February 27, 2024

SEC to Continue Aggressive Enforcement Efforts in 2024 After Record-Setting 2023

Yoni Bard, Susanna Chi, Christian Garcia, Christopher Escobedo Hart, Rachel Kerner, Anthony Mirenda, Lynn Neils, Leah Rizkallah

Foley Hoag LLP - White Collar Law & Investigations

+ Follow Contact

Facebook

Send

Embed

Foley Hoag LLP - White Collar Law & Investigations

This is the fourth in our 2024 Year in Preview series examining important trends in white collar law and investigations in the coming year. We will be posting further installments in the series throughout the next several weeks. Our previous post, "Criminal Tax Enforcement – What to Look For in 2024," can be found here.

The U.S. Securities and Exchange Commission’s Enforcement Division resumed its dogged pursuit of investigations and enforcement actions in fiscal year 2023. The SEC announced that the Division initiated 784 total enforcement actions in 2023 (a 3% increase from fiscal year 2022), including 501 “stand alone” actions (i.e., enforcement actions excluding those brought against issuers for delinquent filings and “follow-on” administrative proceedings seeking bars against individuals; an 8% increase from fiscal year 2022), 121 actions against issuers for delinquent filings (a 6% decrease from fiscal year 2022), and 162 “follow-on” administrative proceedings (a 26% increase from fiscal year 2022). Those enforcement actions spanned several notable subject areas, including insider trading, crypto asset securities, cybersecurity, recordkeeping, and actions to protect whistleblowers. The SEC collected $4.949 billion in financial remedies, representing the second highest amount in SEC history, inclusive of $3.369 billion in disgorgement and $1.580 billion in civil penalties. The SEC also obtained orders barring 133 individuals from serving as officers or directors of public companies – marking the highest number in a fiscal year in over a decade – and returned $930 million to harmed investors in fiscal year 2023.

The Commission’s Whistleblower Program likewise enjoyed unprecedented success in fiscal year 2023. The SEC issued whistleblower awards totaling nearly $600 million, a record for the program and a substantial increase from the $229 million awarded in fiscal year 2022. The Commission also reported receiving more than 18,000 whistleblower tips (a nearly 50% increase over fiscal year 2022) and issuing a record-setting $279 million award to one whistleblower.

Further strengthening the Whistleblower Program and as we detailed in a recent Foley Hoag client alert, the Supreme Court eased the standard for establishing whistleblower retaliation claims in its February 8, 2024 decision in Murray v. UBS Securities, LLC. In this decision the Court ruled that an employee can prove a whistleblower retaliation claim under the Sarbanes-Oxley Act without showing that his employer acted with retaliatory intent.

Fiscal year 2023 represented a continuation of the forceful regulatory stance the SEC has taken under Chairman Gary Gensler and Enforcement Director Gurbir Grewal. We expect the Commission to continue to aggressively pursue enforcement actions into fiscal year 2024 while focusing on the priorities discussed below.

Insider Trading Remains a Top Priority
As noted above, the fiscal year 2023 enforcement data shows that investigating and prosecuting insider trading remains a steady focus of the SEC. But 2023 also brought some new developments to the historic theories of insider trading that the SEC pursues.

For example, a jury is now set to hear the SEC’s first “shadow trading” case in SEC v. Panuwat. Shadow trading, a novel theory of insider trading liability, involves an investor possessing material non-public information about Company A, who trades in the securities of Company B, another company with which Company A shares some connection in the market (such as competitor or comparable company). In Panuwat, the SEC alleged that Panuwat, the then-head of business development at Medivation (a mid-sized, oncology focused biopharma company), purchased short-term, out-of-the-money stock options in Incyte Corporation (another mid-sized, oncology focused biopharma company), just days before the August 22, 2016 announcement that Pfizer would acquire Medivation at a significant premium. According to the complaint, when he did so, he knew that investment bankers had cited Incyte as a comparable company in discussions with Medivation and he anticipated that the acquisition of Medivation would likely lead to an increase in Incyte’s stock price. In November 2023, the Northern District of California denied summary judgment to defendant, Panuwat, over his objections that there was no evidence of ill-intent, that he was not on notice that his actions violated the insider trading prohibitions, and that he should not be the test case for whether shadow trading can survive in court. The action, which seeks damages of $100,000 in profits from alleged “shadow” trades, will now move ahead for trial scheduled in 2024. Given that this theory of liability survived summary judgment, we expect it to be employed in more cases in the coming year, particularly given that shadow trading activity is thought to be widely popular in the industry. Moreover, if the SEC prevails at trial, such a victory is likely to have huge precedential implications. That said, questions about the theory’s scope remain. For example, even if the theory is successful in this case, it remains to be seen whether the theory can be successfully employed against trading in all unrelated companies across a sector or industry or whether the companies must be identical in focus and discussed as comparable in the market (as in Panuwat). The Panuwat trial, and any related appeal, may provide further guidance on just how far this theory can stretch.

In another example, in the classic “tipping theory” case, a tippee’s liability for insider trading is derivative of the tipper’s liability, meaning a tippee is ordinarily not liable unless the tipper is also liable. In US v. Klundt, the SEC brought charges against individuals Sargent and Klundt for insider trading, alleging that Sargent purchased stock and options based on the material, non-public information he received from Klundt. In January 2023, following a multi-day trial, a jury found Klundt, the tipper, not guilty of insider trading, whereas Sargent, the tippee, was found guilty of the crime. Not surprisingly, Sargent challenged the verdict against him as inconsistent. The SEC then sought to uphold the conviction, arguing for tippee liability notwithstanding the seemingly inconsistent jury verdict. In December 2023, a judge ordered from the bench that Sargent be acquitted. But the judge’s bench order and subsequent decision revealed no substantive reasoning for this reversal. So while there now may be favorable precedent to avoid tippee liability without tipper liability, where the decision provides no grounds and reveals no rationale, in the right circumstances the SEC could continue to pursue tippee liability without tipper liability in 2024.

In addition, as we have all adjusted to a “new normal” of remote work, the SEC’s focus on where to find insider trading cases has also evolved. Indeed, the SEC is aware that the changing work environment, with more individuals working from home, might make insider trading easier. In 2023, the SEC brought insider trading charges against broker-dealer, Jordan Meadow, and CCO, Steven Teixeira, in connection with their alleged trading based on material non-public information Teixeira allegedly obtained from his girlfriend’s laptop while she was working from home. According to the SEC, the scheme generated $28,600 for Meadow and $730,000 for Teixeria. This was not the only working from home case brought by the SEC since the pandemic. The SEC is certainly attuned to the new working from home environment and we expect increased vigilance for improper trading activity occurring as a result.

Moreover, as technology continues to develop, the SEC has further honed its use of data analytics in its detection and prosecution of insider trading violations. For example, in 2023, the SEC filed four separate complaints in the Southern District of New York alleging insider trading against 13 defendants on the same day. These charges were brought in coordination with the DOJ, which likewise brought criminal charges arising from the same conduct. In remarks about these cases, the SEC acknowledged that the charges were the result of the SEC’s use of data analytic initiatives and leveraging the tools at its disposal to investigate abusive trade practices: “Public trust is essential to the fair and efficient operation of our markets. But when public company insiders take advantage of their status for personal gain, as we allege here, the investing public loses confidence that the markets work fairly and for them. Today’s actions reaffirm our commitment to leveraging all the tools at our disposal, including our data analytics initiatives, to investigate these abusive trading practices, hold accountable bad actors and ensure the integrity of our markets.”

Finally, changes made to Rule 10b5-1 plans, which took effect in February 2023, have started to generate SEC scrutiny and enforcement actions, a trend we expect to see more of in 2024. The SEC amendments to Rule 10b5-1 update the conditions that must be met for the Rule 10b5-1 affirmative defense. Most notably, these include (1) adopting cooling off periods before trading can commence, (2) requiring directors and officers to represent that they are not aware of any material, non-public information and that the plan is adopted in good faith, and (3) requiring continued good faith for the duration of the plan. On the heels of this rule change, the SEC brought an enforcement action against the executive chairman on Ontrak Inc. for insider trading, alleging that he sold more than $20 million of Ontrak stock while in possession of material, non-public negative information related to the company’s largest customer. The chairman tried to take advantage of the Rule 10b5-1 plan he had entered into, but the SEC found he had violated Rule 10b5-1 because he was aware of material, non-public information at the time he entered into a Rule 10b5-1 plan. The SEC not only argued that the chairman could not rely on the affirmative defense under Rule 10b5-1, but also claimed the individual avoided more than $12.7 million in losses through the plan. We expect to see more cases like this in 2024 as the law continues to develop around these Rule 10b5-1 amendments.

Continued Focus on Individual Accountability
As expected, individual accountability remained a “pillar of the SEC’s enforcement program” in fiscal year 2023. Similar to prior years, approximately two-thirds of the SEC’s enforcement actions in the past year involved at least one individual target. These individuals ranged from founders and executives of companies to lower level employees, and the alleged conduct at issue included not only traditional financial misrepresentations, but also misrepresentations regarding personal behavior/misconduct (such as inappropriate workplace relationships).

For example, the SEC charged the founder of Frank, a student loan assistance company, with fraud in connection with a $175 million sale to JP Morgan Chase Bank. The SEC alleged the founder deceived JP Morgan Chase Bank by generating and misrepresenting data to appear as if Frank had 4.25 million customers when it had fewer than 300,000. Notably, the SEC did not charge the company itself, describing the founder as the “public face of Frank,” and “chief negotiator” on behalf of Frank in its acquisition discussions with JP Morgan Chase Bank. In another example, the SEC charged a former Stanley Black & Decker executive for allegedly causing the company to violate proxy solicitation and receiving undisclosed compensation.

Extending its pursuit beyond founders and senior executives, the SEC also charged a bookkeeper of the Mexico-based company Aras Investment Business Group, as well as the company itself, its CEO, and three other promoters of the company. According to the SEC, defendants fraudulently raised at least $15 million from more than 450 retail investors from the Mexican-American community and promised investors monthly returns as high as 10 percent. Instead of using funds for investment purposes, defendants allegedly used funds to pay for personal expenses. The SEC also took this case as an opportunity to alert the public about affinity fraud – an investment scam that targets members of a community, such as a religious or ethnic community. Reminding investors to stay vigilant about such scams, the SEC recirculated an investor alert on how to avoid investment decisions based on common ties with someone selling an investment.

In addition to seeking monetary sanctions, the SEC also sought to hold individuals accountable in other ways. Specifically, the SEC obtained 133 orders barring individuals from serving as officers and directors of public companies, referred to as officer-and-director bars, the highest number in a decade. In one case, the SEC imposed a five-year officer-and-director bar and a $400,000 civil penalty on McDonald’s former CEO after he misrepresented the circumstances leading to his termination. The former CEO allegedly failed to disclose inappropriate relationships he had with employees. The SEC alleged that he “knew or was recklessness in not knowing that his failure to disclose these . . . violations of company policy prior to his termination would influence McDonald’s disclosures to investors related to his departure and compensation.”

The SEC also imposed a permanent officer-and-director bar on a former Wells Fargo senior executive after she allegedly misrepresented the success of the company’s core business by endorsing a metric that was inflated by unauthorized accounts. In addition to imposing a permanent bar, the SEC also imposed a $3 million civil penalty and the senior executive agreed to pay disgorgement of about $1.5 million.

At the 2023 Securities Enforcement Forum, Chairman Gensler stated, “Accountability includes protecting the public by barring individuals – whether from practicing before the SEC, association bars, or otherwise.” As fiscal year 2024 unfolds, we expect that the SEC will continue to use bars as a corrective and deterrent tool when pursuing individual accountability.

SEC Cracks Down on Recordkeeping Requirements
In the past year, the SEC zeroed-in on firms that failed to preserve employees’ text messages. On August 8, 2023, the SEC found that employees at 11 firms had unapproved “off-channel” communications on their personal devices, discussing recommendations, proposals, and advice that the firm provided to investors. As a result, the firms were charged with violating recordkeeping provisions of the Securities Exchange Act and ordered to pay a combined penalty of $289 million. Just a month later, the SEC charged 10 firms for the same reason and the firms agreed to pay combined penalties of $79 million. After self-reporting, Perella Weinberg Partners was ordered to pay a notably lower penalty of $2.5 million, while other firms that did not self-report had to pay penalties ranging from $8 million to $35 million. On this note, Gurbir S. Grewal said, “There are real benefits to self-reporting, remediating and cooperating.”

With the turn of the new year, we expect that the SEC will continue to investigate “off-channel” communications and pursue firms that fail to preserve text messages. In fact, on February 9, 2024, the SEC charged 16 additional firms for failing to preserve text messages, resulting in combined penalties of more than $81 million.

SEC Issues Final Rule Regulating SPAC Transactions
On January 24, 2024, the SEC adopted new rules and amendments strengthening the regulatory regime governing special purpose acquisition company, or “SPAC,” transactions. A SPAC is a shell company with no operations created for the purpose of raising capital through an initial public offering (“IPO”) and later acquiring or merging with a privately held company. In essence, SPAC transactions can be broken down into two stages: the SPAC IPO and the de-SPAC transaction, which results in an acquisition of or merger with a private company, effectively bringing that company public.

SPACs have been under intensifying scrutiny since they gained popularity in 2020. The SPAC sponsor, the entity responsible for identifying a suitable private company (commonly referred to as a target) to acquire or merge with, frequently has interests divergent from investors who purchase shares in the SPAC. Those conflicts of interest have drawn increasing scrutiny from the SEC in recent years. The new rules aim to level the regulatory playing field between traditional IPOs and SPAC transactions by enhancing disclosure requirements, holding target management accountable for their projections, and strengthening issuer obligations. Specifically, the new rules require, among other things:

Heightened disclosure requirements at both the SPAC IPO and de-SPAC transaction stages about conflicts of interest, SPAC sponsor compensation, dilution risks amongst investors in the SPAC or the target company, and other information.
Registrants to provide information about the types of target the SPAC is seeking to acquire or merge with to investors at the SPAC IPO stage.
The target company to become a “co-registrant” with the SPAC for any registration statement filed in connection with the de-SPAC transaction, such that the target company assumes responsibility for disclosures made in the SPAC’s registration statement.
Disclosures about any projections made, including disclosures related to all material bases of the projections, all material assumptions underlying the projections, and the views of the applicable board or management team regarding the projections. The rules also eliminate the safe harbor from liability for forward-looking statements in the Private Securities Litigation Reform Act of 1995 for SPACs.

The volume of de-SPAC transactions has decreased significantly since its height in 2021, tumbling from 613 such transactions in 2021 to just 31 in 2023. Nonetheless, SPAC transactions will be subject to greater scrutiny in 2024 and beyond as a result of the new rules.

SEC Releases New Cybersecurity Disclosure Rules
On July 26, 2023, the SEC adopted final rules requiring that public companies both promptly disclose material cybersecurity incidents and also provide annual reporting on their cybersecurity risk management, strategy, and governance. The rules, which we discussed last year in this webinar, are the latest in a series of efforts by the SEC to create greater uniformity and provide more rigorous guidance relating to disclosing cybersecurity risks to investors. Although the rules – which began to take effect on September 5, 2023 – create new disclosure requirements, they also leave companies with the flexibility to determine how to address cybersecurity threats based on their particular circumstances and risk profile. Companies subject to the SEC rules must now focus on creating appropriate mechanisms to provide accurate and timely information to investors.

This is not the first time the SEC has weighed in on cybersecurity risk disclosures. In 2011, SEC staff provided guidance on the application of existing disclosure requirements to cybersecurity issues, and the SEC itself issued similar guidance in 2018. Despite this guidance, the SEC found that disclosure practices remained inconsistent across companies. With the rise in cybersecurity incidents and the increasing cost they are having on companies and their investors, the SEC has provided more explicit and uniform expectations through these rules.

Enforcement against misrepresentations concerning cybersecurity practices is not new to the SEC. In 2017, Enforcement a created Cyber Unit, which has been active ever since. It nevertheless remains to be seen how the SEC will approach enforcement of the new rules. While companies can take some comfort in the limited nature of the disclosure requirement – materiality, for example, is an important touchstone, since only the material impacts of a material cybersecurity incident must be disclosed – the practical difficulties of investigating a cybersecurity incident, determining that it was material, and disclosing it to the SEC within the prescribed period (four business days after making that determination) is a daunting task for companies that historically may have needed a longer period of time to fully investigate and remediate an incident before disclosing.

Supreme Court Rules in Favor of Limiting the SEC’s Administrative Enforcement Powers
While the Division spent fiscal year 2023 bringing enforcement actions, as part of a larger trend rolling back the power of administrative agencies, the Supreme Court has taken significant steps towards curbing the SEC’s enforcement powers. In Axon Enterprise Inc. v. Fed. Trade Comm’n, 598 U.S. 175 (2023), the Supreme Court opened the door to allow respondents in SEC enforcement actions that are presented to administrative law judges to bring collateral constitutional challenges in federal court, potentially complicating and delaying the SEC’s enforcement efforts. The Court held that respondents in an SEC administrative enforcement action can bring constitutional challenges to those proceedings directly to federal district court without first raising those challenges with the Commission itself as prescribed by the Securities Exchange Act. The decision is likely to increase the number of constitutional challenges to SEC enforcement actions at the outset of those actions and provides an attractive path for litigants seeking to further challenge the Commission’s power.

The Supreme Court also appears poised to restrict the SEC’s enforcement power by barring its ability to bring enforcement actions based on securities fraud before administrative law judges (ALJs). In SEC v. Jarkesy, a case currently pending before the Supreme Court, a Texas-based hedge fund manager challenged the SEC’s enforcement action against him on constitutional grounds. An ALJ found that Jarkesy committed securities fraud when he made misrepresentations about his funds to investors. The Commission imposed a penalty, required Jarkesy to disgorge profits, and barred him from investment-related activities. The Fifth Circuit vacated the decision in a sweeping opinion, holding that: (1) the use of ALJs violates the Seventh Amendment right to a jury trial; (2) Congress impermissibly delegated legislative power by allowing the Commission to decide whether to bring enforcement actions before AJLs or in federal court; and (3) the protection against removal of ALJs were unconstitutional. In November 2023, the Supreme Court heard oral argument and largely focused on the issue of whether the SEC’s use of ALJs violated the Seventh Amendment. The six conservative justices expressed concerns about agencies’ use of ALJs and the increasing scope and power of the administrative state. If the Supreme Court affirms the Fifth Circuit’s decision on the Seventh Amendment issue, the SEC will no longer be able to bring enforcement actions in cases of securities fraud before ALJs, depriving them of a critical enforcement tool. The decision would force the SEC to bring such claims in federal courts, which would provide defendants with access to a jury trial and protections under the Federal Rules of Civil Procedure and Evidence. We expect a decision from the Supreme Court by June 2024.

For the full series, please see: White Collar Year in Preview

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.