Securities Mosaic® Blogwatch
February 15, 2018
In re SandRidge Energy, Inc., Shareholder Derivative Litigation: Denial of Attorneys' Fees and Appeal Dismissed as Moot
by Sydney Boyle

In In re SandRidge Energy, Inc., Shareholder Derivative Litigation, 875 F. 3d 1297 (10th Cir. 2017), the United States Court of Appeals for the Tenth District affirmed the district court's denial of Dale Hefner's (“Plaintiff”) request for additional discovery, challenge to the settlement agreement, and attorneys' fees resulting from a federal shareholder derivative suit filed on behalf of SandRidge Energy, Inc. (“SandRidge”) against its Board of Directors. The court affirmed the lower court’s ruling regarding attorneys’ fees and held Plaintiff's remaining claims were moot.  

SandRidge was involved in two derivative suits, the first in federal court and the second, filed by Plaintiff, in state court. The state case was stayed pending a decision in the federal case. After a settlement was reached in the federal case, Plaintiff filed a motion objecting to the settlement, requesting attorneys’ fees, and requesting discovery related to the settlement. The court denied Plaintiff’s motion, and Plaintiff appealed arguing the court abused its discretion. Before the appeal was heard, SandRidge filed for bankruptcy and had their plan of reorganization approved. SandRidge then moved for dismissal of the appeal as moot.  

When determining if a case is moot, the court looks for subsequent events that deny a claimant's standing. For a claim to be justiciable, the court must be able to provide effective relief. Additionally, an objector to a settlement can be compensated for attorneys’ fees only if he contributes to the "collective good" of the corporation.

The court held all but one of Plaintiff's claims were moot. The bankruptcy court’s approval of SandRidge’s reorganization released any claims against SandRidge's current or former officers and directors and eliminated all pre-organization shares. Even if Plaintiff was able to show the lower court abused its discretion in approving the settlement, the case would be dismissed on remand for lack of standing because the Plaintiff’s shares were eliminated in the reorganization. With regard to attorneys’ fees, the court held the district court properly decided that the actions taken by Plaintiff and his counsel did not provide substantial benefit to SandRidge or its shareholders. As such, the claim was properly denied.

For the above reasons, the court affirmed the district court's judgment denying attorneys’ fees and dismissed the rest of the appeal as moot.

The primary materials for this case may be found on the DU Corporate Governance website.

February 16, 2018
FINRA Enforcement Head Explains Why Enforcement "Isn't Rocket Science"
by Daniel Nathan and Betsy Popken

In a speech at the SIFMA AML Conference last week, FINRA Head of Enforcement Susan Schroeder openly explained the "straightforward framework" that Enforcement uses when making decisions about enforcement actions. The context for Schroeder’s speech was FINRA’s merger of two separate enforcement departments, resulting from FINRA head Robert Cook’s "listening tour" and FINRA’s recent self-evaluation, but Schroeder’s explanation appeared to be more of a response to broader industry complaints about FINRA Enforcement’s lack of consistency and transparency in its charging and sanctions decisions.

If that was Schroeder’s mission, she was successful. She identified the goals of enforcement actions, and justified FINRA’s use of its enforcement tool based upon harms to investors and perceived market risks. Overarching Schroeder’s speech was the principle that firms should know "what to expect from their regulator" so they know "how to shape their behavior in order to comply with the rules." In this spirit of transparency, Schroeder identified the various principles or factors that FINRA Enforcement considers when evaluating enforcement actions and sanctions. Those principles should provide a vocabulary for firms and their counsel to assess and question FINRA’s enforcement activities.

Here are the principles in Schroeder’s own words:

Is this enforcement action appropriate? According to Schroeder, enforcement actions should be brought to "fix something that is broken or to prevent future misconduct, either by the same respondent or by another individual or firm." Enforcement is not the only means FINRA has to fix something, and it is not always the "right tool" to use. To determine whether enforcement action is the appropriate regulatory response, FINRA will ask:

  • Is there demonstrated financial harm resulting from the misconduct? If this is the case, FINRA expects the "firm or the individual who caused that harm" to "make the customers whole.
  • Has there been a significant impact to market integrity? If so, FINRA will ensure that the "issue is fixed" and that steps are taken "to prevent something harmful from recurring."
  • Did the misconduct create significant risk? Schroeder recognized that this is where "most [] cases land." In these instances, FINRA analyzes "whether the misconduct created significant risk, such that the misconduct requires an enforcement response in order to prevent and deter future harm." In particular, FINRA focuses on cases where there is (1) "high likelihood of harm," (2) "potential for widespread harm," or (3) "intentional or reckless misconduct." According to Schroeder, the following activities constitute "red flags": "repeated misconduct after disciplinary action," "broad patterns of disregarding regulatory requirements," and "failure to implement reasonable supervision."

What does a fair and effective sanction look like? FINRA has a host of sanctions options available to it – "fines, restitution, disgorgement, expulsions, bars, plenary and principle suspensions, undertakings, rescission, requirements to requalify, business restrictions, supervision requirements, and pre-approval requirements" – but when is it appropriate to use which ones? FINRA’s "highest priority" is to "obtain restitution for harmed investors." But Schroeder recognizes that "there are many cases in which that is not practical because there has been no calculable financial harm." In those instances, FINRA seeks to "tailor sanctions to most effectively address the root of the problem." When determining sanctions, FINRA asks:

  • Have wronged investors been made whole? If investors have been harmed, this is "the most important outcome" of sanctions.
  • Do sanctions effectively address the root of the problem? Schroeder admits that this is "one of the hardest parts of [FINRA’s] job." According to Schroeder, sanctions should: (1) be "proportionate to the harm or risk of harm posed," (2) "encourage remediation" (but "not be excessive to the point of being vindictive"), and (3) "reflect credit for cooperation and discipline by other regulators."

For its part, FINRA’s merged Enforcement Department will approach cases consistently and "reach foreseeable conclusions," according to Schroeder. Schroeder promised "thoughtful, balanced, and timely [FINRA] investigations." In particular, Schroeder said that settlement documents – she cited the AML context as an example – should identify the "legal framework supporting [FINRA’s] conclusions," so that anyone looking at a case can "immediately understand the basis for the charge."

Schroeder’s speech offers helpful guidance to firms seeking to focus their compliance priorities or understand why FINRA has brought enforcement action or sanctions against them. Schroeder also appears to accept, on behalf of FINRA, responsibility for ensuring that firms understand exactly what FINRA expects and why FINRA believes certain enforcement actions and sanctions are deserved. Firms and counsel who deal with FINRA in enforcement matters should hold the regulator to these principles. In short, firms now have a template for engaging more constructively with FINRA Enforcement.

February 20, 2018
Changes in Corporate Governance: Externally Dictated vs. Organically Determined
by Onur K. Tosun

Several major corporate scandals in the United States during the early 2000s brought attention to corporate governance of large U.S. companies. As a result, Congress passed the Sarbanes-Oxley Act (SOX), and the Securities and Exchange Commission (SEC) announced several regulations aimed at restoring public confidence in the governance of public corporations. While significant research has been conducted on the relation between corporate governance and firm performance, there is no agreement yet on whether changes in governance structure are beneficial for companies and improve firm performance, especially when the changes are dictated by regulation.

The main question is whether mandatory rather than voluntary changes in corporate governance rules on board independence have a positive impact on firm performance. Adjustments in board structure might be necessary in order to monitor firms’ management, which would then increase firm value and protect shareholders’ interests. However, one size might not fit all: Firms with different characteristics, internal dynamics, and needs might require different board structures. Some changes could increase firm performance for some firms but not others.

Boards typically become more independent and objective as the ratio of external to internal directors increases. More independent boards reduce agency costs through effective monitoring, because independent directors are strongly motivated to protect their reputational capital and are independent of internal incentives and company politics. Nevertheless, the degree of optimal board independence may differ across firms. Hence, a "one size fits all" style of regulation may not be optimal. Friendlier and less independent boards may work better for firms that need advice rather than more monitoring by the board. Also, mandatory governance changes that disregard firm-specific dynamics can hardly improve performance, and, therefore, such regulations should be optional for companies.

SOX instituted new requirements for public company boards, and, in 2003, the SEC approved and adopted governance-related reforms suggested by the three major U.S. stock exchanges: NYSE, NASDAQ, and AMEX. The most prominent requirement is that "… A majority of the board of directors must be comprised of Independent Directors …." Before the regulatory changes, companies applied necessary board structure adjustments organically, in line with their needs to improve efficiency and performance. Starting in 2003, however, all U.S.-listed firms had to have a majority of independent directors.

Regulations which force firms from their preferred board structure presume that the prevailing board structures are not optimal. If, however, organically determined governance structures are indeed best for some firms, then these dictated changes make those companies worse off. Furthermore, imposing new board structures may cause internal firm conflicts that can destroy harmony in the organization and damage efficient systems within firms. Moreover, new independent directors hired just to comply with the rule may not be a good fit and may lower advisory functions of the board. Loss of those functions, additional costs, and potential internal conflicts due to mandatory governance adjustments may lead to poor management decisions and a decrease in firm performance.

In fact, further analyses show that return on assets and sales growth decrease for firms that must increase board independence through mandatory rules after 2003. The negative impact on firm performance is greater when those rules force firms to deviate further from their optimal governance structure. The negative effects are also greater for single-segment and smaller firms, which must bear higher costs relative to their size when they have to adjust their board structure in accordance with SEC rules.

Companies in high-tech, wholesale, retail, and other concentrated industries dominated by one or two big players are severely affected by mandatory changes in board structure. There may be no external control mechanisms in those industries due to a lack of competition, so those firms may have developed internal controls for good governance regarding firm-specific needs. If an external rule like SOX is imposed, the firms could deviate substantially from their optimal form of governance.

Furthermore, the performance of firms in financial distress and with high leverage, high stock-return volatility, low cash holdings, high growth, and high research and development (R&D) expenses can suffer from the mandatory rule of increased board independence. Interestingly, rules requiring the full independence of compensation and nominating committees also have a negative impact on sales growth and return on assets.

Although mandatory rules might help some firms, particularly those that strayed from an optimal governance structure, there is evidence that imposing changes in board structure uniformly across firms is not suitable for the majority of companies and destroys firm performance, on average.

It would be in the firms’ best interest to seek guidance on their management and governance decisions and take into account studies on regulatory changes. Moreover, policymakers should not propose a uniform rule but consider firm-specific dynamics while formulating legislation to improve companies’ performance.

This post comes to us from Professor Onur K. Tosun at the Warwick Business School of the University of Warwick. It is based on his recent article, "Changes in Corporate Governance: Externally Dictated vs Organically Determined," available here.

February 20, 2018
Activism and Takeovers
by Mike Burkart, Samuel Lee
Editor's Note: Mike Burkart is Professor of Finance at the London School of Economics and Samuel Lee is Assistant Professor of Finance at Santa Clara University. This post is based on their recent paper. Related research from the Program on Corporate Governance includes Dancing with Activists by Lucian Bebchuk, Alon Brav, Wei Jiang, and Thomas Keusch (discussed on the Forum here); and The Long-Term Effects of Hedge Fund Activism by Lucian Bebchuk, Alon Brav, and Wei Jiang (discussed on the Forum here).

Hostile takeovers have long been considered the quintessential disciplinary governance mechanism, but a similarly confrontational strategy has lately come to prominence by way of activist hedge funds that buy into poorly run firms and use the threat of hostile tactics to pressure management into accepting specific proposals to improve shareholder value. This paper compares these two governance mechanisms within a unified framework where any outside investor—bidder or activist—faces a dual free-rider problem since target shareholders neither contribute to the cost of intervention nor sell their shares unless the price fully reflects the anticipated value improvement.

As bidders acquire control, dispersed shareholders free-ride ex ante by selling their shares only if the takeover premium incorporates the expected post-takeover gains. Acquiring those shares increases bidders’ incentives to improve share value afterwards, but paying the premium prevents them from recouping the costs of doing so. These unrecompensed costs are their costs of gaining control. Activism does not build on majority control. On the contrary, the point of the campaign is to compensate for the lack of it. The activist hence optimally limits her share purchase, balancing the benefit of gaining influence from additional voting rights against the cost of unrecompensed effort. The downside is that the endogenous limit on her equity stake caps her effort incentives, and when the value she creates under these incentives is too small, activism does not materialize.

Our key insight is that the profits from the two strategies exhibit opposite comparative statics with respect to the potential value improvement. In particular, a larger scope for value improvement in the target firm raises the takeover premium more than net surplus, but at the same time, makes a campaign more rewarding relative to its costs. Thus, activism turns more profitable as takeovers become too “expensive.” This entails distinct return patterns. Tender offers with larger surpluses yield smaller bidder returns, while more valuable campaigns also are more profitable.

In the second part of the paper, we analyse how activism and tender offers interact with the board’s prerogative to negotiate mergers that are binding for all shareholders. Ideally, boards overcome free-riding, but coordination problems among shareholders reappear when boards resist control changes out of self-interest. Yet, the prerogative remains relevant insofar as outside investors can seize control of boards: Bidders can acquire just enough shares to gain control and absorb the remaining shares afterwards through a so-called freeze-out merger. Activists can wage campaigns that aim at brokering mergers with bidders, which has been referred to as takeover activism. Since the power to force ownership changes can be abused, there is legal recourse: mergers are contestable in court and can be amended, if deemed to be in breach of fiduciary duty or unfair to dissenting shareholders.

As we show, the legal risk of a subsequent price revision amounts to stochastic free-riding and has opposite effects on the two governance mechanisms. In tender offers, the option to freeze out minority shareholders harms bidders ex ante. To minimize unrecompensed costs, a bidder buys just enough shares to reach majority. Absent freeze-outs, the price paid equals the value she generates owning half the shares. The freeze-out option introduces the commitment problem that, at this price, the bidder will exercise a freeze-out. Anticipating this, and in view of the possible benefits of a legal challenge to the freeze-out, shareholders then hold out in the initial offer. In equilibrium, the bidder still buys as few shares as needed, but at a premium at which a subsequent freeze-out is unattractive. This premium decreases with legal risk, as the temptation of a freeze-out (i.e., commitment problem) weakens.

In takeover activism, where the merger allows no ex ante free-riding, the legal risk merely reinforces ex post free-riding, and this effect is aggravated by higher legal risk. In addition, takeover activists limit ex ante free-riding during the campaign stage, but by using the merger prerogative, do not let their own stakes constrain incentives to create value—that is, they also limit ex post free-riding, if not during, at least after the campaign. Thus, if possible, activists are better off acting as control brokers, rather than using control to implement value improvements on their own.

In the final part of the paper, we no longer examine takeovers and activism in isolation but consider (parameter) constellations in which both are simultaneously feasible. The co-existence as feasible alternatives affects tender offers and activism asymmetrically. Optimal tender offers are pinned down by the majority requirement and the ex ante free-rider condition, whereas the bidder’s outside option is irrelevant for the offer terms.

By contrast, the potential of a tender offer erodes activists’ already limited incentives and so reduces campaign profitability. In the case of a single “active” outside investor who can make a bid if regular activism fails, this reduction in campaign incentives is efficient, since the takeover is socially preferable. This is not true in the presence of a separate bidder. In this case, the activist can free-ride on a bid, so activism only emerges if its profitability exceeds the expected forgone takeover premium (rather than bidder profit). We show that regular activism cannot clear this hurdle, making takeover activism the only relevant alternative. Furthermore, revealed-preference arguments imply that takeover activism is Pareto-improving. Hence, in the case of activist-bidder pairs, the dis-incentivising effect of a potential tender offer on activism is welfare-decreasing.

Our theoretical analysis has implications for returns across different types of activism and the co-evolution of activism and M&A. First, takeover activism should exhibit higher returns than other forms of activism. Second, takeover activism generates efficiency gains at the extensive and intensive margin: it enables takeovers that otherwise would not occur and replaces some tender offers with more efficient mergers. Hence, institutional changes that facilitate activism should not cause a decrease in M&A. Rather, it should lead to a concurrent (1) increase in campaigns, (2) increase in total M&A activity, and (3) decline in hostile bids. This broadly matches patterns observed since the 1990s.

The complete paper is available here.

February 20, 2018
ISS QualityScore: Environmental and Social Metrics
by Ning Chiu, Davis Polk
Editor's Note: Ning Chiu is counsel at Davis Polk & Wardwell LLP. This post is based on a Davis Polk publication by Ms. Chiu.

Along with its four pillars for governance which score companies on a one to ten scale, ISS has launched Environmental & Social (E&S) QualityScore to measure corporate disclosure on environmental and social issues. Similar to the Governance QualityScore, the measures are relative based on peer companies within a specific industry group.

An initial set of 1,500 companies is being covered globally, including Energy, Materials, Capital Goods, Transportation, Automobiles & Components, and Consumer Durables & Apparel. It is expected that by Q2 2018, an additional 3,500 companies across 18 industries will be included. The scores will be part of the companies’ proxy voting reports, but like all of the QualityScores, will not impact the vote recommendations.

More than 380 E&S factors, of which at least 240 apply to each industry group, will be assessed. Broad topics for the environmental disclosure include: (a) Management of Environmental Risks and Opportunities; (b) Carbon and Climate; (c) Natural Resources; and (d) Waste and Toxicity. There are 12 subcategories below this level. Social-related disclosures evaluated include: (a) Human Rights; (b) Labor, Health, and Safety; (c) Stakeholder and Society; and (d) Product Safety, Quality, and Brand. There are 25 subcategories in total.

The Key Issues document outlines for each subcategory the factors examined. For example, the category Carbon and Climate has a subcategory on Energy and Fuel Efficiency that checks whether companies have disclosed 11 metrics, including total energy use and energy derived from renewable and non-renewable sources. The category Labor, Health and Safety has a subcategory on Compensation and Benefits that looks at whether a company has made a commitment to a fair or living wage and responses to living wage controversies.

According to the ISS FAQ, the scores measure company disclosure. Unlike some of the other ESG “raters,” ISS does not include assessments of corporate practices based on outside reports. ISS notes that investors report that company disclosure “is a meaningful signal in its own right.”

Data is collected from company filings, sustainability and CSR reports, publicly available company policies and information on corporate websites. An additional measure is company participation in “multi-stakeholder initiatives,” which are collected from those stakeholders’ websites or member lists. Some of the company participation that is scored include participation in the UN Global Compact, the Global Network Initiative and the Voluntary Principles on Security and Human Rights.

The expectations for the disclosure are defined by industry and certain standard-setters that include the Global Reporting Initiative (GRI), the Sustainability Accounting Standard Board (SASB) and the Task Force on Climate-related Financial Disclosures (TCFD). ISS stated that these standards were used in both selecting the factors and the weighting of those questions relative to the overall score, meaning that the factors related to these standards are more heavily weighed than other factors.

ISS indicated that the data could be updated daily. Like the Governance QualityScore, issuers can verify their data, and make submissions of corrected or updated data factors, through the ISS data verification site.

February 20, 2018
SEC Disgorgement: A Path For Reform?
by Tom Gorman

One of the guiding principles of the current SEC Enforcement program is to "Impose Sanctions That Most Effectively Further Enforcement Goals." SEC Division of Enforcement Annual Report 2017. Yet just months prior to the issuance of that Report, the Supreme Court handed down its decision in Kokesh v. SEC, 137 S.Ct. 1635 (2017), rejecting the SEC’s long stated position that its disgorgement remedy is equitable and imposed to preclude a wrongdoer from retaining ill-gotten gains. The Court went on to hold that the SEC’s version of disgorgement is in fact penal. In a footnote the Court reserved questions about the manner in which the SEC calculates disgorgement and if the agency can seek its version of the remedy absent a statutory predicate for the claim. If the SEC is going to in fact seek effective remedies as its Annual Report suggests, the agency might do well to re-examine its requests for disgorgement. The manner in which disgorgement is calculated was the central issue in U.S. v. Metro, No. 16-3813 (3rd Cir. Feb. 14, 2018), although the decision turns on the construction of the federal sentencing guidelines.

The decision

Steven Metro was a clerk at a prominent New York City law firm. From February 2009 through January 2013 he disclosed inside information to his friend, Frank Tamayo, about pending take-over transactions. Mr. Tamayo, in each instance, transmitted the information to broker Vladimir Eydelman who placed trades for his client, himself, his family and other clients. Total trading profits for all of the trades were $5,573,682.

Messrs. Metro and Tamayo both pleaded guilty. Specifically, Mr. Metro pleaded guilty to one count of conspiracy and one count of securities fraud. At his sentencing, Mr. Metro objected to using the entire $5.5 million amount of trading profits in the sentencing calculation, arguing that he was unaware of the broker and his trading activity despite the fact that Mr. Eydelman’s name was included in the conspiracy count to which he pleaded guilty. The government, relying on the transcript of a conversation between Mr. Metro and his friend, Defendant Tamayo, claimed that in fact he was aware of the broker who was mentioned – although not by name – in the transcript. The taped conversation took place one year after the last trade by the broker based on inside information transmitted through Mr. Tamayo who, after he was caught, agreed to cooperate and recorded the discussion. The district court overruled Defendant Metro’s objection and, based on the $5.5 million in trading profits, sentenced him to serve 46 months in prison. This appeal followed.

The Circuit Court reversed, finding that the district court made insufficient factual findings to support the attribution of all the trading profits to Appellant Metro. Under the sentencing guidelines all of the gains from illegal insider trading can be attributed to a defendant which he or she realized, from those to whom the defendant provided information, and from those with whom he or she is found to have been acting in concert, the Court stated.

In this case Mr. Metro objected to the attribution of those trading profits which came from the broker, his family and his clients. The pre-sentence report attributed those profits to Mr. Metro despite the objection. The district court appeared to have attributed those trading profits to Mr. Metro on a theory that he acted in concert with those persons. The court did not, however, make specific factual findings to that effect. While the indictment alleged in the conspiracy count that Defendant Metro acted in concert with the broker and others, that is not sufficient the Court held: "We have thus explained that the conduct a defendant is typically held responsible for under the guidelines ‘is not coextensive with conspiracy law,’ quoting United States v. Mannio, 212 F. 3d 835, 842 (3rd Cir. 2000)." Accordingly, it is essential that the sentencing judge conduct a hearing and make a "searching and individualized inquiry into the circumstances surrounding each defendant’s involvement . . ." (internal citation omitted) in a conspiracy to ensure that the sentence reflects accurately the person’s role. That was not done in this case.

In conducting a sentencing hearing, and before attributing gains to a defendant, the district court should "first identify the scope of conduct for which the defendant can fairly be held accountable for sentencing purposes . . . then analyze the conduct to determine whom the defendant acted in concert with and those [to] whom he provided inside information. . . That may lead the court to attribute to a defendant gains realized by downstream trading emanating from the defendant’s tips, but, depending on the facts established at sentencing, it may not." (internal citations omitted). This is contrary to the strict liability approach the government advocated on appeal (and which is contrary to its position in the district court).

Here the district court failed to conduct the required inquiry and make the necessary factual findings. To the contrary, the entire $5.5 million in illicit trading profits was simply allocated to Defendant Metro. Accordingly, the sentence was vacated and the case remanded for resentencing.


Since the holding in Metro is based on the criminal sentencing guidelines, it does not directly govern disgorgement in Commission enforcement actions which are essentially a hybrid of civil and criminal proceedings. Nevertheless, the analysis of the Circuit Court provides a principled approach to ascribing illegal trading profits to a particular defendant which is the root issue of an SEC disgorgement claim if the goal is to deny the wrong doer the benefits of his or her wrongful conduct rather than to punish. Viewed in that context Metro employs the kind of analysis which might at least be the beginning of any disgorgement claim in a Commission enforcement action. This is particularly true since it is that kind of analysis which Kokesh found absent in concluding that SEC disgorgement claims are a penalty.

The Commission can of course argue that the "penalty" finding in Kokesh is only for purposes of the statute of limitations and that the footnote reserving issues is not determinative. Employing this rationale the agency can continue to rely on numerous court decisions that have accepted its claim that SEC disgorgement is equitable. Kokesh, however, fairly read, should serve as notice to the Commission that "the times they are a changing" to borrow a line from Bob Dylan. The only real question moving forward appears to be whether the SEC is going to reform its approach or simply wait for the courts to do it.

February 19, 2018
Between Bridges: February 19, 2018: CFTC Says Futures Brokerage Firm's Failure to Supervise Led to Unauthorized Cyber Attack; Trader Criminally Charged for Allegedly Misappropriating Employer's Cryptocurrencies
by Gary DeWaal

Last week, a futures commission merchant settled an enforcement action brought by the Commodity Futures Trading Commission, claiming that it failed to supervise a third-party technology provider it engaged to implement “critical” elements of the FCM’s information system security program. As a result of the breakdown, claimed the CFTC, an unauthorized individual improperly infiltrated the FCM’s technology system and copied files containing customers’ records and private information. Unrelatedly, a Chicago-based trader was criminally charged in a federal court in Chicago with fraud for misappropriating his employer’s cryptocurrencies.

(There is no regular edition of Bridging the Week on February 19 because of the Presidents' Day holiday in the United States.)

  • CFTC Says Futures Brokerage Firm’s Failure to Supervise Led to Unauthorized Cyber Attack

On February 12, AMP Global Clearing LLC, a CFTC-registered FCM, agreed to pay a fine of US $100,000 to resolve an enforcement action brought by the Commission claiming that it failed to supervise a third party’s implementation of “critical” provisions of its information system security program (ISSP). As a result of this failure, said the Commission, AMP’s technology system was compromised by an unauthorized individual (Infiltrator) who impermissibly copied approximately 97,000 files, including many files that contained confidential personal information.

According to the CFTC, in June 2016, an unnamed IT provider engaged by AMP installed a storage device – known as a network attached storage device (NASD) – on the firm’s computer network to store back-up data. However, the IT provider failed to alert AMP that the NASD had a feature to copy data to and from other NASDs over the Internet and that a data port used by AMP’s NASD to effectuate this functionality was left open by default. This feature could potentially permit permissionless access to AMP’s data from the Internet.

AMP apparently maintained an ISSP that required assessment of potential vulnerabilities in its computer systems and engaged the IT provider to maintain strict firewall rules and to conduct regular assessments, including of access routes into AMP's network. However, alleged the CFTC, the IT provider “did not identify or perform a risk assessment… in accord with the ISSP” and the potential vulnerability was not detected. Moreover, the IT provider failed to detect this vulnerability during September 2016, December 2016 and March 2017 quarterly network penetration tests, vulnerability scans and firewall audits.

In March 2017, the Infiltrator detected AMP’s open data port and the following month, he copied the 97,000 files without detection by AMP. Later in April, the Infiltrator advised AMP of the security breach and the firm reported it to the firm’s customers, the CFTC and the National Futures Association. At about the same time, the Infiltrator alerted federal authorities regarding its unauthorized access and that the information it copied “had been secured, and was no longer in the [Infiltrator’s] possession.”

Previously, from December 2016 through March 2017, the Infiltrator “and his colleagues” publicized on blog posts about their unauthorized access to NASDs used by entities other than AMP through data ports also left open by default. At least three of these incidents were reported in the media. However, despite this publicity, the IT provider failed to identify any vulnerability in AMP’s NASD during its March 2017 network security tests or risk assessments.

No third party other than the Infiltrator accessed AMP’s customer files through the open data port.

According to the CFTC, AMP’s failure to diligently supervise how its ISSP policies and procedures were implemented and how its customers’ records and information were electronically protected constituted a regulatory breach (click here to access CFTC Regulation 166.3). The Infiltrator was not named as a defendant in the CFTC's action.

The CFTC said that AMP’s substantial cooperation in this enforcement action was rewarded by a reduced fine. In addition to paying a fine to resolve this matter, AMP agreed to provide written reports after six months and one year summarizing its efforts to improve the integrity of its computer network and confirming its adherence to the requirements of its ISSP.

(Click here for a copy of the CFTC’s settlement order in this matter.)

My View: Huh? First off, the facts of this CFTC enforcement action read like the plot of a bad cliché television show where the purported hero may have been the villain all along. Apparently, prior to compromising AMP’s data files, the Infiltrator may have alerted AMP regarding its system’s vulnerabilities. Why? What was going on? Was the Infiltrator making a bid to be hired? Was the Infiltrator a non-hired vendor scorned? There are many questions not answered by the Commission’s settlement order. It appears, however, at a minimum, AMP may not have acted on the Infiltrator’s tip.

The oddity of this enforcement action aside, the message of this case is quite disturbing. Even when a registrant develops and institutes a reasonably sound ISSP and employs a responsible third party to administer it in recognition of its own lack of technical acumen, it may be held liable by the CFTC if the third party fails to detect a system flaw and act on it promptly.

This standard imposes an incredibly harsh burden on registrants where they may not be technologically savvy and must (and should) rely on the assistance of a qualified third party.

Moreover, the CFTC’s approach seems to run directly counter to a 2015 guidance issued by the National Futures Association requiring members to develop and maintain ISSPs. Although members must maintain ISSPs “reasonably designed to diligently supervise the risks of unauthorized access to or attack of their information technology systems, and to respond appropriately should unauthorized access or attack occur,” the NFA recognized that one size does not fit all. According to the self-regulatory organization,

NFA recognizes that given the differences in the type, size and complexity of operations of Members’ businesses including but not limited to their customers and counterparties, markets and products traded, and the access provided to trading venues and other industry participants, Members must have an appropriate degree of flexibility to determine how best to diligently supervise information security risks.

(Emphasis added. Click here to access NFA Interpretive Guidance 9070, Information Systems Security Programs.)

This NFA approach is consistent with guidance provided by the CFTC’s own Division of Swap Dealer and Intermediary Oversight in 2014 that likewise recognized that

Each covered entity should develop, implement and maintain a written information security and privacy program that is appropriate to its size and complexity [and] the nature and scope of its activities, and which requires it to, at a minimum [address certain enumerated elements].

(Emphasis added. Click here to access CFTC Staff Advisory 14-21, Graham-Leach Bliley Act Security Safeguards.)

However, through this enforcement action and settlement, the CFTC seems to be suggesting that there may be only one way for a registrant to manage the risk to its data infrastructure: hands-on, by itself, no matter how unqualified it assesses itself to be for such a task. As a result, that one way may be impractical for all but the largest organizations with the deepest technology staff.

This is now the second enforcement action brought and settled by the CFTC within the past six months where a registrant was held liable for failure to supervise when the registrant expressly engaged a third party to assist it to detect potential regulatory problems when it believed it lacked expertise, and the third party apparently did not fulfill its objective. (Click here for details of this other enforcement action in the article “Two Commodity Pool Operators Charged by the CFTC With Failure to Supervise “ in the October 1, 2017 edition of Bridging the Week.)

Compliance Weeds: Since March 1, 2016, every NFA member FCM, retail foreign exchange dealer, commodity trading advisor, commodity pool operator and introducing broker is required to maintain a formal written ISSP that, among other things, establishes a government framework “that supports informed decision making and escalation within the firm to identify and manage information security risks.”

ISSPs must also require assessment and prioritization of the risks associated with the use of information technology systems; the deployment of safeguards against identified threats and vulnerabilities; and implementation of a formal incident response plan to respond and recover from cyber-breaches.

Employee training and the risks posed by critical third-party service providers that access a member’s system or provide outsourcing must also be addressed in an ISSP.

A relevant member’s chief executive officer, chief technology officer or other executive-level officer should approve its ISSP. Moreover, “sufficient information” should be provided about the ISSP to a relevant member’s board or governing body (or delegated committee) “to enable it to monitor the Member’s information security efforts.” NFA contemplates that a member that is part of a group may comply with its ISSP requirements through participation in a consolidated entity ISSP. An NFA member must retain all records related to its adoption and implementation of an ISSP in accordance with ordinary CFTC recordkeeping requirements.

ISSPs should be regularly monitored by NFA members, and ISSPs’ effectiveness should be reviewed at least once every 12 months by either in-house staff with appropriate knowledge or an independent third-party specialist.

  • Trader Criminally Charged for Allegedly Misappropriating Employer’s Cryptocurrencies

A criminal complaint was filed against Joseph Kim on February 15 for allegedly misappropriating Bitcoin and Litecoin – two virtual currencies – from his former employer, Consolidated Trading, LLC, a proprietary trading firm; Franklin & Wacker, LLC, an affiliate; and the two firms’ principals. Mr. Kim was charged with committing wire fraud.

According to the Complaint, which was filed in a federal court in Chicago, Mr. Kim was hired by Consolidated as an assistant trader in July 2016. In September 2017, Mr. Kim was transferred by Consolidated to a newly established Cryptocurrency Group at Franklin.

Shortly after this move, alleged the Complaint, Mr. Kim transferred 980 Litecoins from Consolidated’s account at Bitfinex – a non-US spot virtual currency exchange – to his own account. When this transfer was discovered by a Consolidated director, Mr. Kim indicated that “he moved these funds to his personal digital wallet for safety reasons.” Mr. Kim purportedly made similar misleading comments to other of Consolidated’s management regarding the location of the Litecoin until Mr. Kim’s alleged misappropriation was uncovered on approximately November 28, said the Complaint.

Similarly, the Complaint claimed that, on November 17, 2017, the same Consolidated director discovered that 55 Bitcoin were missing from a Consolidated account at Bithumb – another non-US cryptocurrency exchange. In response to the same director’s inquiry, Mr. Kim claimed that he was taking steps to unlock the virtual currencies that had been blocked by Bithumb. Later in November, Mr. Kim returned 27 Bitcoin to Consolidated’s Bithumb account. Within a few days, however, Mr. Kim transferred more Bitcoin from his company’s to his own account, returned some, and lost some Bitcoin through personal trading.

Overall, the Complaint alleged that Mr. Kim withdrew from company accounts and transferred to his own accounts without authorization Bitcoin and Litecoin, such that Consolidated sustained an overall US dollar loss in excess of US $600,000.

Although the Complaint indicated that Consolidated maintained written policies regarding employee trading of securities and futures, these policies did not address cryptocurrencies. However, the Complaint indicated that Mr. Kim was expressly told by a Consolidated director that he could not engage in personal trading in cryptocurrencies consistent with the firm’s policy for all traders for other financial instruments. Mr. Kim supposedly agreed to comply with the instruction but, in fact, he did not comply.

According to the Complaint, after his alleged misappropriation was discovered, Mr. Kim wrote, “It was not my intention to steal for myself from [Consolidated] and until the end I was perversely trying to fix what I had already done.” The Complaint also alleged that Mr. Kim told another trader at Consolidated that he was a “degen,” a slang term the trader understood to mean a degenerative gambler.

If convicted, Mr. Kim faces imprisonment of up to 20 years.

(Click here for a copy of the criminal complaint against Mr. Kim.)

Compliance Weeds: If they have not already done so, registered financial services firms and proprietary-trading entities should consider whether they should amend existing employee personal trading polices to expressly address cryptocurrencies. This may be appropriate even if such firms are not engaged in cryptocurrency activities today.

The easiest approach would be for firms to ban all personal cryptocurrency trading by employees because of reputational or other perceived risks. However, such a policy may impede hiring or retention of some employees, especially so-called “millennials.”

Alternatively, if firms already have policies addressing employees’ trading of securities, including participation in new offerings of securities, it might be appropriate to consider extending these policies to digital tokens issued as part of initial coin offerings that the Securities and Exchange Commission has said are likely securities. (Click here for background regarding the SEC’s views in the article “SEC Chairman Warns Lawyers Providing ‘It Depends’ Advice on ICOs” in the January 28, 2018 edition of Bridging the Week.)

Moreover, to the extent firms have existing polices addressing employees’ trading of gold or similar commodities, they may wish to extend such policies to employees’ trading of virtual currencies like Bitcoin or Litecoin.

However, because of the SEC’s views, it is not definitively clear today what is the bright line between virtual currencies and security tokens.

Firms that engage in cryptocurrency activities should consider the potential impact of employees front-running firm or a firm’s customers’ trading or engaging in other wrongful conduct. Firms not engaged in cryptocurrency activities but contemplating engagement should consider the potential implications of employees purchasing virtual currencies in advance of any firm announcement with the expectation that the announcement might cause prices of relevant cryptocurrencies to rise.

The monitoring of employee cryptocurrency activity may also be difficult as cryptocurrency exchanges may not be willing or able to provide statements of employee activity to employers automatically. At best, it may be up to an employee to authorize such third-party transmissions that he or she could activate or deactivate at his/her discretion.

February 20, 2018
Edgar Problems: The Crisis Continues
by Broc Romanek

I’m calling it a "crisis" because periodic problems continue to happen – and the SEC continues to provide very little (if any) transparency around what is going on with Edgar. The last time that I blogged about Edgar problems was October – when I heard that offerings were being delayed and there were fee problems. I heard about this from a number of members – but the SEC never said a word about it.

Now I’ve heard through the grapevine that the filing deadline for Schedule 13G amendments on Valentine’s Day caused some rough sledding for Edgar. Form 5s were due then too. Companies with 8-Ks, etc. couldn’t get their filings through on Edgar. Again, not a word from the SEC. Same story told in these old blogs: "Edgar is Down? (Crickets)" – or this one: "EDGAR is Down": A Familiar Refrain?"

I’ve blogged about a simple solution for years – that the SEC launch an Edgar blog in which they indicate when Edgar is experiencing issues. And they then post follow-up blogs when the issues are resolved. Without this transparency, we are left to assume the worst. And given the high-profile hacking problems that the SEC has faced over the past year, you would think they would want to improve how they are perceived when it comes to handling this type of crisis communication…

Why am I so invested in this issue? Trying to save the SEC’s reputation I guess. Edgar is the most important asset that the SEC has – the market depends on it. And it’s ironic that this lack of disclosure is from an agency tasked with eliciting disclosure – not to mention that the SEC will be issuing guidance to companies tomorrow about how they should disclose hacks. And as John blogged recently, the SEC’s proposed budget seeks to boost its own cybersecurity resources…

Corp Fin Departures: Karen Garnett

Associate Director Karen Garnett has announced that she will depart Corp Fin after 23 years in the Division. No word yet on her next destination…

Transcript: "Tax Reform – What’s the Final Word?"

We’ve posted the transcript for the recent webcast: "Tax Reform: What’s the Final Word?"

Broc Romanek

February 19, 2018
SEC Enforcement in Financial Reporting and Disclosure - 2017 Year-End Update
by David Bergers, David Woodcock, Henry Klehm, Joan McKown, Laura Jane Durfee, Jones Day
Editor's Note: David Woodcock, Joan E. McKown, and Henry Klehm III are partners at Jones Day. This post is based on a Jones Day publication by Mr. Woodcock, Ms. McKown, Mr. Klehm, David Bergers, and Laura Jane Durfee.

We are pleased to present our annual review of enforcement activity relating to financial reporting and issuer disclosures. Much like prior reviews, this update focuses principally on the Securities and Exchange Commission (“SEC”) but also discusses other relevant trends and developments.

Acting on the vision outlined by new Chairman Jay Clayton, the SEC has adopted a more measured enforcement posture and articulated a heightened focus on specific initiatives and programs. In the SEC’s year-end enforcement overview, the Enforcement Division’s Co-Directors reiterated Chairman Clayton’s guiding message that the mission of the SEC “starts and ends with the long-term interests of the Main Street investor.” The other core principles outlined by the Co-Directors, which are discussed in various portions of this post, include: focusing on individual accountability, keeping pace with technological change, imposing sanctions that further enforcement goals, and constantly assessing the allocation of the SEC’s resources. Newly confirmed Commissioners Hester Peirce and Robert J. Jackson, Jr., whose confirmations now give the SEC a full commission for the first time since 2015, suggested that these principles will continue to be the pillars of enforcement moving forward into 2018.

From a statistical standpoint, enforcement actions decreased by almost 19 percent over the past year, dropping from 548 standalone actions in the SEC’s Fiscal Year ending September 30, 2016 (“FY2016”) to 446 in FY2017. (See chart 1.) In its annual review, the SEC attributes this drop-off primarily to the expiration of the SEC’s Municipalities Continuing Disclosure Cooperation (“MCDC”) Initiative, a voluntary self-disclosure program under which approximately 84 actions were brought in 2016. Moreover, it is common to see some drop-off in enforcement matters during transition periods between new Commission chairpersons.

Chart 1: SEC Enforcement Actions

Takeaways are that 2017 was a transition year in SEC enforcement, as it was in so many other areas, and that the SEC has likely shifted focus away from highly technical, non-fraud investigations in the near term. These changes, however, should not alter how public companies and their leadership assess investigative risks when it comes to financial reporting and disclosure and internal control effectiveness. The strong controls and robust ethical and cultural environments that companies have worked hard to design, implement, and maintain are as important now as they ever have been.

A Heightened Focus on Protecting The Retail Investor

Taking its direction from the new chairman, the Enforcement Division has refocused its attention on misconduct that traditionally affects retail investors, including “accounting fraud, sales of unsuitable products and the pursuit of unsuitable trading strategies, pump-and-dump frauds, and Ponzi schemes.”

And even when discussing misconduct relating to financial institutions and Wall Street firms, the Co-Directors stated that the SEC’s “oversight of Wall Street is most effective, and protects those who need it most, when viewed through a lens focused on retail investors.” In line with this core principle, the SEC announced the creation of a Retail Strategy Task Force in September 2017. According to the SEC, “this task force will apply the lessons learned from those cases and leverage data analytics and technology to identify large-scale misconduct affecting retail investors.”

One Co-Director described the type of problematic conduct the SEC sees “at the intersection of investment professionals and retail investors”:

  • “investment professionals steering customers to mutual fund share classes with higher fees, when lower-fee share classes of the same fund are available”;
  • “abuses in wrap-fee accounts”;
  • “investor buying and holding products like inverse exchange-traded funds (ETFs) for long-term investment”;
  • “failure to fully and clearly disclose fees, mark-ups, and other factors” in the sale of structured products to retail investors; and
  • “churning and excessive trading that generate large commissions at the expense of the investor.”

According to the Co-Director, education plays a critical role in protecting the retail investor from these issues, and she outlined how the Task Force’s mandate includes investor outreach and working with the Office of Investor Education and Advocacy.

This new attention to retail investors is apparent in many of the actions brought by the SEC in 2017. The majority of these cases arose out of conduct that was, at least as alleged, clearly fraudulent in nature. That is, the cases involved outright falsehoods or glaring omissions, retail investors often in relatively small offerings, microcap or smaller companies, investor funds being used for the personal benefit of the promoters, small oil and gas offerings, cold-calling scams, Ponzi schemes, affinity fraud, and perpetrators who used celebrity status to commit their frauds.

While these types of cases have always been a big part of the SEC’s enforcement program, it is clear that the current leadership will direct more of the agency’s attention toward these frauds and will continue to trumpet the SEC’s success in bringing these types of cases.

Enforcement Actions in Financial Reporting and Disclosure

The transitional nature of 2017 does not fully account for the significant decline in financial reporting and disclosure enforcement actions last year. In 2016, the SEC reported 10 accounting and auditing enforcement actions; in 2017, that number dropped to 76. (See Chart 2.) This represents a more than 30 percent decline, and it further confirms the SEC’s renewed emphasis on rooting out frauds that directly affect the “Main Street investor,” as opposed to pursuing more nuanced accounting and disclosure issues.

Chart 2: Accounting and Auditing Enforcement Actions

Not only has the SEC backed away from pursuing certain types of claims, but the data suggests that the SEC has shifted its attention away from public companies in 2017. According to one report, the SEC brought 62 actions against either public companies or their subsidiaries in 2017, approximately one-third fewer than the 92 the SEC brought in 2016. This trend is even more noteworthy given the timing of the actions within 2017. Forty-five of the 62 actions were filed in the first half of 2017, and only 17 actions were filed in the second half of the year, a drop that coincides with the leadership changes at the SEC. Nevertheless, the SEC produced a robust record of enforcement in the area of financial reporting and disclosures. As detailed below, 2017 saw a number of actions in the typical focus areas, such as improper accounting practices, overstating assets, and inflating revenue. The following summaries describe the more notable 2017 SEC enforcement actions in these key areas.

Internal Accounting and Auditing Controls
  • The SEC brought a settled action against an international food, beverage, and snack company for alleged books and records and internal accounting control violations at a foreign subsidiary that was part of a recent acquisition. The subsidiary allegedly “did not devise and maintain an adequate system of internal accounting controls sufficient to provide reasonable assurances that access to assets and transactions were executed in accordance with management’s authorization.” The SEC also alleged that the subsidiary did not implement adequate FCPA compliance controls. The acquirer agreed to pay a $13 million penalty.
  • The SEC brought a settled action against a financial services company and an executive who served as the company’s executive vice president, chief investment officer, and treasurer for alleged books and records and internal accounting control violations related to “certain commercial loans and related swaps designated as accounting hedges … under GAAP (ASC 815).” According to the SEC, the executive oversaw a practice of altering calculations for hedge effectiveness such that its reported metrics were inconsistent with internal company policy and GAAP, although management, in consultation with outside auditors, determined that no financial restatement was required. In addition to a cease and desist order prohibiting future securities law violations, the company was penalized $500,000, and the former executive was penalized $20,000.
  • The SEC brought a settled action against a tax and auditing services company in which the SEC alleged that the company failed to properly audit the financial statements of an oil and gas company, resulting in investors being misinformed about the company’s value. The SEC alleged that the auditing company failed to consider and address facts known to it that should have raised serious doubts about the oil and gas company’s valuation, and that the audit company failed to detect that certain fixed assets were double-counted in the company’s valuation. As part of the settlement, the auditing services company agreed to be censured and to pay $4.6 million in disgorgement of the audit fees received from the oil and gas company, plus $550,000 in interest and a $1 million penalty. It also agreed to significant undertakings designed to improve its system of quality control.
  • The SEC and a Canada-based oil and gas company settled allegations that the company engaged in an extensive, multi-year accounting fraud. The SEC alleged that the company had moved hundreds of millions of dollars in expenses from operating expense accounts to capital expenditure accounts, which allowed the company to artificially reduce its operating costs by as much as 20 percent in certain periods, and falsely improved reported metrics for oil extraction efficiency and profitability. As part of the settlement, the company agreed to pay $8.5 million in civil penalties. The SEC’s litigation continues against the company’s former CFO and former vice president of accounting and reporting.
Asset Valuation
  • The SEC brought actions against two former executives of a publicly traded wire and cable company for allegedly fraudulently concealing accounting errors at the company’s Brazilian subsidiary. According to the SEC, the company’s former CEO and CFO allegedly became aware of and did not disclose overstatements in excess of $40 million of the company’s inventory balance as well as an inventory theft scheme by the subsidiary’s employees, which ultimately resulted in a restatement of its financials. The SEC also filed an action against a former executive of the subsidiary for allegedly aiding and abetting the other executives’ fraud. The former senior vice president agreed to cooperate with the SEC and consented to a final judgment against him. The company previously agreed to pay a $6.5 million civil penalty to settle allegations related to inventory accounting errors. The claims against the other two executives remain pending.
  • The SEC brought an action against a Las Vegas-based hemp oil company and its CEO for inflating the company’s assets on its balance sheet. The SEC alleged that the company materially overstated its total assets in quarterly reports for the first and second quarters of 2013 by reporting its purchase of another hemp-related company for $35 million, even though the CEO knew that the purported purchase price was substantially inflated. The complaint alleged that the company agreed to the purported purchase only because it could pay for the acquisition primarily with its own shares, which the CEO believed to have little value at the time. The SEC seeks a permanent injunction, civil money penalties, an officer-and-director bar, and reimbursement of the CEO’s 2013 cash bonus.
  • The SEC brought actions against an international mining company and its two former top executives for allegedly failing to impair on a timely basis the value of coal assets that the company bought for $3.7 billion and sold a few years later for $50 million. The SEC alleged that the company, its former CEO, and former CFO failed to follow accounting standards and internal policies to accurately value and record its assets. All defendants have challenged the claims and continue to litigate.
  • The SEC obtained final judgments against a publicly traded microcap issuer and its former chairman and CEO for an accounting scheme in which they defrauded investors by transferring significant liabilities to a related third party in sham transactions intended to conceal the company’s financial condition and reduce its debt. The former chairman and CEO consented to entry of final judgment enjoining him from violating various sections of the Exchange Act, barring him from future services as an officer or director of a public company, disgorging about $129,000, plus prejudgment interest of about $22,000, and a civil penalty of $150,000.
Improper Revenue Recognition
  • The SEC brought a settled action against a medical device company and four of its former executives for various alleged revenue recognition failures. The alleged misconduct included improperly recognizing revenue associated with several distribution contracts entered into by the company’s largest subsidiary and with various extra contractual agreements at another subsidiary. The SEC also alleged that the company lacked adequate “internal accounting controls over its distributor revenue recognition and had a culture of setting aggressive internal sales targets and imposing pressure to meet those sales targets.” The company restated its financials in connection with the alleged misconduct. The CFOs of the company and its largest subsidiary, the president of its largest subsidiary, and the vice president of global sales and development settled for relatively minor penalties (all under $50,000), and the company was penalized just over $8 million. On the same day, the company settled an action for FCPA violations in connection with allegedly improper payments to doctors employed by a foreign government.
  • The SEC brought a settled action against a military technology company for alleged violations of the books and records and internal accounting control provisions at one of its subsidiaries. The subsidiary allegedly improperly recognized $17.9 million of revenue from invoices generated for disputed claims in connection with a U.S. Army contract. An internal investigation allegedly revealed that these invoices were never transmitted to the U.S. Army, in violation of internal corporate policy and GAAP, and caused the company to revise four years of financial statements. The SEC also alleged that the internal investigation revealed inadequacies in the company’s internal controls over financial reporting, including “inadequate execution of existing controls around the annual review and approval of contract (revenue arrangement) estimates” and “intentional override of numerous transactional and monitoring” controls at the subsidiary. The company was penalized $1.6 million. Subsequently, the SEC settled an action against the subsidiary’s former president and filed an additional action against an executive who had served as both the company’s vice president and senior director of finance. The former president allegedly relied on the former vice president’s representations as an accountant that recognizing revenue in connection with the untransmitted invoices was proper and that senior management had approved of doing so. The SEC also alleged that the former president recklessly disregarded certain indicia that the revenue recognition was improper. The former president settled with the SEC and was penalized $25,000. The action against the former vice president is pending.
  • The SEC brought a settled action against an international oil transportation company and its former CFO for an alleged decades-long failure to record material federal income tax liabilities despite red flags that credit agreements with its foreign subsidiaries could trigger tax consequences. The company allegedly had “deficient or non-existent internal accounting controls” to ensure that the company “properly reported its tax liabilities.” As a result, the company revised 12.5 years of financial statements to reflect more than $500 million of additional losses, which increased net losses by about 265 percent. After discovery of the alleged reporting failure, the company filed for bankruptcy. According to the SEC, the former CFO became aware of significant indicia of unreported tax consequences and negligently misled an internal auditor through his representations about the company’s tax liabilities. The company and former CFO were fined $5 million and $75,000, respectively.
  • The SEC brought a settled action against a semiconductor company and its former CFO and principal accounting officer in public administrative and cease-and-desist proceedings in which the SEC alleged that the defendants engaged in various practices to artificially inflate revenue to meet publicly announced targets in the two-and-a-half-year period following its initial public offering. Allegedly, suspicions by both inside and outside auditors triggered an internal investigation, which revealed revenue recognition practices that did not comply with GAAP. Among other things, the company allegedly “improperly recognized revenue on ‘sales’ of nonexistent or unfinished product.” The SEC also alleged that the company failed to maintain internal controls over financial reporting, including by failing to “maintain a control environment that effectively emphasized (i) an attitude of integrity and ethics against the pressure to achieve sales, gross margin, and other financial targets, (ii) adherence to US GAAP, (iii) utilization of the whistleblower program, and (iv) prevention or detection of undisclosed business practices involving the circumvention of internal controls under the management team in place during the relevant period.” The company self-reported the revenue recognition problems and revised its financial statements to reduce reported revenue by $121 million, such that the company’s “previously reported net profit was restated to a net loss,” after which the company’s stock price fell by 50 percent. The company was fined $3 million, while the former CFO was fined $135,000 and was indefinitely barred from acting as an officer or director and practicing accounting before the SEC.
  • The SEC brought a settled action against a financial services company for allegedly fraudulently charging secret markups for transition management services and separately omitting material information about the operation of its platform for trading U.S. Treasury securities. The SEC alleged that the company’s scheme to overcharge transition management customers improperly generated nearly $20 million in revenue for the firm. The company allegedly used false trading statements, pre-trade estimates, and post-trade reports to misrepresent its compensation on various transactions. As part of the settlement, the company agreed to pay more than $35 million in penalties. The SEC and a biopharmaceutical company settled allegations that the company exaggerated how many new patients actually filled prescriptions for an expensive drug that was the company’s sole source of revenue. The SEC alleged that the company told investors that the number of unfilled prescriptions for its drug was not material, and that the vast majority of patients receiving prescriptions ultimately purchased the drug. In reality, only about 50 percent of prescriptions resulted in drug purchases. As part of the settlement, the company agreed to pay a $4.1 million penalty.
  • The SEC brought a settled action against a medical device manufacturer for alleged accounting fraud to meet revenue targets. The SEC alleged that the company, which produces and sells diagnostic testing equipment, improperly inflated revenues by prematurely recording sales for products that were still warehoused or not yet delivered to customers. As part of the settlement, the company agreed to disgorge ill-gotten gains of $3.3 million plus interest of $495,000 and a penalty of $9.2 million.
Continued Enforcement Emphasis on Individual Accountability

Holding individuals accountable continued to be a key feature of the SEC’s enforcement regime in 2017. The Enforcement Division touted individual accountability as another core principle guiding its work and further claimed that the “pursuit will send strong messages of both general and specific deterrence and strip wrongdoers of their ill-gotten gains.” The statistics substantiate this position. At least one individual has been charged in more than 80 percent of the stand-alone enforcement actions brought since Chairman Clayton took office. Indeed, this emphasis on individual accountability is a carryover from the previous leadership, as 73 percent of the SEC’s stand-alone actions in FY2016 also included charges against individuals. The following cases highlight some of the key actions against individuals for alleged misconduct.

  • The SEC brought an action against two former executives of a computer network testing company for alleged financial reporting violations and for aiding and abetting the company’s violations. According to the SEC, the former CFO and director of accounting prematurely recognized revenue from sales, which contravened both GAAP and company policy. The company allegedly artificially split its software and professional services into separate purchase orders, which created the false appearance that customers were buying professional services in stand-alone sales rather than as components of the software sales. The SEC further alleged that this scheme “exploited a material weakness in the company’s internal controls over financial reporting,” which had not been designed to identify and assess split purchase orders and their revenue recognition accounting impact. The SEC’s complaint also claimed that the executives took “affirmative steps” to mislead the company’s auditors. The SEC separately settled claims against the company and its former CEO. The company agreed to pay a $750,000 civil penalty, while the former CEO agreed to pay a $100,000 penalty and to submit to a five-year officer-and-director bar. The claims against the former CFO and director of accounting remain pending.
  • The SEC brought actions against two former executives of a credit card processing company for alleged accounting fraud. The company’s former COO and senior vice president of sales and marketing allegedly reimbursed themselves for phony personal credit-card payments, conspired with vendors to overstate invoices, and disguised other corporate funds diverted to themselves as legitimate forms of compensation. The SEC also filed suit against three other executives who allegedly received kickbacks for falsifying books and records to conceal the alleged fraudulent activity. Criminal charges were also brought against the company’s former COO and senior vice president of sales and marketing in a parallel action. All claims remain pending.
  • The SEC brought a settled action against three former executives at a commercial construction company for the alleged failure of a subsidiary of the company to comply with GAAP when it prematurely recognized revenue in connection with its most lucrative contract. Allegedly, the subsidiary’s former president knowingly or recklessly relied upon advice given by the other two executives concerning proper application of the percentage-of-completion accounting method to recognize revenue. The SEC also alleged that the subsidiary’s former president and controller both failed to comply with GAAP by improperly recognizing revenue and failing to confirm the accuracy of certain invoices. The SEC pointed to alleged weaknesses in internal accounting controls and internal controls over financial reporting, including entity-level monitoring, internal audit monitoring, and revenue and cost recognition controls, as well as the failure to maintain sufficiently experienced accounting personnel. The company allegedly experienced a 50 percent drop in its stock price the day after it revised its financial statements, causing it ultimately to delist its stock and file for bankruptcy. The company’s former CAO and controller and the subsidiary’s former controller both received SEC-accountant bars and were fined $75,000 and $25,000, respectively. The subsidiary’s former president was ordered to pay $35,000 in disgorgement and a $125,000 penalty.
  • The SEC brought a settled action against two executives of a freight forwarding and logistics company for allegedly failing to include adequate information in the Management’s Discussion & Analysis (“MD&A”) section of the company’s Form 10-Q. Beginning in fiscal year 2013, the company began experiencing a “liquidity crisis,” including a backlog of receivables and an inability to meet its debt covenants. Despite trends suggesting that these liquidity issues were imminent, the executives did not include such forecasts in the Form 10-Q preceding the company’s “liquidity crisis.” In particular, the SEC pointed to the executives’ failure to comply with Regulation S-K Item 303, which “requires registrants to disclose in the MD&A sections of required periodic filings ‘any known trends or uncertainties that will result in or that are reasonably likely to result in the registrant’s liquidity increasing or decreasing in any material way.’” The former CEO agreed to pay a $40,000 civil penalty.
  • The SEC brought an action against a former corporate officer and assistant treasurer of an Ohio-based restaurant chain, alleging that the individual diverted payroll funds to accounts that he controlled and falsified records sent to the company’s internal accounting personnel and auditors in connection with the preparation and filing of the company’s financial statement. In total, the individual allegedly misappropriated nearly $4 million.
  • The SEC brought an action against former senior officers of a Mexico-based homebuilding company for their alleged role in the company’s $3.3 billion accounting fraud. The company settled SEC charges earlier in 2017 without admitting or denying allegations that it reported fake sales of more than 100,000 homes to boost revenues during at least a three-year period. The SEC alleges that the four individuals charged portrayed and certified the company as financially sound in public filings when they knew that it was in a dire financial state. The SEC seeks permanent injunctions, disgorgement of ill-gotten gains plus interest, civil penalties, and officer-and-director bars against the individuals.
Emerging Issues in Cybersecurity

In line with another core principle of keeping pace with technological change, the SEC announced the creation of a specialized Cyber Unit to combat the expanding scope of cyber-related misconduct and threats. The Unit’s enforcement strategy can be broken down into roughly three categories. First, the Cyber Unit will target misconduct used to gain an unlawful market advantage, such as hacking to access material nonpublic information, account intrusions, and dissemination of false information. Second, the Cyber Unit will target cases “involving failures by registered entities to take appropriate steps to safeguard information or ensure system integrity.” Third, the Cyber Unit will focus on scenarios where a public company fails to adequately disclose a cyber-related issue. Public companies should be attentive to the nuances of their cybersecurity disclosures, as the SEC will be focusing closely on them in the event of a subsequent breach.

Within the area of cybersecurity-related misconduct, the SEC has shown particular interest in alleged misconduct involving initial coin offerings (“ICOs”), as evidenced by multiple actions brought by the SEC in the second half of 2017:

  • The SEC brought an action against a securities marketer and obtained an emergency asset freeze to prevent an ICO that raised up to $15 million in a few months while allegedly promising a 13-fold profit.
  • The SEC brought a settled action against a California-based food review app service. The company sold digital tokens to investors to raise capital for its service, allegedly communicating “through its website, a white paper, and other means that it would use the proceeds to create the ecosystem, including eventually paying users in tokens for writing food reviews and selling both advertising to restaurants and ‘in-app’ purchases to app users in exchange for tokens.” The SEC found that such conduct “constituted unregistered securities offers and sales” in violation of Section 5(c) of the Securities Act. The SEC press release noted that the company refunded investor proceeds before any tokens were delivered to investors.
  • In another action on the cyber front, the SEC brought actions against a businessman and his two companies in a pair of ICOs purportedly backed by investments in real estate and diamonds. The SEC alleged that the companies were selling unregistered securities, and that the digital tokens or coins being offered did not exist. The individual allegedly misled investors in both companies by promising to invest the ICO proceeds in real estate or diamonds, which never occurred.

The upcoming year will likely include more enforcement activity relating to ICOs. In outlining various developments in this area, Chairman Clayton emphasized a key point: “[b]efore launching a cryptocurrency or a product with its value tied to one or more cryptocurrencies, its promoters must either (1) be able to demonstrate that the currency or product is not a security or (2) comply with applicable registration and other requirements under our securities laws.” It will be critical to monitor these emerging technologies and their impact on the markets, investors, and attendant regulations.

A New Approach to Sanctions?

In addition to the SEC’s shifting enforcement priorities, the penalties and disgorgement obtained by the SEC decreased from last year. Overall, the total amount of imposed monetary sanctions fell a little more than seven percent from $4.083 billion in 2016 to $3.789 billion in 2017, but there was a sharper decline of almost 35 percent in the value of penalties assessed in 2017 compared to 2016:

The U.S. Supreme Court’s decision in
Kokesh v. SEC made clear that a significant enforcement tool—disgorgement of profits—is subject to the five-year statute of limitations provision under 28 U.S.C. § 2462, holding that disgorgement operates like other financial penalties used by the SEC. The ruling, which resolved a circuit split, has already had an impact on the enforcement program. For instance, a liquidation trustee of a company that disgorged $30 million to the SEC before filing for bankruptcy brought suit against the SEC claiming Kokesh holds that there is no statutory authority for the SEC to collect disgorgement money from defendants that is separate from the civil penalties it seeks. The suit, which seeks class certification, alleges that the SEC has collected nearly $15 billion in disgorgement in violation of the Administrative Procedure Act. Such declines align with another core principle articulated by the Co-Directors in their annual review: using the full array of sanctions, other than monetary relief, to advance the SEC’s goals. These tools, according to the SEC, include “barring wrongdoers from working in the securities industry; and, when appropriate, obtaining more tailored relief, such as specific undertakings, admissions of wrongdoing, and monitoring or other compliance requirements.” In particular, the new leadership appears to hold trading suspensions as a valuable enforcement tool to protect investors from possible fraud: In FY 2017, “the Commission suspended trading in the securities of 309 issuers, a 55 percent increase over FY 2016.”

These developments should be considered alongside the new tax bill enacted by Congress. Under Section 162(f), as amended by the new law, the taxpayer may not deduct amounts paid to the government in a settlement or as part of a court order. The amendment, however, makes an exception for payments made in restitution, so long as a government official appropriately reports the payment to the IRS. With the power to essentially sign off on deductibility, the SEC now wields considerable power during the settlement process. As such, it will be worth noting how Section 162(f) factors into the settlement negotiations with the SEC in 2018.

Reforms Relating to Audit Committee Standards

On October 23, 2017, the SEC approved a Public Company Accounting Oversight Board (“PCAOB”) Rule implementing significant changes to public company audit reporting, including the communication of Critical Audit Matters (“CAMs”) and disclosure of auditor tenure. According to the SEC’s Chief Accountant, the new rule will require auditors to “provide their perspective on matters communicated or required to be communicated with the audit committee that relate to accounts or disclosures that are material to the financial statements and involved especially challenging, subjective, or complex auditor judgment.” In addition, the “auditor’s report will contain clarifications regarding independence, auditor responsibilities, and communication of an auditor’s continuous years of service to the company.” These independence requirements underscore the SEC’s continued belief that “the auditor remains objective and impartial” to ensure public confidence.

The SEC’s unanimous endorsement of this Rule reflects Chairman Clayton’s belief that the “independent audit committee has emerged as one of the most significant and efficient drivers of value to Main Street investors.” Interestingly, however, in Chairman Clayton’s public statement on the adoption of the rule, he forecasts a number of possible negative consequences: “frivolous litigation costs, defensive, lawyer-driven auditor communications, or antagonistic auditor-audit committee relationship.” Perhaps the most notable of these is the possible uptick in litigation and whether the rule will create litigation opportunities for aggressive plaintiffs as it goes into effect over the next 18 months.

In addition, the SEC is part of an effort to enhance the International Standards on Auditing for purposes of helping U.S. investors who invest in companies based outside the country. Specifically, the Monitoring Group, a group of financial institutions and regulatory bodies who work in this area, issued a consultation paper seeking public comment on the topic. The paper seeks stakeholder views on board compositions, education, and ethical standards; changes to the nominations process for Standard-Setting Boards; and changes to the funding model. In sum, prospective changes here and in the new PCAOB rule forecast a shifting landscape for auditors in 2018.

One other initiative worthy of update is a Concept Release the SEC published on July 1, 2015, which sought public comment on proposed revisions to reporting requirements that relate to audit committees’ supervision of external auditors. Specifically, the SEC discussed potential disclosures relating to the external auditor’s objectivity, skepticism, and audit scope; the audit committee’s process for retaining the auditor, including a description of the selection process and the audit committee’s role in auditor compensation; qualifications of the audit firm and key members of the audit engagement team; and the location of audit committee disclosures within the company’s SEC filings. The SEC took comments on the proposals through September 8, 2015, but has not taken any further public action.

New Rules for GAAP Revenue Recognition

For annual and interim reporting periods beginning after December 15, 2017, most U.S. public companies must comply with Accounting Standards Codification (“ASC”) 606, Revenue from Contracts with Customers (Accounting Standards Update 2014-09), also known as “New GAAP revenue recognition.” The SEC laid out certain steps companies should take for an effective transition in Staff Accounting Bulletin No. 74, including: (i) initially disclosing a description of the new standard and the date of adoption; (ii) qualitative and quantitative disclosures describing the effect of the new accounting policies on the company’s financial statements; (iii) a status update describing where the company is in the implementation of the standard; and (iv) audit committee involvement in the process in order to timely and effectively identify SAB No. 74 disclosures and maintain proper internal controls over financial reporting.

These changes parallel an ongoing emphasis on assessing a company’s internal control over financial reporting (“ICFR”). At the 2017 AICPA Conference, one SEC official noted that “[a]doption of the new accounting standards for revenue, leases, and credit losses may be akin to a significant, complex, or unusual transaction for many companies and, like those transactions, it will put the design of companies’ ICFR to test.” In particular, the SEC pointed to the framework developed by the Committee of Sponsoring Organization Treadway Commission (“COSO”), which helps companies evaluate changes that could affect their system of ICFR. Monitoring future statements and concrete actions in this area should be a focus in 2018.

Proposed Modernization and Simplification of Regulation S-K

On October 1 1, 2017, the SEC proposed amendments to Regulation S-K and related rules and forms in order to “simplify disclosure requirements” and “improve the readability and navigability of disclosure documents and discourage repetition and disclosure of immaterial information.” The majority of amendments are peripheral and will not significantly affect registrants’ disclosure obligations. Such proposed changes include: clarifying the description of property (Item 102); streamlining the requirements and discussion relating MD&A, Section 16(a) compliance, and exhibits; eliminating compensation committee reports for emerging growth companies; and removing the five-year limit for incorporating documents by reference. Additionally, EDGAR filings would be required to include active hyperlinks to documents incorporated by reference. These amendments largely fit within Chairman Clayton’s vision for a more streamlined disclosure process that is more accessible to “Main Street investors.”

Update on Key Item 303 Disclosure Case

In Leidos, Inc. v. Indiana Public Retirement System, the Second Circuit held that Item 303 of SEC Regulation S-K, which requires companies to disclose “any known trends or any known demands, commitments, events or uncertainties that will result in or that are reasonably likely to result in the registrant’s liquidity increasing or decreasing in any material way,” created a duty to disclose that is actionable under Section 10(b) of the Exchange Act and SEC Rule 10b-5. This holding created a split with the Ninth Circuit, and the Supreme Court granted certiorari to resolve the question in March 2017. Shortly before the case was to be argued, however, the parties settled, so this important issue remains unaddressed by the Supreme Court.

Non-GAAP Metrics—Still a Focus?

As we noted in the 2016 year-end recap, the SEC, under former Chair Mary Jo White, began reviewing non-GAAP accounting metrics in financial disclosures with greater scrutiny and increased frequency. It is likely too early to tell whether non-GAAP metrics remain a priority issue under Chairman Clayton, but the only notable new case in 2017 was filed before the new administration took office.

Whistleblower Protections Under Dodd-Frank

As previewed in our mid-year update, the Supreme Court reviewed whether the Dodd-Frank Act prohibits retaliation against internal whistleblowers who have not reported concerns about securities law violations to the SEC, but who have reported them internally to the company. The case comes from the Ninth Circuit, which held that a former executive could sue the company for alleged retaliation against him after he reported to the company but did not report to the SEC. Section 21F-2 of the Dodd-Frank Act prohibits employers from discriminating against a whistleblower who makes disclosures, but the question is whether such disclosures must be made to the SEC or whether they may instead be made only to the company. In 2015, the Second Circuit found that the anti-retaliation provision is ambiguous and courts should defer to the SEC about its purview. In contrast, the Fifth Circuit held in 2013 that Dodd-Frank protections extend only to those whistleblowers who report to the SEC. The Supreme Court heard argument in Digital Realty Trust v. Somers on November 28, 2017, and its decision will likely resolve this circuit split and clarify the class of individuals eligible to receive protection as whistleblowers under Dodd-Frank.

SEC In-House Judges

In June 2017, the D.C. Circuit became the first appellate court to uphold the SEC’s in-house courts on constitutional grounds when it addressed a challenge to the constitutionality of in-house judges. Petitioner Raymond J. Lucia, a former investment adviser, challenged a ruling from an ALJ that barred him from the industry and imposed a six-figure penalty. Lucia argued that ALJs were “inferior officers” under the Appointments Clause, not employees, and were therefore acting without having been properly appointed. A D.C. Circuit panel ruled in August 2016 that SEC ALJs were employees of the Commission, not officers, and therefore SEC ALJs are not subject to the Appointments Clause.

Following Lucia’s appeal of that decision, the full court heard oral arguments in May 2017. The court subsequently issued a one-page per curiam judgment on June 26, 2017, stating that it was equally divided and would decline the petition to review the decision en banc. In prior stages of this case, the SEC argued that the ALJs were “mere employees” and not inferior officers subject to the Appointments Clause. But in its response to Lucia’s petition for certiorari, the SEC reversed course by stating that “the government is now of the view that such ALJs are officers” and agreed with Lucia that the petition for certiorari should be granted. The Supreme Court granted Lucia’s petition for certiorari on January 12, 2018.

The D.C. Circuit’s ruling created a circuit split, given the Tenth Circuit’s ruling in December 2016 that the ALJ hiring process is unconstitutional. In Bandimere v. SEC, the Tenth Circuit held that the ALJ hiring process violates the Appointments Clause because the judges are “inferior officers” for purposes of the Appointments Clause but are neither appointed by the president nor by the agency’s commissioners. The SEC stayed all administrative proceedings subject to review by the Tenth Circuit and filed a petition for certiorari in the Supreme Court on September 29, 2017.


2017 was a year of significant change in the SEC’s enforcement strategy. The SEC made clear, through both its actions and official statements, its intention to recalibrate priorities set by previous leadership. Moving into 2018, the SEC will likely continue to emphasize enforcement actions and policies that help “Main Street investors” and focus on deterring overt misconduct, as opposed to highly technical, non-fraud investigations. Nevertheless, public companies should remain vigilant in assessing investigative risks.

The complete publication, including footnotes, is available here.

February 19, 2018
Sustainability and Liability Risk
by Elisse Walter, Tom Riesenberg, Sustainability Accounting Standards Board
Editor's Note: Tom Riesenberg is Director of Legal Policy & Outreach at the Sustainability Accounting Standards Board; Elisse Walter is Former SEC Chair and a member of SASB’s Foundation Board. This post is based on a SASB publication by Mr. Riesenberg and Ms. Walter. Related research from the Program on Corporate Governance includes Social Responsibility Resolutions by Scott Hirst (discussed on the Forum here).

As the Sustainability Accounting Standards Board (SASB) marches forward with its standard-setting efforts, public companies are not always receptive, with responses that are reminiscent of the rabbi’s prayer in Fiddler on the Roof: “May God bless the Czar, and keep him far away from us.” In our experience the three reasons most often given by public companies for wanting to maintain their distance from SASB are: it is not clear that investors really want or need this information or that the information is material; it would be too expensive to provide accurate information; and there are too many legal uncertainties.

The response to the first of these concerns is that there is a mountain of evidence that investors want better, more standardized, more useful information about a company’s sustainability. Much of this evidence is available in various forms on SASB’s website. [1] And the crux of SASB’s standard-setting approach is to identify, through extensive research and analysis, information that is reasonably likely to be material to companies within a particular industry. In this regard, although sustainability disclosures are often referred to as non-financial information, they are best characterized as descriptions of a company’s long-term risks and thus perhaps more accurately described as pre-financial statement information.

As for the second of corporate America’s oft-stated objections to SASB, the costs of using the standards are difficult to appraise. To mitigate potential costs, SASB has sought to rely upon metrics that already are in use in the marketplace. In addition, to better gauge the cost issue, SASB has engaged a group of leading economists at the University of Chicago to study this further, and a report is expected later this year.

This blog note will focus on the third of these issues, that is, the legal concerns. Here, there seems to be considerable misunderstanding. The nature of the liability concerns was discussed in some depth at a roundtable discussion on legal issues relating to sustainability disclosures sponsored last year by SASB together with the Harvard Law School. The roundtable included nearly 30 of the top securities law professors and practitioners in the country, including former top SEC officials. A detailed report on the roundtable can be found on SASB’s website, [2] and a detailed legal memorandum prepared for the roundtable by the law firm of K&L Gates is also available. [3]

Let’s start with a few basic principles. A company, as well as it officers and directors, can be sued for fraud for any statement, no matter where it might be made. Section 10(b) and Rule 10b-5 of the Securities Exchange Act allow for an SEC or a private lawsuit against persons who make a fraudulent statement, no matter where it is made (although, of course, to succeed in such a lawsuit a private party must show many things, including reliance, causation, materiality, damages, and intent or “scienter”). Thus, it is wrong to conclude that companies can avoid securities fraud liability merely by putting sustainability information in communications (e.g., in corporate sustainability reports, or on websites) rather than in SEC filings. [4]

Companies could try to avoid liability risk altogether by saying nothing at all about sustainability issues. As the Supreme Court has said, silence, absent a duty to disclose, is not misleading. And, as a corollary principle, there is no duty to disclose information merely because such information is material—there must be an SEC rule that imposes such a duty. [5] Silence may be particularly attractive to issuers because the duty to disclose sustainability information is frequently uncertain and companies do not typically face liability for immaterial misstatements or omissions.

So with these basic principles as background, what can be said about liability risks relating to use of SASB standards in SEC filings? There are several important points.

One is that, while silence might theoretically be a way to avoid liability, it really is not an option for most companies. Public companies are already making loads of statements about sustainability and long-term risks—statements made in the risk factor or MD&A sections of their SEC filings, in their standalone sustainability reports, on their websites, in press releases, and elsewhere. [6] Moreover, some of these statements may in fact be required under the federal securities laws. Item 303 of Regulation S-K (MD&A) requires disclosure of a “known trend or uncertainty” that is “reasonably likely” to have a material impact a company’s operating performance or financial condition. So with respect to much sustainability information silence is not an option for most companies.

Further, a company can be sued for nondisclosure of material information if it is required to be disclosed. Of course, whether certain sustainability information is material as a general matter is often a matter of debate, but as noted the rudiments of the SASB endeavor is to develop standards for matter that are reasonably likely to be material for companies in a particular industry. And, given the raft of “boilerplate” type disclosures in this area, there is likely a risk of liability for “half truths,” where securities fraud liability can arise if an issuer fails to provide all the information necessary to make a statement not misleading. This legal doctrine provides that once a company speaks on an issue or topic, there is a duty to tell the whole truth. [7]

If silence is not likely an option, some suggest the best approach for companies would be to continue as they do now, making disclosures outside of the SEC filing. An issuer might indeed opt for a middle-ground, that is, use the SASB standards (once they become final, likely later this year) in a sustainability report or on their website. As noted, it is not evident that this approach would result in a meaningful reduction in risk, given the potential liability no matter where a statement is made. And, while such an approach would likely improve sustainability disclosures generally, the participants at the Harvard roundtable noted many reasons why companies might actually be better off including this information within an SEC filing.

One such benefit would be the likelihood of better and more accurate reporting. One participant at the roundtable referred to the environment for production of sustainability reports as “loosely-controlled,” and several speakers noted that they can more easily backfire, particularly after an accident or incident that can be traced back to the sustainability report. The most prominent example of where this has happened is the British Petroleum Deepwater Horizon explosion, where one of the bases for a securities fraud lawsuit against BP was an allegedly misleading statement about the frequency of BP’s safety inspections made in BP’s sustainability report. [8]

Several participants at the Harvard Law School forum said that the BP episode made a compelling case for putting sustainability information through the rigor of the traditional financial reporting process, which reduces risk by using accounting standards, effective internal controls, sound data governance, well-established regulatory oversight, and external audits or reviews. Such a process, they argued, adds protection. Boilerplate sustainability reports issued outside the traditional financial reporting process may be more vulnerable to litigation liability. One former high-ranking regulator wondered why companies are not “petrified” when they release sustainability information in reports or on websites without the benefit of the scrutiny that goes into a 10-K filing.

Another possible benefit from the use of the standards in an SEC filing is liability protection under the safe harbor from liability for forward-looking statements that was established by the Private Securities Litigation Reform Act of 1995. The safe harbor precludes liability for a forward-looking statement when the forward-looking statement is accompanied by meaningful cautionary statements identifying important factors that could cause actual results to differ from those in the forward-looking statement. Boilerplate warnings often will be insufficiently “meaningful” to trigger the statutory protection. For example, in one district court case in California, the court concluded that warnings that the issuer could not be sure either that “it has been, or will at all times be, in complete compliance with all environmental requirements” or that it “will not incur additional material costs or liabilities in connection with these requirements in excess of amounts it has reserved” were not specific enough where company knew of significant environmental exposure. [9]

Also at the Harvard Law School forum a speaker made a broader point: he said that a company might be better off in a lawsuit involving a sustainability disclosure if it were able to state that it had used the SASB standards. Defendants in financial fraud lawsuits typically argue that they complied with Generally Accepted Accounting Principles (GAAP) in making their financial statement disclosures, and, if they can establish that, a finding of liability is highly unlikely. The case law in this area suggests that compliance with a set of well developed, transparent standards might reduce the risk that disclosures will be found to be misleading or made with fraudulent intent.

Finally, a securities law professor at the roundtable went outside the federal securities laws and noted the “increasing awareness” that plaintiff lawyers have about books and records lawsuits under Section 220 of the Delaware General Corporation Law, which authorizes shareholders with a proper purpose to demand a potentially broad array of corporate books and records. For example there is a case in which a public company made vague statements about child labor policies in its supply chain, thereby giving rise to a successful books and records inspection request. [10] Companies sometimes may be able to avoid or defeat a books-and-records demand by disclosing additional information. [11] The professor also observed that for certain industries there is the possibility of state attorney general investigations. Thus, from a corporate issuer’s perspective, “there’s something to be gained” by a “carefully thought-through way toward implementing SASB.”

In sum, the law in this area is unclear and the case law is sparse. But companies would be rash if they were to conclude, without further weighing the advantages and disadvantages, that use of the SASB standards in an SEC filing is too great a liability risk. And, given the many other benefits (too many to explore here), both reputational and operational, the pluses seem likely to outweigh the minuses.

Endnotes back)

2 back)

3 back)

4See, e.g., In re BP P.L.C. Sec. Litig., 922 F. Supp. 2d 600 (S.D. Tex. 2013) (sustainability report was a potential basis for securities fraud claim).(go back)

5Matrixx Initiatives, Inc. v. Siracusano, 131 S. Ct. 1309, 1321–22 (2011). Accord City of Livonia Emps.’ Ret. Sys. v. Boeing Co., 711 F.3d 754, 759 (7th Cir. 2013) (“There is no duty of total corporate transparency.”).(go back)

6See, e.g., Sustainability Accounting Standards Board, The State of Disclosure—2017 (Dec.1, 2016), available at; Governance and Accountability Institute, FLASH REPORT: EIGHTY-ONE PERCENT (81%) OF THE S&P 500 INDEX COMPANIES PUBLISHED CORPORATE SUSTAINABILITY REPORTS IN 2015 (March 15, 2016), available at; EY, Disclosure effectiveness:What companies can do now (October 2014), available at$FILE/EY-disclosure-effectiveness-what-companies-can-do-now.pdf.(go back)

7See, e.g., Virginia Bankshares, Inc. v. Sandberg, 501 U.S. 1088, 1094 (1991); Universal Health Servs., Inc. v. United States, 136 S. Ct. 1989, 2000 & n.3 (2016); Meyer v. Jinkosolar Holdings Co., Ltd., 761 F.3d 245, 250 (2d Cir. 2014) (“once a company speaks on an issue or topic, there is a duty to tell the whole truth”); Kleinman v. Elan Corp., 706 F.3d 145, 152 (2d Cir. 2013) (“Even a statement which is literally true, if susceptible to quite another interpretation by the reasonable investor, may properly be considered a material misrepresentation.”).(go back)

8See note 4, supra.(go back)

9Loritz v. Exide Techs. et al., Fed. Sec. L. Rep. (CCH) at 98,142 (C.D. Calif. 2014).(go back)

10Rulings of the Court From Oral Argument on Exceptions to the Master’s Final Report, La. Mun. Police Emps. Ret. Sys. v. Hershey Co., No. 7996-ML (Del. Ch. Mar. 18, 2014).(go back)

11In Delaware, shareholder demands are limited to documents that are “essential” to the shareholder’s purpose and “unavailable from another source.” Espinoza v. Hewlett-Packard Co., 32 A.3d 365, 371–72 (Del. 2011).(go back)

February 19, 2018
Advancement Claim Partially Denied Based on L.P. Agreement
by Francis Pileggi

A recent decision by the Delaware Court of Chancery contrasted the difference between advancement rights based on an L.P. agreement as compared to the right of a corporate director or officer to receive advancement of fees and costs to defend a lawsuit. In Weil v. VEREIT Operating Partnership, L.P., C.A. No. 2017-0613-JTL (Del. Ch. Feb. 13, 2018), the court also distinguished between the different procedural and substantive aspects of an indemnification claim as compared to an advancement claim. This opinion provides important statements of the law and nuances of practical value to those engaged in this frequent subject of Delaware corporate and commercial litigation.

Also, unlike the claims in the context of an alternative entity such as an L.P. agreement, Delaware General Corporation Law (DGCL) Section 145 provides certain "default boundaries" that are not necessarily applicable to an advancement claim based on pure contract terms in the L.P. context. Unlike rights based on an L.P. agreement, generally speaking, once there is an advancement right in the corporate context, DGCL section 145 imposes certain restrictions on the corporation that attempts to deny those rights. See, e.g., one of the three decisions in the Holley v. Nipro cases highlighted on these pages.

For those who need to know the latest iteration of Delaware law on advancement and how it differs from indemnification in the L.P. context, this 37-page opinion with over 70 footnotes is required reading. For purposes of this short blog post that is intended for busy corporate litigators, I provide highlights of the decision:


  • The procedural context of this case was a motion for summary judgment which featured 55 exhibits. There were multiple parties involved and several different entities–only some of whom were entitled to advancement or indemnification under the applicable alternative entity agreements.
  • Because this advancement claim was based on an alternative entity agreement, as opposed to corporate documents that were subject to the default constraints of DGCL section 145, the primary framework of the analysis was contractual and not statutory. The court provides a comprehensive review of the detailed factual setting which is necessary to grasp for a complete understanding of the case.

Key Legal Principles:

  • The court referred to Section 17-108 of the Delaware Revised Uniform Limited Partnership Act which gives a limited partnership the power to indemnify any partner or other person, and also includes an empowerment to provide for advancement. Section 17-108 defers completely to the contract of the parties to create rights and obligations with respect to indemnification and advancement of expenses.
  • Importantly, Section 17-108 of the LP Act gives limited partnerships wider freedom of contract to draft their own framework for indemnification and advancement than is available to corporations under Section 145 of the DGCL, which creates mandatory indemnification rights for corporate indemnities in some circumstances–and also bars indemnification in others. See footnote 8 for supporting cases.
  • The court provided a thorough contractual analysis of the advancement and the indemnification provisions in the LP agreement. The court noted the tension and lack of consistency in the LP agreement between the provisions for advancement and the legally quite distinct conceptual analysis of indemnification. The agreement here appeared to describe differently those covered by advancement and indemnification.
  • The court emphasized the important distinctions between an analysis for advancement, which is a summary proceeding where the only question involves the extension of credit, and a completely separate procedural and substantive analysis of indemnification.
  • In advancement cases, when there is an issue whether someone is sued in a covered or non-covered capacity, the court will generally resolve the doubt in favor of advancement, and defers until the subsequent indemnification analysis whether or not the advanced funds might later be subject to disgorgement if a party is later determined to be ineligible for indemnification. See footnotes 20 through 23.
  • The court distinguished the case of Fasciana v. Electronic Data Systems Corp. ("Fasciana I") 829 A.2d 160 (Del. Ch. 2003), because that case dealt with the determination of who was a "agent" for indemnification purposes under Section 145, but this case focuses on advancement.
  • Based on the contractual basis on which the advancement claims were made in this case, the court analyzed and applied the defined terms, whose definitions were not the model of clarity. See footnotes 28 and 29 and accompanying text.

Specific Disputes About Allocation of Which Fees are Covered

  • Although the parties seemed to acknowledge that there was a right to some advancement, the challenges were based on whether or not all of the fees demanded were properly allocated among covered and non-covered proceedings, as well as covered and non-covered persons.
  • Consistent with prior case law, the court explained that the court will not engage in a line by line review of bills to determine if allocation was proper between covered and non-covered persons or proceedings, and will rely on the certification of senior counsel involved at the advancement stage of the proceedings.
  • The court will wait for the indemnification stage to determine a more specific allocation of what fees were incurred for covered parties and which would be allocated to non-covered parties. See footnotes 33 to 39 and accompanying text.
  • Nonetheless, the court emphasized that an effort must be made to allocate fees, to the extent possible, between those incurred for covered persons and underlying covered proceedings, and those fees incurred for persons or proceedings that are not covered by advancement. See footnote 40.

Unilateral Imposition of Conditions to Payment Rejected:

  • This is an important principle that should have widespread application even outside the alternative entity context: A company cannot unilaterally impose conditions on advancement that are not contained in the underlying documents on which advancement is based. For example, in this case the court rejected efforts by the company to impose a litigation budget or impose billing guidelines as a condition for advancement because those conditions were not included in the advancement provision of the LP agreement. See footnotes 46 to 48 and accompanying text.
  • Likewise, the court rejected an argument that a company could refuse to pay for annual increases in hourly rates. No such limitation was in the L.P. Agreement.
  • Regarding invoices from third-parties, the court determined that at the advancement stage, it was sufficient to rely on the verification of a senior attorney involved that those invoices were necessary and reasonable.

Reasonableness of Total Fees:

  • The limited partnership agreement allowed for advancement of "reasonable expenses." Consistent with Court of Chancery Rule 88, as well as Delaware Lawyers’ Rule of Professional Conduct 1.5(a), the court explained that the fees requested must be reasonable in amount based on the eight factors applied under Rule 1.5(a) to make that determination.
  • Nonetheless, the court will not review each line item or time entry and disbursement, nor will it second-guess the judgment of lawyers on the appropriate staffing of the case at the advancement stage.
  • The parties do not have a blank check in this context, however, and the amount of fees are subject to review again at the indemnification stage. The court also observed that the client should also serve as a level of review because until indemnification is decided, that person incurs the risk that the fees may need to be paid back.
  • Regarding the challenge to the rates charged by staff attorneys, the court found that there were factual issues that could not be resolved at summary judgment stage.
  • Regarding allegations that the hours worked on the case were excessive and that the Paul Weiss firm overstaffed the matter, the court determined that it would rely on a certification from a senior partner of Paul Weiss by sworn affidavit that the amount of fees and expenses were reasonable under the circumstances.
  • The court emphasized however that the firm does not have a blank check and that the person receiving the advancement has an incentive to monitor those bills in the event that it may be ultimately determined that the advancement was improvidently granted and may later need to be disgorged. Thus a more detailed review of fees alleged to be excessive is deferred until the indemnification stage, at which time levels of staffing and number of hours worked and rates can be reviewed.

Procedure for Determining Advancement Due on Future Invoices:

  • The court described at pages 32 through 37 of the slip opinion the detailed procedure that the court required to be followed going forward based on the very specific methods described in the Fitracks case which is a very comprehensive procedure designed to minimize the amount of disputes about monthly bills that the court will need to address going forward.

Regarding Fees on Fees:

  • The court determined that because only some of the claims were successful, only a partial amount of fees on fees would be awarded and that the parties should use the same Fitracks procedure to determine those amounts.
View today's posts

2/20/2018 posts

Race to the Bottom: In re SandRidge Energy, Inc., Shareholder Derivative Litigation: Denial of Attorneys' Fees and Appeal Dismissed as Moot
Securities Litigation, Investigations and Enforcement: FINRA Enforcement Head Explains Why Enforcement "Isn't Rocket Science"
CLS Blue Sky Blog: Changes in Corporate Governance: Externally Dictated vs. Organically Determined
The Harvard Law School Forum on Corporate Governance and Financial Regulation: Activism and Takeovers
The Harvard Law School Forum on Corporate Governance and Financial Regulation: ISS QualityScore: Environmental and Social Metrics
SEC Actions Blog: SEC Disgorgement: A Path For Reform?
Bridging the Week: Between Bridges: February 19, 2018: CFTC Says Futures Brokerage Firm's Failure to Supervise Led to Unauthorized Cyber Attack; Trader Criminally Charged for Allegedly Misappropriating Employer's Cryptocurrencies Blog: Edgar Problems: The Crisis Continues
The Harvard Law School Forum on Corporate Governance and Financial Regulation: SEC Enforcement in Financial Reporting and Disclosure - 2017 Year-End Update
The Harvard Law School Forum on Corporate Governance and Financial Regulation: Sustainability and Liability Risk
Delaware Corporate & Commercial Litigation Blog: Advancement Claim Partially Denied Based on L.P. Agreement

Blog posts are subject to copyrights held by the authors and are republished here with permission. Views expressed are those of the authors alone. Infringement Notification.