On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country. These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.
The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million. Following the introduction of implementing rules, the CFTC’s program became effective in October 2011. Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million. The $30 million award announced last week, thus, reflects a significant increase. This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading →
Last week, the White House, reacting to the Supreme Court’s June 21, 2018 decision in Lucia v. SEC, issued an Executive Orderexempting Administrative Law Judges, or ALJs, from the competitive civil service. This post considers what the order might mean for the Securities and Exchange Commission and other agencies that use ALJs to adjudicate enforcement cases. Lucia held that the SEC’s ALJs are “officers” subject to the Constitution’s Appointments Clause, which means they have to be appointed by (as relevant here) the head of the agency – that is, the SEC’s Commissioners. Previously ALJs were hired through an examination-based process handled by the Office of Personnel Management, or OPM (effectively the human resources department of the federal government). OPM typically presented an agency with a list of eligible candidates ranked on the basis of the examination, among other things, and the agency selected an ALJ from among the top three candidates on the list. Continue reading →
The Second Circuit has spoken…again. For what seems like the umpteenth time in three years, twice on the same case US v. Martoma, the Circuit put pen to paper to address the controversial personal benefit issue. To understand how we got here…here is a, sort of, brief recap.
Newman shook up the legal world. In US v. Newman, the Second Circuit held that personal benefit (and remember we are talking about it only in relation to a tipper making an improper gift of confidential information to a trading relative or friend) existed where there was a “meaningfully close personal relationship that generates an exchange that is objective, consequential, and represents at least a potential gain of a pecuniary or similarly valuable nature.” This raised all kinds of hullabaloo (yes, I just used the word hullabaloo). Some of us thought Newman was brilliant, some thought it was a disaster. Continue reading →
They say the third time’s a charm, whoever “they” are. If that’s the case, then this must be a most charming article because it is the third time I have had the opportunity to write about the battle over whether an SEC Administrative Law Judge is an inferior officer who the Commission must appoint to the position or a mere employee who the human resources department can simply hire to preside over cases. This will be the last time I write about this issue because the U.S. Supreme Court just weighed in and resolved the dispute. The answer is definitive but the impact, practically speaking, will not be far reaching. Nevertheless, the Supreme Court has held that SEC ALJs are inferior officers of the United States subject to the Appointments Clause of the Constitution. Continue reading →
Sometimes the unexpected happens. But preparing for the unexpected is the essence of the compliance function. The failure to effectively prepare for risks unrelated to your core business can be disastrous. A seemingly innocuous compliance breach could disqualify your firm from participating in a private offering of securities under Rule 506(d), known as the “Bad Actor” Disqualification. Being a Bad Actor can have detrimental, if not fatal, consequences for your firm – hence the critical importance of making known certain unknowns. Continue reading →
For about 50 years – at least since Texas Gulf Sulphur – the SEC has ordered defendants to disgorge their profits from transactions that violated the securities laws. Despite disgorgement’s long history, in its 2017 opinion in Kokesh v. SEC (PDF: 102 KB), the US Supreme Court put two aspects of the remedy on the table. It applied a five-year statute of limitations to disgorgement. It also reopened old debates over agencies’ power to seek remedies not specified in statute. My article, Disgorgement in Insider Trading Cases: FY2005-FY2015, provides data to inform these debates over the agency’s use of disgorgement and the effects of Kokesh. It reports the results of an empirical study of ten years of the remedies ordered by the SEC in insider trading actions, with particular emphasis on the agency’s reliance on disgorgement. Continue reading →
Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released an updated Cybersecurity Framework (PDF: 1,038 KB) that revises NIST’s baseline recommendations for the design of cybersecurity risk management programs. In announcing its release, Commerce Secretary Wilbur Ross described the updated Framework as “a must do for all CEOs” and recommended that “every company” adopt the Framework as its “first line of defense.” As with the prior version, the updated NIST Framework provides a useful tool to guide and benchmark company approaches to cybersecurity risk and will impact how regulators evaluate cybersecurity programs and incident responses across sectors. Continue reading →
Late last week, the Department of Justice’s Criminal Division announced at an ABA white-collar conference that it has begun using the FCPA Corporate Enforcement Policy (PDF: 51 KB) as “nonbinding guidance” in other areas of white-collar enforcement beyond the FCPA. As a result, absent aggravating factors, DOJ may more frequently decline to prosecute companies that promptly self-disclose misconduct, fully cooperate with DOJ’s investigation, remediate in a complete and timely fashion, and disgorge any ill-gotten gains. As a first example of this approach, the officials pointed to DOJ’s recent decision (PDF: 1,743 KB) to decline charges against Barclays PLC, after the bank agreed to pay back $12.9 million in wrongful profits, following individual charges arising out of a foreign exchange front-running scheme. Continue reading →
In 2010, in the wake of the financial crisis, Congress passed comprehensive financial regulation reform legislation known as the Dodd-Frank Act (Pub.L. 111-203). Section 922 of the Dodd-Frank Act established both a bounty award program as well as anti-retaliation protection for whistleblowers who report securities law violations.
Pursuant to the mandate of Section 922, the US Securities and Exchange Commission (“SEC”) established an Office of the Whistleblower, and implemented its final rules on the Dodd-Frank Program through a comprehensive rulemaking process that involved significant public input in May 2011. Continue reading →
Yesterday, in keeping with a heightened governmental focus on cybersecurity, as exemplified by the Justice Department’s formation of a new Cyber-Digital Task Force (PDF: 62 KB)earlier this week, the Securities and Exchange Commission announced new guidance on cybersecurity disclosures by public companies (the “Guidance (PDF: 139 KB)”).
Much of the Guidance tracks 2011 interpretive guidance from the SEC’s Division of Corporation Finance and retains a focus on “material” cyber risks and incidents. However, the expanded details and heightened pressure to disclose indicated in the Guidance, along with its issuance by the Commission itself, signal that the SEC expects public companies to consider more detailed disclosure of cyber risks and incidents, and to maintain “comprehensive” policies and procedures in this area. The SEC is also encouraging, though not requiring, forward-leaning approaches, such as with respect to disclosures about the company’s cyber risk management programs and the engagement of the board of directors with management on cybersecurity issues. SEC Chairman Jay Clayton has also directed (PDF: 92 KB) SEC staff to monitor corporate cyber disclosures. Continue reading →