In an action the SEC’s two Republican Commissioners sharply criticized in a separately-issued statement, the SEC has filed settled charges against business communications services provider R.R. Donnelly & Sons (RRD) relating to the company’s disclosure and accounting controls in connection with cybersecurity incidents the company suffered in late 2021. The company, which the SEC credited for its cooperation and remedial measures, agreed to pay a $2.125 million civil penalty and voluntarily adopted corrective processes and procedures. The settled action provides strong indications of the measures and controls the agency expects reporting companies to adopt and implement with respect to cybersecurity.Continue Reading SEC Files Settled Charges Based on Alleged Cybersecurity-Related Control Deficiencies
Securities Enforcement
Supreme Court Strikes Down SEC’s Use of Administrative Law Judges in Civil Penalty Actions
The United States Supreme Court has held that that, in light of the Seventh Amendment’s right to a jury trial, the SEC must pursue enforcement actions seeking civil penalties in a jury trial proceeding in federal court rather than in an action before an administrative law judge. The Court’s 6-3 ruling could have significant consequences for the many SEC enforcement actions now pending in the agency’s administrative tribunals, as well as for the agency’s pursuit of future enforcement actions. The Court’s ruling could also have important implications for other federal agencies’ use of administrative tribunals as well. A copy of the Court’s June 27, 2024, opinion in SEC v. Jarkesy can be found here.Continue Reading Supreme Court Strikes Down SEC’s Use of Administrative Law Judges in Civil Penalty Actions
SEC Files “AI-Washing” Enforcement Action Against AI-Based Start-Up Founder
In a speech last December, as well as in several subsequent statements, SEC Chair Gary Gensler has emphasized the agency’s concerns with companies that are over-hyping their artificial intelligence (AI) capabilities in ways that mislead investors. In March, the agency filed enforcement actions against two investment advisors that allegedly misled investors about the firms’ AI-enabled services.
In the latest example of the agency’s AI-related campaign, earlier this week the agency filed an enforcement action against the CEO and Founder of Joonko Diversity, Inc., an Artificial Intelligence-based employee recruitment startup, alleging among other things that the individual made false AI-related claims about the company’s services. In bringing the action, the agency emphasized the significance of the action’s AI-related allegations. A copy of the agency’s June 11, 2024, press release about the action can be found here. The agency’s complaint in the action can be found here.Continue Reading SEC Files “AI-Washing” Enforcement Action Against AI-Based Start-Up Founder
SEC Accounting and Auditing Enforcement Actions Increased in FY 2023
Largely as a result of an influx of new actions in the fiscal fourth quarter, new SEC accounting and auditing enforcement actions increased in FY 2023 (which ended September 30, 2023) according to a new Cornerstone Research report. The number of new accounting and auditing enforcement actions increased by 22% in FY 2023, compared to the 8% increase in the overall number of enforcement actions during the fiscal year. While the number of accounting and auditing enforcement actions increased in FY 2023, aggregate monetary settlements in accounting and enforcement actions decreased 7% during the fiscal year.Continue Reading SEC Accounting and Auditing Enforcement Actions Increased in FY 2023
SEC Chair Warns Against “AI Washing”
The risks and opportunities that AI presents have emerged quickly and may be evolving even faster; the whole AI phenomenon has developed much more quickly than legislators’ and regulators’ ability to respond. Among the many AI effects that regulators and other observers are struggling to assess is the extent of the AI-related litigation potential, including but not limited to the prospects for AI-related corporate and securities litigation.Continue Reading SEC Chair Warns Against “AI Washing”
Guest Post: CISO Liability in Focus: SEC Enforcement, Insurance, and [Personal] Risk Mitigation
In a recent post in which I discussed the cyber incident-related enforcement action the SEC brought against the software company SolarWinds, I noted that the defendants named in the action included the company’s Chief Information Security Officer(CISO), adding that the SEC’s naming of the CISO as an enforcement action defendants “is sure to send a shiver down the collective spines of the CISO community.” In the following guest post, Priya Cherian Huskins, Senior Vice President and Partner, Woodruff Sawyer, takes a detailed look at the agency’s action against the SolarWinds CISO, and considers the key liability and insurance implications. A version of this article previously published on Woodruff Sawyer’s D&O Notebook here. I would like to thank Priya for allowing me to publish her article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Priya’s article.Continue Reading Guest Post: CISO Liability in Focus: SEC Enforcement, Insurance, and [Personal] Risk Mitigation
Private Companies and SEC Enforcement Actions
The reach and scope of the federal securities laws is a concern most obviously relevant to publicly traded companies. However, as I have emphasized previously, private companies are not immune from scrutiny under the federal securities laws. The SEC has in fact an extensive history of pursuing enforcement actions against private companies for alleged federal securities laws violations; one needs to go back no further than the high-profile enforcement action brought against the supposed blood testing company Theranos for an example of this phenomenon in action.
A recent memo from Wiley law firm underscores these points about the exposures of private companies; as the memo’s authors put it, “private entities should be aware that an aggressive SEC can investigate and penalize them (and their executives), even if they are not directly involved in issuing securities.” The law firm’s September 23, 2023, memo, entitled “Think Because You Are a Private Company the SEC Is Not Your Problem? Think Again,” can be found here.Continue Reading Private Companies and SEC Enforcement Actions
U.S. Supreme Court Takes Up Case Concerning the SEC’s Use of In-House Court
On June 30, 2023, the U.S. Supreme Court agreed to take up a case to consider the legality of the SEC’s use of in-house administrative tribunals, which the agency uses to enforce the federal securities laws. The agency sought Supreme Court consideration of a federal appellate court ruling that held the administrative courts to be unconstitutional. The case could significantly impact the way in which the agency enforces the federal securities laws. The court’s June 30, 2023 order in which the SEC’s petition for a writ of certiorari was granted can be found here.Continue Reading U.S. Supreme Court Takes Up Case Concerning the SEC’s Use of In-House Court
Mining Company Settles SEC’s ESG Task Force’s First-Ever Enforcement Action
When the SEC established a Climate and ESG Task Force in March 2021, the agency said that the group would “develop initiatives to proactively identify ESG-related misconduct.” Since that time the Task Force has indeed filed enforcement actions alleging ESG-related misrepresentations. Now the agency has reached a settlement with the Brazil-based mining company Vale, S.A. of the Task Force’s first-filed enforcement action, in connection with alleged misrepresentations in the company’s sustainability report about the safety of the company’s mining dams. In the settlement, the company agreed to pay a total of $55.9 million. The enforcement action and its settlement signify the agency’s increasing focus on ESG-related disclosure and its willingness to pursue enforcement actions using existing procedural mechanisms. A copy of the SEC’s March 28, 2023, press release about the Vale settlement can be found here.Continue Reading Mining Company Settles SEC’s ESG Task Force’s First-Ever Enforcement Action
SEC Charges Company Over Disclosures Concerning Ransomware Attack
On March 9, 2023, the SEC announced that it had settled charges that data management software company Blackbaud, Inc. had settled charges that the company’s cybersecurity disclosure policies and procedures violated the agency’s public company disclosure reporting requirements and that the company had made misleading disclosures about a 2020 ransomware attack that impacted more that 13,000 of its customers. The company, which neither admitted or denied the charges, agreed to a cease-and-desist order and to pay a $3 million penalty. The action, which follows a similar proceeding involving cybersecurity disclosures and procedures, highlights the agency’s focus on cybersecurity-related disclosures.Continue Reading SEC Charges Company Over Disclosures Concerning Ransomware Attack