Small Businesses Don’t Recognize Risk of Cyberattack Despite Repeated Warnings

CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small Business Survey, despite repeated warnings by the Cybersecurity and Infrastructure Security Agency and the FBI that U.S.- based businesses are at an increased risk of a cyber-attack following Russia’s invasion of Ukraine, small business owners do not believe that it is an actual risk that will affect them, and they are not prepared for an attack. The latest survey shows that only five percent of small business owners reported cybersecurity to be the biggest risk to their company.

What is unfortunate, but not surprising, is the fact that this is the same percentage of small business owners who recognized a cyber attack as the biggest risk a year ago. There has been no change in the perception among business owners, even though there are repeated, dire warnings from the government. Also unfortunate is the statistic that only 33 percent of business owners with one to four employees are concerned about a cyber attack this year. In contrast, 61 percent of business owners with more than 50 employees have the same concern.

According to CNBC, “this general lack of concern among small business owners diverges from the sentiment among the general public….In SurveyMonkey’s polling, 55% of people in the U.S. say they would be less likely to continue to do business with brands who are victims of a cyber attack.” CNBC’s conclusion is that there is a disconnect between business owners’ appreciation of how much customers care about data security and that “[s]mall businesses that fail to take the cyber threat seriously risk losing customers, or much more, if a real threat emerges.” Statistics show that threat actors are targeting small to medium-sized businesses to stay under the law enforcement radar. With such a large target on their backs, business owners may wish to make cybersecurity a priority. It’s important to keep customers.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Preparing to Testify in Response to an SEC Subpoena

When investigating companies, brokerage firms, investment advisors, and other entities and individuals, the U.S. Securities and Exchange Commission (SEC) relies heavily on its subpoena power. Once the SEC launches a formal investigation, it can issue administrative subpoenas to the company executives, brokers, and others. These subpoenas may be a subpoena duces tecum which compels the person to whom it is addressed to produce documents in his possession or control, or a subpoena ad testificandum which compels the person to whom it is addressed to appear at a specific time and place and testify under oath or affirmation. Crucially, while these subpoenas do not require judicial approval, they are subject to judicial enforcement.

With this in mind, receiving an SEC subpoena is not a matter to be taken lightly. Individuals who have been subpoenaed to testify must thoroughly prepare their testimony, and they need to make sure they know what to expect when the day arrives.

Testifying before the SEC is fraught with potential risks. It is imperative that subpoena recipients devote the necessary time to their preparations, and that they work with their counsel to proactively identify and address all potential areas of concern.

Understanding Why You Have Received an SEC Subpoena

When preparing to testify before the SEC, a key first step is to understand why you have been subpoenaed. Broadly speaking, the SEC focuses its enforcement efforts on two areas: (i) protecting U.S. investors, and (ii) preserving the integrity of U.S. capital markets. As a result, most SEC investigations target allegations of fraud, misrepresentation, conspiracy, and other offenses in one (or both) of these areas.

The SEC’s subpoena should provide at least some insight into the focus and scope of the SEC investigation. However, gathering the information you need to make informed decisions may require examination of other sources as well. For example, it will be helpful if you can identify anyone else who has received a subpoena or Wells Notice related to the investigation, and it may be prudent to conduct an internal compliance audit focused on uncovering any issues that could come to light.

Questions You Should Be Prepared to Answer During Your SEC Testimony

When preparing SEC testimony, it is important to keep in mind that you could easily be fielding questions for six hours or longer. While this can seem overwhelming, SEC subpoena recipients can generally expect to be asked questions in seven main categories. These main categories are:

  • Preliminary Matters
  • Background and Personal Information
  • Your Role Within Your Company or Firm
  • The Scope of Your Duties
  • Investors
  • Due Diligence
  • Clarifying and Closing the Record

1. Questions Regarding Preliminary Matters

SEC subpoena recipients can initially expect a series of questions that are designed to provide the SEC with insight into the steps they took to prepare their testimony. While these questions are largely procedural, some can present traps for the unwary. At the beginning of the session, you should be prepared to succinctly and confidently answer questions such as:

  • Did you get the opportunity to review the Formal Order associated with this matter?
  • Do you have any questions regarding the Formal Order?
  • Did you complete the Background Questionnaire by yourself?
  • Are the contents within the Background Questionnaire truthful and accurate?
  • Is there any information you wish to add to the Background Questionnaire?
  • Do you understand the rules and procedures of the SEC testimony process?
  • Do you have any questions on the rules and procedures of the SEC testimony process?

2. Questions Regarding Background and Personal Information

After dispatching these preliminary matters, the focus will shift to the SEC subpoena recipient’s background and personal information. Keep in mind that the SEC likely has much (if not all) of this information already—so if you omit information or provide misleading answers, this will not go unnoticed. During this phase of your testimony, you can expect to be asked questions such as:

  • What is your educational background?
  • Do you hold any professional or financial licenses?
  • Have you ever worked for a financial firm or investment advisory firm?
  • When did you first meet the other individual(s) involved in this matter?
  • Who introduced you?
  • What was the purpose of your first meeting (e.g., social meeting or business planning)?
  • Do your families know each other?
  • Where are you employed now?

3. Questions Regarding Your Role Within Your Company or Firm

If the SEC is investigating your company or firm (perhaps in addition to investigating you personally), you can expect several questions regarding your role within the organization. Depending on your position, the SEC’s investigators may ask you questions regarding the company or firm itself. Some examples of the questions you should be prepared to answer (as applicable) include:

  • When did you start working at the company?
  • What is your position at the company?
  • Can you describe the company’s corporate structure?
  • What are your title and position at the company?
  • Have your title and position changed over time?
  • What are the duties at the company?
  • Have your duties changed over time?
  • How is the company funded?
  • What is your salary at the company?
  • Who makes the majority of the decisions for the company?
  • Does the company sell securities?
  • Does the company pay dividends?
  • Does the company have voting rights?

4. Questions Regarding the Scope of Your Duties

After gaining an understanding of your role within your company or firm, the questioning will likely shift toward examining the scope of your duties in greater detail. In most cases, this is where the questions asked will begin to focus more on the substance of the SEC’s investigation. During this phase of your testimony, potential questions may include:

  • Can you describe your access to investor funds, financial statements and records, and investor details?
  • Are you aware of or do you have access to the sources of the company´s income?
  • What are the sources of the company´s revenue and projected revenue?
  • Can you describe or do you have access to the sources of the company´s expenses?
  • Who is responsible for preparing the company´s financial statements?
  • Do you have any role in preparing or compiling the company´s financial statements?
  • Who is responsible for preparing the company´s projected financial statements, including projected capital contributions, projected expenses, and projected revenues?
  • Do you have any role in preparing or compiling the company´s projected financial statements?
  • Does the company have its financial statements audited on an annual basis?
  • Did you ever act as a point of contact or intermediary between the company and third parties, such as investors or banks?
  • Do you ever serve as a representative of the company?
  • Are you involved in any of the company’s promotional efforts to the public?
  • Do you know or do you have access to details of the company’s anticipated monetization plans?
  • Are you aware of any complaints against the company?

5. Questions Regarding Investors

Once the scope of your duties has been established, the SEC’s investigators may next focus on your company’s or firm’s communications and relationships with investors. Here too, the investigators’ questions are likely to be tailored to the specific allegations at issue—and you could get yourself into trouble if you aren’t careful. To the extent of your knowledge, you should be prepared to accurately answer questions such as:

  • Does the company have investors?
  • Who are the investors?
  • What types of customers and/or investors do the company target or appeal to?
  • Do you communicate with investors?
  • How did the company attract capital contributions for its formation, project funding, and subsequent business plans?
  • Does the company adopt targeted marketing strategies, or does the company engage in general advertising?
  • What is the average contribution of the company’s investors?
  • Did you create, or do you have access to, a cap table?
  • Did you assist in the preparation of a cap table?
  • Did the company issue stock certificates or provide any other proof of equity ownership to investors?
  • Did the company register any of its investments?
  • Did the company issue a private placement memorandum or file a Form D?
  • Do you know if any investors already knew the company´s directors and officers before investing?
  • Does the company solicit investors or advertise to the general public (e.g., retail investors)?
  • Are you aware of what the company does with investor funds?
  • Can you describe your role in preparing any promotional or marketing materials?
  • Has the company distributed any investor documents or marketing/solicitation materials to the public?
  • Does the company have any plan to show, or did it show, promotional documents to investors?
  • Does the company hold regular investor calls?

6. Questions Regarding Due Diligence

Due diligence is often a key topic of discussion. SEC investigators are well aware that many company executives, brokers, and others are not sufficiently familiar with their companies’ and firms’ due diligence obligations, and charges arising out of due diligence violations are common. With this in mind, you should be prepared to carefully navigate inquiries such as:

  • Does the company have any identity verification procedures in place?
  • What kinds of identity verification procedures does the company use for its investors?
  • Can you describe the company´s know-your-customer (“KYC”) policies?
  • Do you assist with verifying investors or capital contributions?
  • Does the company maintain a compliance program?

7. Questions to Clarify and Close the Record

Finally, at the end of the session, the SEC’s investigators will ask if you want to clarify or supplement any of the answers you have provided. It is important not to let your guard down at this stage. While your testimony is nearly over, you need to remain cognizant of the risk of providing unnecessary information (or omitting information) and exposing yourself to further scrutiny or prosecution. With this in mind, it is best to consult with your counsel before answering questions such as:

  • Is there anything you wish to clarify from today´s testimony?
  • Is there anything you wish to add to your testimony before we close and go off the record?

Practicing your answers to these questions (among others) in a mock interview with your legal counsel or SEC defense attorney will help ensure that you are prepared for the SEC as possible.

Oberheiden P.C. © 2022

The SEC’s Proposed Rules on Climate-Related Disclosures – What to Do Now: A Guide for In-House Counsel Facing the Proposed Rules

The U.S. Securities and Exchange Commission’s recently proposed rules governing climate-related disclosures, if adopted as proposed, would represent a sea change to the existing public-company disclosure regime.  The rules would require that public companies include the following, among other disclosures, in reports and registration statements filed with the SEC:

  • disclosure of greenhouse gas (GHG) emissions data covering Scope 1 and Scope 2 emissions for all companies and Scope 3 emissions for companies1 (other than those that qualify as “smaller reporting companies”) for which Scope 3 emissions are material or that have set emissions reduction targets that include Scope 3 emissions, with third-party attestation being required for Scope 1 and Scope 2 data for companies that qualify as “large accelerated filers” or “accelerated filers”;
  • extensive and detailed disclosures regarding climate-related risks, including physical risks and transition-related risks, to a company’s financial statements, business operations or value chain (i.e., upstream and downstream activities of third parties related to the company’s operations);
  • disclosure in the notes to audited financial statements of quantitative and qualitative information regarding financial impacts of climate-related risk, including disaggregated quantitative information with respect to impacts of physical risks or transition activities on specific financial statement line items if the impact is 1% or more of the line item;
  • extensive and detailed disclosures regarding climate-related governance, strategy and risk management; and
  • to the extent relevant to a particular company, disclosures regarding the company’s transition plan, climate-related targets or goals, use of scenario analyses or other analytical tools in evaluating climate-related risk and use of an internal carbon price.

For many companies, the rules would require enterprise-wide changes to how the company collects, assesses and reports climate-related data and other information, as well as changes to their governance structures and systems of controls.  Changes may be driven both by the need to comply with the disclosure requirements and by a company’s view of how its disclosures will be received by investors or the public generally.

The tasks of understanding the implications of the proposed rules for a particular company and preparing for eventually complying with the rules are monumental, and, unfortunately, public companies currently find themselves in the difficult position of possibly needing to act with some urgency in order to be prepared to comply with rules of uncertain substance on an uncertain timeline.  At this point, the proposed rules are just that – proposed and not final.  The period for public comment on the proposed rules will run until May 20 at the earliest and could be extended by the SEC, and public comments are likely to reflect the controversial nature of the proposed rules and strong opinions by both supporters and detractors.  After the comment period, whether and when the SEC releases final rules, and the extent to which any final rules largely follow or reflect significant changes from the proposed rules, will remain to be seen.  Like the proposed rules, any final rules should provide for phase-in periods for compliance.  Further, any final rules are almost certain to face legal challenges that could delay implementation of the rules even if such challenges ultimately are unsuccessful.  It is therefore very difficult to predict when companies will need to comply with new rules and precisely what information they will be required to disclose under new rules.

Despite that uncertainty, it appears very likely that the SEC will adopt final climate-related disclosure rules in the not-too-distant future and that those rules will include in some form most, if not all, of the big buckets of disclosure requirements reflected in the proposed rules.  Because of the significant effort and degree of organizational change that compliance with the rules likely will require, companies may not be able to wait until final rules are released to begin assessing the impacts of the proposed rules on their organizations.  And, if the SEC were to adopt final rules later this year in the proposed form, companies that are large accelerated filers with a calendar fiscal year would be required to include information for 2023, including Scope 1 and 2 emissions data, in their annual reports filed in early 2024, meaning that they would need to have the systems in place to track and record the relevant information by the end of this year.

Assessing the potential impact of the proposed rules on a company and preparing the company for eventually complying with the rules will require participation from many different parts of the organization, but we expect that, at many companies, the task of setting the company on a course to do those things will fall on the general counsel and other in-house counsel with responsibility for relevant substantive areas.  With that in mind, we have prepared the following guide for in-house counsel with respect to near-term actions their companies should be taking or should consider taking, depending on their circumstances.  Bracewell will expand on a number of the topics noted below in future alerts, webinars or other similar communications.

1.   Engage senior management, the board of directors and relevant board committees and begin assessing governance, oversight and management of climate-related risks.

In-house counsel likely will be hearing from their CEOs and board members, if they haven’t already, asking what the proposed rules mean for their company.  In any case, in-house counsel should ensure that top-level management and board members understand the potential challenges and changes their companies may face with the proposed rules and encourage the level of board and senior management oversight and engagement that is appropriate for their situation.  The proposed rules would require companies to provide detailed disclosures concerning their boards’ oversight of climate-related risks and management’s role in assessing and managing those risks. Although many companies already have robust board oversight of ESG matters and include related disclosures in their SEC filings, the proposed rules are far more granular in dictating the type of information that would need to be disclosed.

In that regard, in-house counsel may be asked what changes, if any, should be made to board or committee composition and structure in light of the proposed new disclosure requirements.  Among other matters, consideration should be given to whether the creation of a new ESG committee – or a purely climate-focused committee – is appropriate or whether responsibility reasonably can be shouldered by an existing committee, such as the audit committee.

2.   Establish organizational responsibility for assessing the implications of the proposed rules for your company.

As noted above, this is a huge task that will require input from a multidisciplinary team, including legal, accounting, operations and possibly other personnel.  Identifying the right team and setting clear responsibilities and timelines are critical near-term tasks.

3.   Understand the potential timeline for compliance with the proposed rules as it relates to your organization.

As noted above, there is considerable uncertainty regarding, among other matters, whether final rules will require compliance on the timelines contemplated in the proposed rules, which would have the compliance requirements phased in over several years based on a company’s status as a large accelerated filer, an accelerated filer, a non-accelerated filer or a smaller reporting company.  This fact sheet on the proposed rules published by the SEC provides helpful tables (on page 3) detailing the phase-in periods contemplated by the proposed rules for companies with a calendar fiscal year, assuming the proposed rules were adopted as final with an effective date in December 2022.

Despite the uncertainty, it is certainly possible that the SEC could adopt final rules later this year with compliance dates as contemplated by the proposed rules, and companies therefore would be ill-advised to assume that they will have a longer ramp-up period than they would under the proposed rules and the assumption of a December 2022 effective date.

4.   Understand the proposed rules and the disclosures they will require for your company based on its specific circumstances, including with regard to differences between what the company is disclosing now and what would be required by the proposed rules.

The proposed rules are highly prescriptive and are intended to produce consistent and comparable disclosures across the public-company spectrum.  With limited exceptions (e.g., that smaller reporting companies would be exempted from the requirement to disclose Scope 3 emissions), all public companies will need to assess required disclosure under all provisions of the rules.  That assessment, however, will need to be made in light of the company’s specific circumstances, and there will be categories of required disclosures that are very relevant to some industries or companies but of no or limited relevance to other industries or companies.  Additionally, many companies have been voluntarily disclosing information that is similar to some of the information that may be required to be provided under the proposes rules, but there may be gaps between or differences in required disclosures and a company’s current practices.

As companies begin to digest the proposed rules, it will make sense for them to drill down on the specific types of disclosures they would need to make if the proposed rules were adopted as proposed.  Questions that companies might ask themselves include the following:

  • Will we need to disclose Scope 3 emissions data based on materiality or having set targets or goals including Scope 3 emissions?
  • What, if anything, have we done with respect to the following topics such that disclosure regarding those topics would be required?
    • Adoption of a transition plan
    • Setting of climate-related goals or targets
    • Use of carbon offsets or renewable energy credits in setting goals or targets
    • Use of scenario analyses or other analytical tools in evaluating climate risk
    • Use of an internal carbon price
      • Note that, with respect to goals or targets, the proposed rules refer to a company’s having “set” such goals or targets and not to its having publicly disclosed them.  Similarly, with respect to all of these topics, it is not clear that the related disclosure would be triggered only by some level of formality or organizational scope in the adoption, setting or use of the applicable item.  Companies therefore should assess the relevance of these topics broadly, including informal use or discussion within the organization.
  • What information that we are not currently disclosing would the proposed rules require us to disclose?
  • For information that we are currently disclosing, would the proposed rules require that information to be established, assembled or disclosed differently, or disclosed more expansively or granularly, from how we are doing it now?  If so, how?
  • Which required disclosures might be particularly challenging for our company, such that they might merit special or prioritized focus?

5.   Begin to evaluate existing systems and resources related to climate-related information and identify changes that will need to be made.

Companies in some industries, such as energy or manufacturing, likely already have systems in place to collect much of the data called for by the proposed rules, and many public companies have been publishing voluntary disclosures in the form of ESG reports for years.  However, smaller companies in such industries may not currently have the resources necessary to devote to compliance with the new rules.  Likewise, companies in non-GHG intensive industries, such as financial services, previously may not have had the need, or a more limited need, for such systems.  And even those companies that are experienced in collecting and disclosing climate-related data and other information likely would, under the proposed rules, need to expand their systems to cover a much broader universe of information and ensure that controls and procedures meet standards for disclosures in SEC-filed documents and are appropriate for enhanced scrutiny and potential liability that will come with including such disclosures in SEC-filed documents.  Companies may need to invest significantly in new personnel with appropriate expertise and in new technology, and they will need to expand their disclosure controls and procedures and internal control over financial reporting to cover new sets of information that are wide-ranging, voluminous and highly detailed.  Accordingly, public companies should begin to assess their existing capabilities and identify the changes they would need to make to comply with proposed rules to ensure that the changes can be effected in time to comply with new rules.

Additionally, the climate-related risk disclosures contemplated by the proposed rules may require that companies devote significant resources to expanding the process by which they identify and assess climate-related risk.  Further, the need for companies to evaluate climate-related risks to upstream and downstream – value chain – activities, and potentially to disclose Scope 3 emissions associated with those activities, may pose significant challenges and likely will require many companies to develop new processes to address disclosure requirements that relate to matters that are largely outside of the company’s control and access.  These are areas that companies may want to focus on in the near term.

6.   Evaluate needs and strategy for retaining third parties to assist with disclosures, including for attestation of GHG emissions data.

As noted above, for large accelerated filers and accelerated filers, the proposed rules would require attestation regarding Scope 1 and Scope 2 GHG emissions data by an independent third party meeting certain minimum qualifications, which may be a public accounting firm if it meets the minimum qualifications but need not be an accounting firm.  The market for providing these attestation services is evolving and will continue to evolve as accounting firms and others develop their ability to provide these services.  Some observers have raised concerns that the supply of emission-attestation services may not initially meet the demand for such services that the proposed rules would create.  Companies may wish to begin thinking about their options for third-parties to handle the attestation, particularly large accelerated filers who could be subject to the attestation requirements as soon as in their 2024 annual reports filed in early 2025. Additionally, it is important for companies to have conversations around attestation ahead of their information gathering efforts to ensure that the disclosure information being developed and gathered will be sufficient for attestors to provide the required assurance.

In addition to attestation services, companies should consider their potential need for and access to other third-party advisors with the necessary expertise and experience, including attorneys, accountants/auditors and firms providing consulting and other services to assist companies with climate-related disclosures.

7.   Consider whether the disclosures contemplated by the proposed rules warrant any changes to your current, planned or contemplated climate-related activities, such as setting or disclosing of climate-related goals or targets.

As noted above, the proposed rules contemplate detailed disclosures regarding several matters that may or may not be relevant to a particular company depending on things that the company may or may not have done in advance of the initial compliance date for the proposed rules.  These include whether a company has:

  • adopted a climate transition plan,
  • set climate-related goals or targets,
  • included Scope 3 emissions in its goals or targets,
  • used carbon offsets or renewable energy credits in setting its goals or targets,
  • used scenario analyses or other analytical tools in assessing climate-related risk, or
  • used an internal carbon price.

Companies may wish to reassess their existing, planned or contemplated activities in these areas in view of the proposed rules.  It may be the case that a company would want to modify its activities in one or more of these areas when viewed through the lens of what the company’s disclosures regarding such activities would look like under the proposed rules.  For example, if your company is planning to set or announce new GHG emissions goals, should the company modify the goals as they relate to Scope 3 emissions or otherwise before doing so, or would it be preferable for the company to delay any such setting or announcement of goals until there is clarity on the content of final rules?

8.   Determine whether to submit comments on the proposed rules.

The proposed rule release includes over 200 requests for comment.  Comments are due by the later of 30 days after the date the proposing release is published in the Federal Register (which had not happened as of the date of this update) or May 20, 2022.  (As noted above, it is possible that the comment period could be extended beyond that date, but, unless and until the SEC actually does that, parties desiring to submit comments should proceed with the expectation that they will need to submit them by the applicable current deadline.)  Although the SEC will not agree with all comments received and may adopt final rules despite strong and widely-held opposing views reflected in the comments, the SEC and its staff will consider the comments received in adopting final rules and likely will make at least some changes to the proposed rules based on comments.  If your company would like to have its voice heard on the proposed rules, you may consider doing so by submitting comments directly or through an industry association or similar group.

9.   Monitor developments.

As noted above, we are in the early stages of the process through which the proposed rules could, in their current form or with changes, become final rules with which public companies actually would need to comply.  In-house lawyers should continue to monitor developments and advise others in their organizations of such developments as appropriate so that preparations for compliance with new climate-related disclosure rules can be adjusted as necessary.

10. Don’t forget that climate-related disclosures may be required under existing SEC rules and interpretations.

With the anticipation of a massive new disclosure regime for climate-related matters and preparation for compliance with that regime, it might be easy to overlook that fact the existing SEC rules and interpretations may require climate-related disclosures in SEC filings, and the SEC staff may issue comments on climate-related disclosures, or the absence thereof, in a company’s SEC filings, as they did for a number companies in the fall of 2021 with respect to the companies’ 2020 annual reports on Form 10-K.  Pending the adoption and implementation of final new rules, companies should continue to assess their disclosures in view of the SEC’s 2010 guidance on climate-related disclosures.

_______________________________________

1. Scope 1 emissions are direct GHG emissions from operations that are owned or controlled by a company.  Scope 2 emissions are indirect GHG emissions from the generation of purchased or acquired energy that is consumed by a company’s operations.  Scope 3 emissions are all indirect GHG emissions not otherwise included in a company’s Scope 2 emissions, which occur in the upstream and downstream activities of a company’s value chain.

© 2022 Bracewell LLP
For more about SEC disclosures, please visit the NLR Financial, Securities & Banking section.

DOJ Aggressively Targeting PPP Loan Recipients for Fraud: What Businesses Need to Know

More than five million businesses applied for emergency loans under the Paycheck Protection Program (PPP), and with a hurried implementation that prevented a full diligence process, it’s not surprising the program became a target for fraud. The government is now aggressively conducting investigations, employing both criminal and civil enforcement actions. On the civil lawsuit front, companies that received PPP loans should be aware of actions brought under the False Claims Act (FCA) and the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA). This advisory details some of the key points of these enforcement tools and what the government looks for when prosecuting fraudulent conduct.

How will PPP Loan Fraud Enforcement Under the FCA Work?

A company can be liable under the FCA if it knowingly presents a false or fraudulent claim for payment or approval to the government or uses a falsified record in the course of making a false claim. 31 U.S.C. § 3729(a)(1)(A), (B). The FCA allows the government to recover up to three times the amount of the damages caused by the false claims in addition to financial penalties of not less than (as adjusted for inflation) $12,537, and not more than $25,076 for each claim.

The FCA can be enforced by individuals through qui tam lawsuits. This means a private individual, known as a relator, can file a lawsuit on behalf of the government. When a qui tam case is filed, it remains confidential (under seal) while the government reviews the claim and decides whether to intervene in the case. If the lawsuit is successful, the relator is entitled to a portion of the reward.

The False Claims Act has been used to pursue fraud claims in connection with PPP loan applications. Any company that participated in the PPP by applying for a loan should retain documentation justifying all statements made on the loan application and evidencing how any funds obtained through the loans were utilized.

How will PPP Loan Fraud Enforcement Under FIRREA Work?

The government is also utilizing FIRREA in response to fraudulent conduct related to PPP loans. FIRREA is a “hybrid” statute, predicating civil liability on the government’s ability to prove criminal violations. The statute allows the government to recover penalties against a person who violates specifically enumerated criminal statutes such as bank fraud, making false statements to a bank, or mail or wire fraud “affecting a federally insured financial institution.” 12 U.S.C. §1833a.

To establish liability under FIRREA, the government does not have to prove any additional element beyond the violation of that offense and that the violation “affect[ed] a federally insured financial institution.” The government has invoked FIRREA in the context of PPP loan fraud by stating the fraud related to obtaining the loan falls under one or more of the predicate offenses set forth in the statute.

What Factors Determine PPP Loan Fraud Penalties Under FIRREA?

While the assessment of a penalty is mandatory under FIRREA, the amount of the penalty is left to the discretion of the court but may not exceed $1.1 million per offense. There is an exception to this maximum penalty, however, if the person against which the action is brought profited from the violation by more than $1.1 million. FIRREA then allows the government to collect the entire amount gained by the perpetrator through the fraud. The actual amount of the penalty is determined by the court after weighing several factors including:

  • The good or bad faith of the defendant and the degree of his/her knowledge of wrongdoing;
  • The injury to the public, and whether the defendant’s conduct created substantial loss or the risk of substantial loss to other persons;
  • The egregiousness of the violation;
  • The isolated or repeated nature of the violation;
  • The defendant’s financial condition and ability to pay;
  • The criminal fine that could be levied for this conduct;
  • The amount the defendant sought to profit through his fraud;
  • The penalty range available under FIRREA; and
  • The appropriateness of the amount considering the relevant factors.

The government favors utilizing FIRREA penalties to pursue fraud claims for several reasons. The statute of limitations provided in 12 U.S.C. §1833a(h) is 10 years, which is much longer than most civil statutes of limitations. The standard of proof required to impose penalties is preponderance of the evidence, rather than the higher “beyond a reasonable doubt” standard that must be met in a criminal prosecution.

Checklist for PPP Loan Recipients

A company that applied for COVID relief funds, such as PPP loans, should ensure they satisfy the eligibility requirements for obtaining the loan, confirm false statements were not made during the application, and review the rules set forth by the SBA for applying for PPP. The government has shown it is willing to pursue remedies under the FCA and FIRREA for fraudulent statements made regarding a PPP loan application.

© 2022 Varnum LLP

The Gensler SEC: What to Expect in 2022

Since Gary Gensler became chair of the U.S. Securities and Exchange Commission in April 2021, his agency has signaled an active agenda that many expect will be aggressively enforced. Cornerstone Research recently brought together distinguished experts with SEC experience to share what they expect the SEC will focus on in 2022. The expert forum, “The Gensler SEC: Policy, Progress, and Problems,” featured Joseph Grundfest, a former commissioner of the SEC and currently serving as the W. A. Franke Professor of Law and Business at Stanford Law School; and Mary Jo White, senior chair, litigation partner, and leader of Debevoise & Plimpton’s Strategic Crisis Response and Solutions Group who previously served as chair of the SEC and as U.S. Attorney for the Southern District of New York. Moderated by Jennifer Marietta-Westberg of Cornerstone Research, the forum was held before an audience of attorneys and economists and explored the major regulatory and enforcement themes expected to take center stage in the coming year.

ESG Disclosures and Materiality

In its Unified Regulatory Agenda first released in June of last year, the SEC indicated that it will propose disclosure requirements in the environmental, social, and governance (ESG) space, particularly on climate-related risks and human capital management. However, as documented by the numerous comments received as a result of the SEC’s March 15, 2021, request for input on climate change disclosures, there is substantial debate as to whether these disclosures must, or should, require disclosure only of material information. During the expert forum, Grundfest and White agreed that ESG disclosures should call for material information only. However, they have different predictions on whether ESG disclosures actually will be qualified by a materiality requirement.

White emphasized that materiality is a legal touchstone in securities laws. “If the SEC strays far from materiality, the risk is that a rule gets overturned,” she said. “Not every single rule needs to satisfy the materiality requirement, but it would be a mistake for the SEC not to explain what its basis for materiality is in this space.”

Grundfest added, “There is a spectrum of ESG issues, and while some are within the SEC’s traditional purview, others are new and further away from it. For example, to better ensure robust greenhouse emissions disclosure, the Environmental Protection Agency should be the one to require disclosure rules that would not be overturned.”

Gensler has indicated that investors want ESG disclosures in order to make investment and voting decisions. For instance, in his remarks before the Principles for Responsible Investment in July 2021, Gensler stated that “[i]nvestors are looking for consistent, comparable, and decision-useful disclosures so they can put their money in companies that fit their needs.” White predicts that some but not all ESG disclosure requirements in the proposed rules the SEC is working on will call for material information.

Grundfest, however, believes that the rules the SEC eventually adopts will require disclosure only of material information. “The SEC’s proposal on ESG disclosures will ask for everything, from the moon to the stars,” he said. “But public comments will sober the rules. The SEC staff will take into account the Supreme Court standard and the Chevron risk. It will settle on adopting materiality-based disclosure rules.”

There is also debate over the potential definition of materiality in the context of any proposed ESG disclosures. The panelists were asked whether the fact that large institutional investors assert various forms of ESG information are important to their investment decisions is a sufficient basis upon which to conclude that the information is material. Neither White nor Grundfest believes the Supreme Court as currently composed would accept this argument, but they differ on the reasons.

Grundfest believes the Supreme Court will stick with its approach of a hypothetical reasonable investor. “The fact that these institutional investors ask for this information doesn’t necessarily mean that it’s material,” he said. “If the SEC wants to have something done in this space, it has to work within the law.”

White said an important aspect of the rule will be the economic analysis, though she, too, does not think materiality can be “decided by an opinion poll among institutional investors.” For example, a shareholder proposal requesting certain information that has not received support does not necessarily make the information immaterial. “The Supreme Court will be tough on the survey approach,” she said.

Digital Assets and Crypto Exchanges

In several statements and testimonies, Gensler has declared the need for robust enforcement and better investor protection in the markets for digital currencies. He has publicly called the cryptocurrency space “a Wild West.” In addition to bringing enforcement actions against token issuers and other market participants on the theory that the tokens constitute securities, the SEC under his leadership has brought enforcement actions against at least one unregistered digital asset exchange on the theory that the exchange traded securities and should therefore register as securities exchange.

“The crypto space is the SEC’s most problematic area,” Grundfest said. “Franz Kafka’s most famous novel is The Trial. It’s about a person arrested and prosecuted for a crime that is never explained based on evidence that he never sees. Some recent SEC enforcement proceedings make me wonder whether Kafka is actually still alive and well, and working deep in the bowels of the SEC’s Enforcement Division.” In support of this literary reference, Professor Grundfest  noted that, in bringing enforcement actions against crypto exchanges alleging that they traded tokens that were unregistered securities, the SEC never specified which tokens traded on these exchanges were securities. “This is almost beyond regulation by enforcement. It’s regulation by FUD—fear, uncertainty, and doubt,” Grundfest said.

White predicted that, of the 311 active crypto exchanges listed by CoinMarketCap as of December 1, 2021, the SEC will bring cases against at least four in the coming year.

Gensler has publicly argued for bringing the cryptocurrency-related industry under his agency’s oversight. “We need additional congressional authorities to prevent transactions, products, and platforms from falling between regulatory cracks,” he said in August at the Aspen Security Forum. But neither White nor Grundfest believes the current Congress will enact legislation giving the SEC authority to regulate crypto transactions that do not meet the definition of an investment contract under the Howey test.

In November 2021, a federal jury in Audet v. Fraser at the District Court of Connecticut decided that certain cryptocurrency products that investors purchased were not securities under Howey. Neither Grundfest nor White believes this finding will cause the SEC to become more cautious about asserting that some forms of crypto are securities.

“One jury verdict is hardly a precedent,” White said. “The facts of the case didn’t have many of the nuances under Howey that other cases have. It will not deter the SEC.”

The panelists agreed that SEC enforcement activity will be aggressive in the crypto space. A report by Cornerstone Research, titled SEC Cryptocurrency Enforcement: 2021 Update, found that, under the new administration, the SEC has continued its role as one of the main regulators in the cryptocurrency space. In 2021, the SEC brought 20 enforcement actions against digital asset market participants, including first-of-their-kind actions against a crypto lending platform, an unregistered digital asset exchange, and a decentralized finance (DeFi) lender.

Proxy Voting

With the 2022 proxy season on the horizon, people will be watching the SEC closely, as Gensler’s Commission recently adopted new rules for universal proxy cards, and it has revisited amendments adopted under the former chair of the SEC, Jay Clayton.

Last November, the SEC adopted universal proxy rules that now allow shareholders to vote for their preferred mix of board candidates in contested elections, similar to voting in person.  These rules would put investors voting in person and by proxy on equal footing. “Universal proxy was proposed at the time when I was the chair of the SEC, and the logic for the rule is overpowering,” White said. “In adoption, some commissioners had reservations on the thresholds of voting power a dissident would be required to solicit, but voted in favor anyway based on its logic. It was a 4 to 1 vote.”

Grundfest and White expect the number of proxy contests that proceed to a vote will go up as a result. From 2019 to 2020, the incidence of proxy contests increased from 6 to 13. Looking ahead to the coming year, Grundfest predicts the rule change will increase the incidence of proxy contests by somewhere between 50% and 100%. White predicts a more modest increase of about 50%.

Regarding rules on proxy voting advice, the SEC issued Staff Legal Bulletin No. 14L (CF) last November to address Rule 14a-8(i)(7), which permits exclusion of a shareholder proposal that “deals with a matter relating to the company’s ordinary business operations.”

The bulletin puts forth a new Staff position that now denies no-action relief to registrants seeking to exclude shareholder proposals that transcend the company’s day-to-day business matters. “This exception is essential for preserving shareholders’ right to bring important issues before other shareholders by means of the company’s proxy statement, while also recognizing the board’s authority over most day-to-day business matters,” the bulletin said.

Both White and Grundfest believe a modest number of issuers will go to court in the 2022 proxy season seeking to exclude Rule 14a-8 shareholder proposals as “transcending” day-to-day operations. “I think companies will challenge shareholder proposals in court but not a lot,” White said. “It depends on the shareholder proposal.”

Grundfest believes any such cases would be driven as much by CEOs as by any other factor. “Companies may challenge a shareholder proposal in court if they have a CEO who is offended by a certain proposal or for First Amendment reasons,” he said. Grundfest cited a hypothetical example of a software company in Texas with a shareholder proposal on gun rights or abortion rights, which have nothing to do with the cybersecurity software the company produces. “It would be hard to force a company to put forth a politically charged proposal that is not related to that company’s business,” he said. “If it’s a First Amendment right, the company will go to court.”

Copyright ©2022 Cornerstone Research

SEC Awards $600,000 to Whistleblower

On February 22, the U.S. Securities and Exchange Commission (SEC) issued a $600,000 whistleblower award to an individual who voluntarily provided the agency with original information which led to a successful enforcement action.

Through the SEC Whistleblower Program, when a qualified whistleblower’s information contributes to an enforcement action in which the SEC collects at least $1 million, the whistleblower is entitled to an award of 10-30% of the funds collected by the government. The SEC also extends anti-retaliation protections to whistleblowers and thus does not disclose any identifying information about award recipients.

In determining the exact percentage for a whistleblower award, the SEC weighs a number of factors. According to the order for the $600,000 award, the SEC considered that “[the whistleblower] provided new information that significantly contributed to the success of the Covered Action; [the whistleblower] provided substantial, ongoing assistance, including participating in an interview with Commission staff and providing helpful documents on multiple occasions; and the charges in the Covered Action were based, in part, on [the whistleblower’s] information.”

The SEC Whistleblower Program has already issued a slew of whistleblower awards in the 2022 fiscal year. Since the fiscal year began on October 1, 2021, the SEC has awarded over $100 million to over 30 individual whistleblowers.

The 2021 fiscal year was a record year for the program. During the fiscal year, the SEC received a record 12,200 whistleblower tips and issued a record $564 million in whistleblower awards to a record 108 individuals. Over the course of the year, the whistleblower program issued more awards than in all previous years combined.

Overall, since issuing its first award in 2012, the SEC has awarded approximately $1.2 billion to nearly 250 individual whistleblowers.

Geoff Schweller also contributed to this article.

Copyright Kohn, Kohn & Colapinto, LLP 2022. All Rights Reserved.
For more articles about SEC whistleblowers, visit the NLR White Collar Crime & Consumer Rights section.

Intra-Class Conflict Dooms Auto Insurance Class Action in Fifth Circuit

Last week the Fifth Circuit issued a short opinion that made an important point that does not arise often in class certification decisions. Class certification failed because the plaintiffs’ proposed theory of liability would benefit only some class members and disadvantage others, who would be overpaid if the plaintiffs’ theory were correct. For that reason alone, the plaintiffs could not adequately represent the class.

Prudhomme v. Government Employees Insurance Company, No. 21-30157, 2022 WL 510171 (5th Cir. Feb. 21, 2022) (per curiam) was similar to another case I recently wrote about—the plaintiffs claimed that their insurer undervalued their vehicles that were deemed total losses, in violation of Louisiana statutes. Sidestepping questions about commonality and predominance, which are usually the focus of class certification decisions, the Fifth Circuit affirmed the denial of class certification because the adequacy of representation requirement was not met. This was because “a portion of the proposed class members received payments above (that is, benefitted from) the allegedly unlawful valuation.” According to the district court opinion, an expert witness opined that approximately one-fifth of the class would have received less on the plaintiffs’ theory than they received from GEICO. While the plaintiffs argued that class members who were overpaid on their theory might still be entitled to some damages under Louisiana law, that would likely create a typicality problem. Class representatives cannot adequately represent a class if they offer “a theory of liability that disadvantages a portion of the class they allegedly represent.”

Look out for this type of issue the next time you are litigating a class action. It might be lurking in your case when you peel back the onion.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.
For more articles about class-action lawsuits, visit the NLR Litigation section.

When Board Conflict Crosses the Line…

Elected officials are, naturally, sometimes at the center of conflict and division within their board.  Conflict is to be expected.  However, what happens when board members take action to freeze out a minority board member from information that he or she needs to do his or her respective job?  The use of information-control tactics against minority members on a board, impeding their ability to receive that information necessary to perform his or her duties is problematic – and it may be unconstitutional.\

Elected officials have duty to be informed. Palm v.Centre Tp., 415 A.2d 990, 992 (Pa. Commw. Ct. 1980):

It is the duty of a school board member, a commissioner, a councilman, or a supervisor to be informed. Supervisors are not restricted to information furnished at a public meeting. A supervisor has the right to study, investigate, discuss and argue problems and issues prior to the public meeting at which he may vote. Nor is a supervisor restricted to communicating with the people he represents. He is not a judge. He can talk with interested parties as does any legislator.

This responsibility extends beyond the contours of the public meeting and what is discussed at those meetings.

Elected officials have protections under the First Amendment. The Third Circuit has historically recognized that a public official’s right to free speech under the First Amendment will be violated when the retaliatory conduct of her peers interferes with her ability to adequately perform her elected duties. See Werkheiser v. Pocono Tp., 780 F.3d. 172, 182 (3d Cir. 2015); Monteiro v. City of Elizabeth, 436 F.3d 397, 404 (3d Cir. 2006).

To avoid entering the territory of this kind of interference, everyone can play a role in ensuring the government functions adequately and that Board members’ rights, duties, and privileges are protected.  Board division, when gone too far, can cross constitutional lines.  To avoid walking that line, there are things that everyone can do to make for a well-functioning Board or meeting:

  • Managers can stay neutral and ensure that every board member is kept up to date on significant municipal operations and projects.
  • Solicitors can host a meeting with the board to educate the board on laws pertaining to their position, such as a municipal code and the Pennsylvania Sunshine Act.
  • Board members can foster respect for fellow board members and learn how to communicate so that each board member can participate in healthy debate on contentious issues.  Enacting policies related to meeting decorum can be helpful, but they need to be enforced evenhandedly.

For more tips for handling divisiveness among a board, see the December 2021 article on “Tips for Handling Board Conflicts” in the Pa Township News.

©2022 Strassburger McKenna Gutnick & Gefsky
          

SEC Issues Two Whistleblower Awards for Independent Analysis

On February 18, the U.S. Securities and Exchange Commission (SEC) announced two whistleblower awards issued to individuals who provided independent analysis to the SEC which contributed to a successful enforcement action. One whistleblower received an award of $375,000 while the other received $75,000.

According to the award order, the whistleblowers “each voluntarily provided original information to the Commission that was a principal motivating factor in Enforcement staff’s decision to open an investigation.”

Through the SEC Whistleblower Program, qualified whistleblowers, individuals who voluntarily provide original information which leads to a successful enforcement action, are entitled to a monetary award of 10-30% of funds recovered by the government.

A 2020 amendment to the whistleblower program rules established a presumption of a statutory maximum award of 30% in cases where the maximum award would be less than $5 million and where there are no negative factors present. The SEC notes that this presumption did not apply to the two newly awarded whistleblowers. According to the SEC, the first whistleblower unreasonably delayed in reporting their disclosure and the second whistleblower only provided limited assistance.

In the award order, the SEC justifies its decision to grant the first whistleblower a larger award than the second. According to the SEC, the first whistleblower’s disclosure included high quality about an issue which “was the basis for the bulk of the sanctions in the Covered Action” whereas the second whistleblower’s disclosure did not touch on this pivotal issue. Furthermore, the first whistleblower provided significant ongoing assistance to the SEC staff while the second whistleblower did not.

Since issuing its first award in 2012, the SEC has awarded approximately $1.2 billion to 247 individuals. Before blowing the whistle to the SEC, individuals should first consult an experienced SEC whistleblower attorney to ensure they are fully protected under the law and qualify for the largest award possible.

Copyright Kohn, Kohn & Colapinto, LLP 2022. All Rights Reserved.

Red States Move to Penalize Companies That Consider Climate Change When Making Investments

A number of conservative-leaning states, particularly those with a significant fossil fuel industry (e.g., Texas, West Virginia), have begun implementing polices and enacting laws that penalize companies which “pull away from the fossil fuel industry.”  Most of these laws focus on precluding state governmental entities, including pension funds, from doing business with companies that have adopted policies that take climate change into account, whether divesting from fossil fuels or simply considering climate change metrics when evaluating investments.

This trend is a troubling development for the American economy.  Irrespective of the merits of the policy, or fossil fuel investments generally, there are now an array of state governments and associated entities, reflecting a significant portion of the economy, that have adopted policies explicitly designed to remove climate change or other similar concerns from consideration when companies decide upon a course of action.  But there are other states (typically coastal “blue” states) that have enacted diametrically opposed policies, including mandatory divestments from fossil fuel investments (e.g., Maine).  This patchwork of contradictory state regulation has created a labyrinth of different concerns for companies to navigate.  And these same companies are also facing pressure from significant institutional investors, such as BlackRock, to consider ESG concerns when making investments.

Likely the most effective way to resolve these inconsistent regulations and guidance, and to alleviate the impact on the American economy, would be for the federal government to issue a clear set of policy guidelines and regulatory requirements.  (Even if these were subject to legal challenge, it would at least set a benchmark and provide general guidance.)  But the SEC, the most likely source of such regulations, has failed to meet its own deadlines for promulgating such regulations, and it is unclear when such guidance will be issued.

In the absence of a clear federal mandate, the contradictory policies adopted by different state governments will only apply additional burdens to companies doing business across multiple state jurisdictions, and by extension, to the economy of the United States.

Republicans and right-leaning groups fighting climate-conscious policies that target fossil fuel companies are increasingly taking their battle to state capitals. Texas, West Virginia and Oklahoma are among states moving to bar officials from dealing with businesses that are moving to ditch fossil fuels or considering climate change in their own investments. Those steps come as major financial firms and other corporations adopt policies aligned with efforts to reduce greenhouse gas emissions.”

©1994-2022 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.