TheCorporateCounsel.net

As we blogged on several occasions last year, the issue of concurrent state jurisdiction over Securities Act claims is very much a live one, with the Supreme Court expected to weigh in on it later this term. However, it seems fair to say that state courts – particularly California state courts – have seen a booming business in Section 11 lawsuits in recent years.

In response, a number of IPO companies have adopted bylaws making federal courts the exclusive forum for Securities Act litigation – but this recent blog from Davis Polk’s Ning Chiu notes that this practice has recently been challenged in a declaratory judgment action filed in the Delaware Chancery Court.  The lawsuit targets three companies – Snap, Roku & Stitch Fix – that have similar choice of forum bylaws.  The plaintiff claims these bylaws don’t pass muster under Delaware law:

Plaintiff argues that the purpose of the forum provision is to regulate choice of venue in actions that do not assert internal corporate claims governed by Delaware law, or in the alternative, if claims under the Securities Act are internal corporate claims, then these forum provisions are inconsistent with the DGCL. The DGCL provides that, with respect to internal corporate claims, “no provision of the certificate of incorporation … may prohibit bringing such claims in the courts of this State.”

Ning points out that several California state courts have already invalidated this type of choice of forum bylaw.  The D&O Diary has posted a copy of the declaratory judgment complaint in the Delaware action.

Enforcement: Assessing the Fallout from Kokesh

This Cleary blog looks at what’s transpired in the six months following the Supreme Court’s Kokesh decision – which said that SEC disgorgement claims were subject to a 5-year limitations period & may have raised questions about the agency’s authority to seek disgorgement in the first place.

So far, the SEC has been successful in fighting off claims directly challenging its authority to seek disgorgement, but the blog notes that the news hasn’t all been good for the SEC.  A number of courts have been willing to at least acknowledge questions surrounding the SEC’s disgorgement authority, and other equitable remedies have come under fire because of Kokesh – including such enforcement mainstays as “obey-the-law” injunctions & industry bars.

And then, there’s the $15 billion question:

Most of the cases addressing Kokesh have involved SEC defendants arguing that the case limits the regulator’s use of disgorgement prospectively.  However, this past fall private plaintiffs launched a much more aggressive salvo in the form of a class action arguing that certain historical awards are also at issue.  Jalbert v. SEC, 17-cv-12103 (D. MA. Oct. 26, 2017), ECF. 1.  The Jalbert plaintiffs argue that—because (1) the SEC can only collect penalties when specifically authorized by statute and (2) Kokesh held that disgorgement, which is not specifically authorized by statute, is a penalty—the SEC must return $14.9 billion in disgorgement that it has collected over the past six years.

Audit Committees: 3rd Party Risk Oversight

As part of their increasing emphasis on enterprise risk management, companies are paying closer attention to the risks posed to their business by vendors and other 3rd parties with whom they deal. This recent memo from the Audit Committee Leadership Network addresses the audit committee’s oversight role in addressing 3rd party risks.

Here’s an excerpt discussing some of the issues associated with outsourcing arrangements:

Outsourcing also opens the door to third‐party risk. Information technology, customer service, call centers, and human resources functions like benefits processing are not traditionally defined as part of the supply chain, but as these jobs and functions are outsourced, they become sources of third‐party risk, much like suppliers or distributors. In addition, shared technologies, such as cloud data storage, are necessitating new kinds of third‐party arrangements, with attendant risks.

Companies will frequently join forces to serve each other’s customers more effectively or to reach new customers. Examples of such arrangements include contracted ventures with marketing and cobranding partners and engagements with fee‐based service providers. When these arrangements require sharing sensitive data, they become a source of risk.

Specific risks associated with 3rd parties include cybersecurity risks, operational risks, & reputational risks. The memo discusses various approaches that companies take to managing 3rd party risks, as well as the methods used by boards to assess those risks.

– John Jenkins