Corporate Enforcement

Subscribe to Corporate Enforcement via RSS

On March 20, 2020, news outlets reported that four U.S. Senators sold millions of dollars in stock following classified briefings to the Senate on the threat of a COVID-19 outbreak.  Three days later, the Co-Directors of the Securities and Exchange Commission’s (“SEC”) Division of Enforcement, Stephanie Avakian and Steven Peikin, issued a statement reminding market participants of their obligations with respect to material non-public information (“MNPI”) and of the SEC’s commitment to protecting investors from fraud and ensuring market integrity.[1]
Continue Reading Insider Trading Risk During the COVID-19 Outbreak

The World Health Organization has now declared COVID-19 a pandemic, and as more businesses begin to face the impacts of quarantines and travel restrictions, they may find themselves managing unexpected legal risks.  Among those are risks related to communications with customers by sales and marketing functions.

Those businesses hardest hit in the initial stages of the crisis — e.g., cruise lines, airlines and hotels —  quickly face pressures that raise the risks of private litigation and government enforcement in connection with sales and marketing efforts.  For example, what assurances should sales representatives give in response to inquiries about the chances of contracting the virus in connection with the use of a product or service?  What information should be provided about safety measures being taken?  Do sales commission and incentive programs exacerbate the risks of non-compliant responses, and should they be suspended?
Continue Reading COVID-19 and the Compliance Risks Related to Sales and Marketing Practices

Partially overturning a decision of the High Court, the Court of Appeal held on 18 February 2020 that a company is able to withhold privileged material when responding to a notice from the Financial Reporting Council (the “FRC”) requiring the production of documents in connection with an FRC investigation[1]. The decision has broad implications for the ambit of privilege during regulatory investigations.

The FRC (the UK regulator for auditors, accountants and actuaries) is currently conducting an investigation into Grant Thornton and one of its employees, in relation to its audit of Sports Direct International Plc (“Sports Direct”) for the year ending April 2016. In April 2017, the FRC (pursuant to its powers under the Statutory Auditors and Third Country Auditors Regulations 2016 (“SATCAR”)) notified Sports Direct that it was required to disclose emails and their attachments which: (i) relate to the audit, (ii) are held by one or more of five identified custodians, (iii) are dated within certain specified date ranges, and (iv) are responsive to one or more of 27 different specified search terms. Sports Direct provided approximately 2,000 documents to the FRC in response, but withheld 40 documents on the grounds of privilege (these documents were emails and attachments sent to or by Sports Direct’s legal advisers, either internal or external). The FRC applied to Court to force disclosure of the withheld documents.
Continue Reading UK Court of Appeal Finds That Privilege Affords Protection Against Regulators’ Requests for Documents Unless Overriden by Statute

On January 27, 2020, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued examination observations related to cybersecurity and operational resiliency practices (“Examination Observations”). The observations highlight a set of best practices by market participants in the following areas:  (1) governance and risk management, (2) access rights and controls, (3) data loss prevention, (4) mobile security, (5) incident response and resiliency, (6) vendor management and (7) training and awareness.  Cybersecurity has been a key priority for OCIE since 2012.  Since then, it has published eight cybersecurity-related risk alerts, including an April 2019 alert addressing mobile security. OCIE has perennially included cybersecurity practices as part of its examination priorities (“Examination Priorities”) and listed all but mobile security as “particular focus areas” in the “information security” priority for 2020
Continue Reading OCIE Cybersecurity and Resiliency Observations and Best Practices

Yesterday the Securities and Exchange Commission took two significant actions relating to the MD&A disclosures in annual and quarterly reports of public companies.

First, it proposed amendments to MD&A requirements that would, if adopted, make significant and long-overdue improvements to a central disclosure requirement of the U.S. securities laws. Second, it issued guidance on the

Insider trading law has remained a subject of significant debate and attention, including with a recent Second Circuit decision addressing the use of 18 U.S.C. §§ 1343 (wire fraud) and 1348 (securities fraud) in insider trading cases[1] and a new insider trading bill that passed the U.S. House of Representatives in December by an overwhelming majority.  Yesterday, a blue ribbon task force headed by Preet Bharara, the former U.S. Attorney for the Southern District of New York, published a report studying the history and current state of insider trading law and proposing reforms that would bring greater clarity and certainty to the law.
Continue Reading Task Force Led By Preet Bharara and Cleary Gottlieb’s Joon H. Kim Issues Report Recommending Reforms to Insider Trading Law

In recent years, numerous senior executives have resigned or been terminated for engaging in undisclosed consensual relationships with subordinates. Such relationships are gaining particular attention in the wake of the heightened scrutiny around workplace behavior, because they raise concerns relating to, among other things, potential power imbalances and conflicts of interest in the workplace. Thus,

On Tuesday, November 12, 2019, the U.S. Federal Trade Commission (“FTC” or “Commission”) announced a proposed settlement with InfoTrax Systems, L.C. (“InfoTrax”), a third-party service provider, regarding multiple data security failures.  As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network.  This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider.  The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Continue Reading Latest FTC Data Privacy Settlement May Signal More Direct Approach to Regulating Data Security

On November 1, 2019, the Supreme Court granted certiorari in Liu v. SEC to decide whether the Securities and Exchange Commission can obtain disgorgement as an equitable remedy in federal court enforcement actions.

The certiorari grant in this case is unusual, because the circuit courts that have considered the issue have all agreed that the

The final version of the California Consumer Privacy Act of 2018 is coming into view.

On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session.  (We previously discussed the CCPA