Category: Public Companies, Accounting, and Auditing

SEC Settles Charges of Auditor Independence Violations for $8 Million

The SEC announced settlements with an auditing firm (the “Firm”) and one of its partners relating to violations of certain auditor independence rules involving nineteen audit engagements with fifteen SEC-registrant issuers.

More specifically, the SEC found the Firm and its partner violated the Commission’s and Public Company Accounting Oversight Board’s (“PCAOB”) auditor independence rules. The alleged conduct involved performing prohibited non-audit services, including exercising decision-making authority in the design and implementation of software relating to one of its issuer client’s financial reporting as well as engaging in management functions for the company. The partner was responsible for supervising the performance of the prohibited non-audit services. Additionally, the SEC charged additional PCAOB-rule violations for failing to notify the clients’ audit committees about the non-audit services. The SEC described these failures as “mischaracterized non-audit services” despite the services involving financial software “that were planned to be implemented in a subsequent audit period and providing feedback to management on those systems—areas outside the realm of audit work.” The partner was also charged with providing material, non-public information concerning an issuer to a software company without the issuer’s consent.

Continue reading “SEC Settles Charges of Auditor Independence Violations for $8 Million”

Federal Prosecutor Faces Accusations that it Used the SEC to Collect Evidence for its Criminal Investigation

In a ruling handed down on Tuesday, a Southern District of New York judge ordered the U.S. Attorney’s Office for the Southern District of New York (“USAO”) to submit a full account of their communications with the SEC after defendant Jason Rhodes accused the USAO of using the SEC to develop its criminal case against him.

Rhodes was charged with four counts, including conspiracy to commit securities fraud and wire fraud, securities fraud, wire fraud, and investment advisor fraud, in what the government alleges was an elaborate $19.6 million scheme to defraud investors. Notably, the charges against Rhodes were brought almost two years after the government charged all other co-conspirators. During that time, the SEC initiated an investigation involving Rhodes.

In a motion filed back in March of this year, Rhodes argued that the USAO may have violated his due process rights by using the SEC civil process to further its criminal investigation against him. During the SEC’s investigation, it used its investigatory authority to obtain documents from Rhodes, including communications and data from his cellphone. These documents were then turned over to the USAO and the substance of certain of those documents was subsequently included in the criminal complaint against him. Rhodes asserted in his motion, as soon he was arrested, the SEC stopped investigating him.

Given that timeline, the court insisted the USAO submit an affidavit outlining its relationship with the SEC regarding its civil investigation and its criminal charges against Rhodes. After one AUSA submitted an affidavit, the court held that as of now, Rhodes had not shown the government acted in bad faith. The court went on to say, however, that the submitted affidavit “d[id] nothing to advance the ball.” While the AUSA insisted that he did not request the issuance of the SEC subpoena, the affidavit was silent regarding the involvement of others in the USAO. As a result, the court ordered that the USAO submit a new affidavit “detailing, with specificity, the nature and extent of any and all communications between the SEC and those involved in the criminal investigation of Rhodes.” Only then will the court determine whether the materials should be turned over to Rhodes.

The SEC and U.S. Attorney’s Office across the country often conduct parallel investigations and the SEC regularly shares the information it gathers with those offices. While there is nothing to prevent the government from conducting parallel investigations, the government must act “in good faith and with the proper procedures.” See United States v. Kordel, 397 U.S. 1, 6(1970). Indeed, the SEC warns in its “Form 1662” that it may share the information and documents produced pursuant to a subpoena (or voluntarily) to a host of other agencies, including, but not limited to, state and federal criminal authorities. It is, however, well-settled law at this point that the criminal authorities cannot direct the SEC’s investigation and that any action taken by the SEC, including subpoenas for documents, testimony and other evidence, must be supported by the SEC’s independent decision making and must be in furtherance of its investigation; not the criminal authority’s investigation. See, e.g., United States of America v. Stringer, 408 F. Supp. 2d 1083 (Dist. Or. 2006); United States of America v. Scrushy, 366 F. Supp. 2d 1134, 1140 (N.D. Ala. 2005.

SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance

The SEC’s OCIE recently issued a Risk Alert focusing on compliance issues related to Regulation S-P, the primary SEC rule governing compliance practices for privacy notices and safeguard policies for investment advisers and broker-dealers. The Risk Alert summarizes the OCIE’s findings from two-year’s worth of issues identified in deficiency letters to assist investment advisers and broker-dealers in adopting and implementing effective policies and procedures for safeguarding customer records and information pursuant to Regulation S-P.

Continue reading “SEC Issues Risk Alert Regarding Reg S-P, Privacy, Safeguarding, and Registrant Compliance”

The SEC Speaks . . . and Cooperation is Key

SEC Speaks, the SEC’s annual conference in Washington, D.C., often provides valuable insight into developments at the agency, as well as pronouncements about policy evolution and enforcement priorities. At this year’s conference, “cooperation” emerged as one of the themes that the SEC has been prioritizing over the past year – and is committed to prioritizing in the future. Indeed, the co-directors of the SEC’s Division of Enforcement remarked that, “cooperation is as important now as it has ever been,” and that the “full range” of remedies are available to entities that provide meaningful cooperation to the SEC. Interestingly, the staff emphasized that the SEC is making a concerted effort to use its press releases and orders to highlight the importance, components, and benefits of cooperation – all in an effort to promote earlier, more meaningful, and more widespread cooperation.

Continue reading “The SEC Speaks . . . and Cooperation is Key”

District Court Holds SEC Cannot Use CEO’s Criminal Conviction to Establish Company’s Liability

Recently, the Northern District of Illinois denied the SEC summary judgment on its claims against a company charged with fraudulently offering and failing to register securities. United States Securities and Exchange Commission v. Webb et al. In doing so, it rejected the SEC’s argument that, pursuant to the doctrines of collateral estoppel and respondeat superior, the company’s liability for the alleged securities violations was established through the criminal conviction of the company’s founder, CEO, and chairman for wire and mail fraud. The Court’s decision emphasizes the legal necessity of establishing and giving each defendant the opportunity to defend against the claims brought against them, even if claims against companies and their officers for purported securities violations seem inextricably related.

In SEC v. Webb., No. 11 C 7152 (N.D. Ill.), the SEC alleged that InfrAegis, Inc. and its founder, CEO, and chairman, Gregory Webb, violated the Securities Act of 1933 and the Securities Exchange Act of 1934 by (1) fraudulently raising funds from investors through a false portrayal of InfrAegis’s success; and (2) failing to register its securities. A separate, criminal case was brought against Webb “based on the same underlying facts in this case,” and this civil action was stayed pending the outcome of that matter. Order and Op. at 1 (Apr. 2, 2019). After a jury returned a verdict finding Webb guilty of both wire and mail fraud, however, the SEC, having separately settled with Webb, moved for summary judgment against InfrAegis in this case.

Specifically, despite the fact that “[t]he criminal case . . . did not include a finding that InfrAegis was vicariously liable for Webb’s actions, and neither Webb nor InfrAegis were tried or found guilty of any violations of the Securities Act or the Exchange Act,” id. at 4, the SEC argued that InfrAegis was precluded “from contesting its liability on the SEC’s securities fraud claims in light of Webb’s convictions for mail and wire fraud based on the same conduct at issue in this case and Webb’s role as InfrAegis’[s] chairman, CEO, and majority owner,” id. at 5. But the Court rejected this argument. While it found that “Webb’s criminal conviction establishe[d] all the elements necessary to support his civil liability,” id. at 6 (emphasis added), the Court held that InfrAegis was not “fully represented during Webb’s [criminal] trial,” as is required to establish issue preclusion. Id. at 1. In doing so, the Court further rejected the SEC’s contention that because Webb was represented at his criminal trial and was in privity with InfrAegis, InfrAegis had a full and fair opportunity to litigate the issues presented there. The Court found that no exception “to the rule against nonparty preclusion” applied here because (1) “[a] principal-agent or fiduciary relationship at the time the alleged acts occurred” is not a recognized exception; and (2) there was no evidence that InfrAegis controlled Webb’s criminal defense “or that Webb remained an agent or fiduciary of InfrAegis at the time of his trial.” Id. at 7-8.

Moreover, while neither party disputed that the doctrine of respondeat superior could apply to securities fraud claims “where the employee acted in the scope of his employment in furtherance of the corporation’s goals,” the Court also held that the SEC could not “use respondeat superior to circumvent the . . . requirement of issue preclusion[] that InfrAegis have had a full and fair opportunity to litigate the issues.” Id. at 9. Thus, the Court denied the SEC’s motion for summary judgment concerning the securities fraud claims against InfrAegis.

DOJ and SEC Announce Charges Connected to Hack of SEC’s EDGAR System

Last week, the Department of Justice (“DOJ”) and the Securities & Exchange Commission (“SEC”) announced charges connected to a large-scale, international conspiracy to hack into the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system and profit by trading on stolen material, non-public information. The conduct underlying these cases was one of the principal reasons that the SEC created its Division of Enforcement “Cyber Unit” to target cyber-related securities fraud violations.

In a 16-count indictment unsealed in the United States District Court for the District of New Jersey, two Ukrainian citizens, Artem Radchenko and Oleksander Ieremenko, were charged with securities fraud conspiracy, wire fraud conspiracy, computer fraud conspiracy, wire fraud, and computer fraud. The SEC’s complaint charged nine defendants – Ieremenko, six traders in California, Ukraine, and Russian, and two entities – with antifraud violations of the federal securities laws.

The charging documents allege that Ieremenko and Radchenko hacked into the EDGAR system and stole thousands of files, including annual and quarterly earnings reports containing non-public financial information. The defendants gained access to the SEC’s networks by using a series of targeted cyberattacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. The defendants extracted thousands of filings from the EDGAR system to a server they controlled in Lithuania. The defendants then profited by selling access to the stolen, confidential information and by trading on the stolen information prior to its distribution to the public. In total, the defendants and their co-conspirators are alleged to have traded before at least 157 separate earnings releases, and they generated over $4 million in illegal proceeds.

Some of the individuals charged in these cases were previously charged in connection with a similar scheme to hack into the computer systems of multiple newswire organizations and steal press releases containing financial information that had not yet been released to the public. Several of the same methods used to hack the newswire organizations were also employed to hack the EDGAR system.

The criminal and civil charges in these cases are a reminder that both DOJ and the SEC have prioritized combatting cybercrime and, in particular, network intrusions. They also serve as a stark reminder that any organization, even a U.S. government agency, can be targeted and victimized by cybercriminals. Companies and firms would be wise to examine the techniques used by the defendants in these cases and ensure that their own cyber defenses are sufficient to protect against and thwart similar attacks. For additional guidance, companies and firms can look to SEC guidance and actions issued since the creation of the SEC’s Cyber Unit.

Department of Justice Announces Important Revisions to the Yates Memo

Deputy Attorney General Rod Rosenstein recently announced significant changes to the Department of Justice’s corporate enforcement policy regarding individual accountability, previously announced in the 2015 Yates Memo. The revised policy no longer requires companies who are the target of DOJ investigations to identify all parties involved in potential misconduct before they can be eligible to receive any cooperation credit. This alert examines the updated policy, which should provide companies with greater flexibility in conducting investigations and negotiating dispositions with DOJ in both criminal and civil cases.

Read the full alert.

SEC and CFTC FY2018 Results: Looking Back . . . and Looking Forward

Earlier this month, the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission issued their annual reports about their Divisions of Enforcement results for fiscal year 2018. Analyzing these reports is a helpful way for us to learn from the recent historical enforcement efforts by both financial regulatory agencies. Also, both reports provide guidance about the divisions’ objectives and initiatives for the upcoming fiscal year and beyond. Below we explore and summarize the important topics covered in both reports.

The SEC issued its FY2018 Annual Report earlier this month. The last several pages categorize and list every action filed by SEC Enforcement during FY2018; this provides a useful reference tool. In addition, this report continues to evolve and provide more information than in years past. Not surprisingly, the report highlights SEC Chairman Jay Clayton’s direction to SEC Enforcement to focus on “Main Street” investors. Thus, it was no surprise to see SEC Enforcement’s Share Class Selection Disclosure Initiative touted as a success.

If focusing on Main Street is Chairman Clayton’s top priority for SEC Enforcement, then policing cyber-related misconduct is the Chairman’s priority “1B.” In its Annual Report, SEC Enforcement specifically advised:

Since the formation of the Cyber Unit at the end of FY 2017, the Division’s focus on cyber- related misconduct has steadily increased. In FY 2018, the Commission brought 20 standalone cases, including those cases involving ICOs and digital assets. At the end of the fiscal year, the Division had more than 225 cyber-related investigations ongoing. Thanks to the work of the Unit and other staff focusing on these issues, in FY 2018 the SEC’s enforcement efforts impacted a number of areas where the federal securities laws intersect with cyber issues (emphasis added).

Regarding SEC Enforcement’s results, while the SEC seemingly tried to temper the increased results from last year and asked readers to avoid focusing on quantitative results, one thing that has become clear during Chairman Clayton’s tenure is that he has apparently not slowed down SEC Enforcement. Regarding the quantitative results, the SEC brought a diverse mix of 821 enforcement actions, including 490 standalone actions, and returned $794 million to harmed investors. A significant number of the SEC’s standalone cases concerned investment advisory issues, securities offerings, and issuer reporting/accounting and auditing, collectively comprising approximately 63 percent of the overall number of standalone actions. The SEC also continued to bring actions relating to market manipulation, insider trading, and broker-dealer misconduct, with each comprising approximately 10 percent of the overall number of standalone actions, as well as other areas. The agency also obtained judgments and orders totaling more than $3.945 billion in disgorgement and penalties.

The report also outlined the five core principles that serve to guide SEC Enforcement’s work. From here, we garner a glimpse into their focus and efforts going forward. These principles are:

  • Focus on the Main Street investor;
  • Focus on individual accountability;
  • Keep pace with technological change;
  • Impose remedies that most effectively further enforcement goals; and
  • Constantly assess the allocation of resources.

In concluding our discussion of the SEC Enforcement’s efforts and looking forward, with the continuing focus on the advisory and brokerage industries, we should expect SEC Enforcement to continue to focus its efforts and resources on the investment advisers and broker-dealers who serve Main Street.

Before turning to the CFTC, it is worth noting that both the SEC and the CFTC highlight the increased use of specialized proprietary tools they have developed to review data and bring enforcement actions. The SEC specifically stated that it “has continued to leverage its own technology to accomplish its enforcement goals.” These goals include using proprietary tools to conduct data analysis to identify and pursue a wide variety of misconduct, including insider trading, “cherry-picking” schemes, and the sale of unsuitable investment products or programs to retail investors. The CFTC highlighted its realignment of the Market Surveillance Unit, moving it from the Division of Market Oversight to the Division of Enforcement. Building and utilizing sophisticated analytical tools, the Market Surveillance Unit reviews data for instances of fraud, manipulation, and disruption. Moving the unit to the Division of Enforcement “reflects the data-centric approach the Division pursued during the last Fiscal Year, and expects to continue going forward.” Thus, the SEC and the CFTC will continue to increasingly employ sophisticated data analytics to pursue their enforcement objectives.

Turning to CFTC Enforcement, much like the SEC, CFTC Enforcement now provides much greater detail in its FY2018 Annual Report than in previous editions. Similar to the SEC’s results, quantitatively, CFTC Enforcement’s efforts in FY 2018 reflect significant increases. The number of enforcement actions filed increased year over year from 49 to 83 and monetary sanctions also increased from $413 million to $950 million. CFTC Enforcement  explained in the report a number of key initiatives started or continued during FY 2018, including cooperation and self-reporting, the use of data analytics, and the development of a set of specialized task forces focused on four  substantive areas — spoofing and manipulative trading, virtual currency, insider trading and protection of confidential information, and the Bank Secrecy Act.

Regarding the “Spoofing and Manipulative Trading” task force, the CFTC Enforcement Director provided additional information on this task force in a speech the day before the release of the FY2018 Annual Report:

Spoofing and Manipulative Trading: A little more than a decade ago, our markets moved from in-person trading in the pit, to computer-based trading in an electronic order book. The advent of the electronic order book brought with it significant benefits to our markets—it increased information available, reduced friction in trading, and significantly enhanced the price discovery process. But at the same time, this technological development has presented new opportunities for bad actors. Just as the electronic order book increases information available to traders, it creates the possibility that false information injected into the order book could trick them into trading to benefit a bad actor.

Efforts to manipulate the electronic order book—which can include spoofing—are particularly pernicious examples of bad actors seeking to gain an unlawful advantage through the abuse of technology. These efforts to manipulate the order book, if left unchecked, drive traders away from our markets, reducing the liquidity needed for these markets to flourish. And this misconduct harms businesses, large and small, that use our markets to hedge their risks in order to provide the stable prices that all Americans enjoy. The Spoofing Task Force works to preserve the integrity of these markets.

The CFTC’s efforts to detect market manipulation generally and spoofing in particular, however, were not limited to the creation of a task force. The FY2018 report identified 83 total actions filed, 26 (approximately 31 percent) of which were manipulation-based. This was a number second only to retail fraud (30 actions filed). While supervision is not discussed specifically as an initiative or a particular priority, CFTC Enforcement’s FY2018 Annual Report also identified 6 “Supervision” cases. Here is the breakdown by category:

From this table, it is a little unclear how the CFTC’s spoofing supervision cases were categorized and quantified in its FY2018 Annual Report. Regardless, based on the increased focus on supervision in this area— as previously reported—we can expect CFTC Enforcement to continue to investigate and bring charges for spoofing and related supervisory violations well into the future.

Finally, the CFTC Enforcement’s FY2018 Annual Report emphasizes its efforts to significantly ramp up its “coordination with our law enforcement and regulatory partners—in particular the criminal authorities.” These efforts included the announcement of the parallel actions involving spoofing and manipulative conduct filed together with the Department of Justice in January 2018. In those filings, the Commission charged three financial institutions and six individuals with manipulative conduct and spoofing. While the early 2018 joint filing was significant, the Commission’s coordination with criminal authorities was not limited to this filing. Joint filings with criminal counterparts were up significantly and may signal more to come:

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy