As publicly reported late last week, the Securities and Exchange Commission’s Division of Enforcement (SEC) sent voluntary requests for information to a range of public companies and investment firms seeking voluntary disclosure of information related to last year’s SolarWinds cyberattack. Specifically, the SEC is seeking information related to whether the companies and firms were exposed to the SolarWinds cyberattack and any remedial measures the companies and firms implemented in response.
SolarWinds, an IT, network, and systems software developer, disclosed in a filing with the SEC in December 2020 that a cyberattack had infiltrated its Orion monitoring product, which could allow the attacker to compromise the server on which the Orion product runs. SolarWinds disclosed that it believed that nearly 18,000 Orion customers downloaded the product containing the vulnerability and that it had notified all 33,000 users of the product that a cyberattack had taken place. The SolarWinds cyberattack was unprecedented in its scope and sophistication—including compromising nine U.S. federal agencies—leading the United States and other governments to blame the attack on an outside nation state actor.
Continue reading “SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach”
Responding to a “concern” from Chief Compliance Officers (CCOs) to the purported increase in enforcement actions holding compliance personnel personally liable, the New York City Bar Association recently released a framework of nonbinding factors it believes the SEC should consider when making CCO charging decisions. The report, titled “Framework for Chief Compliance Officer Liability in the Financial Sector” (Framework), is available here. According to the Framework, it claims that the risk of facing a career-ending enforcement action has deterred qualified individuals from assuming or remaining in the all-important CCO role.
Continue reading “NYC Bar Association Proposes a CCO Enforcement Framework”
Sandra D. Grannum, James G. Lundy and Heaven L. Chandler discuss Robinhood’s alleged violation of Massachusetts’ new fiduciary duty rule for broker-dealers on the Broker-Dealer Regulations and Insights blog. Massachusetts’ Secretary of Commonwealth, William Galvin, filed a regulatory complaint raising three different violations against Robinhood. The complaint attempts to ban the trading app for violating the State’s fiduciary duty rule which requires broker-dealers to act in the best interest of their clients. This new rule, passed in February 2020, was created in response to the Securities and Exchange Commission’s Regulation Best Interest (Reg BI). During this past year, due to COVID-19 and other meme-based investment activities on the application, Robinhood accumulated over 3 million new users in the first four months of 2020. Galvin’s concerns revolve around the 500,000 customers in Massachusetts, with accounts totaling over $1.6 billion. For more information, please read the post on the Broker-Dealer blog.
We previously posted another discussion on the New York best interest fiduciary rule for insurance that was recently struck down. This has now also been posted to the Broker-Deal Blog.
In Faegre Drinker’s “Enforcement Highlights” third podcast, Jim Lundy moderates a panel with Investment Management Group partner Jillian Bosmann and fellow SEC and Regulatory Enforcement partner David Porteous discussing what the plans may be for the SEC’s Divisions of Investment Management, Examinations, and Enforcement and the investment management industry under the leadership of new SEC Chair Gary Gensler. Topics also include the Division of Examination’s 2021 Annual Report, the SEC’s ESG Risk Alert, and FINRA’s anticipated relationship with the SEC under Chair Gensler.
Continue reading “What May Be In Store For The Investment Management Industry Under Chair Gensler: A Podcast”
Alex Oh, U.S. Securities and Exchange Commission (SEC) Chair Gary Gensler’s pick for the agency’s Director of the Division of Enforcement, unexpectedly resigned on Wednesday amid growing criticism for her decades-long work as a private corporate defense lawyer. Ms. Oh’s hiring was announced on April 22, 2021, less than a week before her resignation.
Ms. Oh’s resignation followed a ruling on Monday from Judge Royce C. Lambeth of the Federal District of Columbia reprimanding ExxonMobile’s legal team, which included Ms. Oh, for their conduct in a class action lawsuit brought by Indonesia villagers against Exxon alleging human rights abuses. According to the ruling, Exxon’s defense team characterized the lawyers for the villagers as “agitated, disrespectful and unhinged” during a deposition. Judge Lambeth ordered Exxon’s lawyers to show why penalties were not warranted for those comments.
Continue reading “SEC’s Director of Enforcement Unexpectedly Resigns Just Days after Taking the Job: Reminiscent of Previous Resignation by former Chairman Harvey Pitt”
As we await the impact of the Biden Administration on the direction of the SEC, we have been given a glimpse of what is to come in a speech last month by the newly confirmed commissioner, Caroline Crenshaw. Specifically, Commissioner Crenshaw’s speech focused on “individual culpability” and penalties in the SEC’s enforcement program. Strikingly, the Commissioner decried the SEC’s past stance on penalties: “It is clear to me that the Commission has historically placed too much emphasis on factors beyond the actual misconduct when imposing corporate penalties – including whether the corporation’s shareholders benefited from the misconduct, or whether they will be harmed by the assessment of a penalty. This approach is fundamentally flawed.” Commissioner Crenshaw then stated that she thinks the SEC should revisit its approach to corporate penalties. It remains to be seen how Crenshaw’s remarks will be observed at Enforcement with respect to corporate penalties, let alone the application of her observations about the focus on “factors beyond the actual misconduct” could also be extended to individuals who are similarly facing substantial penalties for factors beyond their misconduct.
Continue reading “Speech by New Commissioner Provides Insight into Biden Administration SEC”
The Division of Examination’s (former OCIE) annual announcement of its exam priorities is always noteworthy, as it provides helpful insight into this division’s thinking and can serve as a roadmap for regulated entities to focus their compliance and supervision planning. The announcement of these priorities is even more important following a change in the presidential administration and the changes at the Commission that inevitably follow. Not surprisingly, the recently announced Division of Examination priorities for 2021 (summarized below) align with the Biden Administration’s policy priorities and key trends in the financial landscape.
Climate-Related Risks – Examinations will carefully consider environmental, social and governance (ESG) issues, including climate change. In the same way that the Division of Examinations previously focused on entities’ plans and disclosures related to the challenges posed by the COVID-19 pandemic, the Division announced that it will scrutinize business continuity plans to ensure that they “account for the growing physical and other relevant risks associated with climate change.” The Division will be looking for “maturation and improvements to these plans” to ensure that “registrants are considering effective practices to help improve responses to large-scale events.” The announcement of this examination focus also coincides with the Division of Enforcement’s announcement of the creation of a Climate and ESG Task Force. Continue reading “SEC Exams for 2021 to Focus on Climate and ESG, Reg BI, Crypto, & More”
As political leaders continue to debate how to address climate change, the SEC is poised to take (enforcement) action. In the latest example of how the Biden Administration is influencing the priorities of the SEC, the agency recently announced the creation of a Climate and Environmental, Social and Governance (ESG) Task Force in the Division of Enforcement. According to the SEC, the task force’s “initial focus will be to identify any material gaps or misstatements in issuers’ disclosure of climate risks under existing rules.” The task force will also focus on investment adviser and funds, analyzing their ESG strategies for disclosure and compliance issues.
Continue reading “New SEC Enforcement Task Force Targets Environmental, Social, and Governance Issues”