SEC Disgorgement: Looking to the Future

On March 3, 2020, the Supreme Court heard arguments in the case of Liu v. SEC, No. 18-1501. This article summarizes what transpired at the hearing, in which the arguments centered on a challenge to the ability of the U.S. Securities and Exchange Commission (“SEC”) to obtain disgorgement as an “equitable remedy” for securities law violations.

During the oral arguments, the Justices’ questions indicated that they appeared reluctant to entirely do away with disgorgement, but rather their queries focused on whether limitations should be placed on the SEC’s continuing use of disgorgement as an equitable remedy. Specifically, the Justices expressed interest in exploring parameters and limitations regarding how disgorgement is calculated and whether the SEC or defrauded investors are entitled to any disgorged funds.

Continue reading “SEC Disgorgement: Looking to the Future”

The SEC’s Most Detailed Cybersecurity Guidance to Date

The SEC, through its Office of Compliance Inspections and Examinations (“OCIE”), recently issued its most detailed cyber guidance to date. OCIE had previously issued several cybersecurity risk alerts over the past few years. This most recent release, however, offers much more than a risk alert. OCIE’s “Cybersecurity and Resiliency Observations” goes into significantly more detail than OCIE’s prior risk alerts in this area and is fashioned in a vastly different and more user-friendly format. Thus, it is required reading for SEC regulated entities because, rest assured, it will be closely followed and applied by OCIE staff conducting cyber examinations, as well as by the Division of Enforcement’s “Cyber Unit.”

Continue reading “The SEC’s Most Detailed Cybersecurity Guidance to Date”

The SEC Lays Down a Bet in a Nevada Court

The college football bowl season is upon us, NFL teams are jockeying for playoff seeding, and with the college basketball season underway fans of that game are looking longingly towards March for how their brackets may look for the 2020 tournament. Thus, sports and the gambling associated with it are all around us. In recent years, this gambling has risen from the shadows and is now openly discussed throughout society. So this industry has evolved and continues to evolve, since the times when gamblers needed to travel to Las Vegas or Atlantic City to legally gamble. Over the years, state laws have expanded such that today numerous states allow gambling in some form. Further accelerating this expansion, in the spring of 2018, the U.S. Supreme Court struck down the Professional and Amateur Sports Protection Act.

Continue reading “The SEC Lays Down a Bet in a Nevada Court”

The SEC in 2019: Doing More With Less

Facing a 35-day government shutdown and new restrictions on the ability to recover disgorgement, it would be perfectly understandable if the SEC’s Division of Enforcement suffered a lackluster year. Nevertheless, according to their recently released Annual Report, the Division of Enforcement defied the odds and turned in an impressive year by most metrics. The full report is available here, but we address several key aspects of the report below.

In fiscal year 2019 (which runs from October to September), the SEC reported a total of 862 enforcement actions, including 526 “standalone” actions filed in either federal court or as administrative proceedings, which was its highest number of standalone actions since 2016. The SEC also filed 210 “follow-on” proceedings seeking the barring of individuals based on actions by other authorities or regulators. This number of “follow-on” proceedings matched the prior year’s total, and was about 10% higher than the number of such actions filed in 2016 or 2017. Though the Report laments the handcuffs placed on the Enforcement Division by the Supreme Court’s ruling in Kokesh v. SEC, which tied recoverable disgorgement to the five-year statute of limitations, the SEC nevertheless secured $3.248 billion in disgorgement – a five-year high. In addition, while 2019’s $1.101 billion in penalties was more than $300 million lower than what was ordered in 2018, it nonetheless surpassed the 2017 numbers, and contributed to a total amount of money ordered paid in 2019 (between disgorgement and penalties) that represented another five-year high for the SEC. Despite these metrics revealing a very solid year for the Enforcement Division, the Report made it a point to highlight that the SEC estimates that it has had to forgo more than $1.1 billion in disgorgement in filed cases as a result of Kokesh.

The strong financial results for 2019 were buoyed by several major actions settled in 2019. Indeed, in separate actions initiated against Mylan, Fiat Chrysler, Hertz, and two other major corporations, the SEC secured more than $200 million in penalties alone. In addition, in actions over the past two years against a variety of financial institutions relating to the early release of the American Depository Receipts, the SEC actions resulted in orders for more than $425 million in disgorgement and penalties. While these large actions contributed to the substantial financial achievements of the SEC in 2019, the report noted that in actions in which money was ordered to be paid the median amount of such total payments rose from $362,858 last year to $554,003 this year.

The SEC’s overall numbers were undoubtedly bolstered by successful implementation and conclusion of its Share Class Selection Disclosure Initiative. The Initiative, which permitted investment advisory firms to self-report failures to disclose conflicts of interest associated with the selection of fee-paying share classes as opposed to low-fee or no-fee share classes, allowed self-reporters to obtain standardized (and relatively favorable) settlement terms. The Initiative generated settlements against 79 advisers in March 2019, and another 16 advisers settled in September 2019. In total, the 95 advisory firms agreed to return more than $135 million to affected investors.

In addition to emphasizing all of these key metrics, the Report reiterated several themes that have been hallmarks of the SEC under Chairman Clayton. At the top of the list is “protecting main street investors,” as evidenced by the Share Class Initiative mentioned above, as well as the continued operation of the SEC’s Retail Strategy Task Force as a source for both providing education and generating new investigations. The Report also highlighted the continuing emphasis that the SEC would be placing on holding individuals accountable for wrongdoing, and highlighted several cases from the past year in which C-level executives were charged in both settled and litigated fraud actions. Digital assets, cryptocurrency, and other distributed ledger technology cases also played a prominent role in the report, as the SEC acknowledged that its enforcement actions in this space “matured and expanded” over the past year. Finally, the Enforcement Division also explained that it was working diligently to accelerate the pace of its investigations. Not only would this faster pace decrease the chance of encountering Kokesh problems when seeking disgorgement, but it also helps speed the pace at which harmed individuals and investors can recover their losses.

In a year in which it lost more than a month due to the government shutdown and just recently regained the ability to hire new staff, the Enforcement Division appeared to work both harder and smarter to generate results that met or exceeded its recent historical benchmarks. Going forward, it will be interesting to see whether the SEC can replicate or improve on these results with the benefit of additional time and a more complete complement of attorneys and other professionals.

SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance

The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.

Continue reading “SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance”

The SEC Speaks . . . and Cooperation is Key

SEC Speaks, the SEC’s annual conference in Washington, D.C., often provides valuable insight into developments at the agency, as well as pronouncements about policy evolution and enforcement priorities. At this year’s conference, “cooperation” emerged as one of the themes that the SEC has been prioritizing over the past year – and is committed to prioritizing in the future. Indeed, the co-directors of the SEC’s Division of Enforcement remarked that, “cooperation is as important now as it has ever been,” and that the “full range” of remedies are available to entities that provide meaningful cooperation to the SEC. Interestingly, the staff emphasized that the SEC is making a concerted effort to use its press releases and orders to highlight the importance, components, and benefits of cooperation – all in an effort to promote earlier, more meaningful, and more widespread cooperation.

Continue reading “The SEC Speaks . . . and Cooperation is Key”

DOJ and SEC Announce Charges Connected to Hack of SEC’s EDGAR System

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

In a 16-count indictment unsealed in the United States District Court for the District of New Jersey, two Ukrainian citizens, Artem Radchenko and Oleksander Ieremenko, were charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. The SEC’s complaint charged nine defendants – Ieremenko, six traders in California, Ukraine, and Russian, and two entities – with antifraud violations of the federal securities laws.

The charging documents allege that Ieremenko and Radchenko hacked into the EDGAR system and stole thousands of files, including annual and quarterly earnings reports containing non-public financial information. The defendants gained access to the SEC’s networks by using a series of targeted cyberattacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. The defendants extracted thousands of filings from the EDGAR system to a server they controlled in Lithuania. The defendants then profited by selling access to the stolen, confidential information and by trading on the stolen information prior to its distribution to the public. In total, the defendants and their co-conspirators are alleged to have traded before at least 157 separate earnings releases, and they generated over $4 million in illegal proceeds.

Some of the individuals charged in these cases were previously charged in connection with a similar scheme to hack into the computer systems of multiple newswire organizations and steal press releases containing financial information that had not yet been released to the public. Several of the same methods used to hack the newswire organizations were also employed to hack the EDGAR system.

The criminal and civil charges in these cases are a reminder that both DOJ and the SEC have prioritized combatting cybercrime and, in particular, network intrusions. They also serve as a stark reminder that any organization, even a U.S. government agency, can be targeted and victimized by cybercriminals. Companies and firms would be wise to examine the techniques used by the defendants in these cases and ensure that their own cyber defenses are sufficient to protect against and thwart similar attacks. For additional guidance, companies and firms can look to SEC guidance and actions issued since the creation of the SEC’s Cyber Unit.

SEC and CFTC FY2018 Results: Looking Back . . . and Looking Forward

Earlier this month, the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission issued their annual reports about their Divisions of Enforcement results for fiscal year 2018. Analyzing these reports is a helpful way for us to learn from the recent historical enforcement efforts by both financial regulatory agencies. Also, both reports provide guidance about the divisions’ objectives and initiatives for the upcoming fiscal year and beyond. Below we explore and summarize the important topics covered in both reports.

The SEC issued its FY2018 Annual Report earlier this month. The last several pages categorize and list every action filed by SEC Enforcement during FY2018; this provides a useful reference tool. In addition, this report continues to evolve and provide more information than in years past. Not surprisingly, the report highlights SEC Chairman Jay Clayton’s direction to SEC Enforcement to focus on “Main Street” investors. Thus, it was no surprise to see SEC Enforcement’s Share Class Selection Disclosure Initiative touted as a success.

If focusing on Main Street is Chairman Clayton’s top priority for SEC Enforcement, then policing cyber-related misconduct is the Chairman’s priority “1B.” In its Annual Report, SEC Enforcement specifically advised:

Since the formation of the Cyber Unit at the end of FY 2017, the Division’s focus on cyber- related misconduct has steadily increased. In FY 2018, the Commission brought 20 standalone cases, including those cases involving ICOs and digital assets. At the end of the fiscal year, the Division had more than 225 cyber-related investigations ongoing. Thanks to the work of the Unit and other staff focusing on these issues, in FY 2018 the SEC’s enforcement efforts impacted a number of areas where the federal securities laws intersect with cyber issues (emphasis added).

Regarding SEC Enforcement’s results, while the SEC seemingly tried to temper the increased results from last year and asked readers to avoid focusing on quantitative results, one thing that has become clear during Chairman Clayton’s tenure is that he has apparently not slowed down SEC Enforcement. Regarding the quantitative results, the SEC brought a diverse mix of 821 enforcement actions, including 490 standalone actions, and returned $794 million to harmed investors. A significant number of the SEC’s standalone cases concerned investment advisory issues, securities offerings, and issuer reporting/accounting and auditing, collectively comprising approximately 63 percent of the overall number of standalone actions. The SEC also continued to bring actions relating to market manipulation, insider trading, and broker-dealer misconduct, with each comprising approximately 10 percent of the overall number of standalone actions, as well as other areas. The agency also obtained judgments and orders totaling more than $3.945 billion in disgorgement and penalties.

The report also outlined the five core principles that serve to guide SEC Enforcement’s work. From here, we garner a glimpse into their focus and efforts going forward. These principles are:

  • Focus on the Main Street investor;
  • Focus on individual accountability;
  • Keep pace with technological change;
  • Impose remedies that most effectively further enforcement goals; and
  • Constantly assess the allocation of resources.

In concluding our discussion of the SEC Enforcement’s efforts and looking forward, with the continuing focus on the advisory and brokerage industries, we should expect SEC Enforcement to continue to focus its efforts and resources on the investment advisers and broker-dealers who serve Main Street.

Before turning to the CFTC, it is worth noting that both the SEC and the CFTC highlight the increased use of specialized proprietary tools they have developed to review data and bring enforcement actions. The SEC specifically stated that it “has continued to leverage its own technology to accomplish its enforcement goals.” These goals include using proprietary tools to conduct data analysis to identify and pursue a wide variety of misconduct, including insider trading, “cherry-picking” schemes, and the sale of unsuitable investment products or programs to retail investors. The CFTC highlighted its realignment of the Market Surveillance Unit, moving it from the Division of Market Oversight to the Division of Enforcement. Building and utilizing sophisticated analytical tools, the Market Surveillance Unit reviews data for instances of fraud, manipulation, and disruption. Moving the unit to the Division of Enforcement “reflects the data-centric approach the Division pursued during the last Fiscal Year, and expects to continue going forward.” Thus, the SEC and the CFTC will continue to increasingly employ sophisticated data analytics to pursue their enforcement objectives.

Turning to CFTC Enforcement, much like the SEC, CFTC Enforcement now provides much greater detail in its FY2018 Annual Report than in previous editions. Similar to the SEC’s results, quantitatively, CFTC Enforcement’s efforts in FY 2018 reflect significant increases. The number of enforcement actions filed increased year over year from 49 to 83 and monetary sanctions also increased from $413 million to $950 million. CFTC Enforcement  explained in the report a number of key initiatives started or continued during FY 2018, including cooperation and self-reporting, the use of data analytics, and the development of a set of specialized task forces focused on four  substantive areas — spoofing and manipulative trading, virtual currency, insider trading and protection of confidential information, and the Bank Secrecy Act.

Regarding the “Spoofing and Manipulative Trading” task force, the CFTC Enforcement Director provided additional information on this task force in a speech the day before the release of the FY2018 Annual Report:

Spoofing and Manipulative Trading: A little more than a decade ago, our markets moved from in-person trading in the pit, to computer-based trading in an electronic order book. The advent of the electronic order book brought with it significant benefits to our markets—it increased information available, reduced friction in trading, and significantly enhanced the price discovery process. But at the same time, this technological development has presented new opportunities for bad actors. Just as the electronic order book increases information available to traders, it creates the possibility that false information injected into the order book could trick them into trading to benefit a bad actor.

Efforts to manipulate the electronic order book—which can include spoofing—are particularly pernicious examples of bad actors seeking to gain an unlawful advantage through the abuse of technology. These efforts to manipulate the order book, if left unchecked, drive traders away from our markets, reducing the liquidity needed for these markets to flourish. And this misconduct harms businesses, large and small, that use our markets to hedge their risks in order to provide the stable prices that all Americans enjoy. The Spoofing Task Force works to preserve the integrity of these markets.

The CFTC’s efforts to detect market manipulation generally and spoofing in particular, however, were not limited to the creation of a task force. The FY2018 report identified 83 total actions filed, 26 (approximately 31 percent) of which were manipulation-based. This was a number second only to retail fraud (30 actions filed). While supervision is not discussed specifically as an initiative or a particular priority, CFTC Enforcement’s FY2018 Annual Report also identified 6 “Supervision” cases. Here is the breakdown by category:

From this table, it is a little unclear how the CFTC’s spoofing supervision cases were categorized and quantified in its FY2018 Annual Report. Regardless, based on the increased focus on supervision in this area— as previously reported—we can expect CFTC Enforcement to continue to investigate and bring charges for spoofing and related supervisory violations well into the future.

Finally, the CFTC Enforcement’s FY2018 Annual Report emphasizes its efforts to significantly ramp up its “coordination with our law enforcement and regulatory partners—in particular the criminal authorities.” These efforts included the announcement of the parallel actions involving spoofing and manipulative conduct filed together with the Department of Justice in January 2018. In those filings, the Commission charged three financial institutions and six individuals with manipulative conduct and spoofing. While the early 2018 joint filing was significant, the Commission’s coordination with criminal authorities was not limited to this filing. Joint filings with criminal counterparts were up significantly and may signal more to come: