Large-scale data breaches can give rise to a host of legal problems for the breached entity, ranging from consumer class action litigation to congressional inquiries and state attorneys general investigations. Increasingly, issuers are also facing the specter of federal securities fraud litigation.
The existence of securities fraud litigation following a cyber breach is, to some extent, not surprising. Lawyer-driven securities litigation often follows stock price declines, even declines that are ostensibly unrelated to any prior public disclosure by an issuer. Until recently, significant declines in stock price following disclosures of cyber breaches were rare. But that is changing. The recent securities fraud class actions brought against Yahoo! and Equifax demonstrate this point; in both of those cases, significant stock price declines followed the disclosure of the breach. Similar cases can be expected whenever stock price declines follow cyber breach disclosures. Continue reading →
In a decision that makes clear the importance for counsel conducting internal investigations to think carefully about the consequences of providing oral summaries of witness interviews to government investigators, a federal Magistrate Judge recently held that a law firm waived work product protection for its interview memoranda when counsel provided oral downloads of those interviews to the U.S. Securities and Exchange Commission (“SEC”). Noting that “very few decisions are consequence free events,” the Court held that there was “little to no substantive distinction” for purposes of work product waiver between providing the actual notes and memoranda and reading or orally summarizing the notes. The Court, however, rejected the notion that a waiver of work product protection extends to information the law firm shared with its client’s accounting firm, holding that the accounting firm and the company shared a “common interest.” Continue reading →
The following post provides an overview of the key findings from our research on the enforcement outcomes of the Australian Securities and Investments Commission (ASIC) for the five-year period from 1 July 2011 to 30 June 2016. The full journal article can be accessed here.
ASIC is Australia’s corporate, markets, financial services and consumer credit regulator. This government organization regulates Australian companies, financial markets, financial services organisations and professionals who deal and advise in investments, superannuation, insurance, deposit taking and credit. ASIC dedicates a significant amount of resources (around 70%) to surveillance and enforcement activity, reflecting its view that enforcement is an important part of its regulatory role. Continue reading →
The following is the third post in a series of three on recent SEC enforcement. The full report can be accessed here. A note of caution to the readers: the SEC does not share enforcement data. All three posts are based on a database of SEC enforcement actions I have put together along with several research assistants, covering the period between 2007 and 2017. The data was collected by hand, and reviewed at least once. Entries were compared with SEC releases and reports, but the chance of error remains.
The Dodd-Frank Act authorized the SEC to bring almost any enforcement action in an administrative proceeding. Before Dodd-Frank, the SEC could secure civil fines against registered broker-dealers and investment advisers in administrative proceedings, but had to sue in court non-registered firms and individuals, including public companies and executives charged with accounting fraud, as well as traders charged with insider trading violations. After the Dodd-Frank amendment, save for a few remedies that can only be obtained in court, the SEC can choose the forum in which it prosecutes enforcement actions. Continue reading →
The following is the second post in a series of three on recent SEC enforcement. The full report can be accessed here. A note of caution to the readers: the SEC does not share enforcement data. All three posts are based on a database of SEC enforcement actions I have put together along with several research assistants, covering the period between 2007 and 2017. The data was collected by hand, and reviewed at least once. Entries were compared with SEC releases and reports, but the chance of error remains.
I. Enforcement Against Entities
The first post observed that enforcement against individual defendants remained largely unchanged in the second half of the 2017 fiscal year. Enforcement against entities, on the other hand, has changed quite substantially. Fewer entities were targeted in actions brought in the second half of FY 2017: 34% of defendants (165 of 488) in standalone actions in the second half were entities, compared with 47% (201 of 427) in the first half of the year. Continue reading →
The following is the first post in a series of three on recent SEC enforcement. The full report can be accessed here. A note of caution to the readers: the SEC does not share enforcement data. All three posts are based on a database of SEC enforcement actions I have put together along with several research assistants, covering the period between 2007 and 2017. The data was collected by hand, and reviewed at least once. Entries were compared with SEC releases and reports, but the chance of error remains.
Last week, the SEC released its enforcement report for fiscal year 2017. In it, the SEC reported moderate declines in the number of filed enforcement actions, 754 compared with 868 in fiscal year 2016, and in the total monetary penalties ordered, $3.8 billion compared with $4.1 billion in fiscal 2016. The narrative accompanying the release suggests that despite the change in SEC leadership, enforcement remains consistent. Continue reading →
In a recent post to this blog, Professor Amy Sepinwall made a startling argument. Reflecting on the debate between liberals and conservatives over the Sentencing Reform and Corrections Act of 2016, she strongly suggested that the Act’s strengthening of the mens rea element in criminal cases should be limited to the disadvantaged and not extended to “the already advantaged.” She applauded the proposed bill for providing “deserved fairness for the disadvantaged,” but appeared to lament the fact that a more stringent mens rea requirement under that bill would be available for “some senior corporate management ‘fat cats,’” as well. This position is consistent with her defense of the “responsible corporate officer” doctrine, which does away with any mens rea requirement in certain cases against high level corporate officers. Continue reading →
Since Congress has not specifically defined insider trading, courts have interpreted the Securities Exchange Act’s prohibition against manipulative or deceptive means to determine whether a violation has occurred. The imprecision of securities law has led many people to weigh in on what constitutes a criminal act. Recently, Antonia Apps wrote over 2,000 words on the Second Circuit’s recent insider trading decision, United States v. Martoma, 869 F.3d 58 (2d Cir. 2017), and Greg Morvillo wrote two posts to clarify his thoughts on that case. Can you imagine a crime that is so difficult to define that it continues to spark debate with each new decision from a court? Continue reading →
What is the connection between what the SEC actually does and what it says it will do? In 2013, the SEC unveiled a new policy requiring some enforcement targets to admit wrongdoing when they settled with the agency. In An Empirical Study of Admissions in SEC Settlements, we analyze settlements from before and after the introduction of this policy to determine how the SEC’s practice lines up with its new approach to admissions. We find an uptick of admissions following the policy announcement, with the highest number in FY2016. Using an inclusive definition of admissions, we identify fewer than one hundred settlements containing admissions that were announced during the seven years of our study (FY2011-FY2017). Continue reading →
Below, is a graph by month of new Securities and Exchange Commission (SEC) enforcement actions under the Foreign Corrupt Practices Act (FCPA) against public companies and subsidiaries. Using data from the Securities Enforcement Empirical Database (SEED), a collaboration between NYU and Cornerstone Research, we track SEC FCPA actions from January 2016 through the end of the SEC fiscal year on September 30, 2017. SEED defines a public company as a company with stock that trades on the NYSE, NYSE MKT LLC, NASDAQ, or NYSE Arca stock exchanges at the start date of the SEC enforcement action. We divide our months based on whether the action was initiated under the Obama Administration (blue) or the Trump Administration (red). Continue reading →