Attorneys who may think they can give short shrift to those pesky legal opinions to transfer agents might think twice after reading this complaint, SEC v. Frederick Bauman, filed on September 8, 2021, in the federal district court in Nevada. As described in the SEC’s litigation release, the SEC charged Bauman “with playing a critical role as an attorney who facilitated the unregistered sale of millions of shares of securities by two groups engaged in securities fraud.” According to the SEC’s complaint, between 2016 and August 2019, Bauman issued at least a dozen legal opinions to transfer agents advising that certain shares of four public companies were unrestricted and freely tradeable and that the holders of the shares were not affiliates of the public company issuers. However, the SEC alleged, the shareholders were actually part of groups that controlled those issuers, which made them affiliates under the securities laws. In “each instance where Bauman’s opinion letters violated Section 5,” the SEC alleged, “he lacked a reasonable basis for representing that the shareholders were not affiliates.” The complaint charged that the sales by these control groups were unregistered and violated Section 5 of the Securities Act and that Bauman violated Sections 5(a) and 5(c) of the Securities Act.
On Friday, the SEC announced settled charges against Kraft Heinz Company, its Chief Operating Officer and Chief Procurement Officer for “engaging in a long-running expense management scheme that resulted in the restatement of several years of financial reporting.” According to the SEC’s Order regarding the company and the COO, as well as the SEC’s complaint against the CPO, the company employed a number of expense management strategies that “misrepresented the true nature of transactions,” including recognizing unearned discounts from suppliers, maintaining false and misleading supplier contracts and engaging in other accounting misconduct, all of which resulted in accounting errors and misstatements. The misconduct, the SEC contended, was designed to allow the company to report sham cost savings consistent with the operational efficiencies it had touted would result from the 2015 merger of Kraft and Heinz, as well as to inflate EBITDA—a critical earnings measure for the market—and to achieve certain performance targets. And, once again, charges of failure to design and implement effective internal controls played a prominent role. After the SEC began its investigation, KHC restated its financials, reversing “$208 million in improperly-recognized cost savings arising out of nearly 300 transactions.” According to Anita B. Bandy, Associate Director of Enforcement, “Kraft and its former executives are charged with engaging in improper expense management practices that spanned many years and involved numerous misleading transactions, millions in bogus cost savings, and a pervasive breakdown in accounting controls. The violations harmed investors who ultimately bore the costs and burdens of a restatement and delayed financial reporting….Kraft and its former executives are being held accountable for placing the pursuit of cost savings above compliance with the law.” KHC agreed to pay a civil penalty of $62 million. Interestingly, this case comes on the heels of an earnings management case brought by the SEC against Healthcare Services Group, Inc. for alleged failures to properly accrue and disclose litigation loss contingencies.
Yesterday, the SEC announced settled charges against Healthcare Services Group, Inc., a provider of housekeeping and other services to healthcare facilities, its CFO and its controller, for alleged failures to properly accrue and disclose litigation loss contingencies—accounting and disclosure violations that “enabled the company to report inflated quarterly [EPS] that met research analysts’ consensus estimates for multiple quarters.” This action is the result of SEC Enforcement’s “EPS Initiative, which uses risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.” Gurbir Grewal, the new Director of Enforcement, warned that the SEC will continue to leverage its “in-house data analytic capabilities to identify improper accounting and disclosure practices that mask volatility in financial performance, and continue to hold public companies and their executives accountable for their violations.” The company paid $6 million to settle the action. The SEC Order makes the matter of accruing for loss contingencies sound simple and straightforward, implying that the company’s behavior involved “big bath” accounting and other earnings management practices, and that may well be the case in this instance. However, in many cases, deciding whether, when and what to disclose or accrue for a loss contingency is not so clear cut and can often be a challenging exercise.
On Tuesday, the SEC announced that it had filed a complaint in the U.S. District Court charging a former employee of Medivation Inc., an oncology-focused biopharma, with insider trading in advance of Medivation’s announcement that it would be acquired by a big pharma company. But it’s not what you might think. The employee didn’t trade in shares of Medivation or shares of the acquiror, nor did he tip anyone about the transaction. No, according to the SEC, he used the information about his employer’s acquisition to purchase call options on a separate biopharma company, Incyte Corporation, which the SEC claims was comparable to Medivation. According to the SEC, the employee made that purchase based on an assumption that the acquisition of Medivation at a healthy premium would probably boost the share price of Incyte. Incyte’s stock price increased after the sale of Medivation was announced. The SEC charged that the employee breached his “duty to refrain from using Medivation’s proprietary information for his own personal gain” and traded ahead of the announcement, in violation of Rule 10b-5. Will the SEC succeed or is the factual basis of the charge just too attenuated?
It’s déjà vu all over again! On Monday, the SEC announced settled charges against Pearson plc, an NYSE-listed, educational publishing and services company based in London, for failure to disclose a cybersecurity breach. You might recall that just a few months ago, the SEC announced settled charges against another company for failure to timely disclose a cybersecurity vulnerability that led to a leak of data, with disclosure ultimately spurred by imminent media reports. Is there a trend here? In this instance, it wasn’t just a vulnerability—there was an actual known breach and exfiltration of private data. Nevertheless, Pearson decided not to disclose it and framed its cybersecurity risk factor disclosure as purely hypothetical. The SEC viewed that disclosure as misleading and imposed a civil penalty on Pearson of $1 million. The case serves as yet another reminder of the dangers of risk disclosures presented as hypothetical when those risks have actually come to fruition—a presentation that has now repeatedly drawn scrutiny in the context of cybersecurity disclosure.
The SEC’s whistleblower program provides for awards in amounts between 10% and 30% of the monetary sanctions collected in an SEC action based on the whistleblower’s original information. The program, which has been in place for more than ten years, is widely acknowledged to have been a resounding success. In September 2020, the SEC adopted a number of amendments to the whistleblower rules, some of which were quite controversial. In early August, SEC Chair Gary Gensler issued a statement indicating that he had directed the SEC staff to revisit the whistleblower rules, in particular, two of the amendments that had been adopted in 2020. (See this PubCo post.) Gensler observed that concerns have been raised, including by whistleblowers as well as by Commissioners Allison Herren Lee and Caroline Crenshaw, that those amendments “could discourage whistleblowers from coming forward.” Now, the SEC has issued a policy statement advising how the SEC will proceed in the interim while changes to those rules are under consideration. Commissioners Hester Peirce and Elad Roisman were none too pleased with the SEC’s action here, questioning whether it might be part of a troubling pattern of unwinding actions taken by the last Administration. They made their views known in this statement.
According to Law 360 reporting on a webcast panel last week, Acting Director of Enforcement Melissa Hodgman, warned that, in addition to “increased scrutiny” of “funds touting green investments,” we may well see more ESG disclosure-related enforcement actions in general. In March, then-Acting SEC Chair Allison Herren Lee announced the creation of a new climate and ESG task force in the Division of Enforcement. The moderator of the panel, a former co-Director of Enforcement, observed that “usually you don’t stand up a task force unless you’re pretty sure that task force is going to produce something.” So what should we expect?
Once again, a “control failure” is a lever used by SEC Enforcement to bring charges against a company, this time for failure to timely disclose a cybersecurity vulnerability. Yesterday, the SEC announced settled charges against a real estate settlement services company, First American Financial Corporation, for violation of the requirement to maintain adequate disclosure controls and procedures “related to a cybersecurity vulnerability that exposed sensitive customer information.” This action follows charges regarding control violations against GE (see this PubCo post), HP, Inc. (see this PubCo post) and Andeavor (see this PubCo post) where, instead of attempting to make a case about funny accounting or, in Andeavor, a defective 10b5-1 plan, the SEC opted to make its point by, among other things, charging failure to maintain and comply with internal accounting controls or disclosure controls and procedures. Companies may want to take note that charges related to violations of the rules regarding internal controls and disclosure controls seem to be increasingly part of the SEC’s Enforcement playbook, making it worthwhile for companies to make sure that their controls are in good working order. Perhaps we should pirate the Matt Levine mantra, “everything is securities fraud” (see this PubCo post): how ’bout “everything is also a control failure”?
On Monday, the SEC announced settled charges against Under Armour, Inc., a manufacturer of sports apparel, for misleading investors by failing to disclose material information about its “revenue management practices.” According to the Order, Under Armour had established a reputation for consistent revenue growth that exceeded analysts’ consensus estimates. But when internal forecasts began to indicate that it would miss those estimates, the company sought to close the gap by accelerating—“pulling forward”—existing orders that had been scheduled by customers for future quarters. Although this practice continued for six quarters, the SEC charged, the company failed to disclose this pull-forward practice as a driver of its revenue growth nor did it disclose the “known uncertainty” that this practice created with regard to revenues in future quarters. It’s worth noting that the SEC’s charges related solely to disclosure failures; the Order expressly indicated that the SEC did “not make any findings that revenue from these sales was not recorded in accordance with [GAAP].” Under Armour agreed to pay $9 million to settle the action.
At the end of last week, the SEC announced that it had filed settled charges against eight companies for failing to disclose in their Form 12b-25 filings (Form NT Notification of Late Filing) that their late filings of periodic reports were caused by an anticipated restatement or correction of prior financial reporting. The staff detected the violations through the use of data analytics in an initiative aimed at Form 12b-25 filings that were soon followed by announcements of financial restatements or corrections. According to Melissa Hodgman, the new (again) Acting Director of Enforcement (following the abrupt resignation of the prior Director), “[a]s today’s actions show, we will continue to use data analytics to uncover difficult to detect disclosure violations….Targeted initiatives like this allow us to efficiently address disclosure abuses that have the potential to undermine investor confidence in our markets if left unaddressed.” Is it just more “broken windows”? Maybe, maybe not. The Associate Director of Enforcement hit on a central problem from the SEC’s perspective with deficiencies of this type: “In these cases, due to the companies’ failure to include required disclosure in their Form 12b-25, investors relying on the deficient Forms NT were kept in the dark regarding the unreliability of the company’s financial reporting or anticipated material changes in operating results.” These charges should serve as a reminder that completing the late notification is not, to borrow a phrase, a trivial pursuit and could necessitate substantial time and attention to provide the narrative and quantitative data that, depending on the circumstances, could be required.