SEC Enforcement Action

While the most common type of whistleblower may be a disgruntled employee, others can be whistleblowers, too. And as a recent SEC enforcement action highlights, interfering with these others’ attempts to communicate with the SEC can violate the agency’s whistleblower protection rules. In an amended complaint filed on November 4, 2019 in a pending SEC enforcement action, the agency alleges that the defendant company and one of its principals violated the SEC’s whistleblower rules by requiring the company’s investors to enter agreements in which the investors agreed not to contact the SEC or other regulatory enforcement authorities. The SEC alleges that these actions violated the agency’s whistleblower rules. A copy of the SEC’s November 4, 2019 press release about the amended complaint can be found here.  
Continue Reading SEC’s Whistleblower Protections Extend Beyond Just Employees

John Reed Stark

 As I detailed in a post at the time (here), on Thursday last week, the SEC filed a securities fraud enforcement action against Tesla Chairman and CEO Elon Musk in connection with his now infamous tweets, in which he said he had “secured” funding to take the company private at a substantial premium over the company’s then-current share price. On Saturday, September 29, 2018, the SEC announced in a press release (here) that it had reached a settlement of the action with Musk, as well as in a separate action against Tesla filed simultaneously with the settlement. In the following guest post, John Reed Stark, the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at the SEC’s enforcement actions and settlements with Musk and Tesla and provides his insight about what these developments may signify as far as the SEC’s enforcement posture regarding communications on the Internet. A version of this article originally appeared on the Securities Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: The SEC/Musk/Tesla Settlement: The Dawning of a New Era of SEC Internet Enforcement

Elon Musk’s August 7, 2018 Tweets, in which he had “secured” funding to take Tesla private at a substantial premium over the then-current share price, have already produced a storm of controversy and a series of securities class action lawsuits against him and the company. The Tesla CEO’s now-infamous Tweets have now also led to a SEC enforcement action against him, in which the agency alleges that Musk’s statements in the Tweets were “false and/or misleading” because “he did not have an adequate basis in fact for making these assertions.” The agency seeks injunctive relief, disgorgement, civil penalties, and a bar prohibiting Musk from serving as an officer or director of any public company. The SEC’s complaint against Musk can be found here. The SEC’s September 27, 2018 press release about the enforcement action can be found here.
Continue Reading SEC Files Securities Fraud Suit Against Elon Musk Over Take-Private Tweets

Stark Photo
John Reed Stark

As I noted in a recent post, on June 8, 2016, the SEC, in what one commentator called “the most significant SEC cybersecurity-related action to date,” announced that Morgan Stanley Smith Barney LLC had agreed to pay a $1 million penalty to settle charges that as a result of its alleged failure to adopt written policies and procedures reasonably designed to protect customer data, some customer information was hacked and offered for sale online. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at the circumstances at the company that led to this enforcement action and reviews the important lessons that can be learned from what happened. A version of this article originally appeared on CybersecurityDocket. I would like to thank John for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.


Continue Reading Guest Post: Key Takeaways From the SEC Morgan Stanley Cybersecurity Case

weilOn September 22, 2015, in what has been described as the SEC’s first cybersecurity-related enforcement action, the SEC announced that it had entered a settlement St. Louis-based investment advisor R.T. Jones Capital Equities Management, Inc., based on charges that the company had failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.  A copy of the SEC’s order related to the settlement can be found here.

In the following guest post, David Wohl and Paul Ferrillo of the Weil Gotshal law firm take a look at the SEC’s settlement with R.T. Jones and examine the implications of the settlement, and of the recent guidance from SEC’s Office of Investor Education and Advocacy, for future regulatory action, from the SEC and other agencies. A version of the guest post previously was published as a Weil client alert.

I would like to thank David and Paul for their willingness to publish their article on this blog. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is David and Paul’s guest post.

****************************************

Just days after the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued its second round of cybersecurity guidance for its upcoming examinations of registered investment advisers and broker-dealers,[i] the SEC settled an administrative proceeding on cybersecurity issues arising out of a breach at a registered investment adviser, R.T. Jones Capital Equities Management, Inc.  (“R.T. Jones”).[ii]  As a result of the settlement, R.T. Jones was censured and fined $75,000.  On the heels of the recent OCIE guidance and following a year of major cybersecurity breaches (especially at financial institutions),[iii] this proceeding is instructive on a number of points, especially on the question “What happens when you don’t adopt policies and procedures to safeguard client data?”
Continue Reading Guest Post: SEC’s Regulatory Action Against R.T. Jones: Did the Other Cybersecurity Shoe Just Drop?

seclogoOne of the noteworthy features of the Sarbanes-Oxley Act was the legislation’s creation of the requirement for reporting companies to provide a certification from management regarding the company’s internal controls. This requirement has not been the focus of a great deal of attention since the legislation was enacted in 2002. However if the administrative actions

In a strongly worded November 28, 2011 opinion (here), Southern District of New York Judge Jed Rakoff rejected the proposed $285 million settlement of the enforcement action that the SEC brought against Citigroup Capital Markets. But while he emphatically rejected the proposed settlement, his opinion may also suggest how the SEC might salvage