Tag: SEC Division of Enforcement
SEC charges another company for misleading cybersecurity disclosure
It’s déjà vu all over again! On Monday, the SEC announced settled charges against Pearson plc, an NYSE-listed, educational publishing and services company based in London, for failure to disclose a cybersecurity breach. You might recall that just a few months ago, the SEC announced settled charges against another company for failure to timely disclose a cybersecurity vulnerability that led to a leak of data, with disclosure ultimately spurred by imminent media reports. Is there a trend here? In this instance, it wasn’t just a vulnerability—there was an actual known breach and exfiltration of private data. Nevertheless, Pearson decided not to disclose it and framed its cybersecurity risk factor disclosure as purely hypothetical. The SEC viewed that disclosure as misleading and imposed a civil penalty on Pearson of $1 million. The case serves as yet another reminder of the dangers of risk disclosures presented as hypothetical when those risks have actually come to fruition—a presentation that has now repeatedly drawn scrutiny in the context of cybersecurity disclosure.
SEC steps back from two of the 2020 amendments to the whistleblower rules
The SEC’s whistleblower program provides for awards in amounts between 10% and 30% of the monetary sanctions collected in an SEC action based on the whistleblower’s original information. The program, which has been in place for more than ten years, is widely acknowledged to have been a resounding success. In September 2020, the SEC adopted a number of amendments to the whistleblower rules, some of which were quite controversial. In early August, SEC Chair Gary Gensler issued a statement indicating that he had directed the SEC staff to revisit the whistleblower rules, in particular, two of the amendments that had been adopted in 2020. (See this PubCo post.) Gensler observed that concerns have been raised, including by whistleblowers as well as by Commissioners Allison Herren Lee and Caroline Crenshaw, that those amendments “could discourage whistleblowers from coming forward.” Now, the SEC has issued a policy statement advising how the SEC will proceed in the interim while changes to those rules are under consideration. Commissioners Hester Peirce and Elad Roisman were none too pleased with the SEC’s action here, questioning whether it might be part of a troubling pattern of unwinding actions taken by the last Administration. They made their views known in this statement.
Acting Enforcement Director warns of ESG enforcement actions
According to Law 360 reporting on a webcast panel last week, Acting Director of Enforcement Melissa Hodgman, warned that, in addition to “increased scrutiny” of “funds touting green investments,” we may well see more ESG disclosure-related enforcement actions in general. In March, then-Acting SEC Chair Allison Herren Lee announced the creation of a new climate and ESG task force in the Division of Enforcement. The moderator of the panel, a former co-Director of Enforcement, observed that “usually you don’t stand up a task force unless you’re pretty sure that task force is going to produce something.” So what should we expect?
SEC charges company with disclosure controls violation as a result of cybersecurity failure
Once again, a “control failure” is a lever used by SEC Enforcement to bring charges against a company, this time for failure to timely disclose a cybersecurity vulnerability. Yesterday, the SEC announced settled charges against a real estate settlement services company, First American Financial Corporation, for violation of the requirement to maintain adequate disclosure controls and procedures “related to a cybersecurity vulnerability that exposed sensitive customer information.” This action follows charges regarding control violations against GE (see this PubCo post), HP, Inc. (see this PubCo post) and Andeavor (see this PubCo post) where, instead of attempting to make a case about funny accounting or, in Andeavor, a defective 10b5-1 plan, the SEC opted to make its point by, among other things, charging failure to maintain and comply with internal accounting controls or disclosure controls and procedures. Companies may want to take note that charges related to violations of the rules regarding internal controls and disclosure controls seem to be increasingly part of the SEC’s Enforcement playbook, making it worthwhile for companies to make sure that their controls are in good working order. Perhaps we should pirate the Matt Levine mantra, “everything is securities fraud” (see this PubCo post): how ’bout “everything is also a control failure”?
Under Armour’s failure to disclose order “pull forwards” comes under fire at the SEC
On Monday, the SEC announced settled charges against Under Armour, Inc., a manufacturer of sports apparel, for misleading investors by failing to disclose material information about its “revenue management practices.” According to the Order, Under Armour had established a reputation for consistent revenue growth that exceeded analysts’ consensus estimates. But when internal forecasts began to indicate that it would miss those estimates, the company sought to close the gap by accelerating—“pulling forward”—existing orders that had been scheduled by customers for future quarters. Although this practice continued for six quarters, the SEC charged, the company failed to disclose this pull-forward practice as a driver of its revenue growth nor did it disclose the “known uncertainty” that this practice created with regard to revenues in future quarters. It’s worth noting that the SEC’s charges related solely to disclosure failures; the Order expressly indicated that the SEC did “not make any findings that revenue from these sales was not recorded in accordance with [GAAP].” Under Armour agreed to pay $9 million to settle the action.
SEC charges eight companies for deficient Forms 12b-25
At the end of last week, the SEC announced that it had filed settled charges against eight companies for failing to disclose in their Form 12b-25 filings (Form NT Notification of Late Filing) that their late filings of periodic reports were caused by an anticipated restatement or correction of prior financial reporting. The staff detected the violations through the use of data analytics in an initiative aimed at Form 12b-25 filings that were soon followed by announcements of financial restatements or corrections. According to Melissa Hodgman, the new (again) Acting Director of Enforcement (following the abrupt resignation of the prior Director), “[a]s today’s actions show, we will continue to use data analytics to uncover difficult to detect disclosure violations….Targeted initiatives like this allow us to efficiently address disclosure abuses that have the potential to undermine investor confidence in our markets if left unaddressed.” Is it just more “broken windows”? Maybe, maybe not. The Associate Director of Enforcement hit on a central problem from the SEC’s perspective with deficiencies of this type: “In these cases, due to the companies’ failure to include required disclosure in their Form 12b-25, investors relying on the deficient Forms NT were kept in the dark regarding the unreliability of the company’s financial reporting or anticipated material changes in operating results.” These charges should serve as a reminder that completing the late notification is not, to borrow a phrase, a trivial pursuit and could necessitate substantial time and attention to provide the narrative and quantitative data that, depending on the circumstances, could be required.
SEC charges AT&T and executives with Reg FD violations
On Friday of last week, the SEC announced that it had filed a complaint charging AT&T, Inc. and three of its Investor Relations executives with violations of Reg FD as a result of one-on-one disclosures of AT&T’s “projected and actual financial results” to a number of Wall Street research analysts by the three executives. In March 2016, the SEC alleges, AT&T learned that, as a result of a “steeper-than-expected decline in smartphone sales,” AT&T’s first quarter revenues would fall short of analysts’ estimates by over a $1 billion. The three IR executives were then asked to contact the analysts whose estimates were too high to “walk” them down. This case illustrates the tightrope that IR personnel walk when talking one-on-one with analysts in the context of Reg FD.
New Enforcement Task Force on Climate and ESG
Last week, Allison Lee, Acting Chair of the SEC, directed the staff of Corp Fin to “enhance its focus on climate-related disclosure in public company filings.” Yesterday, the SEC announced that the new climate focus would not be limited to Corp Fin—the SEC has created a new Climate and ESG Task Force in the Division of Enforcement. According to the press release, the initial focus of the Task Force will be to identify any material gaps or misstatements in issuers’ disclosure of climate risks under existing rules, giving us all another reason to excavate the staff’s 2010 interpretive guidance regarding climate change. (You may recall that the guidance addressed in some detail how existing disclosure obligations, such as the Reg S-K requirements for business narrative and risk factors, could apply to climate change. See this PubCo post.) Apparently, however, the remit of the Task Force goes beyond climate to address other ESG issues. Lee said that the Task Force is designed to bolster the efforts of the SEC as a whole in addressing climate risk and sustainability, which “are critical issues for the investing public and our capital markets.”
Failure to disclose perks remains in the SEC spotlight
Disclosure of executive perks is once again in the SEC Enforcement spotlight. Just last year, there were two actions against companies for disclosure failures regarding perks—Hilton Worldwide Holdings Inc. (see this PubCo post) and Argo Group International Holdings, Ltd. (see this PubCo post). Now, Enforcement has brought settled charges against Gulfport Energy Corporation, a gas exploration and production company that filed for Chapter 11 in November, and its former CEO, Michael G. Moore, for failure to disclose some of the perks provided to Moore as well as related-person transactions involving Moore’s son. The case serves as a reminder that the analysis of whether a benefit is a disclosable perk can be complicated.
SEC charges Sequential Brands with failure to take goodwill impairment charges
The SEC has just filed a complaint against Sequential Brands Group, Inc., a brand management company, for failing to take timely and appropriate goodwill impairment charges as required by GAAP and the federal securities laws, despite “clear evidence of goodwill impairment” (according to the press release). As a result, the SEC alleges, the company “materially understated its operating expenses and net loss and materially overstated its income from operations, goodwill, and total assets” in its SEC filings, turning “a net loss into income” for financial statement purposes.
You must be logged in to post a comment.