I blogged last summer about the SEC’s first-ever insider trading case involving cryptocurrency – which foreshadowed the broader “crypto crackdown” that is now playing out. I’m not aware of the SEC announcing a resolution to this civil matter, but in the DOJ’s parallel criminal charges, one of the defendants pled guilty last fall and has now been sentenced to 10 months in prison. This WSJ article shares more detail:
U.S. District Judge Loretta Preska said in handing down the sentence that Nikhil Wahi made about 40 trades and tried to conceal the illicit proceeds using anonymous crypto wallets.
“The defendant knew it was wrong and did not see it as a no-harm, no-foul course of conduct,” she said. He must also pay $892,500 in forfeiture, she said.
The DOJ is continuing to aggressively pursue alleged crypto criminals …and there appear to be plenty to choose from. The SEC is also continuing its enforcement of regulatory violations by crypto companies and related individuals (many folks are predicting that the Commission is just getting started). The SEC is spotlighting all of its crypto asset & cyber enforcement actions on this page.
Last week, the SEC announced that it had charged Genesis Global Capital and Gemini Trust Company for the unregistered offer & sale of securities to retail investors via their crypto asset lending program. Based on the SEC’s 22-page complaint and a Twitter response from Gemini co-founder Tyler Winklevoss, the SEC appears to have had its eye on the program for the past 17 months – and was spurred to action on the enforcement front when the firm “paused” withdrawals (the pause has not been lifted; a Genesis bankruptcy filing is reportedly imminent). According to Bloomberg, the SEC and federal prosecutors are also investigating internal financial dealings of related entities.
This is only the tip of the iceberg for current crypto enforcement actions. A report out yesterday from Cornerstone research points out that in 2022 (the first full year under SEC Chair Gary Gensler), crypto-related enforcement actions increased by 50%. Here are highlights from Cornerstone’s press release:
In 2022, the SEC charged a total of 79 defendants or respondents in cryptocurrency enforcement actions, of which 56 (71%) were individuals and 23 (29%) were firms. The proportion of enforcement actions charging only individuals has grown under the Gensler administration from nearly 20%, on average, in the 2013‒2020 period to 35% in 2021 and 50% in 2022.
Of the 30 total enforcement actions in 2022, 14 involved initial coin offerings (ICOs), and over half (57%) of these ICO-related actions included a fraud allegation. In addition, the SEC brought first-of-their-kind charges in 2022 in the cryptocurrency space related to insider trading and market manipulation. …
Since its first cryptocurrency-related enforcement action in 2013 through the end of 2022, the SEC has brought 127 enforcement actions, including 82 litigation actions and 45 administrative proceedings against digital-asset market participants.
Over the same period, the SEC has imposed approximately $2.61 billion in total monetary penalties, of which $242 million were settlements the agency reached in 2022.
As we embark on what may be the “golden era” of SEC crypto enforcement, the SEC continues to await a ruling (or settlement) on its Ripple case, which we’ve blogged about a few times. That high-profile case may help answer whether the SEC has jurisdiction to regulate this asset class, if Congress doesn’t step in to answer the question. In the latest tussle, the SEC lost a request to keep private a preliminary draft of a 2018 speech from Bill Hinman that shared his view that Ether was not a security. And of course, lots of folks are watching the headline-grabbing SBF prosecution.
You can continue to keep up with recent regulatory developments and guidance in our “Crypto” Practice Area.
The US is expected to reach its statutory debt ceiling tomorrow, unless both the House and the Senate can agree to a solution. This Politico article says that the looming fight will be one for the ages. It will likely drag on for months while the Treasury Department is left to cut certain contributions to avoid immediate sovereign default on US debts. The article says there’s not even the “hint of an endgame” right now.
The stalemate isn’t doing companies any favors. A new memo from Davis Polk outlines what you need to be thinking about as we face the prospect of dysfunctional US credit & capital markets – which the memo cautions is a threat at this point regardless of whether a sovereign debt default actually occurs. The Davis Polk team shares action items for:
– Board risk oversight
– Access to liquidity – capital markets & drawing on revolvers
– Annual reporting cycle – including guidance, annual reports currently underway, risk factors and forward-looking statements, and MD&A trends
– Other disclosure & market communications – potential Form 8-K triggers and insider trading issues
– Opportunistic acquirers & activist interest
– Impact on pending transactions
– Stock buybacks & 10b5-1 plans
– Executive & director compensation and other HR considerations
– D&O coverage
The memo points out that 2011 could be a good reference point for risk factor updates. Here’s more detail:
Companies will need to take a fresh look at their risk factors and forward-looking statement disclosure to ensure they adequately address the threat of a U.S. sovereign default, particularly if a company has not engaged in this exercise since 2011 when the United States first lost its triple-A credit rating.
While the SEC does not expect companies to include generic risk factors about events that affect companies broadly, companies should consider any specific impact on their own activities that could require such disclosure.
The debt ceiling isn’t the only threat on the minds of executives and investors right now. According to PwC’s annual CEO survey, 73% of global CEOs believe economic growth will decline this year – the most pessimistic outlook in a decade. What’s even more surprising is that 40% of CEOs believe their companies will go under within the next decade if they continue on their current path. Wow.
In line with that mood, yesterday’s NYT Dealbook shares that the key word at Davos this week has been “polycrisis” – the “swirl of global emergencies that include economic slowdowns and rising inflation, the war in Ukraine and more.” The World Economic Forum’s Global Risks Report and summary delve into the near-term and longer-term risks that are keeping execs up at night. Lawrence observed last week on PracticalESG.com that boards, execs & advisors are not only facing immediate risks, but also can’t take their eye off the ball when it comes to longer-term issues. The PwC survey reinforces that:
Climate change exemplifies a time-horizon challenge that comes into clearer focus when we look at a broader set of external threats to the global economy. Over the next 12 months, CEOs feel most exposed financially to inflation, economic volatility and geopolitical risk. All three are immediate, headline-grabbing issues that can reinforce and compound one another, as, for example, the war in Ukraine pushes up prices, encouraging central banks worldwide to intervene through growth-dampening interest rate hikes.
The picture changes for CEOs’ medium-term (five-year) outlook. Over that time frame, cyber risks and climate change join inflation, macroeconomic volatility and geopolitical conflict in the top tier of risk exposure.
The question that will come to mind for securities lawyers is, “Do we need to update corporate disclosures to reflect this ‘polycrisis’?” It’s a sensitive area, but this environment does seem to be calling out for a careful overview and update of risk factors, forward-looking statements, and MD&A “known trends & uncertainties” disclosures. If the company knows of specific risks & consequences, it can protect itself by warning shareholders (in a “non-hypothetical” way). I blogged a few months ago about risk factor tips – and we have lots of practical resources in these Practice Areas:
Also check out our deep dive into the practical aspects & process for updating your risk factors in the January-February 2018 issue of The Corporate Counsel newsletter – which recommends using your risk management program, minutes, and analyst reports as a resource for your risk factor review.
If you don’t already have access to our Practice Area resources or electronic back issues of newsletters, reach out to sales@ccrcorp.com for a no-risk trial.
Tune in at 2pm Eastern tomorrow for the webcast – “The Latest: Your Upcoming Proxy Disclosures” – to hear Mark Borges of Compensia and CompensationStandards.com, Alan Dye of Hogan Lovells and Section16.net, Dave Lynn of Morrison Foerster and TheCorporateCounsel.net, and Ron Mueller of Gibson Dunn discuss all the latest issues to consider as you prepare your upcoming proxy disclosures – including how to present newly required pay vs. performance data. Understand what to expect for the upcoming proxy season, so that you can prepare your directors and C-suite – and handle the challenges that 2023 will throw your way.
We are making this CompensationStandards.com webcast available on TheCorporateCounsel.net as a bonus to members – it will air on both sites. And because there is so much to cover, we have allotted extra time for this program! It’s scheduled to run for 90 minutes.
If you attend the live version of this 90-minute program, CLE credit will be available. You just need to fill out this form to submit your state and license number and complete the prompts during the program. All credits are pending state approval.
Members of TheCorporateCounsel.net are able to attend this critical webcast at no charge. The webcast cost for non-members is $595. If you’re not yet a member, try a no-risk trial now. Our “100-Day Promise” guarantees that during the first 100 days as an activated member, you may cancel for any reason and receive a full refund. If you have any questions, email sales@ccrcorp.com – or call us at 800.737.1271.
On Friday, the SEC announced that Renee Jones, who has been the Director of Corp Fin since June 2021, will be departing the agency February 3rd to return to her faculty position at Boston College Law School. Erik Gerding, who is currently Corp Fin’s Deputy Director, will be appointed Director.
Renee hit the ground running and had a very busy tenure as Director. The SEC’s press release highlights the rulemaking and other activities that have happened during the past 1.5 years:
While in the role, she oversaw the Division’s work that resulted in the proposal of 12 rules and the adoption of nine rules covering topics such as the disclosure of climate-related risks and cybersecurity risks, special purpose acquisition companies, executive compensation, and insider trading. She also oversaw the Division’s disclosure review program as it sought enhanced corporate disclosures on climate risks and crypto asset risks, and implemented the Holding Foreign Companies Accountable Act.
As many folks reading this know, in addition to many years as a law professor, Erik started his career as a lawyer at Cleary. Here’s more detail:
Mr. Gerding joined the SEC in October 2021 and leads Legal and Regulatory Policy in the Division of Corporation Finance. He has taught as Professor of Law and a Wolf-Nichol Fellow at the University of Colorado Law School, where he has focused in the areas of securities law, corporate law, and financial regulation. Mr. Gerding previously taught at the University of New Mexico School of Law. He also practiced in the New York and Washington, D.C., offices of Cleary Gottlieb Steen & Hamilton LLP, representing clients in the financial services and technology industries in an array of financial transactions and regulatory matters. He received an undergraduate degree from Duke University and a J.D. from Harvard Law School.
I look forward to seeing what Erik does as Director. As John and Dave recently blogged, Chair Gensler has put forth another ambitious Reg Flex Agenda for the upcoming year.
In the latest sign that the SEC’s Enforcement Division continues to investigate whether public companies are properly disclosing cyber attacks – and whether any insiders have made trades based on material non-public information about incidents – it’s come to light that the SEC has now asked at least one law firm to give it the names of clients that were affected by a breach. Understandably, the firm is not planning to voluntarily comply – so the Commission is taking the matter to court.
Last week, the SEC announced a subpoena enforcement action against Covington, looking to get the names of clients that were affected by a cyber attack against the firm in November 2020. Here’s the SEC’s court application to compel compliance with the subpoena, and supporting documents. Here’s more detail from the SEC’s press release:
Through its subpoena enforcement action, the SEC is seeking only the names of those clients whose files were viewed, copied, modified or exfiltrated by the threat actors. According to the filing, the SEC seeks this information to assist it in identifying any suspicious trading by the threat actors or others in those clients’ securities, and whether such trading was illegal based on material non-public information that the threat actors viewed or exfiltrated as part of the cyberattack.
In addition, the information will assist the SEC in determining whether the impacted clients made all required disclosures to the investing public about any material cybersecurity events in connection with the cyberattack. To date, Covington has refused to provide the names of all but two of the clients, and those two clients consented to providing their names to the SEC.
The SEC is seeking a court order from a DC District Court and is also continuing its fact-finding investigation. The Commission acknowledges that to-date, it has not found any violations of securities laws.
Covington’s counsel and other white collar lawyers are saying that if the SEC succeeds with its request, it could have implications for whether attorney-client privilege will hold up in the face of government investigations. This Law.com article reinforces why law firms will find this problematic – and says the SEC has a steep hill to climb:
In order to succeed, Rahman said the SEC would have to convince the judge that there’s no other way to get the information to conduct its investigation.
“The SEC has a ton of investigative tools at its disposal,” she said. “Asking a firm for a confidential information should be a last resort and they don’t say they used any other avenues.”
The SEC’s focus on cyber matters carries forward clear priorities from the past two years. In addition to the SEC aiming to adopt “cybersecurity risk governance” disclosure rules in April of this year, the Enforcement Division contacted companies affected by the December 2020 SolarWinds attack in a June 2021 enforcement sweep. The SEC also reorganized and created 20 new Enforcement positions dedicated to crypto & cyber last spring.
Here’s something John blogged on CompensationStandards.com last week:
The messy story of McDonald’s Corporation’s decision to terminate its former CEO Stephen Easterbrook added another chapter yesterday, when the SEC announced that it had initiated settled enforcement proceedings against the former CEO and the company arising out of his departure. This excerpt from the SEC’s press release explains its allegations:
According to the SEC’s order, McDonald’s terminated Easterbrook for exercising poor judgment and engaging in an inappropriate personal relationship with a McDonald’s employee in violation of company policy. However, McDonald’s and Easterbrook entered into a separation agreement that concluded his termination was without cause, which allowed him to retain substantial equity compensation that otherwise would have been forfeited. In making this conclusion, McDonald’s exercised discretion that was not disclosed to investors.
Subsequently, in July 2020, McDonald’s discovered through an internal investigation that Easterbrook had engaged in other undisclosed, improper relationships with additional McDonald’s employees. According to the SEC’s order, Easterbrook knew or was reckless in not knowing that his failure to disclose these additional violations of company policy prior to his termination would influence McDonald’s disclosures to investors related to his departure and compensation.
Without admitting or denying the SEC’s allegations, Easterbrook consented to a cease & desist order prohibiting future violations of the antifraud provisions of the federal securities laws, and imposing a $400,000 fine and a five-year officer and director bar. The company consented to a cease & desist order prohibiting future violations of Section 14(a) of the 1934 Act and Rule 14a-3 thereunder.
As Liz blogged last year, the company sued the former CEO and reached a settlement under which it “clawed back” over $100 million in equity awards and cash based on the company’s claims that the board wouldn’t have approved a separation agreement characterizing his termination as “without cause” if it had been aware of his dishonesty and additional misconduct. The company’s efforts to claw back that compensation, together with its other efforts to cooperate with the SEC’s investigation, resulted in the agency’s decision not to impose a financial penalty on the company.
Commissioners Peirce and Uyeda dissented from the SEC’s decision with respect to the company. In their dissenting statement, they expressed their view that the SEC was rewriting the disclosure requirements of Item 402 of Reg S-K through an enforcement proceeding. Here’s an excerpt:
We are unaware of prior Commission or staff actions or positions applying Item 402 in the way that the Order does. Additionally, the Order can be read to suggest that the underlying reasons for why the company decided to terminate a named executive officer “without cause” instead of “with cause,” and vice versa, need to be disclosed under Item 402. Such “hiring and firing discussion and analysis,” however, is beyond the rule’s scope.
The statement went on to note that industry practice for complying with Item 402 has developed over many years, and that an enforcement action is not “a reasonable regulatory approach” for announcing a novel interpretation.
It seems to me that the dissenters make a good point – executive termination disclosures tend to be terse, often for sound business and legal reasons. Imposing a requirement that companies must disclose the reasons why they opted to treat a particular termination as being “without cause” adds another layer of complexity to an already challenging process, without in most cases providing a significant benefit to investors.
Earlier this week, Corp Fin withdrew the guidance that the Staff would not object if a company posts an electronic version of its glossy annual report to its corporate website by the due date in lieu of mailing paper copies or submitting it on EDGAR.
As we noted in the November-December 2022 issue of The Corporate Counsel, the Staff’s action was prompted by the SEC’s adoption of a new electronic filing requirement for the glossy annual report that is required under Exchange Act Rules 14a-3 and 14c-3. As of Wednesday, January 11, 2023, it is now mandatory for glossy annual reports to be submitted to the SEC via EDGAR. Foreign private issuers that furnish their glossy annual report in response to the requirements of Form 6-K also have to submit those reports via EDGAR.
The annual report is filed under the EDGAR header submission type “ARS,” and, unlike your other EDGAR filings which must be filed in HTML format, the glossy annual report is submitted as a PDF file. Here are a few examples of submissions from this week:
I have to admit that I am kind of excited about seeing glossy annual reports on EDGAR. While it is unfortunate that clients now have to contend with yet another filing requirement, it is interesting to see these often highly stylized reports collected in one place that is relatively easily searchable.
My affinity for glossy annual reports traces back to my early days in Corp Fin at the SEC, when issuers were obligated to mail seven copies of the glossy annual report “for the information of the Commission.” One might ask, why were seven copies of the glossy annual report required, when just one would probably do the trick? I have no idea, I never went back to do the research, but in the old paper filing days, the filing rules typically called for the filing of multiple copies of the same document so that copies could be provided to various members of the filing review team. This glossy annual report submission requirement provided me with an early lesson in the unintended consequences of rulemaking.
As I reminisced in a blog back in June when this rule change was adopted, during the proxy season each year, glossy annual reports would come flooding in by the sevens, but there was basically no where to put them and no interest on the part of the Staff in reviewing them. Our administrative assistants would grumble loudly about the onslaught and would try in vain to cram the glossies into filing cabinets, but inevitably stacks of glossy annual reports would pile up in the file rooms, around desks and in various other corners of our office “pod.” Enterprising staffers would use the glossies to prop open doors, elevate their computer monitors and shim up wobbly desks. For some reason the concept of “keep one and throw away the other six” never seemed to cross anyone’s mind.
By far the best use of the glossy annual reports that flooded the Commission’s hallways each Spring was the effort undertaken by a group of Corp Fin Staffers who recognized the beauty in these documents and transformed them into works of art for the wall of the fourth floor Corp Fin conference room at the SEC’s old 450 5th Street building. One wall of the conference room was filled with the covers from glossy annual reports, and I have a lot of fond memories from that conference room that I associate with the glossy cover art on the wall. I don’t think that was what the Commission was thinking when it adopted the requirement to submit seven copies of the glossy annual report to the SEC, but at least there was one small positive unintended consequence from the SEC’s rulemaking!
