Ubiquitous Use of WhatsApp and Other Unrecorded Internal Communications Result in Substantial Penalties in Recent SEC, CFTC Actions

The SEC has, for many years, used broker-dealer and associated persons’ failure to create and maintain books and records as a basis for the imposition of serious penalties.  In recent actions, it appears to be continuing—and upping the ante on—its enforcement in this area.

Simply stated, it is increasingly imperative for broker-dealers and investment advisory businesses, among other entities, to develop and maintain policies and procedures to ensure that their records are properly created, maintained, and produced to the appropriate agency upon request—including that employees’ communications related to their business should be made only through approved channels, and approved and monitored devices, such that those communications can be maintained and preserved for production as required by federal securities laws and regulatory authorities, and in any pending or threatened litigation.

Continue reading “Ubiquitous Use of WhatsApp and Other Unrecorded Internal Communications Result in Substantial Penalties in Recent SEC, CFTC Actions”

Reg BI: What’s Going On and What May Happen Next?

Chicago partner, Jim Lundy, co-leader of the firm’s White Collar Defense and Investigations team and the firm’s SEC & Regulatory Enforcement Defense practice, provides a end of year update on Reg BI. In this blog post, Jim discusses the events that have taken place since SEC Chair Gary Gensler’s last statements on Reg BI early in 2021 including the recent speech from SEC Commissioner and former Acting Chair Allison Herren Lee and deficiency letters across the brokerage industry.

Continue reading “Reg BI: What’s Going On and What May Happen Next?”

The SEC’s Renewed Focus on Accounting Misconduct

Two recent enforcement actions by the U.S. Securities and Exchange Commission (SEC), including a recent settled action against Kraft Heinz Co. (“Kraft”), underscore the agency’s renewed and continuing focus on accounting and financial reporting misconduct.

Two weeks ago, the SEC announced its third and latest enforcement settlement through its data-driven EPS (Earnings Per Share) Initiative. The EPS Initiative, run by the SEC’s Enforcement Division, used data analytics to detect potential reporting violations. The EPS Initiative has resulted in two prior actions. On September 28, 2020, the SEC publicly disclosed the EPS Initiative with two settlements, as discussed previously in this blog here.

Continue reading “The SEC’s Renewed Focus on Accounting Misconduct”

SPAC Attack: The SEC Charges a SPAC for Failure to Launch

On July 13, 2021, the SEC announced charges against Stable Road Acquisition Company (“Stable Road”), its sponsor, SRC-NI, its CEO, Brian Kabot, Stable Road’s proposed merger target Momentus Inc.(“Momentus”), and Momentus’s founder and former CEO Mikhail Kokorich (“Kokorich”) for “misleading claims about Momentus’s technology and about national security risks associated with Kokorich.” All parties except Kokorich are settling with the SEC, paying total penalties of more than $8 million, amongst other remedies. The SEC’s litigation will proceed against Kokorich in the U.S. District Court for the District of Columbia. The Complaint seeks permanent injunctions, penalties, disgorgement plus prejudgment interest, and an officer-and-director bar against Kokorich.

Continue reading “SPAC Attack: The SEC Charges a SPAC for Failure to Launch”

Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks

Partners Peter Baldwin and Bob Mancuso published “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks.” This article in the New York Law Journal discusses how regulators have shifted their focus from data breach notifications to overall cybersecurity preparedness.

Continue reading “Cybersecurity Enforcement Trends: A Fraught New Reality for ‘Victims’ of Cyberattacks”

“Independence-Day” Malware and Managing the (Beach) Risks of Jaws

In the spirit of our previous Holiday film blogs, we present for your viewing pleasure (and background research) the following Independence Day films for your (re)viewing pleasure.  Both deserve renewed attention in light of:

  • The SEC’s recent Solar Winds-Cybersecurity-related events, regarding disclosure of material weaknesses or material cyber security risks related to the Solar Winds compromise;
  • The re-opening of offices and recent announcements of certain businesses explaining employees should be back in the office or else.

We offer the following Independence Day Weekend themed film streaming recommendations that relate to each of the above and therefore count as background research.

Continue reading ““Independence-Day” Malware and Managing the (Beach) Risks of Jaws”

SEC Chairman, Gary Gensler, Seeks to “Freshen Up” Restrictions on Executive Stock Trading Plans under Rule 10b5-1

Upcoming Changes to Rule 10b5-1:

The SEC is seeking to propose four key changes to executive stock trading plans under Rule 10b5-1 in October. Its Chairman, Gary Gensler, reported that the SEC is considering “freshen[ing] up Rule 10b5-1 after twenty years” to address insider trading concerns on June 7, 2021. Gensler’s comments come after a year of heightened insider trading reporting and the release of new research conducted by Stanford University and the Wharton School of the University of Pennsylvania finding that 10b5-1 plans have been used by executives to engage in “opportunistic, large-scale” sales of company stock. Gensler remarked the current plans under Rule 10b5-1 have led to a “real crack in our insider trading regime,” which he seeks to address in the upcoming months.

Continue reading “SEC Chairman, Gary Gensler, Seeks to “Freshen Up” Restrictions on Executive Stock Trading Plans under Rule 10b5-1”

SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach

As publicly reported late last week, the Securities and Exchange Commission’s Division of Enforcement (SEC) sent voluntary requests for information to a range of public companies and investment firms seeking voluntary disclosure of information related to last year’s SolarWinds cyberattack. Specifically, the SEC is seeking information related to whether the companies and firms were exposed to the SolarWinds cyberattack and any remedial measures the companies and firms implemented in response.

SolarWinds, an IT, network, and systems software developer, disclosed in a filing with the SEC in December 2020 that a cyberattack had infiltrated its Orion monitoring product, which could allow the attacker to compromise the server on which the Orion product runs. SolarWinds disclosed that it believed that nearly 18,000 Orion customers downloaded the product containing the vulnerability and that it had notified all 33,000 users of the product that a cyberattack had taken place. The SolarWinds cyberattack was unprecedented in its scope and sophistication—including compromising nine U.S. federal agencies—leading the United States and other governments to blame the attack on an outside nation state actor.

Continue reading “SEC “Sweep” of Public Companies’ & Registrants’ Responses to the SolarWinds Cyberbreach”