Tag Archives: Matthew E. Kaplan

SEC Order Provides Warning to Fund Managers with Access to CLO-Related MNPI

by Matthew E. Kaplan, Jonathan R. Tuttle, Benjamin R. Pedersen, and Anna Moody

Photos of the authors

Left to Right: Matthew E. Kaplan, Jonathan R. Tuttle, Benjamin R. Pedersen and Anna Moody (photos courtesy of Debevoise & Plimpton LLP)

Introduction

On August 26, 2024, the Securities and Exchange Commission (“SEC”) announced settled charges against registered investment adviser Sound Point Capital Management, LP (“Sound Point”) for violating Sections 204A and 206(4) of the Investment Advisers Act of 1940 (“Advisers Act”) and Rule 206(4)-7 thereunder. According to the order, Sound Point failed to establish, maintain or enforce written policies and procedures reasonably designed to prevent the misuse of material non-public information (“MNPI”) concerning its trading of collateralized loan obligations (“CLOs”) that contained loans for which Sound Point was a lender.[1] Andrew Dean, Co-Chief of the SEC Enforcement Division’s Asset Management Unit, issued a statement on the same day reminding fund managers that they “must evaluate how their roles as lenders could expose them to MNPI that may relate to their CLO trading positions.”[2] These issues could also arise in contexts where the firm otherwise has access to MNPI.

Continue reading

Supreme Court Holds That “Pure Omissions” Are Not Actionable Under Rule 10b-5(b)

by Elliot Greenfield, Matthew E. Kaplan, Maeve O’ConnorBenjamin R. PedersenJonathan R. TuttleAnna MoodyBrandon Fetzer, and Mark D. Flinn

Top left to right: Elliot Greenfield, Matthew E. Kaplan, Maeve O’Connor, and Benjamin R. Pedersen.
Bottom left to right: Jonathan R. Tuttle, Anna Moody, Brandon Fetzer, and Mark D. Flinn. (Photos courtesy of Debevoise & Plimpton LLP).

On April 12, 2024, in a highly anticipated decision, the Supreme Court held in Macquarie Infrastructure Corp. v. Moab Partners, L.P.[1] that pure omissions are not actionable in private litigation under Rule 10b-5(b). Resolving a circuit split, the Court held that Rule 10b-5(b) does not support a “pure omissions” theory based on an alleged failure to disclose material information required by Item 303 of SEC Regulation S-K (Management’s discussion and analysis of financial condition and results of operations, or MD&A). Instead, a “failure to disclose information required by [MD&A] can support a Rule 10b-5(b) claim only if the omission renders affirmative statements made misleading.”[2] While the decision arose in the context of Item 303, which requires disclosure of “known trends and uncertainties” that have had or are “reasonably likely” to have a material impact on net sales, revenues or income from continuing operations,[3] the decision stands for the broader principle that Rule 10b-5(b) does not support pure omissions theories based on alleged violation of any disclosure requirement. Such claims remain viable, however, under Section 11 of the Securities Act of 1933. This ruling provides welcome clarity to issuers and eliminates the risk of pure-omission claims under Rule 10b-5(b) based on the judgment-based requirements of MD&A.

Continue reading

Hackers Turned Whistleblowers: SEC Cybersecurity Rules Weaponized Over Ransom Threat

by Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Steven J. Slutzky, Jonathan R. Tuttle, Matt Kelly, and Kelly Donoghue

Top left to right: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, and Erez Liebermann
Bottom left to right: Benjamin R. Pedersen, Steven J. Slutzky, Jonathan R. Tuttle, Matt Kelly, and Kelly Donoghue (Photos courtesy of Debevoise & Plimpton LLP)

On November 7, 2023, the profilic ransomware group AlphV (a/k/a “BlackCat”) reportedly breached software company MeridianLink’s information systems, exfiltrated data and demanded payment in exchange for not publicly releasing the stolen data. While this type of cybersecurity incident has become increasingly common, the threat actor’s next move was less predictable. AlphV filed a whistleblower tip with the U.S. Securities and Exchange Commission (the “SEC”) against its victim for failing to publicly disclose the cybersecurity incident. AlphV wrote in its complaint[1]:

We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted cybersecurity incident disclosure rules. It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules.

As we have previously reported, the SEC adopted final rules mandating disclosure of cybersecurity risk, strategy and governance, as well as material cybersecurity incidents. This includes new Item 1.05 of Form 8-K, which, beginning December 18,­ will require registrants to disclose certain information about a material cybersecurity incident within four business days of determining that a cybersecurity incident it has experienced is material. Though AlphV jumped the gun on the applicability of new Item 1.05, its familiarity with, and exploitation of their target’s public disclosure obligations is a further escalation in a steadily increasing trend of pressure tactics by leading ransom groups.

Continue reading

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

by Charu A. Chandrasekhar, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, Chris Duff, John Jacob, Amy Pereira, Ned Terrace, Luke Dembosky, and Mengyi Xu

Photos of the authors

Top left to right: Charu A. Chandrasekhar, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, and Matt Kelly.
Bottom left to right: Kelly Donoghue, Chris Duff, John Jacob, Amy Pereira, Ned Terrace, Luke Dembosky, and Mengyi Xu.
(Photos courtesy of Debevoise & Plimpton LLP)

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the Final Rules, and changes from the Proposing Release,[1] in our July 27, 2023 update. In this companion update, we discuss key takeaways across three areas for issuers to consider:

Continue reading

SEC Adopts New Cybersecurity Rules for Issuers

by Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul M. Rodel, Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff 

Photos of the authors

Top left to right: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew E. Kaplan, Erez Liebermann, Benjamin R. Pedersen, and Paul M. Rodel.
Bottom left to right: Steven J. Slutzky, Matt Kelly, Kelly Donoghue, John Jacob, Amy Pereira, Mengyi Xu, and Chris Duff.
(photos courtesy of authors)

On July 26, 2023, the SEC adopted the long-anticipated final rules on cybersecurity risk management, strategy, governance, and incident disclosure for issuers. The new rules are part of the SEC’s larger efforts focused on cybersecurity regulation with a growing universe of rules aimed at different types of SEC registrants, including: (i) its proposed cybersecurity rules for registered investment advisers and funds and market entities, including broker-dealers, (ii) its proposed amendments to Reg S-P and Reg SCI and (iii) existing cybersecurity obligations under SEC regulations, including Reg S-P, Reg S-ID, and the recently amended Form PF.

Continue reading

SEC Adopts Share Repurchase Disclosure Rules

by Eric T. Juergens, Matthew E. Kaplan, Nicholas P. Pellicani, Paul M. Rodel, Steven J. Slutzky, Jonathan R. Tuttle, and Charu A. Chandrasekhar

Photos of the authors

Top row from left to right: Eric T. Juergens, Matthew E. Kaplan, Nicholas P. Pellicani, and Paul M. Rodel.
Bottom row from left to right: Steven J. Slutzky, Jonathan R. Tuttle, and Charu A. Chandrasekhar. (Photos courtesy of Debevoise & Plimpton)

On May 3, 2023, the U.S. Securities and Exchange Commission (the “SEC”) adopted rules requiring additional disclosures by issuers of repurchases of equity securities registered under Section 12 of the Exchange Act made by or on behalf of the issuer or by any “affiliated purchaser” of the issuer.[1] Most significantly, the rules require:

  • most issuers to disclose their daily share repurchase activity on a quarterly basis;
  • additional disclosures in periodic reports regarding the objective and structure of an issuer’s repurchase program, including Rule 10b5-1 trading arrangements, and policies relating to trading activity by officers and directors during repurchase programs; and
  • issuer periodic reports to identify trading activity by officers and directors in close proximity to an announcement of a share repurchase program.

Continue reading

SEC Brings Enforcement Action Against Investment Adviser for Section 13 Beneficial Ownership Reporting Failures

by Andrew J. Ceresney, Matthew E. Kaplan, Nicholas P. Pellicani, Robert B. Kaplan, Julie M. Riewe, and Jonathan R. Tuttle 

On September 17, 2020, the U.S. Securities and Exchange Commission (the “SEC”) announced the institution of a settled cease and desist proceeding against WCAS Management Corporation (“WCAS”), an SEC-registered investment adviser to five private funds operating under the name Welsh, Carson, Anderson & Stowe (the “WC Funds”), for failures to satisfy reporting obligations under Section 13(d) of the Securities Exchange Act of 1934 (the “Exchange Act”). Specifically, the SEC’s Cease and Desist Order (the “SEC’s Order”), which WCAS consented to without admitting or denying the SEC’s findings, found that WCAS caused the WC Funds to violate Section 13(d)(2) and Rule 13d-2 of the Exchange Act by failing to timely update its Schedule 13D to reflect (i) the investment intent to liquidate its reported position in a public company and (ii) the subsequent sales disposing of such position. The SEC’s Order required WCAS to pay a civil penalty of $100,000 and to cease and desist from future violations of the applicable provisions of the Exchange Act. This latest action serves as another reminder of the SEC’s continued focus on beneficial ownership disclosures by institutional investors and the need to implement and adhere to robust controls and procedures to ensure compliance. Continue reading

Tenth Circuit Affirms SEC’s Extraterritorial Reach

by Mary Jo White, Kara Brockmeyer, Andrew J. Ceresney, Matthew E. Kaplan, Robert B. Kaplan, Julie M. Riewe, Jonathan R. Tuttle, and Ada Fernandez Johnson

Last week, in a much-anticipated decision, the U.S. Court of Appeals for the Tenth Circuit held in SEC v. Scoville et al. that Congress “clearly intended” Section 929P(b) of the Dodd-Frank Act to grant the U.S. Securities and Exchange Commission (“SEC”)  authority to enforce the anti-fraud provisions of the federal securities laws abroad where there is sufficient conduct or effect in the United States.[1] In affirming the lower court’s decision, the Tenth Circuit undertook a thorough analysis of the legislative history of Section 929P(b) and concluded that Congress “affirmatively and unmistakably” intended to grant extraterritorial authority to the SEC where either “significant steps” are taken in the U.S. to further a violation of the anti-fraud provisions, or conduct outside the U.S. has a “foreseeable substantial effect” within the U.S.

The Scoville decision thus provides judicial affirmation of the SEC’s ability to bring enforcement actions under what is essentially the same “conduct-and-effects” test that the Supreme Court rejected for private securities litigation in Morrison v. Nat’l Australia Bank Ltd., 561 U.S. 247 (2010). The Tenth Circuit’s decision, though not entirely unexpected, is significant in that it represents the first Circuit Court decision to directly address the SEC’s authority to enforce the federal securities laws extraterritorially after the Supreme Court’s rejection of the “conduct-and-effects” test in Morrison. Continue reading