Robinhood, “an introducing broker-dealer that provides commission-free trading to retail customers through its website and mobile applications,” recently agreed to pay a record-setting amount of $70 million — consisting of a $57 million fine and more than $12.5 million in restitution to 2,832 customers — to resolve a myriad of FINRA rule violations dating back to 2016. While the lengthy Letter of Acceptance, Waiver, and Consent No. 2020066971201 (“AWC”) reads like a final exam in a corporate compliance and securities regulation course, there are two key takeaways that merit particular emphasis. First, an overreliance on technology without sufficient safeguards or personal verification can create substantial liability. Second, making claims about new, nontraditional products being offered directly to customers can be deceptive or misleading and in violation of FINRA Rules 3110 and 2010, if FINRA determines the communications lack sufficient disclosures.
On July 13, 2021, the SEC announced charges against Stable Road Acquisition Company (“Stable Road”), its sponsor, SRC-NI, its CEO, Brian Kabot, Stable Road’s proposed merger target Momentus Inc.(“Momentus”), and Momentus’s founder and former CEO Mikhail Kokorich (“Kokorich”) for “misleading claims about Momentus’s technology and about national security risks associated with Kokorich.” All parties except Kokorich are settling with the SEC, paying total penalties of more than $8 million, amongst other remedies. The SEC’s litigation will proceed against Kokorich in the U.S. District Court for the District of Columbia. The Complaint seeks permanent injunctions, penalties, disgorgement plus prejudgment interest, and an officer-and-director bar against Kokorich.
Partners Peter Baldwin and Bob Mancuso published “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks.” This article in the New York Law Journal discusses how regulators have shifted their focus from data breach notifications to overall cybersecurity preparedness.
In the spirit of our previous Holiday film blogs, we present for your viewing pleasure (and background research) the following Independence Day films for your (re)viewing pleasure. Both deserve renewed attention in light of:
- The SEC’s recent Solar Winds-Cybersecurity-related events, regarding disclosure of material weaknesses or material cyber security risks related to the Solar Winds compromise;
- The re-opening of offices and recent announcements of certain businesses explaining employees should be back in the office or else.
We offer the following Independence Day Weekend themed film streaming recommendations that relate to each of the above and therefore count as background research.
Upcoming Changes to Rule 10b5-1:
The SEC is seeking to propose four key changes to executive stock trading plans under Rule 10b5-1 in October. Its Chairman, Gary Gensler, reported that the SEC is considering “freshen[ing] up Rule 10b5-1 after twenty years” to address insider trading concerns on June 7, 2021. Gensler’s comments come after a year of heightened insider trading reporting and the release of new research conducted by Stanford University and the Wharton School of the University of Pennsylvania finding that 10b5-1 plans have been used by executives to engage in “opportunistic, large-scale” sales of company stock. Gensler remarked the current plans under Rule 10b5-1 have led to a “real crack in our insider trading regime,” which he seeks to address in the upcoming months.
On Tuesday, the U.S. Securities and Exchange Commission (“SEC”) announced that Gurbir Grewal will be the Director of the Division of Enforcement, effective July 26, 2021. Grewal has been the Attorney General of New Jersey since 2018.
Grewal’s appointment follows the previous appointment and abrupt resignation of Alex Oh for the same role. In contrast to Oh, Grewal has spent most of his career in government. Prior to his current role, Grewal was an Assistant United States Attorney in the Eastern District of New York and the District of New Jersey. From 2014 to 2016, Grewal led the Economic Crimes Unit for the District of New Jersey.
As publicly reported late last week, the Securities and Exchange Commission’s Division of Enforcement (SEC) sent voluntary requests for information to a range of public companies and investment firms seeking voluntary disclosure of information related to last year’s SolarWinds cyberattack. Specifically, the SEC is seeking information related to whether the companies and firms were exposed to the SolarWinds cyberattack and any remedial measures the companies and firms implemented in response.
SolarWinds, an IT, network, and systems software developer, disclosed in a filing with the SEC in December 2020 that a cyberattack had infiltrated its Orion monitoring product, which could allow the attacker to compromise the server on which the Orion product runs. SolarWinds disclosed that it believed that nearly 18,000 Orion customers downloaded the product containing the vulnerability and that it had notified all 33,000 users of the product that a cyberattack had taken place. The SolarWinds cyberattack was unprecedented in its scope and sophistication—including compromising nine U.S. federal agencies—leading the United States and other governments to blame the attack on an outside nation state actor.
On Friday June 4, 2021, Securities and Exchange Commission Chair Gary Gensler removed the head of the Public Company Accounting Oversight Board (PCAOB), an independent agency created by the Sarbanes-Oxley Act of 2002 that is charged with setting standards and overseeing audits of public companies and broker-dealers. The move is part of a broader overhaul of the PCAOB announced by the SEC that includes soliciting nominations for all five of the PCAOB’s board positions, including board positions currently filled by members whose terms have not yet expired.
The removed chair of the PCAOB, William Duhnke III, was appointed by former President Trump and had held the position since January 2018. In 2020, President Trump called for the PCAOB to be folded into the SEC by 2022, losing its independent watchdog status. In a recent lawsuit filed against Duhnke, the PCAOB’s former chief risk officer alleged that Duhnke shared President Trump’s sentiment and called the PCAOB a “frivolous organization” that should be combined with the SEC.