SEC Resolves First Case Under New Municipalities Continuing Disclosure Cooperation Initiative

On July 8, 2014, the SEC announced that it had settled charges that a school district in California misled bond investors about its failure to comply with its continuing disclosure obligations under Rule 15c2-12 of the Exchange Act. Pursuant to the Municipalities Continuing Disclosure Cooperation (“MCDC”) Initiative, Kings Canyon Joint Unified School District, without admitting or denying the SEC’s findings, agreed to entry of an Order (1) finding that it was in violation of Section 17(a)(2) of the Securities Act, (2) requiring it to cease and desist from violating Section 17(a)(2), (3) requiring it to establish written policies and procedures and to conduct periodic training regarding continuing disclosure obligations, and (4) requiring it to cooperate with the Enforcement Division in any subsequent investigation and to disclose the settlement in future bond offering materials. The SEC did not order any disgorgement or civil penalty.

Rule 15c2-12 requires that an underwriter obtain a written agreement from an issuer, for the benefit of bondholders, in which the issuer promises to submit certain financial information on an annual basis. This financial information is usually submitted to appropriate national and state repositories where it is available to the investing public. Notably, a broker-dealer must consider an issuer’s failure to disclose such financial information in determining whether to recommend a security and must disclose the failure to provide such financial information to customers. Rule 15c2-12 undertakings must be described in final Official Statements.

Continue reading “SEC Resolves First Case Under New Municipalities Continuing Disclosure Cooperation Initiative”

District Court Confirms “Neither Admit Nor Deny” Settlements Applying Citigroup Factors

In March 2013, the SEC requested that Judge Victor Marrero of the United States District Court for the Southern District of New York approve consent judgments as to CR Intrinsic and CR Intrinsic Investments, LLC; S.A.C. Capital Advisors, LLC; S.A.C. Capital Associates, LLC; S.A.C. International Equities, LLC; and S.A.C. Select Fund, LLC (the “Relief Defendants”). Each of the proposed judgments was without admitting or denying the allegations of the SEC’s complaint. In April 2013, Judge Marrero issued an Opinion and Order in which he said, “The Court is troubled by these provisions as they permit CR Intrinsic and the Relief Defendants to resolve the serious allegations against hem involving a massive insider trading scheme ‘without admitting or denying the allegations of the Complaint.’” SEC v. CR Intrinsic Investors, LLC, 939 F. Supp. 2d 431, 436 (S.D.N.Y. 2013). Noting that the Second Circuit was then considering an appeal in SEC v. Citigroup Markets, Inc., which might clarify how much discretion the district courts might have in determining whether to approve or reject a consent judgment that contains a clause neither admitting nor denying the allegations in the SEC’s complaint, Judge Marrero conditionally approved the judgments pending resolution of Citigroup.

As explained in our June 6, 2014 post titled “Second Circuit Vacates Judge Rakoff’s Order Refusing to Approve Citigroup “Neither Admit Nor Deny” Settlement“, the Second Circuit recently clarified the proper standard for reviewing consent decrees, and the parties requested the court to approve consent decrees. Applying the standards set forth by the Second Circuit in SEC v. Citigroup Mkts., Inc., ___ F.3d ___, Docket Nos. 11-5227-cv; 11‑5375-cv; 11-5242-cv, 2014 WL 2486793 (2d Cir. June 4, 2014), Judge Marrero approved the judgments as to CR Intrinsic and the Relief Defendants. He, however, noted that the subsequent conviction of Matthew Martoma, a CR Intrinsic employee, and guilty plea by CR Intrinsic “called attention to the importance of more rigorous inquiry by the SEC in its application of ‘neither admit nor deny’ provisions in settlements embodying the exceptional circumstances presented by this action, specifically those where parallel criminal cases track an SEC complaint arising from the same facts.” SEC v. Citigroup Mkts., Inc., 2014 WL 2486793, at *5. It remains to be seen whether Judge Marrero’s “wait-and-see approach” in these situations will gain traction at the SEC, particularly because it could significantly delay settlements in cases where, like Martoma’s, the criminal conviction is appealed.

Second Circuit Vacates Judge Rakoff’s Order Refusing to Approve Citigroup “Neither Admit Nor Deny” Settlement

Today, the Second Circuit Court of Appeals vacated Judge Rakoff’s order refusing to approve a settlement between the SEC and Citigroup in which Citigroup neither admitted nor denied the agency’s allegations. See SEC v. Citigroup Global Mkts., Inc., Docket Nos. 11-5227-cv; 11‑5375-cv; 11-5242-cv (2d Cir. June 4, 2014). Judge Rakoff took issue with the consent decree, finding that it was not fair, reasonable, adequate, or in the public interest because the public was denied the opportunity to know the truth underlying the allegations of securities fraud. The Circuit Court disagreed, reasoning that the district court abused its discretion by requiring the SEC to “establish the ‘truth’ of the allegations against a settling party as a condition for approving the consent decrees.” Id., slip op. at 21. The court said, “Trials are primarily about the truth. Consent decrees are primarily about pragmatism.” Id.

The court clarified that the proper standard for reviewing a consent decree requires determinations of whether the decree is fair and reasonable and whether the public interest would be disserved. According to the court, district courts assessing consent decrees for fairness and reasonableness should consider (1) the basic legality of the decree; (2) whether the terms of the decree, including its enforcement mechanism, are clear; (3) whether the consent decree reflects a resolution of the actual claims in the complaint; and (4) whether the consent decree is tainted by improper collusion or corruption of some kind. The court jettisoned the “adequacy” requirement, finding it incompatible with the use of consent decrees. In addition, the court made clear that “[t]he job of determining whether the proposed S.E.C. consent decree best serves the public interest . . . rests squarely with the S.E.C., and its decision merits significant deference . . . .” Id., slip op. at 24-25.

The court remanded the case to the district court for consideration of the factual basis for the consent decree under these standards, noting that “[a]bsent a substantial basis in the record for concluding that the proposed consent decree does not meet these requirements, the district court is required to enter the order.” Id., slip op. at 19.

The court cautioned that the SEC must be “willing to assure the court that the settlement proposed is fair and reasonable” when it seeks the court’s imprimatur of consent decrees. Id., slip op. at 27. The court pointed out, however, that the SEC has the ability to employ its own remedies—like administrative proceedings—that do not require court involvement. It remains to be seen whether the SEC will make more use of administrative proceedings in an effort to avoid judicial scrutiny in settled cases. During the pendency of the Citibank ruling, the SEC did not shy away from filing significant settled cases such as the JP Morgan internal controls matter in federal court. Moreover, in light of the standard articulated by the Second Circuit, it would seem that both the SEC and settling defendants should have less concern about courts second-guessing or questioning whether proposed settlements serve the public interest.

Recent Decision Demonstrates Reach of Lawson; Extends SOX Whistleblower Protections to Employee of a Nonpublic Subsidiary of a Public Issuer

We recently blogged about the U.S. Supreme Court’s decision in Lawson v. FMR LLC, 571 S. Ct. __, 188 L. Ed. 2d 158 (Mar. 4, 2014), which held that the whistleblower protections in section 1514A applied not only to the direct employees of public companies, but also to employees of private contractors and subcontractors serving public companies. See Lawson and Doral Expand Whistleblower Protections,” SECurities Law Perspectives (Apr. 2, 2014). Taking the lead from Lawson and more recent decisions from the Department of Labor’s Administrative Review Board (“ARB”), the U.S. District Court for the Eastern District of Pennsylvania has ruled that an employee of a nonpublic subsidiary of a public issuer could proceed with his retaliation claims against the company. Wiest v. Lynch, __ F. Supp. 2d __, Civil Action No. 10-3288, 2014 WL 1490250, at *18–23 (E.D. Pa. Apr. 16, 2014).

In reaching this conclusion, the court considered Lawson and more recent ARB decisions interpreting the scope of section 1514A’s “agent” language. The court said, “There is no reason to think that the Supreme Court’s holding in Lawson does not also apply, beyond contractors of public companies, to agents of public companies and those agents’ employees.” Id. at *19; see also 18 U.S.C. § 1514A(a) (“No [public] company . . . or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee . . . to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders . . . .” (emphasis added)).

Noting “some disagreement among lower courts and the ARB as to the scope or nature of the required agency relationship,” the court rejected the narrower view—i.e., that an agency is created for purposes of section 1514A only when the public-issuer parent is involved in hiring, supervising, or terminating its nonpublic subsidiary’s employees—for more traditional agency principles. The court found persuasive the ARB’s decision in Johnson v. Siemens Building Techs., Inc., ARB No. 08-032, 2011 WL 1247202 (Dep’t of Labor Mar. 31, 2011), which held that section 1514A applied to a subsidiary whose financial information was included in the consolidated financial statements of a public-issuer parent.

In combination with Lawson, the Wiest court found the concurrence in Johnson suggestive of “the direction in which the ARB is headed.” Wiest, 2014 WL 1490250, at *20. Specifically, the concurrence observed that to focus the agency coverage question on whether the public issuer was involved in employment/labor law issues would “fly in the face” of two other bases for finding agency—i.e., apparent authority and respondeat superior. Id. at *20–21 (quoting Johnson, 2011 WL 1247202, at *16). Rather, it explained, “[A]n entity will be held independently liable as a covered agent under [section 1514A] where it is established that the entity engaged in retaliatory conduct was serving as the public company’s agent with respect to securities related matters.” Id. at *21 (quoting Wiest, 2011 WL 1247202, at *17).

In resolving the motion to dismiss before it, the Wiest court concluded that the complaint sufficiently alleged that Wiest’s employer, the nonpublic subsidiary, acted as an agent of its public-issuer parent. For example, the court found Wiest’s allegation that executives of the public-issuer parent had approved certain expenses about which Wiest had complained to be “a strong indicator of an agency relationship regarding accounting and taxes between [the two entities].” 2014 WL 1490250, at *22. The court noted, however, that “[t]his theory will quite likely be tested on the evidence later . . . .” Id. at *23.

While Lawson opened the door for employees of nonpublic companies to bring whistleblower claims, there still will be legal challenges to the scope of such protections. The Wiest decision highlights at least one area about which there may be substantial disagreement and on which companies may fight back on the courts’ expansion of these claims.

CFTC Announces First Whistleblower Award

The U.S. Commodity Futures Trading Commission’s whistleblower program was created as part of the Dodd-Frank Act. Under the program, the CFTC will provide awards to whistleblowers who report violations of the Commodity Exchange Act when the information leads to an action that results in more than $1 million in sanctions. Today, the CFTC announced its first whistleblower award.

Although the CFTC did not disclose the identity of the whistleblower or the enforcement action that resulted from the information provided, it did confirm that the person will receive approximately $240,000. Gretchen Lowe, Acting Director of the CFTC’s Division of Enforcement, said that the “whistleblower provided specific, timely and credible information that led to the Commission bringing important enforcement actions.” With respect to the types of information being reported by whistleblowers, Ms. Lowe said that the program “is attracting high-quality tips and cooperation we might not otherwise receive and is already having an impact on the Commission’s enforcement mission.”

No doubt, the establishment of a whistleblower program and awards in connection with information provided as part of that program will encourage more people to report. It remains to be seen, however, the true impact these programs have on enforcement activity.

SEC to Examine Registered Broker-Dealers’ and Investment Advisers’ Procedures for Countering Cybersecurity Threats

Background and Purposes

On April 15, 2014, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a “Risk Alert” explaining a new initiative to assess cybersecurity preparedness in the securities industry.  Although not an official rule, regulation or statement of the SEC, the Risk Alert advised that OCIE will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, regarding their cybersecurity and data security procedures and policies.

OCIE’s cybersecurity initiative is designed to obtain information about the industry’s recent experiences with certain types of cyber threats.  The examinations will focus on the following topics: the firm’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain specific cybersecurity threats.

Questions Registered Entities May be Asked

As an appendix to the Risk Alert document it released this week, OCIE included a sample list of requests for information that OCIE may use to assess registered firm’s preparedness to deal with cybersecurity threats. A primary area of OCIE inquiry is the firm’s internal policies and procedures for data preservation and cybersecurity.  For example, one sample question asks the firm to identify the last time it completed certain cybersecurity precautions, such as: preparing a firm-wide inventory of physical devices and systems; mapping network resources, connections and data flows; and cataloguing connections to the firm’s network from external sources.  Another asks the firm whether it maintains data breach/cybersecurity insurance, and if so, the firm is asked to describe the nature of the coverage and whether the firm has filed any claims against the policy.  The OCIE also asks if the firm maintains written data destruction policies or cybersecurity incident response policies, and if so, the firm is asked to provide copies of the policies and identify the date they were last updated.

Unsurprisingly, the security of customer-related data and fund transfer information is also a primary OCIE focus.  One sample question asks the firm about its customers’ online account access platform, including how customers are authenticated for online transactions, a description of any security measures used to protect stored customer PINs, and software used to detect anomalous transaction requests that may be the result of compromised customer access.  Another question asks for a copy of the firm’s procedures for verifying the authenticity of email requests seeking to transfer customer funds.

OCIE also plans to inquire about risks related to vendors and other third parties.  The sample questions include cybersecurity requirements the firm incorporates in contracts with third parties; policies, procedures and training provided to third parties about cybersecurity; and how the firm segregates network components to which third parties have access from purely internal components.

Other areas of inquiry include how the firm detects unauthorized activity on its networks and devices, whether the firm conducts “white-hat” hacker penetration tests and vulnerability scans; how the firm identifies and implements “best practices” for cybersecurity; and whether (and how) the firm has been the target of digital attacks or data breaches, and how it responded to those incidents.

Conclusion

The regulatory environment for cybersecurity compliance in all business sectors is fast-moving, particularly for companies in the financial services industry. This is clearly an area to which the SEC is giving a great deal of attention and the sample requests signal the specific concerns that the SEC has identified thus far. The OCIE Risk Alert to broker-dealers and investment advisers comes less than three weeks after the SEC held a day-long roundtable discussion on cybersecurity.

Quarterly Whistleblower Award Update

The SEC recently announced that it has denied whistleblower claims in connection with three different matters and awarded an additional $150,000 to the inaugural recipient of an award under the SEC’s whistleblower program.

The SEC denied a whistleblower award claim relating to its case against penny stock promoters for fraudulently hyping Anscott Industries.  See SEC v. Esposito, No. 08:00494 T26 (M.D. Fla. June 30, 2011).  In Esposito, the court entered final judgments against the defendants ordering them to pay more than $20 million in disgorgement and civil penalties in a fraudulent touting case.  The SEC denied the award because (1) the claimant failed to submit the claim within 90 days of the Notice of Covered Action and failed to demonstrate such tardiness should be waived based on extraordinary circumstances as “claimant failed to diligently pursue the claim for award upon termination of the purported ‘extraordinary circumstances’”; and (2) the claimant failed to provide original information since claimant did not provide information for the first time to the SEC after the date of enactment of Dodd-Frank.

The SEC denied a second set of whistleblower award claims because claimant failed to demonstrate she provided original information.  In what the SEC described as “an unusual award application,” the claimant did not contend she provided information directly to the SEC, but instead contends that she provided information to the U.S. Department of Housing and Urban Development (“HUD”) and the FBI, which in turn shared that information with the SEC.  The claimant alleged that this information helped the SEC in its case against former officers of subprime lender New Century Financial Corp., who allegedly lied about the company’s losses from loan defaults.  See SEC v. Morrice, No. 09-0426 (C.D. Cal.); SEC v. Mozilo, No. 09-03994 (C.D. Cal.).  The SEC reached a settlement with the officers that included more than $1,000,000 in disgorgement and civil penalties.  The SEC denied the award because (1) any information provided by HUD or the FBI to the SEC prior to the enactment of Dodd-Frank in July 2010 would not be original information under Rule 21F-4(b)(1)(iv) and (2) any information provided after July 21, 2010, failed to meet the procedural requirements that original information must be provided to the SEC in writing by the claimant under Rule 21F-9(b).

The SEC denied two other whistleblower award claims determining that the first claimant failed to provide original information that led to a successful enforcement action and that the second claimant did not timely submit his application in response to the Notice of Covered Action.  The first claimant had provided information to the SEC both before and after the enactment of Dodd-Frank.  With respect to the first claimant’s pre-Dodd-Frank information, the SEC reiterated that information provided by the claimant to the SEC before the enactment of Dodd-Frank in July 2010 did not constitute original information under Rule 21F-4(b)(1)(iv).  With respect to the post-Dodd-Frank information, the SEC concluded that the information did not lead to a successful enforcement action.  According to the SEC, under Rule 21F-4(c)(1)-(2), “original information ‘leads to’ a successful enforcement action if either:  (i) the original information caused the staff to open an investigation, and the Commission brought a successful action based in whole or in part on conduct that was the subject of the original information; or (ii) the conduct was already under investigation, and the original information significantly contributed to the success of the action.”  The SEC determined the second claimant did not submit his Form WB-APP (Application for Award for Original Information Submitted Pursuant to Section 21F of the Securities Exchange Act of 1934) within 90 days of the Notice of Covered Action as required by Rule 21F-10(b).  The SEC rejected claimant’s argument the SEC lost his original, timely WB-APP because the late-filed WB-APP did not cross-reference an earlier submission, claimant did not argue he had filed an earlier WB-APP until the SEC issued its Preliminary Determination, the claimant did not produce a copy of his alleged original submission, the SEC did not find it after an “exhaustive review of [its] records,” and the claimant did not offer any explanation why he filed the “second” WB-APP if he already had filed a timely form.

The first person to receive an award under the SEC’s whistleblower program received another $150,000 after the SEC collected an additional $500,000 in the case.  This award represents the maximum percentage payout (30%) under the whistleblower program.  Sean McKessy, chief of the SEC’s whistleblower office, commented “[t]his latest payment shows that the SEC’s aggressive collection efforts pay dividends not only for harmed investors but also for whistleblowers,” and emphasized that “[a]s [the SEC collects] additional funds from securities law violators, we can increase the payouts to whistleblowers.”

Lawson and Doral Expand Whistleblower Protections

Two recent decisions interpreting the Sarbanes-Oxley Act have significantly expanded the protections available for federal whistleblowers and increase the potential liability for public companies and private companies that contract for public companies.

In Lawson v. FMR LLC, 571 S. Ct. __, 188 L. Ed. 2d 158 (Mar. 4, 2014), the U.S. Supreme Court held that SOX protects from retaliation not only the direct employees of public companies, but also employees of private contractors and subcontractors serving public companies.  At issue in Lawson was the scope of the protected class in section 1514A of the statute:

No [public] company … or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee … to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders ….

18 U.S.C. § 1514A(a).  The plaintiffs in Lawson were former employees of privately held companies that provide advisory and management services to a mutual fund, a public company.  The mutual fund itself has no employees.  The defendants argued that the plaintiffs could not bring whistleblower claims under SOX because the statute only protects those directly employed by the public company.

In a 6–3 opinion, Justice Ginsburg, writing for the Court, concluded that section 1514A shields employees of privately held contractors and subcontractors, including investment advisors, law firms, and accounting enterprises, that contract for public companies.  The Court reasoned that “nothing in § 1514A’s language confines the class of employees protected to those of a designated employer.”  188 L. Ed. at 175.  In addition to its textual interpretation of the statute, the Court recognized that including employees of contractors and subcontractors would comport with Congress’s goal of encouraging outside professionals to report fraud without fear of retribution.

In Stewart v. Doral Financial Corporation, No. 13-1349, 2014 U.S. Dist. LEXIS 22441 (D.P.R. Feb. 21, 2014), the U.S. District Court for the District of Puerto Rico addressed the standard for pleading protected conduct.  The plaintiff claimed that he was terminated illegally after expressing concerns to the company’s audit committee that certain financial information would not be reported accurately in quarterly filings.  Relying on the Department of Labor’s Administrative Review Board’s (“ARB”) decision in Platone v. FLYi, Inc., 2006 WL 3193772 (Dept’ of Labor Sept. 29, 2006), the company moved to dismiss the plaintiff’s claim for failing to plead that the alleged protected activity “definitively and specifically” implicated the federal laws upon which section 1514A is based.  After Platone, however, the ARB abandoned the “definitively and specifically” standard in favor of a more liberal standard:  that a plaintiff must only plead she had “a reasonable belief” the alleged protected activity that the reported conduct violated applicable federal law.  Sylvester v. Parexel Int’l LLC, ARB Case No. 07-123, 2011 WL 2165854 (Dep’t of Labor May 25, 2011).  Even though the First Circuit already had adopted the “definitively and specifically” standard, see Day v. Staples, Inc., 555 F.3d 42, 56 (1st Cir. 2009), the Doral court ruled that the ARB’s more recent “reasonable belief” standard controlled and that plaintiff’s pleading was sufficient, 2014 U.S. Dist. LEXIS 22441, at *19–24.

Both the Lawson and Doral rulings dramatically broaden the scope of whistleblower liability for public companies and private companies that contract for public companies.  In fact, the dissent in Lawson points out that the Court’s interpretation gives section 1514A a “stunning reach” that will allow babysitters and cleaning staff who work for people employed by a public company to file federal cases claiming retaliation.  And the Doral decision—which echoes the conclusions of the U.S. Courts of Appeals for the Third and Tenth Circuits—allows those claims to survive the pleading stage by demonstrating only that the employee had a reasonable belief that the perceived illegal conduct implicated the federal laws upon which SOX is based.  Lawson and Doral demonstrate that it is vital for public companies and private companies who contract for public companies to have robust reporting policies in place to address employee complaints of misconduct.

Drinker Biddle & Reath LLP filed an amicus curiae brief in the Lawson case on behalf of the National Federation of Independent Business.  That brief advocated that the whistleblower protections of section 1514A not extend to employees of private contractors and subcontractors of public companies.

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy