District Court Confirms “Neither Admit Nor Deny” Settlements Applying Citigroup Factors

In March 2013, the SEC requested that Judge Victor Marrero of the United States District Court for the Southern District of New York approve consent judgments as to CR Intrinsic and CR Intrinsic Investments, LLC; S.A.C. Capital Advisors, LLC; S.A.C. Capital Associates, LLC; S.A.C. International Equities, LLC; and S.A.C. Select Fund, LLC (the “Relief Defendants”). Each of the proposed judgments was without admitting or denying the allegations of the SEC’s complaint. In April 2013, Judge Marrero issued an Opinion and Order in which he said, “The Court is troubled by these provisions as they permit CR Intrinsic and the Relief Defendants to resolve the serious allegations against hem involving a massive insider trading scheme ‘without admitting or denying the allegations of the Complaint.’” SEC v. CR Intrinsic Investors, LLC, 939 F. Supp. 2d 431, 436 (S.D.N.Y. 2013). Noting that the Second Circuit was then considering an appeal in SEC v. Citigroup Markets, Inc., which might clarify how much discretion the district courts might have in determining whether to approve or reject a consent judgment that contains a clause neither admitting nor denying the allegations in the SEC’s complaint, Judge Marrero conditionally approved the judgments pending resolution of Citigroup.

As explained in our June 6, 2014 post titled “Second Circuit Vacates Judge Rakoff’s Order Refusing to Approve Citigroup “Neither Admit Nor Deny” Settlement“, the Second Circuit recently clarified the proper standard for reviewing consent decrees, and the parties requested the court to approve consent decrees. Applying the standards set forth by the Second Circuit in SEC v. Citigroup Mkts., Inc., ___ F.3d ___, Docket Nos. 11-5227-cv; 11‑5375-cv; 11-5242-cv, 2014 WL 2486793 (2d Cir. June 4, 2014), Judge Marrero approved the judgments as to CR Intrinsic and the Relief Defendants. He, however, noted that the subsequent conviction of Matthew Martoma, a CR Intrinsic employee, and guilty plea by CR Intrinsic “called attention to the importance of more rigorous inquiry by the SEC in its application of ‘neither admit nor deny’ provisions in settlements embodying the exceptional circumstances presented by this action, specifically those where parallel criminal cases track an SEC complaint arising from the same facts.” SEC v. Citigroup Mkts., Inc., 2014 WL 2486793, at *5. It remains to be seen whether Judge Marrero’s “wait-and-see approach” in these situations will gain traction at the SEC, particularly because it could significantly delay settlements in cases where, like Martoma’s, the criminal conviction is appealed.

Second Circuit Vacates Judge Rakoff’s Order Refusing to Approve Citigroup “Neither Admit Nor Deny” Settlement

Today, the Second Circuit Court of Appeals vacated Judge Rakoff’s order refusing to approve a settlement between the SEC and Citigroup in which Citigroup neither admitted nor denied the agency’s allegations. See SEC v. Citigroup Global Mkts., Inc., Docket Nos. 11-5227-cv; 11‑5375-cv; 11-5242-cv (2d Cir. June 4, 2014). Judge Rakoff took issue with the consent decree, finding that it was not fair, reasonable, adequate, or in the public interest because the public was denied the opportunity to know the truth underlying the allegations of securities fraud. The Circuit Court disagreed, reasoning that the district court abused its discretion by requiring the SEC to “establish the ‘truth’ of the allegations against a settling party as a condition for approving the consent decrees.” Id., slip op. at 21. The court said, “Trials are primarily about the truth. Consent decrees are primarily about pragmatism.” Id.

The court clarified that the proper standard for reviewing a consent decree requires determinations of whether the decree is fair and reasonable and whether the public interest would be disserved. According to the court, district courts assessing consent decrees for fairness and reasonableness should consider (1) the basic legality of the decree; (2) whether the terms of the decree, including its enforcement mechanism, are clear; (3) whether the consent decree reflects a resolution of the actual claims in the complaint; and (4) whether the consent decree is tainted by improper collusion or corruption of some kind. The court jettisoned the “adequacy” requirement, finding it incompatible with the use of consent decrees. In addition, the court made clear that “[t]he job of determining whether the proposed S.E.C. consent decree best serves the public interest . . . rests squarely with the S.E.C., and its decision merits significant deference . . . .” Id., slip op. at 24-25.

The court remanded the case to the district court for consideration of the factual basis for the consent decree under these standards, noting that “[a]bsent a substantial basis in the record for concluding that the proposed consent decree does not meet these requirements, the district court is required to enter the order.” Id., slip op. at 19.

The court cautioned that the SEC must be “willing to assure the court that the settlement proposed is fair and reasonable” when it seeks the court’s imprimatur of consent decrees. Id., slip op. at 27. The court pointed out, however, that the SEC has the ability to employ its own remedies—like administrative proceedings—that do not require court involvement. It remains to be seen whether the SEC will make more use of administrative proceedings in an effort to avoid judicial scrutiny in settled cases. During the pendency of the Citibank ruling, the SEC did not shy away from filing significant settled cases such as the JP Morgan internal controls matter in federal court. Moreover, in light of the standard articulated by the Second Circuit, it would seem that both the SEC and settling defendants should have less concern about courts second-guessing or questioning whether proposed settlements serve the public interest.

Recent Decision Demonstrates Reach of Lawson; Extends SOX Whistleblower Protections to Employee of a Nonpublic Subsidiary of a Public Issuer

We recently blogged about the U.S. Supreme Court’s decision in Lawson v. FMR LLC, 571 S. Ct. __, 188 L. Ed. 2d 158 (Mar. 4, 2014), which held that the whistleblower protections in section 1514A applied not only to the direct employees of public companies, but also to employees of private contractors and subcontractors serving public companies. See Lawson and Doral Expand Whistleblower Protections,” SECurities Law Perspectives (Apr. 2, 2014). Taking the lead from Lawson and more recent decisions from the Department of Labor’s Administrative Review Board (“ARB”), the U.S. District Court for the Eastern District of Pennsylvania has ruled that an employee of a nonpublic subsidiary of a public issuer could proceed with his retaliation claims against the company. Wiest v. Lynch, __ F. Supp. 2d __, Civil Action No. 10-3288, 2014 WL 1490250, at *18–23 (E.D. Pa. Apr. 16, 2014).

In reaching this conclusion, the court considered Lawson and more recent ARB decisions interpreting the scope of section 1514A’s “agent” language. The court said, “There is no reason to think that the Supreme Court’s holding in Lawson does not also apply, beyond contractors of public companies, to agents of public companies and those agents’ employees.” Id. at *19; see also 18 U.S.C. § 1514A(a) (“No [public] company . . . or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee . . . to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders . . . .” (emphasis added)).

Noting “some disagreement among lower courts and the ARB as to the scope or nature of the required agency relationship,” the court rejected the narrower view—i.e., that an agency is created for purposes of section 1514A only when the public-issuer parent is involved in hiring, supervising, or terminating its nonpublic subsidiary’s employees—for more traditional agency principles. The court found persuasive the ARB’s decision in Johnson v. Siemens Building Techs., Inc., ARB No. 08-032, 2011 WL 1247202 (Dep’t of Labor Mar. 31, 2011), which held that section 1514A applied to a subsidiary whose financial information was included in the consolidated financial statements of a public-issuer parent.

In combination with Lawson, the Wiest court found the concurrence in Johnson suggestive of “the direction in which the ARB is headed.” Wiest, 2014 WL 1490250, at *20. Specifically, the concurrence observed that to focus the agency coverage question on whether the public issuer was involved in employment/labor law issues would “fly in the face” of two other bases for finding agency—i.e., apparent authority and respondeat superior. Id. at *20–21 (quoting Johnson, 2011 WL 1247202, at *16). Rather, it explained, “[A]n entity will be held independently liable as a covered agent under [section 1514A] where it is established that the entity engaged in retaliatory conduct was serving as the public company’s agent with respect to securities related matters.” Id. at *21 (quoting Wiest, 2011 WL 1247202, at *17).

In resolving the motion to dismiss before it, the Wiest court concluded that the complaint sufficiently alleged that Wiest’s employer, the nonpublic subsidiary, acted as an agent of its public-issuer parent. For example, the court found Wiest’s allegation that executives of the public-issuer parent had approved certain expenses about which Wiest had complained to be “a strong indicator of an agency relationship regarding accounting and taxes between [the two entities].” 2014 WL 1490250, at *22. The court noted, however, that “[t]his theory will quite likely be tested on the evidence later . . . .” Id. at *23.

While Lawson opened the door for employees of nonpublic companies to bring whistleblower claims, there still will be legal challenges to the scope of such protections. The Wiest decision highlights at least one area about which there may be substantial disagreement and on which companies may fight back on the courts’ expansion of these claims.

CFTC Announces First Whistleblower Award

The U.S. Commodity Futures Trading Commission’s whistleblower program was created as part of the Dodd-Frank Act. Under the program, the CFTC will provide awards to whistleblowers who report violations of the Commodity Exchange Act when the information leads to an action that results in more than $1 million in sanctions. Today, the CFTC announced its first whistleblower award.

Although the CFTC did not disclose the identity of the whistleblower or the enforcement action that resulted from the information provided, it did confirm that the person will receive approximately $240,000. Gretchen Lowe, Acting Director of the CFTC’s Division of Enforcement, said that the “whistleblower provided specific, timely and credible information that led to the Commission bringing important enforcement actions.” With respect to the types of information being reported by whistleblowers, Ms. Lowe said that the program “is attracting high-quality tips and cooperation we might not otherwise receive and is already having an impact on the Commission’s enforcement mission.”

No doubt, the establishment of a whistleblower program and awards in connection with information provided as part of that program will encourage more people to report. It remains to be seen, however, the true impact these programs have on enforcement activity.

SEC Gives Insider Trader a $30,000 Slap On The Wrist

On April 23, 2014, the SEC agreed to settle insider trading charges against Chris Choi, a former accounting manager at Nvidia Corporation who allegedly set into motion a trading scheme that reaped nearly $16.5 million in illicit profits and avoided losses. Given the amount of the purported loss, the fact that Choi was the original “tipper,” and the fact that nearly every other member of the scheme has been indicted, the Choi settlement seems like nothing more than a slap on the wrist: a $30,000 penalty without admitting to the insider trading allegations. The Choi settlement also represents a notable departure from the SEC’s recent insider trading fines and penalties against “tippers.”

According to the SEC’s complaint, on at least three occasions during 2009 and 2010, Choi tipped material nonpublic information about Nvidia’s quarterly earnings to his friend Hyung Lim. SEC v. Choi, No. 14-cv-2879 (S.D.N.Y. Apr. 23, 2014). Lim passed the information along to Danny Kuo, a hedge fund manager at Whittier Trust Company, who passed the information to his boss and to a group of managers at three other hedge funds.

Kuo and the other tippee-hedge fund managers used Choi’s information to trade in advance of Nvidia earnings announcements and reaped trading gains and/or avoided losses of approximately $16.5 million.

The SEC alleged that Choi was liable for this trading because he “indirectly caused trades in Nvidia securities that were executed” by the hedge funds and “did so with the expectation of receiving a benefit and/or to confer a financial benefit on Lim.” The SEC charged him with violations of Section 10(b) of the Exchange Act (and Rule 10b-5) and Section 17(a) of the Securities Act.

Choi, without admitting or denying the SEC’s allegations, agreed to settle the matter and to the entry of an order: (1) permanently enjoining him from violations of Section 10(b), Rule 10b-5, and Section 17(a); (2) barring him from serving as an officer or director of certain issuers of securities for five years; and (3) ordering him to pay a $30,000 penalty.

Not only is Choi’s settlement a significant departure from the resolutions obtained by his “downstream” tippees, a number of whom were convicted on criminal charges of insider trading, it is a departure from recent SEC “tipper” settlements. For example:

•   A former executive at a Silicon Valley technology company, who allegedly tipped convicted hedge fund manager Raj Rajaratnam with nonpublic information that allowed the Galleon hedge fund to make nearly $1 million profit, agreed to pay more than $1.75m to settle the SEC’s insider trading charges. See SEC Charges Silicon Valley Executive for Role in Galleon Insider Trading Scheme.

•   A physician who served as the chairman of the safety monitoring committee overseeing a clinical trial for an Alzheimer’s drug being jointly developed by two pharmaceutical companies, who allegedly tipped a hedge fund manager with safety data and eventually data about negative results in the trial approximately two weeks before they became public, which allowed the hedge fund to make nearly $276 million in gains, agreed to pay more than $234,000 in disgorgement and prejudgment interest to settle the SEC’s insider trading charges. The physician’s penalty may have been mitigated by the fact that he cooperated with and received a non-prosecution agreement from the U.S. Attorney’s Office in a parallel criminal action. See SEC Charges Hedge Fund Firm CR Intrinsic and Two Others in $276 Million Insider Trading Scheme Involving Alzheimer’s Drug.

•   A former executive director of business development at a pharmaceutical company located in New Jersey, who allegedly tipped a hedge fund manager (a friend and former business school classmate) with material nonpublic information regarding the company’s anticipated acquisition that allowed the manager to make nearly $14 million in gains, escaped criminal prosecution and agreed to pay a $50,000 penalty to settle the SEC’s insider trading charges. See SEC Charges Pharmaceutical Company Insider and Former Hedge Fund Manager for Insider Trading, Resulting in Approximately $14 Million in Profits.

There are a few reasons the SEC may have settled with Choi for such a small civil penalty. First, the SEC recently settled with Lim, the second chain in the insider trading scheme. Lim tentatively agreed to disgorgement or to pay a penalty once he has completed his cooperation with the U.S. Attorney’s Office for the Southern District of New York and has been sentenced in its pending, parallel criminal action¾i.e., United States v. Lim, 12-cr-121 (S.D.N.Y.). It also could be Choi’s limited financial means. We likely will never know the reason for the SEC’s agreed-upon resolution, but the fact of the resolution may have some value to other defendants.

 

SEC Enters Into First NPA With An Individual

In 2010, the SEC implemented a Cooperation Initiative designed to encourage individuals and companies to cooperate with SEC investigations. See SEC Announces Initiative to Encourage Individuals and Companies to Cooperate and Assist in Investigations, SEC Press Release No. 2010-6 (Jan. 13, 2010). Although the Division of Enforcement authorized SEC staff to “use various tools to encourage individuals and companies to report violations and provide assistance to the agency,” including cooperation agreements, deferred prosecution agreements (“DPA”), and non-prosecution agreements (“NPA”), the staff has made limited use of the cooperation tools with individuals.

In fact, in April, the SEC announced its first NPA with an individual in connection with an insider trading case involving GSI Commerce Inc.’s (“GSIC”) merger with eBay. See SEC v. Saridakis,Civil Action No. 14-2397 (E.D. Pa.). According to the SEC, prior to GSIC’s public announcement of its merger with eBay, Inc., the CEO of its marketing solutions division, Christopher D. Saridakis, provided material nonpublic information about the transaction to friends and colleagues, and he suggested they immediately purchase GSIC stock. For example, according to the SEC’s complaint, co-defendant Jules Gardner received a series of text messages from Saridakis suggesting that he should “own” GSIC “shares” “soon.” Saridakis and Gardner shared this information with several other individuals who traded GSIC stock in or around the time of the merger and further passed along the confidential merger information to people the SEC referred to as “downstream” individuals. According to the SEC, on the day of the merger announcement, the closing price for the GSIC stock increased significantly, resulting in more than $300,000 in illegal profits to the individuals who traded on the insider information.

The SEC reached an agreement with Saridakis and a number of “downstream” individuals. To resolve the SEC’s complaint against them, Saridakis agreed to an officer-and-director bar and to a substantial monetary penalty while Gardner agreed to cooperate and to disgorge all the profits he obtained. The remaining individuals each settled in separate administrative proceedings on a neither admit nor deny basis. These individuals agreed, among other things, to disgorge profits and/or to pay civil monetary penalties.

The Saridakis case is another example of the SEC’s recent and ongoing efforts to encourage individuals to come forward with information relating to alleged securities violations and to cooperate with the SEC’s investigations of such violations. See, e.g., SEC Announces First Deferred Prosecution Agreement with Individual, SEC Press Release No. 2013-241 (Nov. 12, 2013); see also article in Business Law Today. The director of the SEC’s Division of Enforcement, Andrew J. Ceresney, explained, “The reduction in penalties for those tippees who assisted us, together with the non-prosecution agreement for one of the traders, demonstrate the benefits of cooperating with our investigations. The increased penalties for others highlight the risks of impeding our work.”

Although the SEC did not disclose the identity of the individual who received an NPA, it appears that he or she received the material nonpublic information third hand. In addition, Ceresney explained that the “individual provided early, extraordinary, and unconditional cooperation.” Unlike the DPA that the SEC entered into with an individual and the DPAs and NPAs that the SEC has entered into with entities, the SEC did not publicize this NPA, so it is difficult to evaluate what the SEC considered extraordinary cooperation. The fact that the SEC did not disclose the NPA may signal that the individual may be cooperating with the criminal authorities as well.

Expect more cooperation agreements with individuals to come.

SEC to Examine Registered Broker-Dealers’ and Investment Advisers’ Procedures for Countering Cybersecurity Threats

Background and Purposes

On April 15, 2014, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued a “Risk Alert” explaining a new initiative to assess cybersecurity preparedness in the securities industry.  Although not an official rule, regulation or statement of the SEC, the Risk Alert advised that OCIE will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, regarding their cybersecurity and data security procedures and policies.

OCIE’s cybersecurity initiative is designed to obtain information about the industry’s recent experiences with certain types of cyber threats.  The examinations will focus on the following topics: the firm’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain specific cybersecurity threats.

Questions Registered Entities May be Asked

As an appendix to the Risk Alert document it released this week, OCIE included a sample list of requests for information that OCIE may use to assess registered firm’s preparedness to deal with cybersecurity threats. A primary area of OCIE inquiry is the firm’s internal policies and procedures for data preservation and cybersecurity.  For example, one sample question asks the firm to identify the last time it completed certain cybersecurity precautions, such as: preparing a firm-wide inventory of physical devices and systems; mapping network resources, connections and data flows; and cataloguing connections to the firm’s network from external sources.  Another asks the firm whether it maintains data breach/cybersecurity insurance, and if so, the firm is asked to describe the nature of the coverage and whether the firm has filed any claims against the policy.  The OCIE also asks if the firm maintains written data destruction policies or cybersecurity incident response policies, and if so, the firm is asked to provide copies of the policies and identify the date they were last updated.

Unsurprisingly, the security of customer-related data and fund transfer information is also a primary OCIE focus.  One sample question asks the firm about its customers’ online account access platform, including how customers are authenticated for online transactions, a description of any security measures used to protect stored customer PINs, and software used to detect anomalous transaction requests that may be the result of compromised customer access.  Another question asks for a copy of the firm’s procedures for verifying the authenticity of email requests seeking to transfer customer funds.

OCIE also plans to inquire about risks related to vendors and other third parties.  The sample questions include cybersecurity requirements the firm incorporates in contracts with third parties; policies, procedures and training provided to third parties about cybersecurity; and how the firm segregates network components to which third parties have access from purely internal components.

Other areas of inquiry include how the firm detects unauthorized activity on its networks and devices, whether the firm conducts “white-hat” hacker penetration tests and vulnerability scans; how the firm identifies and implements “best practices” for cybersecurity; and whether (and how) the firm has been the target of digital attacks or data breaches, and how it responded to those incidents.

Conclusion

The regulatory environment for cybersecurity compliance in all business sectors is fast-moving, particularly for companies in the financial services industry. This is clearly an area to which the SEC is giving a great deal of attention and the sample requests signal the specific concerns that the SEC has identified thus far. The OCIE Risk Alert to broker-dealers and investment advisers comes less than three weeks after the SEC held a day-long roundtable discussion on cybersecurity.

D.C. Circuit Court of Appeals Issues Ruling on Conflict Minerals

On April 14, 2014, the U.S. Court of Appeals for the District of Columbia Circuit issued its opinion in the conflicts minerals case, National Association of Manufacturers, et al., v. Securities and Exchange Commission. The Court of Appeals upheld most aspects of the statute and the rule, but found that the statute and rule violate the First Amendment “to the extent that the statute and rule require regulated entities to report to the Commission and to state on their website that any of their products have not been found to be ‘DRC conflict free.’” The Court of Appeals remanded the case to the U.S. District Court for the District of Columbia for further proceedings consistent with its opinion. As of this time, there is no reprieve for issuers from the requirement to file a Form SD or conflict minerals report with the Securities and Exchange Commission (SEC) by June 2, 2014.

Background

As part of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Congress required that the SEC issue regulations requiring firms using “conflict minerals” to investigate and disclose the origins of those minerals. The SEC’s rule applies to issuers that file reports with the SEC under Sections 13(a) or 15(d) of the Securities Exchange Act of 1934 (the Exchange Act) and for whom conflict minerals are necessary to the functionality or production of a product manufactured or contracted to be manufactured.

“Conflict minerals” are used in many different types of products and are defined as cassiterite, columbite-tantalite, gold, wolframite and their derivatives, tantalum, tin and tungsten. Many non-SEC reporting companies also have been impacted by the scope of the rule’s “reasonable country of origin” (RCOI) and supply chain due diligence provisions, notwithstanding the fact that the rule only applies to issuers. For more on the adoption of the conflict minerals rules and the specific requirements, see Drinker Biddle’s September 2013 Client Alert.

Court Ruling

The National Association of Manufacturers challenged the SEC’s final rule, raising Administrative Procedure Act (APA), Exchange Act and First Amendment claims. The District Court rejected all of those claims and granted summary judgment for the SEC and intervenor Amnesty International. On appeal, the Court of Appeals affirmed the District Court’s ruling on the APA and Exchange Act claims, but reversed the ruling on the First Amendment claim.

In particular, the Court of Appeals found that the requirement to disclose that products are not “DRC conflict free” violates the prohibition against compelled speech. The court explained:

The label “conflict free” is a metaphor that conveys moral responsibility for the Congo war.  It requires an issuer to tell consumers that its products are ethically tainted, even if they only indirectly finance armed groups . . . By compelling an issuer to confess blood on its hands, the statute interferes with that exercise of the freedom of speech under the First Amendment.

The Court of Appeals found insufficient the SEC’s argument that issuers could explain the meaning of “conflict free,” stating that “the right to explain compelled speech is present in almost every such case and is inadequate to cure a First Amendment violation.” Also of note, the Court of Appeals found that the SEC did not act arbitrarily and capriciously by choosing not to include a de minimis exception to the conflict minerals rules. As conflict minerals are often used in limited amounts, the Court of Appeals found that a de minimis exception could leave small quantities of conflict minerals unmonitored across many issuers.

Implications

Unfortunately for many issuers who are racing to complete their specialized disclosure report on Form SD and their first conflict minerals report, due by June 2, 2014, there is no reprieve from that deadline at this time. While it is difficult to predict what action the SEC may take, it is possible that the SEC could seek further review of the rule, could stay the upcoming filing deadline in light of the ongoing proceedings, or could otherwise clarify its expectations regarding disclosure obligations, although there are no guarantees. Given that uncertainty, it would be wise for issuers to continue to work on their Form SD and conflict minerals report unless and until the SEC takes further action.

Because the Court of Appeals upheld most aspects of the conflict minerals statute and rule, the due diligence requirements remain intact, and it is possible that they could survive with modified disclosure requirements.  Therefore, notwithstanding the Court of Appeals ruling, it is advisable that SEC reporting companies continue their due diligence efforts. For those companies who are not SEC reporting companies but who are nonetheless impacted by the conflict minerals rule via the required RCOI and supply chain due diligence process, it is advisable to continue responding to RCOI and due diligence inquiries.