InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit partially reverses lower court’s ruling based on tech company's misleading statements
On June 16, the U.S. Court of Appeals for the Ninth Circuit partially revived a securities fraud action brought by the state of Rhode Island on behalf of its employees’ retirement system against a California-based technology company, its holding company, and several individuals (collectively, “defendants”), reversing a district court’s dismissal. In 2018, investors sued the defendants after the technology company discovered a security glitch that same year on its now-defunct social network site that exposed hundreds of thousands of users’ private data. The suits were consolidated, with the state of Rhode Island as lead plaintiff, alleging the defendants deceived investors and caused the company’s shares to be traded at artificially inflated prices between the discovery of the software glitch and its disclosure. According to the plaintiffs, the defendants omitted material facts on Form 10-Qs filed with the SEC in 2018 by including statements such as “[t]here have been no material changes to our risk factors since our Annual Report on Form 10-K for the year ended December 31, 2017.” The defendants moved to dismiss for failure to state a claim, which the district court granted, stating, among other things, that the plaintiffs failed to adequately allege “falsity, materiality, and scienter” in statements made by the defendants in their April 2018 and July 2018 10-Qs.
On appeal, the 9th Circuit reviewed the challenged statements, concluded that two statements made by the parent company in its 10-Qs were materially misleading or had omitted facts regarding the software issues, and vacated the dismissal of the plaintiffs’ falsity, materiality, and scienter claims. The appellate court also found that the defendants’ claim that the software problem had been patched by the time the challenged statements were made in their 10-Qs was not enough. “Given that [the company’s] business model is based on trust, the material implications of a bug that improperly exposed user data for three years were not eliminated merely by plugging the hole in [the social network site’s] security,” the appellate court wrote, further concluding that “[t]he market reaction, increased regulatory and governmental scrutiny, both in the United States and abroad, and media coverage alleged by the complaint to have occurred after disclosure all support the materiality of the misleading omission.” The 9th Circuit also referenced a so-called “Privacy Bug Memo” that was supposedly circulated among some of the defendants’ leadership team, which warned that disclosing these security issues “would likely trigger ‘immediate regulatory interest’ and result in the defendants ‘coming into the spotlight[.]’”
Concerning the remaining 10-Q statements identified in the complaint, the 9th Circuit affirmed the district court’s dismissal of claims based on these statements after concluding that the plaintiffs did not plausibly allege that they were “misleading material misrepresentations.”
SEC charges liability company with Exchange Act violations
On June 23, the SEC announced charges against a New York-based limited liability firm for Securities Exchange Act violations because the firm allegedly used language in the firm’s compliance manual that prohibited potential whistleblowers from speaking out to regulators. According to the order, over a four year span, the firm’s compliance manual stated that employees were “strictly prohibited from initiating contact with any Regulator without prior approval from the Legal or Compliance Department,” and that violation of this policy may result in “disciplinary action by the Firm.” The order noted, however, that the agency was “unaware of any specific instances” where an employee of the firm was prevented from disclosing to the SEC staff about possible violations. In 2018 and 2019, the firm also provided annual compliance training to its employees that allegedly included similar language. Specifically, a slide in the training contained language that prohibited employees “from initiating contact with any regulator without prior approval from Legal or Compliance, including conversation[s] regarding an individual’s registration status with FINRA.” The SEC further alleged that the firm’s employees were also required to comply with the code of conduct maintained by the firm’s indirect parent company, but acknowledged that the code was not meant to restrict employees’ whistleblower protections, and employees were not prohibited from reporting to government agencies. However, the firm’s manual also noted that “personnel should follow the more restrictive” of the various policies, “absent explicit direction to the contrary.” The order noted that the firm took remedial steps to correct the issues, including altering the language in the compliance manual to instead advise employees of their right to communicate with regulators about possible concerns without obtaining prior approval. The firm communicated the revisions to its employees by administering a compliance alert, which linked to the revised manual. The SEC charged the firm with violating Rule 21F-17 of the Securities Exchange Act and ordered the firm, to cease and desist for committing future violations of Rule 21F-17 and pay a $208,912 penalty.
SEC sues mutual fund for diverting investor funds into shell companies
On June 21, the SEC filed a complaint against a Cayman Islands-registered mutual fund and its operators (collectively, “defendants”) in the U.S. District Court for the Southern District of New York alleging they diverted millions of dollars in investor funds to shell companies under the defendants’ control through uncollateralized loan transactions, and issued “false or misleading statements of material facts to investors to disguise their misconduct.” According to the SEC, the defendants have also blocked investors from redeeming the roughly $106 million they invested in the fund, and have transferred $64 million of the investors’ deposits into the fund’s brokerage account, from which the assets were allegedly “subject to further dissipation and misappropriation.” The SEC’s complaint alleges violations of the antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, and seeks a permanent injunction against the defendants, a permanent ban prohibiting the participation in future securities offerings through entities owned or controlled by the defendants, disgorgement of ill-gotten gains, civil penalties, and an asset freeze.
SEC settles with blockchain company over unregistered ICO
On June 22, the SEC announced a settlement with an intellectual property search software platform provider and its CEO resolving allegations that the company made materially false and misleading statements in connection with an unregistered initial coin offering (ICO) of digital asset securities. According to the order, the company raised $7.6 million from investors by offering and selling digital tokens. In promoting the ICO, the company and its CEO made multiple materially false statements to investors and potential investors, including false statements about the company’s revenues, number of employees, and the platform’s user base. The SEC alleges that the company violated Section 5(a) and 5(c) of the Securities Act because the digital assets it offered and sold were securities under federal securities laws, and the company did not have the required registration statement filed or in effect, nor did it qualify for an exemption from registration. The order, which the company consented to without admitting or denying the findings, imposes a $7.6 million penalty, and requires the company to “destroy all [of the digital tokens] in their possession or control,” publish notice of the order on the company’s social media accounts, request removal of the tokens from trading platforms, and refrain from participating in future offerings of a digital asset security.
SEC issues whistleblower awards totaling nearly $5.3 million
On June 21, the SEC announced whistleblower awards to four individuals totaling nearly $5.3 million for information provided in separate enforcement actions. According to the first redacted order, the SEC awarded a whistleblower nearly $4 million for voluntarily providing original information to the Commission, leading to a successful enforcement action. The whistleblower also “provided extraordinary assistance,” participated in interviews, identified key witnesses, and provided documents to staff which led to a successful enforcement action. In the second redacted order, the SEC awarded three individuals a total of approximately $1.3 million. The first whistleblower, who received the largest award, provided substantial ongoing assistance that “saved the Enforcement staff considerable time and resources.” The other two whistleblowers provided important information concerning misconduct but did not provide any investigative leads.
The SEC has awarded approximately $937 million to 178 individuals since issuing its first award in 2012.
SEC charges settlement company with cybersecurity disclosure violations
On June 15, the SEC announced charges against a real estate settlement services company for its role in allegedly failing to disclose controls and procedures related to a cybersecurity vulnerability that exposed sensitive customer information. According to the SEC’s order, an independent cybersecurity journalist warned the company in May 2019 of a vulnerability concerning its system for sharing document images that exposed over 800 million images dating back to 2003, including images containing sensitive personal data such as social security numbers and financial information. In response, the company allegedly issued a press release for inclusion in the cybersecurity journalist’s report published in May 2019 and furnished a Form 8-K to the Commission on May 28, 2019. However, according to the order, the company’s senior executives responsible for these kinds of releases “were not apprised of certain information that was relevant to their assessment of the company’s disclosure response to the vulnerability and the magnitude of the resulting risk.” Specifically, the order states that senior executives were not informed that the company’s information security personnel had identified a vulnerability several months earlier, in January 2019, but failed to remediate the vulnerability in accordance with the company’s policies. The order finds that the company “failed to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning the vulnerability was analyzed for disclosure in the company’s public reports filed with the Commission.” The SEC charged the company with violating Rule 13a-15(a) of the Exchange Act and ordered the company, who agreed to a cease-and-desist order, to pay a $487,616 penalty.
SEC awards $3 million in whistleblower awards
On June 14, the SEC announced whistleblower awards to two individuals totaling an initial combined payment of approximately $3 million for information and assistance provided in a successful enforcement action. According to the redacted order, the SEC awarded the first whistleblower for providing assistance early in the investigation and helping enforcement staff focus its resources and theories. The second whistleblower was rewarded for helping to uncover misappropriated funds and fraudulent transfers. The SEC noted that both whistleblowers provided ongoing assistance in the investigation, including participating in interviews and providing helpful documents involved in the investigations.
The SEC has awarded approximately $932 million to 172 individuals since issuing its first award in 2012.
NYDFS, state AGs offer recommendations on climate disclosures to SEC
On June 14, NYDFS and a coalition of 12 state attorneys general led by the California attorney general submitted separate letters (see here and here) in response to a request for input by Acting SEC Chair Allison Herren Lee, providing recommendations on disclosing information on climate change risks that entities are facing. Among other things, NYDFS recommends that the SEC: (i) make disclosures reliable, balanced, understandable, consistent over time, comparable among institutions within a sector, and provided in a timely manner; (ii) provide disclosure of the corporate governance and board oversight relating to climate-related issues and risks, such as policies, procedures, internal controls, and management information systems; (iii) disclose how an institution identifies, assesses, monitors, and manages climate-related risks and how such risks are integrated; and (iv) encourage agencies to take an equitable approach “that reflects each institution’s exposure to climate risks and the nature, scale, size, and complexity of its business.” NYDFS notes that “[d]eveloping and managing standards related to the disclosure of risks related to climate change requires collaboration among state and federal regulators and the industries that they regulate.”
The AGs advise the SEC to require that private and public companies analyze climate change-related risks altering their businesses and disclose that information, asserting that the current disclosure requirements under the SEC are insufficient. The letter includes recommendations, such as requiring SEC-regulated firms to (i) make annual disclosures of their greenhouse gas emissions and any plans to address their emissions; (ii) evaluate and disclose the potential impacts of climate change and climate change regulation; and (iii) disclose corporate governance and risk management practices as they relate to climate change.
Securities regulators’ training aims to stop financial exploitation of seniors
On June 15, the SEC, North American Securities Administrators Association (NASAA), and FINRA announced the release of a training program, “Addressing and Reporting Financial Exploitation of Senior and Vulnerable Adult Investors,” to assist securities firms in implementing the training requirements established in the Senior Safe Act. As previously covered by InfoBytes, the Senior Safe Act was included as Section 303 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, which was signed into law in May 2018. The Act addresses barriers financial professionals face in reporting suspected senior financial exploitation or abuse to authorities. The training program may be utilized by firms to instruct associated persons on how to detect, prevent, and report financial exploitation of senior and vulnerable adult investors. The program also acts as a resource for firms enforcing the requirements of the Senior Safe Act and certain state training requirements relating to senior investment protection.
Agencies call for "robust" alternate reference rates
On June 11, the Treasury Department, OCC, SEC, and the FDIC released separate statements following the meeting of the Financial Stability Oversight Council concerning the LIBOR transition. Acting Comptroller of the Currency Michael Hsu said it is “imperative that banks continue careful planning” for the transition away from LIBOR to an alternate reference rate, such as the Secured Overnight Financing Rate (SOFR), the Alternate Reference Rates Committee’s (ARRC) preferred LIBOR alternative. As previously covered by InfoBytes, the ARRC released the SOFR “Starter Kit” in August 2020, which includes three factsheets that are the result of a series of educational panel discussions held by ARRC. The various panel discussions were designed to educate on “the history of LIBOR; the development and strengths of SOFR; progress made in the transition away from LIBOR to date; and how to ensure organizations are ready for the end of LIBOR.” SEC Chairman Gary Gensler also expressed support for SOFR, calling it a “preferable” alternate rate. In addition, Gensler shared his concerns regarding the Bloomberg Short-Term Bank Yield Index (BSBY), which some commercial banks are advocating as a replacement for LIBOR. Gensler said the BSBY is based upon unsecured, term, bank-to-bank lending, which is like LIBOR. Treasury Secretary Janet Yellen encouraged market participants to “act promptly to support the switch in derivatives from LIBOR to SOFR.” She noted that “[w]hile important progress is being made in some segments of the market, other segments, including business loans, are well behind where they should be at this stage in the transition.” FDIC Chairman Jelena McWilliams pointed out that the “FDIC continues to focus on the LIBOR transition and to assess institutions’ practices and plans to adopt a replacement rate and address legacy contracts before December 31 of this year.” However, she disclosed that “the FDIC does not endorse any particular alternative reference rate.”