SEC reports Enforcement stats for fiscal 2023 —with big contributions from whistleblowers

The SEC has announced its Enforcement stats for fiscal 2023, which revealed that the SEC filed 784 total enforcement actions, up 3% from the 760 filed in fiscal 2022.  However, the level of financial remedies declined in fiscal 2023 to $4.9 billion from a record $6.4 billion last year. Nevertheless, it was still the second highest amount in SEC history. (Of course, you might recall that Gurbir S. Grewal, Director of the Division of Enforcement, said last year that the SEC didn’t expect to break last year’s records and set new ones every year because they “expect behaviors to change. We expect compliance.”)  Of those financial recoveries, in fiscal 2023, the SEC distributed $930 million to harmed investors, representing the second consecutive year of distributions in excess of $900 million. But the standout statistics this year related to the SEC’s whistleblower program, where new records were set with whistleblower awards totaling almost $600 million, and 18,000 whistleblower tips in fiscal 2023, about 50% more tips than were received in fiscal 2022. A new record was also set with a $279 million award to one whistleblower. Overall, in fiscal 2023, the SEC received over “40,000 tips, complaints, and referrals in total,” a 13% increase over last year. According to SEC Chair Gary Gensler, the “investing public benefits from the Division of Enforcement’s work as a cop on the beat….Last fiscal year’s results demonstrate yet again the Division’s effectiveness—working alongside colleagues throughout the agency—in following the facts and the law wherever they lead to hold wrongdoers accountable.” Grewal added that “[i]nvestor protection and enhancing public trust in our markets requires that we work with a sense of urgency, using all the tools in our toolkit. As today’s results make clear, that’s precisely what the Enforcement Division did in fiscal year 2023….Whether it was by leveraging risk-based initiatives, seeking robust remedies, rewarding cooperation, protecting whistleblowers, or returning nearly a billion dollars to harmed investors, the Enforcement Division stood up for the investing public.”

SEC charges Charter Communications with controls violation related to 10b5-1 plans for company buybacks

Yesterday, the SEC announced a settled action against Charter Communications for “violating internal accounting controls requirements when it engaged in stock buybacks not authorized by its board of directors.” More specifically, the Board had authorized the company to conduct stock buybacks using Rule 10b5-1 plans, but the SEC contended that Charter’s plans contained a provision that permitted too much discretion—allowing Charter to “change the total dollar amounts available to buy back stock and to change the timing of buybacks after the plans took effect.”  As a result, the SEC concluded, the plans did not satisfy Rule 10b5-1. But this was not a case about insider trading. Rather, the SEC charged, because the plans did not satisfy Rule 10b5-1, the buybacks were effectively unauthorized. And that was a problem of ineffective internal accounting controls (which, the SEC maintained, aren’t necessarily just about accounting). According to Melissa Hodgman, Associate Director of Enforcement, “[c]ompanies whose boards authorize buybacks using Rule 10b5-1 plans must have controls that reasonably assure that their trading plans meet all of the rule’s conditions….This includes the fundamental requirement that, to benefit from the protection of Rule 10b5-1, traders have to relinquish their ability to influence the amount or timing of trades after their trading plans go into effect.” Charter agreed to pay a civil penalty of $25 million. Commissioners Hester Peirce and Mark Uyeda dissented.  

The PCAOB suggests some questions for audit committee members

The PCAOB has posted a 2023 audit committee resource that identifies a number of questions that audit committees may want “to consider amongst themselves or in discussions with their independent auditors, particularly given today’s economic and geopolitical landscape.”  The topics include the risk of fraud, risk assessment and internal controls, auditing and accounting risks, digital assets, M&A activities, use of the work of other auditors, talent and its impact on audit quality, independence, critical audit matters and cybersecurity. Audit committee members will certainly want to review the resource in its entirety, but, to give you a flavor, summarized below are some of the questions.

Some highlights of the 2023 PLI Securities Regulation Institute

This year’s PLI Securities Regulation Institute was a source for a lot of useful information and interesting perspectives. Panelists discussed a variety of topics, including climate disclosure (although no one shared any insights into the timing of the SEC’s final rules), proxy season issues, accounting issues, ESG and anti-ESG, and some of the most recent SEC rulemakings, such as pay versus performance, cybersecurity, buybacks and 10b5-1 plans. Some of the panels focused on these recent rulemakings echoed concerns expressed last year about the difficulty and complexity of implementation of these new rules, only this time, we also heard a few panelists questioning the rationale and effectiveness of these new mandates. What was the purpose of all this complication? Was it addressing real problems or just theoretical ones? Are investors really taking the disclosure into account? Is it all for naught?  Pay versus performance, for example, was described as “a lot of work,” but, according to one of the program co-chairs, in terms of its impact, a “nothingburger.”  (Was “nothingburger” the word of the week?) Aside from the agita over the need to implement the volume of complex rules, a key theme seemed to be the importance of controls and process—the need to have them, follow them and document that you followed them—as well as an intensified focus on cross-functional teams and avoiding silos. In addition, geopolitical uncertainty seems to be affecting just about everything. (For Commissioner Mark Uyeda’s perspective on the rulemaking process presented in his remarks before the Institute, see this PubCo post.) Below are just some of the takeaways, in no particular order.

Commissioner Uyeda has some suggestions about the rulemaking process

In remarks this week before PLI’s 55th Annual Institute on Securities Regulation, SEC Commissioner Mark Uyeda shared his views about the disclosure rulemaking process. He observed that, since becoming a commissioner 16 months ago, the SEC has adopted five major disclosure rules—pay versus performance, clawbacks, amendments to rule 10b5-1, share repurchases and cybersecurity—and has identified four more that are in the works.  He focused on four key issues: determining purpose, the need for re-proposals, scaling disclosure and considering rulemaking costs and burdens on a cumulative basis. As you might guess, Uyeda had some thoughtful criticisms of the rulemaking process and offered some potential remedies.

New Corp Fin intake system for no-action requests related to shareholder proposals

Corp Fin has announced a new intake system for requests from companies for no-action positions from the staff regarding companies’ intentions to exclude shareholder proposals under Rule 14a-8. In the announcement, Corp Fin indicates that Rule 14a-8 submissions and related correspondence must now be submitted using Corp Fin’s online shareholder proposal form, available at https://www.sec.gov/forms/shareholder-proposal, and that emailed materials will no longer be accepted. The announcement—and the form itself—emphasize that staff responses to these requests are only “informal, non-binding staff views” regarding exclusion of shareholder proposals.

Will the SEC’s shadow trading theory fall to SCOTUS’s major questions doctrine?

In August 2021, the SEC filed a complaint in the U.S. District Court charging Matthew Panuwat, a former employee of Medivation Inc., an oncology-focused biopharma, with insider trading in advance of Medivation’s announcement that it would be acquired by a big pharma company.  But it wasn’t your average run-of-the-mill insider trading case. Panuwat didn’t trade in shares of Medivation or shares of the acquiror, nor did he tip anyone about the transaction.  No, according to the SEC, he engaged in what has been referred to as “shadow trading”; he used the information about his employer’s acquisition to purchase call options on another biopharma, which the SEC claimed was comparable to Medivation.  (See this PubCo post.)  Since then, we’ve seen the usual moves on the chess board (discussed briefly below). But what’s particularly interesting, as Alison Frankel pointed out in Reuters, is the amicus brief filed by the Investor Choice Advocates Network, a self-described “nonprofit, public interest organization focused on expanding access to markets by underrepresented investors and entrepreneurs.”  In its brief, ICAN contended that the SEC’s invocation of the novel “shadow-trading” theory made this a “major questions” case—a judicial torpedo that we might begin to see fired with some regularity.  

SEC approves Nasdaq rule change regarding reverse stock splits

In August, the SEC posted a proposed Nasdaq rule change that would establish listing standards related to notification and disclosure of reverse stock splits.  According to the Nasdaq proposal, the volume of reverse splits processed by Nasdaq has increased substantially from 94 in 2020, 31 in 2021and 196 in 2022 to 164 reverse splits—just as of June 23, 2023.  In most cases, Nasdaq observed, the purpose of the reverse splits was to comply with Nasdaq’s $1 minimum bid price requirement to remain on the Capital Market tier. In light of this increased volume, Nasdaq proposed amendments to its listing rules to “enhance the ability for market participants to accurately process these events, and thereby maintain fair and orderly markets.” Failure to comply could result in a trading halt. Last week, the SEC approved the proposed rule change. It’s worth noting that, as a corollary to the new reverse split listing standards, Nasdaq has also submitted to the SEC a separate rule proposal to adopt a new regulatory halt procedure specific to securities in the process of a reverse split.

Fifth Circuit grants Chamber’s petition for review of buyback rule—will the Court ultimately vacate the rule?

In May this year, the SEC adopted final rules intended to modernize and improve disclosure regarding company stock repurchases. The rule requires quarterly reporting of detailed quantitative information on daily repurchase activity and revises and expands the narrative requirements, including disclosure regarding the rationale for the buyback. (See this PubCo post.) It didn’t take long for the Chamber to object.  Just over a week following adoption, the U.S. Chamber of Commerce, along with two Texas co-plaintiffs, submitted a petition to the Fifth Circuit for review of the final rule. Petitioners made three arguments: that “(1) the rationale-disclosure requirement violates the First Amendment by impermissibly compelling their speech; (2) the SEC acted arbitrarily and capriciously in adopting the final rule by not considering their comments or conducting a proper cost benefit analysis; and (3) the SEC did not provide the public with a meaningful opportunity to comment.”   On Halloween, the three-judge panel issued its opinion. The Court granted the petition, holding that the SEC violated the Administrative Procedure Act. But the Court did not vacate the rule—not yet anyway. Instead, the Court remanded the rule back to the SEC for 30 days to attempt to repair the analytical defects. Will the SEC adequately repair the defects? Will the Court ultimately vacate the rule? That all remains to be seen.

SEC charges SolarWinds and CISO with securities fraud and control failures

You remember the 2020 SolarWinds hack, perhaps one of the worst cyberattacks in history?  As NPR described it in 2021, we all regularly receive routine software updates like this one:

“‘This release includes bug fixes, increased stability and performance improvements’…. Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare—bug fixes, performance enhancements—to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers. The routine update, it turns out, is no longer so routine. Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America. ‘Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,’”

according to the Company’s CEO. And not just any customers—the Company determined that many very well-known companies and about a dozen government agencies were compromised, including the Treasury, Justice and Energy departments, the Pentagon and, ironically, the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security. On Monday, the SEC announced that it had filed a complaint against SolarWinds and its Chief Information Security Officer, Timothy G. Brown, charging ‘fraud and  internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.”  In the complaint, the SEC charges that “SolarWinds’ public statements about its cybersecurity practices and risks painted a starkly different picture from internal discussions and assessments about the Company’s cybersecurity policy violations, vulnerabilities, and cyberattacks.” According to Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, the SEC’s enforcement action “underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors about known concerns.”