SEC Brings Multiple Enforcement Actions Relating to Beneficial Ownership and Other Reporting Obligations

On September 25, 2024, the Securities and Exchange Commission (the SEC) announced that it had instituted and settled enforcement actions under Section 13(d), Section 13(g) and Section 16(a) of the Securities Exchange Act of 1934 (as amended, the Exchange Act). The actions involved 21 individuals and entities that allegedly had failed to timely file Schedule 13D or 13G to report beneficial ownership of greater than 5% of the registered equity securities outstanding and/or amendments to such reports, and/or to timely file Form 3, 4 or 5 to report ownership of, and transactions in, registered equity securities by executive officers, directors and greater-than-10% beneficial owners (collectively, insiders). As part of the settlements, individual respondents agreed to pay civil monetary penalties ranging from $10,000 to $200,000, and entities agreed to pay civil penalties ranging from $40,000 to $750,000. As part of the same set of settlements, the SEC also instituted and settled two enforcement actions against public companies for allegedly causing certain of their insiders’ Form 3, 4 or 5 filing failures or for failing to report such filing delinquencies. Just a week earlier, the SEC had announced the institution and settlement of enforcement actions under Section 13(f) and Section 13(h) of the Exchange Act against 11 institutional investment managers that allegedly had failed on a timely basis to file one or more quarterly Form 13F reports and/or periodic Form 13H reports.

The Bottom Line

The foregoing actions are part of an SEC enforcement initiative aimed at ensuring compliance with ownership disclosure and other reporting rules. Insofar as the beneficial ownership and insider actions are concerned, the most recent set of settlements suggest a possible willingness on the SEC’s part to bring enforcement actions even for minor and technical violations. Insofar as the institutional investor enforcement actions, the recent “sweep” appears to mark the first such broad action by the SEC. Notably, for two of the sanctioned institutional investment managers that were based outside the US and where the managers self-reported their errors to the SEC, no monetary penalties were assessed. A third institutional investment manager did not pay a monetary penalty for its Form 13H filing delinquency, which had been self-reported to the agency. Further, the SEC’s public announcement of the settlements indicated that the SEC staff used data analytics to identify the delinquent filings. The SEC has occasionally used various technological solutions to search for late filings and other violations of law in the vast EDGAR database, and as artificial intelligence and similar applications become more widespread and economical, we expect the SEC to make greater use of automated techniques in the future as part of its ongoing filing review process.

The Full Story

5% Beneficial Owners, Insiders and Public Company Issuers

Under Section 13(d)(1) of the Exchange Act and Rule 13d-2(a) promulgated thereunder, any person who acquired beneficial ownership of more than 5% of a public company’s stock must, within 10 calendar days of the relevant acquisition,[1] file an initial set of disclosures on Schedule 13D with the SEC. The beneficial owner must then file updates with the SEC to report any material changes to its position or other facts disclosed in prior filings. Certain investors (mostly passive ones) are eligible to file a simplified set of disclosures on Schedule 13G. The deadline to file a Schedule 13G was also within 10 calendar days of acquiring more than 5% beneficial ownership, but certain institutional investors were permitted to defer disclosing their passive holdings on Schedule 13G until 45 days after the end of the calendar year.[2]

Under Section 16(a) of the Exchange Act and Rule 16a-3 promulgated thereunder, officers and directors of public companies, and any beneficial owners of greater than 10% of stock in a public company, were (and currently are) required to file initial statements of holdings on Form 3 either within 10 calendar days of becoming an insider or on or before the effective date of the initial registration of the stock. Such insiders are then obligated to keep this information current by reporting subsequent transactions on Forms 4 and 5 (in most instances, within two business days of any change). In addition, Section 13(a) of the Exchange Act and Item 405 of Regulation S-K promulgated thereunder require issuers to disclose information regarding delinquent Section 16(a) filings by insiders in their annual reports.

Here, the SEC alleged that 14 persons, who were obligated to file Forms 3/4/5, failed to timely file or update such reports required under Section 16(a), that two public companies caused some of those late filings and/or did not disclose the late filings when required, and that 18 persons who were obligated to file and/or amend Schedules 13D/13G failed to do so timely as required under Sections 13(d) and (g). In most of the non-issuer settlements, there appear to have been repeated failures over multiple issuers, sometimes over several years. However, not all persons settling with the SEC had failures that were repeated or otherwise egregious. Each of two of the matters that settled for $25,000 or less alleged only a few violations (and one of those included two alleged Schedule 13D violations that arguably are supported by a compliance and disclosure interpretation but not by the actual wording of Section 13 and its implementing rules). By contrast, among the 11 beneficial ownership settlements that the SEC announced nearly a year ago, none were below $66,000. This suggests that the SEC may once again be bringing less serious enforcement actions and pursuing even minor infractions.

Institutional Investment Managers

Under Section 13(f) of the Exchange Act and Rule 13f-1 promulgated thereunder, entities with investment discretion over at least $100 million worth of specified US publicly-traded securities (and certain securities exercisable for or convertible into such securities) (institutional investment managers) are required to file quarterly Form 13F reports detailing their ownership of such securities regardless of the percentages owned. Reports can omit certain de minimis positions, though the de minimis level is set quite low so relatively few positions are typically excluded from Form 13F on this basis. The $100 million threshold was originally set in 1975, is not indexed for inflation and has not been adjusted since. Each report for a calendar quarter must be filed no later than 45 calendar days after the end of the preceding quarter.

Under Section 13(h) of the Exchange Act and Rule 13h-1 promulgated thereunder, persons who trade US publicly-traded securities equal to or exceeding two million shares or $20 million during any calendar day, or 20 million shares or $200 million during any calendar month (collectively, large traders) are required to file required Form 13H reports with the SEC. Unlike the beneficial ownership reports and Form 13F, Form 13H reports are confidential and viewable only by the SEC. While the specific reporting thresholds for Form 13F and Form 13H are different, most (but not all) large traders will also be institutional investment managers. But most institutional investment managers will not necessarily be large traders.

The SEC alleged that nine institutional investment managers failed to timely file required Form 13F reports—often over a long period of years. Those nine firms (not including one which was part of the beneficial owner settlements discussed above but had also not filed Form 13F for a number of years) agreed to pay in aggregate more than $3.4 million to settle those cases. Notably, two additional settling parties (both institutional investment managers located outside the US) were not assessed penalties relating to their delinquent Form 13F’s because they self-reported their failure to report directly to the SEC.

Two of the parties settling Form 13F failures also were charged with failing to timely file required Form 13H reports. Because both of these parties self-reported their Form 13H filing failures, neither was assessed a penalty relating to Section 13(h).


[1] The deadlines described here were in effect during the relevant periods in the settled actions. Effective on and after February 5, 2024, the initial Schedule 13D must be filed within five business days of the relevant acquisition.

[2] The deadlines described here were in effect during the relevant periods in the settled actions. Effective on and after September 30, 2024, the filing deadline for an initial Schedule 13G (other than for certain institutional investors) is within 5 business days of the relevant acquisition; certain institutional investors are permitted to delay their initial filing of Schedule 13G to 45 calendar days after the end of relevant calendar quarter.

NLRB To Begin Partnering With DOJ To Combat Collusion

The National Labor Relations Board and The Department of Justice joined forces to sign a memorandum of understanding (“MOU”) between the two entities. The MOU follows President Biden’s Executive Order in 2021 aimed at increasing competition in the economy. The NLRB and DOJ plan to coordinate in order to ensure workers are able to freely exercise their rights and to protect competitive labor markets.

According to the DOJ, this new partnership will allow the two agencies to “share information on potential violations of the antitrust and labor laws, collaborate on new policies and ensure that workers are protected from collusion and unlawful employer behavior.” The two agencies plan on greater coordination in information sharing, enforcement activity and training. Furthermore, the two agencies will now refer potential violations that they discover in their own investigations to each other.

For employers, this continues the trend of the federal government stepping up their investigatory and enforcement actions.

© Polsinelli PC, Polsinelli LLP in California

COVID-19 Healthcare Enforcement Actions to Increase in 2022 and Beyond

The Department remains committed to using every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud. We will continue to hold accountable those who seek to exploit the pandemic for personal gain, to protect vulnerable populations, and to safeguard the integrity of taxpayer-funded programs”

US Attorney General Merrick Garland – March 10, 2022, Remarks

The Biden Administration, US Department of Justice (DOJ), US Department of Health and Human Services Office of Inspector General (HHS-OIG), and other federal agencies have prioritized prosecuting COVID-19-related fraud since the pandemic began. Although the United States appears to be finally emerging from the pandemic, the government’s pandemic-related enforcement actions are here to stay for the foreseeable future. DOJ has made clear that the government’s COVID-19 enforcement efforts will accelerate, with a more significant focus on complex healthcare fraud cases and civil actions under the False Claims Act (FCA). As the federal government continues to devote additional resources towards its pandemic-related enforcement efforts, healthcare companies, hospital systems and providers should prepare for increased scrutiny.

Additional Resources Devoted to COVID-19 Fraud Enforcement Efforts

DOJ and other federal agencies have already devoted an unprecedented amount of resources to investigating and prosecuting pandemic-related fraud cases. These extensive efforts have led to immediate results. To date, DOJ has brought pandemic-related criminal charges against more than 1,000 individuals with the total alleged fraud losses exceeding $1 billion, and has seized more than $1.2 billion in fraudulently obtained relief funds.

DOJ’s pandemic-enforcement efforts show no sign of slowing down anytime soon. Less than a year after US Attorney General (AG) Merrick Garland established the COVID-19 Fraud Enforcement Task Force, the Biden administration announced that DOJ would appoint a chief prosecutor to expand on the Task Force’s “already robust efforts,” to focus on “most egregious forms of pandemic fraud” and to target particularly complex fraud schemes.

On March 10, 2022, DOJ announced that Kevin Chambers has been appointed as DOJ’s director for COVID-19 fraud enforcement. During his introductory remarks, Chambers said that DOJ would be “redoubling [its] efforts to identify pandemic fraud, to charge and prosecute those individuals responsible for it and whenever possible, to recover funds stolen from the American people.” He also indicated that DOJ would use “new tools” it has developed since the start of the pandemic to investigate such fraud.

In a March 2, 2022, speech before the American Bar Association’s Annual National Institute on White Collar Crime, AG Garland also announced that the Biden Administration will seek an additional $36.5 million in the 2022 budget for DOJ to “bolster efforts to combat pandemic-related fraud.” As evidence of this point, DOJ plans to hire 120 new prosecutors and 900 new Federal Bureau of Investigation agents who will focus on white-collar crime.

DOJ and HHS-OIG to Increasingly Focus on FCA Cases

For the past two years, officials from DOJ and HHS-OIG have identified civil and criminal healthcare fraud relating to COVID-19 as a high priority. As the effects of the pandemic subside, COVID-19-related civil enforcement actions targeting healthcare providers and healthcare companies seem set to increase.

During remarks at the Federal Bar Association’s annual Qui Tam Conference in February 2022, Gregory Demske, chief counsel to the inspector general for HHS-OIG, emphasized that COVID-19 remains a key enforcement priority. Demske indicated that HHS-OIG is focused on the use of COVID-19 to bill for medically unnecessary services, and fraud in connection with HHS’s Provider Relief Fund (PRF) and Uninsured Relief Fund. Demske also confirmed that HHS-OIG remains intensely focused on fraud in connection with telehealth services, the use of which increased exponentially during the pandemic. And, in March 2022, AG Garland reiterated that DOJ will use “every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud.”

The majority of pandemic-related healthcare enforcement actions to date have been criminal prosecutions involving truly blatant instances of fraud and abuse. Going forward, civil and administrative actions likely will be used to pursue cases that turn on lower mens rea requirements or involve more complex regulatory issues. These civil actions will include qui tam actions filed by whistleblowers, as well as FCA cases initiated directly by the DOJ.

In 2021, DOJ recovered more than $5 billion in connection with FCA cases involving the healthcare industry. Given the unprecedented amount of government funds expended to combat the COVID-19 pandemic, DOJ and HHS-OIG will undoubtedly rely on the FCA to maximize the government’s financial recovery. DOJ has already reached FCA settlements in several Paycheck Protection Program cases. It is only a matter of time before we see similar FCA investigations, complaints and settlements focused on relief funding to healthcare providers.

Pandemic-Related Healthcare Priorities

HHS’s PRF

The PRF was created as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to provide direct payments to “eligible health care providers for health care-related expenses [and] lost revenues that are attributable to coronavirus.” More than $140 billion has been disbursed to hospitals and healthcare providers under the PRF, which is administered by the Health Resources & Services Administration (HRSA).

Payments under the PRF are subject to specific terms and conditions. To retain PRF disbursements, providers must attest to “ongoing compliance” with these requirements and acknowledge that their “full compliance with all Terms and Conditions is material to the Secretary’s decision to disburse funds.” Notwithstanding ongoing concerns and confusion regarding the PRF program requirements, any noncompliance with the terms and conditions could result in criminal, civil and administrative enforcement actions. As recently as March 3, 2022, AG Garland identified fraud in connection with the PRF as a key DOJ enforcement priority.

To date, the Healthcare Fraud Unit of DOJ’s Criminal Division has already brought criminal charges against nine individuals for fraud relating to the PRF. These criminal cases, however, have almost exclusively focused on egregious allegations of fraud and abuses, such as misappropriating PRF disbursements and using the money for personal expenses. For example, in September 2021, DOJ charged five individuals with using PRF payments to gamble at Las Vegas casinos and purchase luxury cars.

DOJ, however, has long indicated that the FCA will also play a “significant role” in DOJ’s PRF enforcement efforts. It is now just a matter of time before such civil investigations and settlements emerge.

HRSA’s stated oversight plan includes post-payment analysis and review to determine whether HHS distributed PRF payments to eligible providers in the correct amounts; audits to assess whether recipients used the funds in accordance with laws, guidance, and terms and conditions; and the recovery of overpayments and unused or improperly used payments. Among other things, HRSA and HHS-OIG likely will evaluate ownership changes, double counting reimbursed expenses and losses, and compliance with the balanced billing requirements.

PRF oversight and enforcement actions have been delayed partly because of program complexities and extended reporting timelines. For example, the first report from PRF recipients on use of funds was not due until the end of 2021. Depending on the date funds were received, PRF recipients may have no reporting obligations through 2023. Entities that expended more than $750,000 in federal awards, including PRF payments, also must obtain an independent audit examining their financial statements; internal controls; and compliance with applicable statutes, regulations and program requirements. These independent audits of PRF payments must be submitted to the Federal Audit Clearinghouse, for nonprofit organizations, or the HRSA Division of Financial Integrity, for for-profit “commercial” organizations. Recipients also may be subject to separate audits by HHS, HHS-OIG or the Pandemic Response Accountability Committee to review copies of records and cost documentation and to ensure compliance with the applicable terms and conditions.

Finally, DOJ and HHS-OIG have increasingly relied on sophisticated data analytics to drive their healthcare enforcement efforts generally. Now that the first round of reports containing specific PRF data certifications are available to HRSA and HHS-OIG, we expect to see the use of such analytics, in conjunction with all the other available information, in connection with PRF enforcement.

Telehealth

Telehealth use expanded exponentially during the pandemic. A March 2022 HHS-OIG report showed that during the first year of the pandemic, more than 28 million Medicare beneficiaries (approximately 43% of all Medicare beneficiaries) used telehealth services—a “dramatic increase from the prior year” in which only 341,000 beneficiaries used telehealth. This increase was largely the result of HHS temporarily waiving statutory and regulatory requirements related to telehealth to allow Medicare beneficiaries to obtain expanded telehealth services.

Telehealth has been at the forefront of DOJ’s healthcare enforcement efforts for years now. For example, DOJ’s 2021 nationwide healthcare enforcement action included criminal charges against dozens of individuals for telehealth fraud schemes involving more than $1.1 billion in alleged loses. The majority of these telehealth enforcement actions to date have involved the use of telehealth to engage in traditional fraud healthcare schemes, such as illegal kickbacks and billing for medically unnecessary services and equipment.

DOJ, however, has increasingly pursued criminal enforcement actions directly related to the telehealth waivers HHS issued in response to the pandemic. For example, in November 2021, a defendant was sentenced to 82 months in prison for participating in a $73 million telehealth fraud scheme. The defendant owned laboratories that provided genetic testing and had paid his coconspirators to arrange for telehealth providers to order medically unnecessary genetic tests. The telehealth providers were not actually treating the beneficiaries, did not use the test results and often never even conducted the telemedicine consultation. Although this was primarily a traditional Anti-Kickback Statute/medical necessity case, DOJ also charged the defendant with using the COVID-19-related telehealth waivers to submit more than $1 million in false claims for sham telemedicine visits.

Similar criminal prosecutions and civil actions relating to the expanded telehealth waivers and sham telehealth encounters can be expected in the future. DOJ and HHS-OIG will likely focus on telehealth visits that resulted in claims for services and equipment with particularly high reimbursement rates, such as genetic testing and durable medical equipment. DOJ and HHS-OIG likely will use data analytics to focus on instances in which telehealth services were billed by providers with whom the beneficiary did not previously have a relationship.

Improper Billing Schemes

DOJ has also pursued criminal cases involving traditional healthcare fraud schemes that sought to take advantage of the COVID-19 pandemic. For example, in May 2021, DOJ announced criminal charges against numerous individuals who were improperly bundling COVID-19 tests with other more expensive laboratory tests, such as genetic testing, allergy testing and respiratory pathogen panel testing. DOJ has likewise pursued criminal cases in which defendants improperly used COVID-19 “emergency override” billing codes to circumvent preauthorization requirements and bill Medicare for expensive medications and treatments. Any improper billing schemes that relate to the pandemic will continue to be a focus of criminal and civil enforcement efforts going forward.

Key Takeaways and Recommendations

DOJ, HHS-OIG and other federal agencies remain focused on pursuing healthcare fraud relating to the COVID-19 pandemic. The best way for hospitals, health systems and other healthcare companies and providers to prepare for this increased enforcement activity and scrutiny is to ensure that they have a robust compliance program in place.

There is no one-size-fits-all approach to compliance, but companies can take several proactive and practical steps to minimize their enforcement risk:

  • Monitor federal and state regulatory and statutory changes. The rules, regulations and guidance relating to the COVID-19 pandemic, including for the PRF and expanded telehealth waivers, have repeatedly changed over the past two years and continue to evolve. Monitoring such changes will not only help prevent enforcement actions, but a company’s reasonable and good faith efforts to interpret and follow such rules and regulations can be a powerful defense should an investigation arise, as discussed in connection with the Allergan case, above. Further to that point, where regulatory requirements and associated guidance is ambiguous, a good documentary record of the basis for your entity’s interpretation of the rules is critical.
  • Incorporate data analytics into your compliance program. DOJ and HHS-OIG continue to rely heavily on sophisticated data analytics, including artificial intelligence, to identify and prosecute fraud. In March 2022, AG Garland emphasized DOJ’s use of “big data” to identify payment anomalies that are indicative of fraud. Healthcare companies already have access to vast amounts of data that they can and should use to proactively identify errors, monitor risk areas and address any potential misconduct.
  • Adapt your compliance program and internal controls, as appropriate, to support PRF compliance, reports and audits. Recipients should continue to practice good compliance hygiene and maintain contemporaneous records regarding the receipt and spending of federal funds. Doing so may involve implementing additional systems to track spending, recovery and relief to avoid overlapping use of funds among relief programs, or consulting with grant accounting and compliance advisors to augment existing infrastructure. Recipients also should periodically review policies, procedures and controls, particularly following major updates to program requirements and interpretations.
  • Ensure the accuracy of required PRF reports, certifications and submissions. Particularly in light of ongoing political pressure, HRSA and HHS-OIG likely will conduct extensive oversight of the PRF to identify potential errors, overpayments and improper use of funds. Recipients should carefully review guidance and instructions to avoid inadvertent errors and misstatements on all submissions. Recipients may consider revisiting prior submissions underlying significant disbursements to identify interpretative issues or compliance concerns that warrant additional supporting documentation or disclosure.
  • Carefully consider the implications before entering into arrangements with other parties. The biggest risk to healthcare companies often comes from those with whom they do business. Compliance programs should focus heavily on reducing the risk of entanglement with bad actors.
  • Be diligent in the design and oversight of marketing strategies. Healthcare companies and providers should regularly review their marketing strategies to ensure total transparency and compliance (both historic and prospective) with applicable state and federal anti-kickback statutes. Companies should confirm that patients are reached through appropriate channels. Although issues relating to COVID-19 may be the impetus for a government investigation, violations of the Anti-Kickback Statute frequently result in larger recoveries for the government.
  • Proactively examine coding and billing practices. Providers should immediately review and revisit their coding and billing practices to determine if their practices involved bundling COVID-19 testing with other claims, the use emergency override billing codes or billing for other COVID-19 related services with high reimbursement rates. There is a strong likelihood that the DOJ will review the claims data for any providers with statistically significant use of these billing and coding practices, particularly when the providers are located in geographical areas where the DOJ’s Healthcare Fraud Strike Force and HHS-OIG’s Medicare Fraud Strike Force operate.

For more health law legal news, click here to visit the National Law Review.

© 2022 McDermott Will & Emery