonstrating the renewed vitality of Caremark claims—not only have at least four Caremark suits survived a motion to dismiss since Marchand, but there are also several ongoing Caremark suits in Delaware.

Under Caremark, there are two distinct types of claims.  The first type concern a board’s failure to implement a system of controls to prevent some unlawful misconduct that occurred.  The second type of claims concern a failure to monitor by the directors.  It is imperative, therefore, that boards focus on:  (1) establishing adequate information and reporting systems to monitor “mission critical” aspects of their company’s business; and (2) monitoring those systems once in place.

The SEC’s Proposed New Climate-Related Disclosures

On March 21, 2022, the SEC proposed new rules requiring companies to report extensive line-item disclosures on climate-related ESG issues, entitled: “The Enhancement and Standardization of Climate-Related Disclosures for Investors.”  If implemented as written, the proposed rules would require registrants to make significant additional disclosures regarding the impact of climate-related risks on their business.

Among other things, under the proposed rules, registrants would be required to disclose:

  1. Greenhouse gas (“GHG”) emissions, regardless as to whether those emissions are deemed material by the company.  Emissions would now be reported by “scope” or type.

  2. “Climate-related risks” that are “reasonably likely to have a material impact,” including climate-related conditions and events that impact financial statements, business operations, or value chains.

  3. Governance disclosures related to climate risk, including how the board and management assess and manage these climate-related risks.

  4. Any targets or goals related to the reduction of GHG emissions.

These proposed new rules are part of the Biden Administration’s efforts to “advance consistent, clear, intelligible, comparable, and accurate disclosure of climate-related financial risk.”  Yet the sheer breadth, specificity, and complexity of the proposed rules would result in one of the most profound changes to public companies’ disclosure obligations in the history of the SEC.

Additional Caremark Exposure

The SEC’s climate-related disclosure rules will likely fuel ESG-related Caremark claims.  In particular, heightened disclosure requirements will provide ammunition for derivative or class action lawsuits and may expose companies to specific indirect risks, including heightened exposure to pre-suit discovery and proxy contests.

Direct Litigation Risk

The SEC’s new reporting requirements are likely to create new grounds for investors to assert liability claims against corporations and their boards of directors and management. Shareholders can be expected to leverage the new disclosures to seek to hold companies accountable for failing to properly oversee, mitigate or eliminate climate-related risk.  The revitalized Caremark doctrine is likely to be employed to allege boards and managers failed to oversee so-called “mission-critical” aspects of their business that generate climate-related risk.

In this vein, plaintiffs may choose to use disclosures required by the SEC’s proposed rules as the basis for a breach of duty to monitor or Caremark claim through either a derivative suit, brought on behalf of the company against its directors and officers, or a class action suit, brought on behalf of a class of injured shareholders or investors.  Caremark claims will likely arise if and when a board fails to exercise proper oversight with respect to climate-related risks or to consider proper mitigating steps. This new threat will be amplified for companies that (i) have yet to fully examine how ESG issues factor into their mission-critical operations or (ii) have yet to devote resources and personnel to measuring (using consistent, comparable and reliable data) and analyzing their own ESG-related risks. Companies need to be able to ascertain and address their most pressing ESG-related risks to avoid future Caremark liability.

Indirect Risks

Indirect risks from the proposed new disclosure regime may manifest in a variety of ways..  They can result in the disclosure of embarrassing or harmful information about a company, its board, or managers, and lead to the replacement of key company executives or directors by aggrieved shareholders.  Moreover, they give rise to issues that are expensive and resource-intensive to address.  While these risks are indirect to companies, they pose a direct threat to board members and managers.

Pre-Suit Discovery.  Boards can expect new disclosure requirements to enable shareholders to gain greater access to pre-suit discovery.  Section 220 of Delaware’s General Corporate Law provides shareholders with a qualified right to inspect a company’s books and records for suspected corporate wrongdoing or mismanagement, and need only demonstrate a “credible basis” to proceed.  The new ESG reporting requirements will likely provide shareholders with even more information as ammunition to fuel Section 220 demands.  Opening a company’s books to pre-suit discovery could expose boards, management, or companies to serious reputational harm, as well as provide fodder for future lawsuits against the current board.

Proxy Contests.  New ESG-related disclosures are also likely to generate greater turmoil in the form of proxy battles at the board level.  Historically, shareholder activists have been focused on addressing short-term profit, stock price and total shareholder return.  Yet activist campaigns containing an environmental or social objective have doubled as a proportion of campaigns overall during the five years between 2016 and 2021, including a successful campaign against Exxon to place directors on its board.  The proliferation of new ESG reporting requirements is expected to further fuel these contests, particularly with respect to companies that are perceived to be lagging on ESG commitments or expectations.

Avoiding Environmental-Caremark Claims

Companies should take several steps in preparation for the increased pressure expected to arise from the need to address ESG issues.

First, companies should be aware of the obligations and risks they face with regard to ESG issues.  That means determining what ESG-related risks could detrimentally impact a “mission-critical” aspect of a company’s business.  What is determined to be “mission-critical” will necessarily vary by company.

Second, once companies are cognizant of the ESG-related risks they face, they will need to start implementing appropriate governance structures so that they are aware of, and can take steps to address, ESG risks.  Directors should establish responsible committees and internal information and reporting procedures to ensure board members have proper oversight of these efforts.  This will allow boards to demonstrate their engagement in response to potential Caremark claims, as well as to respond to any ESG risks arising in the company’s operations.

Third, with these governance structures in place, companies must focus on generating, collecting, and analyzing consistent and comparable data on the ESG-related risks they face.  These data should be actively monitored by managers and board members so they can identify and address ESG risks before they result in catastrophic situations and resulting litigation.  And, if Caremark claims ensue, boards will be able to use these governance structures and reporting regimes to demonstrate that they have satisfied their oversight obligations.

Finally, once these systems are in place, companies should take steps to prepare for the adoption of the SEC’s new climate-related disclosure requirements.  The development of governance and reporting structures will undoubtedly aid in the collection of information for these purposes.  While taking these steps, it is advisable that corporate executives and boards seek input from subject matter experts and experienced legal counsel to help design and implement robust compliance and monitoring regimes that can help to discourage or forestall future litigation in the form of Caremark or other claims related to ESG issues.

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
For more Securities Law coverage, click here to visit the National Law Review.

Are Loans Securities?

We have been following a case that has been winding its way through New York federal courts for some time that players in the syndicated loan market have described as everything from “a potential game changer” to an “existential threat” to the syndicated loan market.

The case in question is Kirschner v. JPMorgan Chase Bank, N.A., which is before the United States Court of Appeals for the Second Circuit. In this case, the Court will consider an appeal of a 2020 decision by the United States District Court for the Southern District of New York which held that the syndicated term loan in question was not a security. Significantly, this ruling indicated that because syndicated term loans are not securities, they are therefore not subject to securities laws and regulations.

The consequence of a determination that syndicated loans are securities would be significant. It would mean, among other things, that the syndicated loan market would have to comply with various state and federal securities laws. This would significantly change the cost of these transactions as well as the means by which syndication and loan trading take place. The Loan Syndications and Trading Association (LSTA) filed an amicus brief in this case in May of this year, which we covered here. The LSTA argued in its brief, among other things, that beyond the increased cost, regulating syndicated loans as securities would fundamentally change other aspects of the syndicated loan market. Specifically, the LSTA pointed to the importance of a borrower’s ability to have veto rights and other control in determining which entities will hold its debt. The LSTA also noted the importance of quick access to funding on flexible terms specific to the borrower in question – something we know is at the heart of so many fund finance transactions – which would be greatly compromised within a securities regulatory regime. The LSTA brief also discusses potential negative impacts on the CLO market.

Those in favor of a change in regulation point to features such as nonbank lender participation in the market, the fact that the test to determine whether a loan is a security may be outdated, and the overall size of the syndicated loan market – at $1.4 trillion – which could be a risk to the larger global financial system potentially warranting more stringent regulation.

Most experts believe that the Second Circuit will not overturn the decision issued in the lower court, but the issue in question is significant enough that market players should keep an eye on this one. Oral arguments will take place early next year. We will continue to watch as this case develops and update you here.

Article By Leah Edelboim of Cadwalader, Wickersham & Taft LLP

For more securities and SEC legal news, click here to visit the National Law Review.

© Copyright 2022 Cadwalader, Wickersham & Taft LLP

Dead Canary in the LBRY

In a case watched by companies that offered and sold digital assets1 Federal District Court Judge Paul Barbadoro recently granted summary judgment for the Securities and Exchange Commission (“SEC”) against LBRY, Inc.2 This case is seen by some as a canary in the coalmine in that the decision supports the SEC’s view espoused by SEC Chairman Gary Gensler that nearly all digital assets are securities that were offered and sold in violation of the securities laws.3 For FinTech companies hoping to avoid SEC enforcement actions, the LBRY decision strongly suggests that all companies offering digital assets could be viewed by courts as satisfying the Howey test for investment contract securities.4

LBRY is a company that promised to use blockchain technology to allow users to share videos and images without the need for third-party intermediaries like YouTube or Facebook. LBRY offered and sold LBRY Credits, called LBC tokens, that would compensate participants of their blockchain network and would be spent by LBRY users on things like publishing content, tipping content creators, and purchasing paywall content. At launch, LBRY had pre-mined 400 million LBC for itself, and approximately 600 million LBC would be available in the future to compensate miners. LBRY spent about half of the 400 million LBC tokens on various endeavors, such as direct sales and using the tokens to incentivize software developers and software testers.

Judge Barbadoro concluded as a matter of law (i.e., that no reasonable jury could conclude otherwise) that the LBC tokens were securities under Section 5 of the Securities Act. Applying the Howey test, Judge Barbadoro noted the only prong of the Howey test that was disputed in the case was: Did investors buy LBC tokens “with an expectation of profits to be derived solely from the efforts of the promoter or a third party”? Judge Barbadoro answered resoundingly, “Yes.”

Most important to his conclusion that investors purchased LBC tokens with the expectations of profits solely through the efforts of the promoter (i.e., LBRY) were: the many statements made by LBRY employees and community representatives about the price of LBC and trading volume of LBC; and many statements that LBRY made about the development of its content platform, including how the platform would yield long-term value to LBC holders. Critically, however, Judge Barbadoro found that even if LBRY had made none of these statements, the LBC token would still constitute a security because “any reasonable investor who was familiar with the company’s business model would have understood the connection” between LBC value growth and LBRY’s efforts to grow the use of its network. Even if LBRY had never said a word about the LBC token, Judge Barbadoro found that the LBC token would constitute a security because LBRY retained hundreds of millions of LBC tokens for themselves, thus signaling to investors that it was committed to working to improve the value of the token.

Judge Barbadoro flatly rejected LBRY’s defense that the LBC token cannot be a security because the token has utility.5 The judge noted, “Nothing in the case law suggests that a token with both consumptive and speculative uses cannot be sold as an investment contract.” Likewise, Judge Barbadoro was unmoved by LBRY’s argument that it had no “fair notice” that the SEC would treat digital assets as unregistered securities simply because this was the first time the SEC had brought an enforcement action against an issuer of digital currency.6

In sum, if Judge Barbadoro’s reasoning is applied more broadly to the thousands of digital assets that have emerged over the last several years—including companies that tout the so called “utility” of their tokens—they will all likely be deemed digital asset securities that were offered and sold without a registration or an exemption from registration.

The LBRY decision is yet another case in which a court has concluded a digital asset is a security. Developers of digital assets must proceed with a high degree of caution. The SEC continues to display a high degree of willingness to initiate investigations and enforcement actions against issuers of digital assets that are viewed as securities under the Howey and Reeves tests, investment companies, or security-based swaps.

For more Securities Law and Digital Assets news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

FOOTNOTES

The SEC defines “digital assets” as intangible “asset[s] that [are] issued and transferred using distributed ledger or blockchain technology.” Statement on Digital Asset Securities Issuance and Trading, Division of Corporation Finance, Division of Investment Management, and Division of Trading and Markets, SEC (Nov. 16, 2018), available here.

SEC v. LBRY, Inc., No. 1:21-cv-00260-PB (D.N.H. filed Mar. 29, 2021), available here. A copy of the complaint against LBRY can be found here.

See, e.g., Gary Gensler, Speech – “A ‘New’ New Era: Prepared Remarks Before the International Swaps and Derivatives Association Annual Meeting” (May 11, 2022) (“My predecessor Jay Clayton said it, and I will reiterate it: Without prejudging any one token, most crypto tokens are investment contracts under the Supreme Court’s Howey Test.”), available here. Section 5(a) of the Securities Act of 1933 (the “Securities Act”) provides that, unless a registration statement is in effect as to a security, it is unlawful for any person, directly or indirectly, to sell securities in interstate commerce. Section 5(c) of the Securities Act provides a similar prohibition against offers to sell or offers to buy securities unless a registration statement has been filed.

SEC v. W.J. Howey Co., 328 U.S. 293 (1946). This case did not address when digital assets could be deemed debt securities under the test articulated by the U.S. Supreme Court in Reves v. Ernst & Young, 494 U.S. 56, 66-67 (1990), or when digital assets could be deemed an investment company under the Investment Company Acy of 1940. See, e.g., In the Matter of Blockfi Lending, Feb. 14, 2022, available here. This case also does not address when a digital asset is a security-based swap. See, e.g., In the Matter of Plutus Financial, Inc., (July 13, 2020), available here.

The argument a digital asset is not a security because it has “utility” is a favorite argument of critics of the SEC’s enforcement actions against issuers of digital assets. Unfortunately, the “utility” argument appears to be of little merit when the digital asset is offered and sold to raise capital.

This is an argument that has been made by a number of defendants in SEC enforcement actions involving digital asset securities.

“Red Flags in the Mind Set”: SEC Sanctions Three Broker/Dealers for Identity Theft Deficiencies

In 1975, around the time of “May Day” (1 May 1975), which brought the end of fixed commission rates and the birth of registered clearing agencies for securities trading (1976), the U. S. Securities and Exchange Commission (“SEC”) created a designated unit to deal with the growth of trading and the oversight of broker/dealers. That unit, the Office of Compliance Inspections and Examinations (the “OCIE”), evolved and grew over time. It regularly issued Risk Alerts on specific topics aimed at Broker/Dealers and/or Investment Advisers, expecting that those addressees would take appropriate steps to prevent the occurrence of the identified risk, or at least mitigate its impact on customers. On Sept. 15, 2020, the OCIE issued a Risk Alert entitled “Cybersecurity: Safeguarding Client Accounts against Credential Compromise,” which emphasized the importance of compliance with SEC Regulation S-ID, the “Identity Theft Red Flags Rule,” adopted May 20, 2013, under Sections of the Securities Exchange Act of 1934 (the “34 Act”) and the Investment Advisers Act of 1940, as amended (the “40 Act”). See, in that connection, the discussion of this and related SEC cyber regulations in my Nov. 19, 2020, Blog “Credential Stuffing: Cyber Intrusions into Client Accounts of Broker/Dealers and Investment Advisors.”

The SEC was required to adopt Regulation S-ID by a provision in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, which amended a provision of the Fair Credit Reporting Act of 1970 (“FCRA”) to add both the SEC and the Commodity Futures Trading Commission to the federal agencies that must have “red flag” rules. That “red flag” requirement for the seven federal prudential bank regulators and the Federal Trade Commission was made part of the FCRA by a 2003 amendment. Until Wednesday, July 27, 2022, the SEC had (despite the Sept. 15, 2020, Risk Alert) brought only one enforcement action for violating the “Red Flag” Rule (in 2018 when customers of the firm involved suffered harm from the identity thefts). In 2017, however, the Commission created a new unit in its Division of Enforcement to better address the growing risks of cyber intrusion in the U.S. capital markets, the Crypto Assets and Cyber Unit (“CACU”). That unit almost doubled in size recently with the addition of 20 newly assigned persons, as reported in an SEC Press Release of May 3, 2022. There the Commission stated the Unit “will continue to tackle the omnipresent cyber-related threats in the nation’s [capital] markets.” Also, underscoring the ever-increasing role played by the SEC in overseeing the operations of broker/dealers and investment advisers, the OCIE was renamed the Division of Examinations (“Exams”) on Dec. 17, 2020, elevating an “Office” of the SEC to a “Division.”

Examinations of three broker/dealers by personnel from Exams led the CACU to investigate all three, resulting in the institution of Administrative and Cease-and Desist Proceedings against each of the respondents for violations of Regulation S-ID. In those proceedings, the Commission alleged that the Identity Theft Protection Program (“ITPP”), which each respondent was required to have, was deficient. Regulation S-ID, including its Appendix A, sets forth both the requirements for an ITPP and types of red flags the Program should consider, and in Supplement A to Appendix A, includes examples of red flags from each category of possible risks. An ITPP must be in writing and should contain the following:

  1. Reasonable policies and procedures to identify, detect and respond appropriately to relevant red flags of the types likely to arise considering the firm’s business and the scope of its brokerage and/or advisory activities; and those policies and procedures should specify the responsive steps to be taken; broad generalizations will not suffice. Those policies and procedures should also describe the firm’s practices with respect to theft identification, prevention, and response, and direct that the firm document the steps to be taken in each case.
  2.  Requirements for periodic updates of the Program, including updates reflecting the firm’s experience with both a) identity theft; and b) changes in the firm’s business. In addition, the updates should address changes in the types and mechanisms of cybersecurity risks the firm might plausibly encounter.
  3. Requirements for periodic review of the types of accounts offered and the risks associated with each type.
  4. Provisions directing at least annual reports to the firm’s board of directors, and/or senior management, addressing the program’s effectiveness, including identity theft-related incidents and management responses to them.
  5. Provisions for training of staff in identity theft and the responses required by the firm’s ITPP.
  6. Requirements for monitoring third party service providers for compliance with identity theft provisions that meet those of the firm’s program.

The ITPP of each of the three broker/dealers was, as noted, found deficient. The first, J.P. Morgan Securities, LLC (“MORGAN”), organized under Delaware law and headquartered in New York, New York, is a wholly owned subsidiary of JPMorgan Chase & Co. (described by the Commission as “a global financial services firm” in its July 27, 2022, Order Instituting Administrative and Cease-and-Desist Proceedings [the “Morgan Order”]). Morgan is registered with the Commission as both a broker/dealer (since Dec. 13, 1985) and an investment adviser (since April 3, 1965). As recited in the Morgan Order, the SEC found Morgan offered and maintained customer accounts “primarily for personal, family, or household purposes that involve or are designed to permit multiple payments or transactions.” The order further notes that from Jan. 1, 2017, through Dec. 31, 2019, Morgan’s ITPP did not meet the requirements of Regulation S-ID because it “merely restated the general legal requirements” and did not specify how Morgan would identify a red flag or direct how to respond to it. The Morgan Order notes that although Morgan did take action to detect and respond to incidents of identity theft, the procedures followed were not in Morgan’s Program. Further, Morgan did not periodically update its program, even as both the types of accounts offered, and the extent of cybersecurity risks changed. The SEC also found Morgan did not adequately monitor its third-party service providers, and it failed to provide any identity theft-specific training to its staff. As a result, Morgan had violated Regulation S-ID. The order noted that Morgan “has undertaken substantial remedial acts, including auditing and revising … [its Program].” Nonetheless, Morgan was ordered to cease and desist from violating Regulation S-ID, was censured, and was ordered to pay a civil penalty of $1.2 million.

The second broker/dealer charged was UBS Financial Services Inc.(“UFS”), a Delaware corporation dually registered with the Commission as both a broker/dealer and an investment adviser since 1971. UFS, headquartered in Weehawken, New Jersey, is a subsidiary of UBS Group AG, a publicly traded major financial institution incorporated in Switzerland. In 2008, UBF adopted an ITPP (the “UBF Program”) pursuant to the 2003 amendments to the FCRA. The program applied both to UBF and to other affiliated entities and branch offices in the U.S. and Puerto Rico “which offered private and retail banking, mortgage, and private investment services that operated under UBS Group AG’s Wealth Management Americas’ line of business.” See my blog published on Aug. 22, 2022, “Only Sell What You Know: Swiss Bank Negligence is a Fraud on Clients,” for information about the origins and history of UBS Group AG.

The July 27, 2022, SEC Order instituting Administrative and Cease-and-Desist Proceedings against UBF (the “UBF Order”) stated that UBF made no change to the UBF Program when, in 2013, it became subject to Regulation S-ID, or thereafter from Jan. 1, 2017, to Dec. 31, 2019, other than to revise the list of entities and branches it covered. The Commission found UBF failed to update the UBF Program even as the accounts it offered changed, and without considering if some accounts offered by affiliated entities and branches are not “covered accounts” within regulation S-ID. The UBF Program did not have reasonable policies and procedures to identify red flags, taking into consideration account types and attendant risks, and did not specify what responses were required. The SEC also found the program wanting for not providing for periodic updates, especially addressing changes in accounts and/or in cybersecurity risks. The annual reports to the board of directors “did not provide sufficient information” to assess the UBF Program’s effectiveness or the adequacy of UBF’s monitoring of third-party service providers; indeed, the UBF Order notes the “board minutes do not reflect any discussion of compliance with Regulation S-ID.” In addition, UBF “did not conduct any training of its staff specific” to the UBF Program, including how to detect and respond to red flags.  As a result, the Commission found UBF in violation of Regulation S-ID. Although the Commission again noted the “substantial remedial acts” undertaken by UBF, including retaining “an outside consulting firm to review its Program” and to recommend change, the SEC nonetheless ordered UBF to cease and desist from violating the Regulation, censured UBF, and ordered it to pay a civil penalty of $925,000.

The third member of this broker/dealer trio is TradeStation Securities, Inc. (“TSS”), a Florida corporation headquartered in Plantation, Florida, that, according to the July 27, 2022, SEC Order Instituting Administrative and Cease-and-Desist Proceedings (the “TSS Order”), “provides primarily commission-free, directed online brokerage services to retail and institutional customers.” TSS has been registered with the SEC as a broker/dealer since January 1996. Their ITPP, too, was found deficient. The ITPP implemented by TSS (the “TSS Program”) essentially ignored the reality of TSS’s business as an online operation. For instance, the TSS Program cited only the red flags offered as “non-comprehensive examples in Supplement A to Appendix A” and not any “relevant to its business and the nature and scope of its brokerage activities.” Hence, the TSS Program cited the need to confirm the physical appearance of customers to make certain it was consistent with photographs or physical descriptions in the file. But an online broker/dealer would have scant opportunity to see a customer or a new customer in person, even when opening an account. Nor did TSS check the Supplement A red flag examples cited in the TSS Program when opening new customer accounts. The TSS Program directed only that “additional due diligence” should be performed if a red flag were identified, rather than directing specific responsive steps to be taken, such as not opening an account in a questionable situation. There were no requirements for periodic updates of the TSS Program. Indeed, “there were no material changes to the Program” after May 20, 2013, “despite significant changes in external cybersecurity risks related to identity theft.” At this point in the TSS Order, the Commission cited a finding in the Federal Register that “[a]dvancements in technology … have led to increasing threats to the integrity … of personal information.” The SEC found that TSS did not provide reports about the TSS Program and compliance with Regulation S-ID either to the TSS board or to a designated member of senior management, and that TSS had no adequate policies and procedures in place to monitor third-party service providers for compliance with detecting and preventing identity theft. The order is silent on the extent of TSS’s training of staff to deal with identity threats, but considering the other shortcomings, presumably such training was at best haphazard. The Commission found that TSS violated Regulation S-ID. Although the TSS Order noted (as with the other Proceedings) the “substantial remedial acts” undertaken by TSS, including retaining “an outside consulting firm” to aid compliance, the Commission nonetheless ordered TSS to cease-and-desist from violating the Regulation, censured TSS, and ordered it to pay a civil penalty of $425,000.

These three enforcement actions on the same day, especially ones involving two of the world’s leading financial institutions, signal a new level of attention by the Commission to cybersecurity risks to customers of broker/dealers and investment advisers, with a focus on the risks inherent in identity theft. As one leading law firm writing about these three actions advised, “[f]irms should review their ITPPs placing particular emphasis on identifying red flags tailored to their business and on conducting regular compliance reviews to update those red flags and related policies and procedures to reflect changes in business practices and risk.” That sound advice should be followed NOW, before the CACU comes calling.

For more Financial, Securities, and Banking Law news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

SEC Ramps Up Enforcement against Public Companies and Subsidiaries in FY 2022

The SEC imposed $2.8 billion in monetary settlements, the largest total in any fiscal year recorded in the Securities Enforcement Empirical Database.

New YorkThe U.S. Securities and Exchange Commission (SEC) filed 68 enforcement actions against public companies and subsidiaries in the first full fiscal year of Chair Gary Gensler’s tenure. Monetary settlements imposed in public company or subsidiary actions reached $2.8 billion, according to a report released today by the NYU Pollack Center for Law & Business and Cornerstone Research.

The report, SEC Enforcement Activity: Public Companies and Subsidiaries—Fiscal Year 2022 Update, analyzes information from the Securities Enforcement Empirical Database (SEED). The 68 enforcement actions in FY 2022, which ended September 30, reflected a 28% increase from the previous fiscal year.

The SEC imposed monetary settlements on 97% of the 75 public company and subsidiary defendants that settled in FY 2022. Both the dollar amount and the percentage were the largest of any fiscal year recorded in SEED, which covers actions beginning in FY 2010.

“The number of defendants that settled in FY 2022 with admissions of guilt increased substantially from the previous fiscal year. This was driven by actions involving Broker Dealer allegations brought by the SEC in September,” said Stephen Choi, the Bernard Petrie Professor of Law and Business at New York University School of Law and director of the Pollack Center for Law & Business. “The 16 defendants admitting guilt was double the largest number in any previous fiscal year in SEED.”

The $2.8 billion in monetary settlements imposed in public company or subsidiary enforcement actions in FY 2022 was $921 million more than in FY 2021 and $321 million more than in any other fiscal year in SEED. The median monetary settlement in FY 2022 was $9 million, the largest in SEED. The average settlement was $42 million.

“The increase in monetary settlements is consistent with the SEC’s public statements that ‘robust remedies’ are an enforcement priority,” said report coauthor Sara Gilley, a Cornerstone Research vice president. “The $1.2 billion in monetary settlements with 16 public broker-dealer subsidiaries for recordkeeping failures represents 44% of total monetary settlements in the fiscal year.”

Issuer Reporting and Disclosure continued to be the most common allegation type in FY 2022, accounting for 38% of actions. Allegations in the SEC’s Broker Dealer classification were the second most common for the first time since FY 2018. Nearly 70% of the 16 Broker Dealer actions were filed against financial institutions for recordkeeping failures.

Click here to read the full report from Cornerstone Research.

Article By Sara E. Gilley, Lindsay Schick, and Heather B. Lazur of Cornerstone Research

For more securities and SEC legal news, click here to visit the National Law Review.

Copyright ©2022 Cornerstone Research

What Brokers, Company Insiders, and Others Need to Know about Securities Litigation

Individuals, companies, and firms involved in all aspects of the securities industry face litigation risks daily. From whistleblower lawsuits and U.S. Securities and Exchange Commission (SEC) enforcement actions to Financial Industry Regulatory Authority (FINRA) arbitration and private-right-of-action cases under the Securities Exchange Act of 1934, all types of securities litigation present risks for civil liability. In some cases, securities litigation can present risks for criminal penalties as well.

With this in mind, there is a lot that brokers, company insiders, investment advisers, and others need to know when targeted in lawsuits and investigations. When brokers, company insiders, and others make informed decisions based on the advice of experienced counsel, they can significantly mitigate their risk in both private and governmental securities litigation.

“Securities litigation can present substantial risks for individuals, companies, and firms. Whether facing allegations in civil litigation, SEC enforcement proceedings, or FINRA arbitration, the key to mitigating these risks is to build and execute a comprehensive, strategic and forward-thinking defense.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C. law firms.

Answers to 10 Frequently Asked Questions (FAQs) about Securities Litigation

Here are answers to 10 frequently asked questions (FAQs) about securities litigation:

1. What Are Some of the Most Common Claims Against Brokers and Brokerage Firms in Securities Litigation?

Brokers and brokerage firms have faced a growing volume of litigation in recent years. This includes private litigation involving individual investors as well as litigation involving the SEC. Investigations, lawsuits, and arbitration filings targeting brokers and brokerage firms primarily focus on acts and omissions constituting investor fraud, though brokers and brokerage firms can face a variety of other claims in securities litigation as well.

Some examples of common claims against brokers and brokerage firms in securities litigation include:

  • Making unsuitable investment recommendations

  • Unauthorized trading and account churning

  • Charging excessive fees and commissions

  • Failing to disclose or misconstruing material information (especially in connection with structured products and other high-risk investments)

  • Failure to supervise or implement adequate internal controls

2. What Are Some of the Most Common Claims Against Company Insiders and Issuers in Securities Litigation?

Securities fraud lawsuits and enforcement actions targeting company insiders and securities issuers can also involve an extremely broad range of allegations. These cases are typically very different from those targeting brokers and brokerage firms; and, while both falls under the umbrella of “securities litigation,” the resemblances between the two categories are minimal. Some examples of common claims against company insiders and issuers in securities litigation include:

  • Accounting and recordkeeping violations

  • Submitting false SEC filings

  • Insider trading

  • Market manipulation

  • Selling unregistered securities and conducting unregistered IPOs

3. What Are Some of the Most Common Triggers for Securities Fraud Lawsuits and Investigations?

Many securities fraud lawsuits and investigations result from investor complaints. Typically, investors will have concerns about losses in their portfolios that they believe cannot be explained by ordinary market forces. These concerned investors will contact plaintiffs’ lawyers to help them file claims alleging fraud in federal courts, district courts or FINRA arbitration.

In some cases, concerned investors will file whistleblower claims with the SEC. The SEC has an obligation to investigate all whistleblower complaints that meet the basic filing requirements, and SEC whistleblowers can receive substantial compensation awards.

The SEC also initiates investigations on its own. Questionable EDGAR filings, market activity, media reports, and referrals from other federal law enforcement agencies can all trigger SEC investigations that may lead to civil or criminal enforcement action. The SEC also monitors activity on social media and other online platforms, and activity on these platforms is increasingly serving as the basis for SEC enforcement activity.

4. What Types of Claims Are Most Likely to Lead to Class Action Securities Litigation?

While all securities litigation presents liability risks for the individuals or entities targeted, companies and firms targeted in class action litigation face risk on an entirely different scale. Class action lawsuits lead to devastating liability that can threaten companies’ and firms’ viability as a going concern.

The types of claims that are most likely to lead to class action securities litigation are those that involve violations affecting large groups of investors. Inadequate brokerage controls that lead to systemic unsuitable investment recommendations, omitting material information from companies’ 10-K or 10-Q filings, mismanagement of investors’ funds, and market manipulation resulting in widespread losses are all examples of issues that can lead (and have led) to securities-related class action lawsuits.

5. How Does the SEC’s Whistleblower Program Work?

The SEC’s Office of the Whistleblower accepts tips from company employees, investors, and others who believe they have information about securities fraud. When a whistleblower complaint spurs enforcement action resulting in sanctions of $1 million or more, the whistleblower can receive between 10% and 30% of the amount collected.

As a result, individuals have a strong financial incentive to come forward and work with the SEC. Additionally, even if the SEC declines to pursue enforcement action based on a whistleblower’s tip, the whistleblower can still choose to pursue a claim directly, and whistleblower compensation awards are higher in these cases. Due to these incentives, whistleblower litigation is a key component of the SEC’s overall securities law enforcement strategy.

6. When Is It Advantageous to Settle a Securities Fraud Lawsuit or Arbitration Claim?

When facing substantiated allegations of securities fraud, settling will often prove to be the most cost-effective solution. However, targeted individuals and entities must be careful not to settle too soon, as there are numerous ways to fight securities fraud allegations even in scenarios that seem highly unfavorable (more on this below).

So, when is it advantageous to settle? Simply put, the costs of settling need to be less than the costs of any other alternative. This includes not only legal costs and any potential judgment liability, but reputational and administrative (i.e. suspension or debarment) costs as well.

7. When Can the U.S. Department of Justice Pursue Criminal Securities Fraud Litigation?

The U.S. Department of Justice (DOJ) pursues criminal securities fraud litigation in cases involving intentional (or apparently intentional) securities law violations. According to the DOJ’s website, the Department’s Market Integrity and Major Frauds (MIMF) Unit, “focuses on the prosecution of complex securities, commodities, cryptocurrency, and other financial fraud and market manipulation cases.” In criminal securities fraud cases, the DOJ can seek penalties ranging from substantial fines to long-term imprisonment for company executives and other insiders.

8. What Remedies Can Investors Seek in Securities Litigation?

In private securities litigation and FINRA arbitration, retail investors can seek compensatory damages for their fraudulent investment losses. An investor’s losses may be deemed fraudulent if they result from either: (i) broker fraud or mismanagement (i.e., making unsuitable investment recommendations), or (ii) a drop in the value of their securities that is not attributable to ordinary market forces. Along with the recovery of their lost principal and investment earnings, investors can seek to recover interest, fees, and other costs as well.

9. What Remedies Can the SEC Seek in Securities Litigation?

When pursuing enforcement actions against brokers, brokerage firms, company insiders, and issuers, the SEC can seek a range of civil and administrative penalties. These include fines, disgorgement, and restitution as well as cease-and-desist orders, suspension, and debarment from the securities industry.

10. What Defenses Can Individuals, Companies, and Firms Use to Protect Themselves in Securities Litigation?

While securities litigation can involve a broad range of allegations and present substantial risk for liability and other penalties, targeted individuals and entities may be able to successfully defend themselves by several means. Whether securing a favorable result means avoiding liability entirely or negotiating a favorable settlement, the key to success is making informed decisions in light of the available opportunities.

For brokers and brokerage firms, some examples of potential defenses include:

  • Misguided Allegations – In many cases, investors (and their counsel) simply lack an adequate understanding of the law. Demonstrating that an investor’s allegations are misguided can serve as an efficient and complete defense against liability.

  • Investor Authorization – One particular area of confusion for many investors is the area of authorization (including discretionary authorization). If an investor is challenging a trade that he or she authorized, providing documentation of authorization can be sufficient to avoid liability.

  • Statutory and Regulatory Compliance – Brokers and brokerage firms will also be able to successfully defend against securities fraud allegations by demonstrating compliance with the relevant statutes, regulations, or FINRA rules.

For company insiders and issuers, some examples of potential defenses include:

  • Compliance with Pre-Arranged Trading Plans – In cases involving insider trading allegations, company insiders can avoid liability by demonstrating compliance with a pre-arranged trading plan.

  • Good-Faith Disclosure – Issuers accused of withholding material information or publishing incomplete or misleading information can often defend against fraud allegations by demonstrating good-faith efforts to maintain disclosure compliance.

  • Qualifying for a Registration Exemption – Issuers can qualify for registration exemptions in various scenarios. If security is exempt, then offering security without registration is 100% permissible.

The fact that these are just examples cannot be overemphasized. Securities litigation can involve an extraordinarily broad range of allegations under numerous laws, rules, and regulations. In many cases, targeted companies and individuals will be able to assert a successful defense by focusing on discrete elements of the plaintiff’s or SEC’s burden of proof. From asserting the applicable statute of limitations to preventing class certification, several technical defenses can prove highly effective in securities litigation as well. As with all types of litigation, the key is to explore all viable defenses, build a comprehensive and cohesive defense strategy, and then execute that strategy while remaining prepared to adapt as necessary.

Article By Dr. Nick Oberheiden of Oberheiden P.C.

For more securities and SEC legal news, click here to visit the National Law Review.

Oberheiden P.C. © 2022