Securities and Exchange Commission

SEC Enforcement Director Tells House Judiciary Committee That Investigation Agencies Should Not Need Warrants to Access Email Data Directly from Internet Service Providers

Amy RossPosted on December 4, 2015

On Tuesday, Andrew Ceresney, Director of the Securities and Exchange Commission’s Division of Enforcement, told the House Judiciary Committee that the Email Privacy Act (H.R. 699) and the Electronic Communications Privacy Amendments Act (S. 356) should not be amended to require prosecutors and civil enforcement agencies to obtain criminal warrants when requesting emails and other electronic data directly from internet service providers (“ISPs”), which include cloud-based storage services. READ MORE →

Investment Firms and Compliance Professionals Beware: SEC Finds Risks Associated with Outsourcing Compliance Function

Editorial BoardPosted on November 17, 2015

On Monday, November 9, 2015, the Office of Compliance Inspections and Examinations (“OCIE”) of the U.S. Securities and Exchange Commission (“SEC”) released results from its evaluation of investment adviser firms’ use of third parties for compliance functions, including outsourced chief compliance officers (“CCO”). Outside CCOs often perform important compliance responsibilities, including updating firm policies and procedures, preparing regulatory filings, and conducting annual compliance reviews. Despite the importance of these functions, the Risk Alert (“Risk Alert” or “Alert”) indicated that several of the outsourced CCOs examined had not implemented effective compliance programs. The Alert, available here, sends a cautionary signal to investment adviser firms considering outsourcing compliance functions. This warning is particularly timely since government agencies, including the SEC, have increased their focus on financial firms’ compliance programs, and on CCOs in particular.

Investing in the Next “Big Thing” Just Got Easier – SEC Promulgates New Crowdfunding Rules

Editorial BoardPosted on November 3, 2015

On October 30, 2015, the United States Securities and Exchange Commission (“SEC”) moved forward in implementing Title III of the JOBS Act and adopted new rules permitting companies to offer and sell securities to all potential investors through crowdfunding. Crowdfunding is the use of small amounts of capital from a large number of investors to finance new business ventures. This method of investment, typically conducted over the internet, is aimed at assisting smaller companies with capital formation by accessing a greater pool of potential investors. The SEC had previously opened crowdfunding investment to “accredited investors” (investors meeting certain net worth and/or investment experience criteria) but these rules permit non-accredited investors, i.e., everyone else, to participate while providing them with additional protection under the federal securities laws. Title III and these rules come in response to the enormous growth of equity crowdfunding through financing platforms such as GoFundMe, Kickstarter or Indiegogo.

International Hacking and Insider Trading Scheme Exposes Cybersecurity Vulnerabilities at Third-Party Vendors

M. Todd Scott and Daniel DunnePosted on August 19, 2015

On August 11, 2015, the SEC announced that it was bringing fraud charges against 32 defendants for their alleged participation in a five-year, international hacking and insider trading scheme. According to the SEC, two Ukrainian men hacked into at least two major newswire services, stole non-public copies of embargoed corporate announcements containing quarterly and annual earnings data, and provided the announcements to 30 other defendants, who traded off the information. In parallel actions, the U.S. Attorney’s Offices for the District of New Jersey and the Eastern District of New York also announced criminal charges against some defendants named in the SEC’s action. The SEC’s enforcement action may be a harbinger of events to come. As we have written, cybersecurity is emerging as the SEC’s newest area of focus for enforcement actions.

The Boss Makes HOW much more than me? SEC Issues Final Pay Ratio Rule

Alex Talarides and Jennifer LeePosted on August 11, 2015

On August 5, 2015, the Securities and Exchange Commission approved its final rule subjecting most public companies to the so-called “Pay Ratio Disclosure” mandated by the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. The SEC voted 3-2 to approve the measure, with the panel’s two Republican members opposing it. In the split vote, the SEC finally put into place one of the most controversial rules mandated by Dodd-Frank. In the years since the SEC began working on the rule, it has attracted an intense measure of both public scrutiny and advocacy, drawing more than 286,000 public comments.

SEC Guidance Supports its Position That Internal Whistleblowers are Protected Under Dodd-Frank

Renee PhillipsPosted on August 6, 2015

On August 4, 2015 the Securities and Exchange Commission issued interpretive guidance elaborating its view that the anti-retaliation provisions in the Dodd-Frank Wall Street Reform and Consumer Protection Act apply equally to tipsters who claim retaliation after reporting internally, as well as those who are retaliated against after reporting information to the SEC. The guidance reflects that there is a split among federal courts over whether Dodd-Frank’s whistleblower retaliation provisions apply to internal as well as external reporting, and recognizes that the only circuit court to decide the issue to date, the Fifth Circuit, has taken a contrary position to that of the Commission in Rule 21F, the regulation the SEC adopted to implement the whistleblower legislation, holding that internal reports are not protected by Dodd-Frank. Whether internal reports qualify for Dodd-Frank coverage has important implications because, among other things, Dodd Frank provides enhanced recoveries (including two times back pay) and longer time frames (six years) for bringing a retaliation claim than would be available under the anti-retaliation provisions in the Sarbanes-Oxley Act of 2002.

Striking the Balance: Mary Jo White Says the SEC’s Process for “Well-Known Seasoned Issuer” Waivers Is Fair, But Signals a Renewed Focus on Targeting Individual Wrongdoing

Editorial BoardPosted on March 17, 2015

In a speech last Thursday, SEC Chair Mary Jo White publicly addressed the issue of whether the SEC has been too lax in granting waivers to large corporations that are subject to certain restrictions under the Well-Known Seasoned Issuer (“WKSI”) regulations or the so-called “Bad Actor Rule.”

The SEC classifies certain large widely followed issuers as WKSIs under Rule 405 of the Securities Act of 1933. Issuers with WKSI status benefit from greater flexibility in registration and investor communications. Most notably, registration statements filed by WKSIs become effective immediately and automatically upon filing. Certain categories of “ineligible issuers”—including those convicted of certain crimes and those determined to have violated the anti-fraud provisions of the securities laws—are precluded from qualifying for WKSI status. The SEC, however, can (and does) grant waivers to ineligible issuers upon a showing of good cause.

Will You Blow The Whistle Or Should I? The SEC Grants An Award to a Whistleblower Who Learns of Fraud From Another Employee

Editorial BoardPosted on March 10, 2015

Last week, the Securities and Exchange Commission announced an award payout of between $475,000 and $575,000 to a former company officer who reported information about an alleged securities fraud. While this is by no means the largest of the 15 payouts the SEC has made since the inception of the whistleblower program in fiscal year 2012 (the SEC awarded approximately $14 million to a whistleblower in October 2013, and roughly $30 million to a foreign whistleblower almost a year later), it is the first time that the SEC provided a whistleblower bounty award under the new program to an officer who learned about the alleged fraud through another employee, rather than firsthand.

Highlights From SEC Speaks 2015

Amy Ross and Michael TuPosted on February 24, 2015

Securities and Exchange Commission leadership and staff members addressed the public on February 20-21 at the annual “SEC Speaks” conference in Washington, D.C. Common themes among the numerous presentations included the Commission’s increasing use of data analytics, the Commission’s focus on gatekeepers such as accountants and attorneys, and the Commission’s still incomplete rulemakings mandated by both the Dodd-Frank Wall Street Reform and Consumer Protection Act and the Jumpstart Our Business Startups Act.

Going for Brokerage: SEC Report Highlights Best (and Worst) Practices in Cybersecurity Preparedness

Daniel Dunne and Aravind SwaminathanPosted on February 12, 2015

On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts. FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.

The National Exam Program Risk Alert, “Cybersecurity Examination Sweep Summary” summarizes cybersecurity practices and policies of 57 registered broker-dealers, and 49 registered investment advisers based on examinations conducted by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”). These findings should be reviewed by CISOs and CIOs who have responsibility for cybersecurity protection because they highlight best practices and areas ripe for improvement. It is reasonable to assume that both the SEC and FINRA will expect firms to review the findings and tailor their own internal assessments and practices to improve their cybersecurity posture, accordingly. They also underscore that the simplest cyber-related scams (phishing, fraudulent e-mail scams, etc.) are still remarkably successful.

Securities Litigation, Investigations and Enforcement