On January 29, 2019, the SEC announced four settlements with publicly-traded companies for failure to maintain adequate internal control over financial reporting.

None of the companies was charged with making false or inaccurate statements, either about its ICFR or otherwise; indeed, each had repeatedly disclosed material weaknesses in ICFR over many years.

These cases are interesting for at least three reasons:

  • They were announced together to send a message about the SEC’s focus on its agenda to strengthen accounting and controls at public companies.
  • The cases are about controls, and not about disclosure. Material weaknesses in ICFR are not just a disclosure issue: a continuing failure to maintain adequate controls is a violation of law, even if the failure is fully disclosed and there is no other disclosure problem.
  • The cases join several recent instances in which the SEC has shown a willingness to use the internal controls provisions of the Securities Exchange Act of 1934 independently of specific disclosure requirements.

Please click here to read the full alert memorandum.

Last week, in SEC v. Scoville, the U.S. Court of Appeals for the Tenth Circuit held that Dodd-Frank allows the Securities and Exchange Commission to bring fraud claims based on sales of securities to foreign buyers where defendants engage in fraudulent conduct within the United States.

In so holding, the Court concluded that Dodd-Frank abrogated in part the Supreme Court’s rule, announced in Morrison v. National Australia Bank Ltd., that fraud claims under the federal securities laws can only be brought with respect to transactions in securities listed on a U.S. exchange or transactions in other securities in the U.S.  If adopted more broadly, this ruling would restore in government enforcement actions the more expansive conduct-and-effects test that the Morrison Court rejected.

Please click here to read the full alert memorandum.

On January 10, 2019, a Magistrate Judge in the Northern District of California issued an order denying an application for a search warrant that would have compelled any individual present at the premises to be searched to unlock their digital devices using biometric features, such as thumb prints and facial scans.  The order is notable in that the search warrant was not rejected on Fourth Amendment grounds, but rather on the grounds that requiring a person to unlock his or her digital device ran afoul of the Fifth Amendment’s privilege against self-incrimination.[1]  Providing a thumb or facial scan, the court reasoned, constituted testimony protected by the Fifth Amendment, analogizing biometrics to passwords that similarly protect information stored on devices.  This decision highlights the current tension in the courts on the accessibility of information stored on digital devices, and the courts’ continuing efforts to develop rules governing this rapidly-evolving area of law. Continue Reading Court Holds That 5th Amendment Self-Incrimination Privilege Precludes Compelling Fingerprint or Facial Recognition Access to Digital Devices

Nearly a decade ago, WikiLeaks ushered in the age of mass leaks.  Since then, corporations, governments, public figures and private entities have increasingly had to reckon with a new reality: that vigilantes, activists, extortionists and even state actors can silently steal and rapidly disseminate proprietary information, including customer data and other sensitive information.  Last month, the Department of Justice (“DOJ”) indicted four individuals based on information first revealed in the “Panama Papers” leak.  This marks a significant milestone in law enforcement’s reliance on evidence based on an unauthorized mass leak of information.  While leaks and hacks are not a novel phenomenon—in 1971, the New York Times published top secret documents on the Vietnam War and, in 1994, a paralegal leaked tobacco industry documents that ultimately cost the industry billions of dollars in litigation and settlement costs—the frequency, scale and ease of dissemination of leaked information today presents a difference not only of degree, but of kind.  The new Panama Papers-based criminal case will likely raise a host of novel legal issues based on legal challenges to the DOJ’s reliance on information illegally obtained by a third party, as well as information that would ordinarily be protected by the attorney-client privilege.  In this memorandum, we discuss the potential issues raised by the prosecution and their implications. Continue Reading U.S. Criminal Prosecution Based on Panama Papers Hack Raises Novel Legal Issues

As discussed in Cleary Gottlieb’s December 21, 2018 Alert Memorandum, on December 18, 2018, the U.S. Court of Appeals for the D.C. Circuit issued an important ruling in In re Grand Jury Subpoena, holding, inter alia, that foreign state-owned corporations are subject to criminal jurisdiction in the United States and upholding Special Counsel Mueller’s authority to serve and enforce a grand jury subpoena on a sovereign entity.

The foreign state-owned corporation subsequently sought a stay of enforcement of the contempt order from the Supreme Court, which Chief Justice Roberts granted.  This Alert Memorandum focuses on two key developments that took place on January 8, 2019.  First, the Supreme Court, voting as a whole, lifted the administrative stay previously entered by Chief Justice Roberts.  Second, the D.C. Circuit Court issued its full, albeit partially redacted, opinion, which provides additional reasoning for the panel’s decision, seeks to reconcile any purported conflict with rulings issued by other Circuit Courts on the legal question at hand, and focuses on the state owned nature of the entity involved.

Please click here to read the full Alert Memorandum.

On January 11, the Second Circuit Court of Appeals denied the appeal of Rajat Gupta, who was seeking to undo his insider trading conviction.  Relying on the Second Circuit’s decision in United States v. Newman, Gupta argued that—to satisfy the requirement that Gupta personally benefit from tipping inside information—the Government must show “a quid pro quo – in which [Gupta] receive[d] an ‘objective, consequential . . . gain of a pecuniary or similarly valuable nature.’”[1]  In other words—intangible benefits should not, standing alone, constitute a personal benefit sufficient to uphold a criminal conviction.  The Second Circuit rejected this argument, finding that the Supreme Court’s decisions in Dirks v. SEC and Salman v. United States foreclosed such a narrow definition of “benefit,” opting instead for a test that looked at “varying sets of circumstances”—including those that involve indirect, intangible, and nonquantifiable gains, such as an anticipated quid quo pro that can be inferred from an ongoing, business relationship—to satisfy the “personal benefit” test.[2]  This case is the latest in a line of decisions—in the Supreme Court, as well as the Second and Ninth Circuits—to reject defendants’ arguments for a narrow definition of the “personal benefit” element of insider trading law based on Newman. Continue Reading Second Circuit Denies Gupta Appeal of Insider Trading Conviction—Continuing to Give Broad Meaning to “Personal Benefit” Requirement

On December 26, 2018, the SEC announced settled charges against ADT Inc. after finding that ADT, in two earnings releases, gave undue emphasis to non-GAAP adjusted EBITDA figures because they identified the relevant GAAP measures only later and much less prominently.

Without admitting or denying the SEC’s factual or legal claims, ADT agreed to an administrative settlement finding violations of Section 13(a) of the Securities Exchange Act of 1934 and Rule 13a-11 thereunder, relating to the requirements of Item 10(e) of Regulation S-K that an issuer present “with equal or greater prominence . . . the most directly comparable financial . . . measures” calculated under GAAP when it includes non-GAAP financial measures in filings and certain other reports to the Commission.

This is just the second enforcement action concerning non-GAAP disclosures that the SEC has brought against an issuer in the two-and-a-half years since the issuance of Staff guidance on non-GAAP disclosure requirements, and it is the first during SEC Chair Jay Clayton’s tenure.  It also is the first action related to non-GAAP disclosures finding a violation of only Section 13(a) of the Exchange Act without an accompanying finding that the disclosure in question constituted a material misstatement or omission.

Please click here to read the full alert memorandum.

On December 19, 2018, the United States Attorney’s Office for the Southern District of New York (the “USAO”) announced criminal charges against and entered into a deferred prosecution agreement (the “DPA”) with Central States Capital Markets, LLC (“CSCM”), a Kansas-based broker-dealer, under the Bank Secrecy Act (the “BSA”).[1]  The charge was for a felony violation of the BSA, which consisted of CSCM’s willful failure to file a suspicious activity report (“SAR”) regarding the illegal activities of one of its customers.  According to the USAO, this represents the first ever criminal BSA charge brought against a United States broker-dealer.  This case is another milestone in the recent trend towards stricter enforcement of the anti-money laundering (“AML”) regulatory requirements applicable to broker-dealers. Continue Reading First Ever Criminal Bank Secrecy Act Charge Brought Against U.S. Broker-Dealer

On December 20, 2018, the Financial Industry Regulatory Authority (“FINRA”) released a Report on Selected Cybersecurity Practices for broker-dealer firms.  This report reflects FINRA’s current perspective on the cybersecurity threat landscape based on observations from its examinations of securities firms.  Below we discuss the report’s key observations and contextualize these insights for members of the financial industry. Continue Reading FINRA Provides Updated Cybersecurity Guidance to Broker-Dealer Firms

On December 20, 2018, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released its 2019 Examination Priorities.  The six themes for this year’s priorities are:  retail investors (including seniors and those saving for retirement), compliance and risk in registrants responsible for critical market infrastructure (clearing agencies, transfer agents, national securities exchanges and Regulation SCI entities), oversight of the Financial Industry Regulatory Authority and Municipal Securities Rulemaking Board, digital assets, cybersecurity and anti-money laundering.  The only new theme for 2019 compared to 2018 is digital assets, which we take to imply a plan to more closely—and substantively—regulate investment advisers and broker-dealers involved with this asset class.  The 2019 priorities also more explicitly than the 2018 priorities describe specific practices that OCIE found concerning in examinations of those entities, many of which involved failure to adequately safeguard client assets and the adequacy of disclosures of conflicts of interest.  We expect to see a corresponding focus in Enforcement Division investigations and cases on these issues as a result. Continue Reading Lessons from the SEC Office of Compliance Inspections and Examinations’ 2019 Priorities