Latham & Watkins operates worldwide as a limited liability partnership organized under the laws of the State of Delaware (USA) with affiliated limited liability partnerships conducting the practice in the United Kingdom, France, Italy and Singapore and as affiliated partnerships conducting the practice in Hong Kong and Japan. The Law Office of Salman M. Al-Sudairi is Latham & Watkins associated office in the Kingdom of Saudi Arabia. Under New York’s Code of Professional Responsibility, portions of this communication contain attorney advertising. Prior results do not guarantee a similar outcome. Results depend upon a variety of factors unique to each representation. Please direct all inquiries regarding our conduct under New York’s Disciplinary Rules to Latham & Watkins LLP, 885 Third Avenue, New York, NY 10022- 4834, Phone: +1.212.906.1200. © Copyright 2016 Latham & Watkins. All Rights Reserved. Latham & Watkins Securities Litigation & Professional Liability Practice and Data Privacy, Security & Cybercrime Practice February 26, 2016 | Number 1934 SEC Speaks Conference 2016: Key Takeaways for Public Companies Senior SEC enforcement staff “Speaks” to the division’s performance in 2015 and identifies priorities for 2016. Senior members of the Enforcement Division of the US Securities and Exchange Commission (SEC) gathered on February 19, 2016, at the Practising Law Institute’s annual “SEC Speaks” conference in Washington, D.C. to reflect on the Division’s performance in 2015 and discuss enforcement priorities for 2016. 1 In 2016, the Staff will prioritize cyber security, FCPA and insider trading cases, with a continued focus on pursuing gatekeepers. The Commission’s whistleblower and cooperation programs continue to grow, raising the bar for cooperation. The Staff will continue to litigate in both federal court and administrative proceedings, and rely on data analytics to detect suspicious trading patterns and financial reporting. These, and other key takeaways, are set forth below. SEC Chair Mary Jo White reported in her opening remarks that the agency brought an unprecedented number of enforcement cases in 2015. The coming election year will be a period of significant transition for the Commission. The Senate has yet to fill the seats left by outgoing Commissioners Aguilar and Gallagher, but White insisted 2016 will be business as usual even with just three Commissioners. Court decisions are expected in closely watched insider trading cases post-Newman, cases challenging the constitutionality of the SEC’s administrative proceedings, and cases regarding the scope of the Dodd Frank Act’s anti-retaliation provision. With these highly anticipated political and judicial developments on the horizon, the Enforcement Division paused to look back on the agency’s successes in 2015 and describe its priorities for 2016. The 2016 agenda the Enforcement panelists discussed echoed themes that emerged throughout the twoday conference. For example, the panelists stated the Commission would continue to use data analytics to monitor and detect suspicious trading patterns and market fraud, which leads to more robust and complete referrals to Enforcement. Chief Litigation Counsel Matthew Solomon highlighted the Division’s successes in federal trials. Deputy Director Stephanie Avakian sounded a familiar theme, underscoring that pursuing gatekeepers would remain a key priority in 2016. The Staff summarized key areas of enforcement, describing with respect to each area the Division’s significant cases from 2015 and its enforcement goals for the coming year. Consistent with Chair White’s opening remarks, the Staff indicated plans to prioritize its enforcement interests in the area of cyber security. During the Enforcement Workshop, Kara Brockmeyer, Chief of the Foreign Corrupt Practices Act Unit, reported that 2016 is off to a busy start for the FCPA unit. Sharon Binger, Director of the Philadelphia Regional Office, emphasized that the SEC’s whistleblower and cooperation programs are growing, and achieving results. Latham & Watkins February 26, 2016 | Number 1934 | Page 2 Litigation Developments Solomon presented on the Division’s trial performance in 2015. He also commented on the Commission’s use of administrative proceedings, and emphasized the Division’s continued focus on protecting the SEC’s processes by aggressively pursuing all remedies against defendants who obstruct SEC investigations or litigation. 2015 Trial Performance Solomon reported that the Division maintained a busy docket in 2015. Coming off its 10-year high of 30 trials in 2014, the Division took 27 cases to trial in 2015: 25 in federal court and two in administrative proceedings. The SEC boasted an undefeated record in federal court, with its two losses coming in administrative proceedings. Challenges to the Use of Administrative Proceedings The Commission’s increased use of administrative proceedings was in the spotlight in 2015. Many have criticized the SEC’s initiating actions in administrative proceedings rather than federal court, based on the concern that administrative law judges are biased in favor of the SEC. 2 (Although not discussed during the conference, the SEC Inspector General cleared administrative law judges of allegations of bias in a report to Chair White in January 2016.3 ) Separately, several cases challenging the constitutionality of administrative proceedings (under the Due Process Clause, the Seventh Amendment right to a jury trial, or the Appointments Clause of Article 2, under which “inferior officers” must be appointed) are working their way through courts.4 While not expressly addressing these growing criticisms, Solomon described the administrative process as fair, and adamantly disputed the SEC’s perceived “home court advantage,” pointing out that the Division’s two losses in 2015 were both in administrative proceedings. He observed that the Commission brings most administrative proceedings against registered persons or entities; but, most hotly contested cases, and cases alleging financial fraud and insider trading, are brought in federal court. Solomon emphasized that the SEC will continue to use administrative proceedings when it deems appropriate, pending further judicial developments. Protecting SEC Processes Solomon stressed the Division’s commitment to pursuing all remedies against defendants who obstruct SEC investigation or enforcement, citing recent cases in which the SEC moved aggressively to protect SEC processes. In one such case, according to Solomon, the court granted the SEC’s motion to subpoena the defendant’s service provider for emails based on the SEC’s allegation that the defendant failed to comply with a production order. In other cases, the SEC has referred defendants for criminal prosecution for obstruction of an SEC investigation. Last year, for example, a former hedge fund manager was convicted of obstruction for impersonating his supervisor on the phone with SEC officials. While few public company officers or employees would engage in such outrageous behavior, the case does illustrate the need for care and candor in all dealings with the SEC staff, whether in SEC testimony or in responding to a comment letter. Key Areas of Enforcement The Enforcement Panel reflected on the Division’s most significant and high-profile cases in 2015 and previewed its priorities for 2016, noting the diversity of product-type, entity-type and legal areas covered. Robert Cohen, Co-chief of the Market Abuse Unit, reflected that the Market Abuse Unit is increasingly bringing more cases involving spoofing (manipulative conduct in which the trader sends a non-bona fide order to trick others into thinking the market is moving in a particular direction and then orders on the Latham & Watkins February 26, 2016 | Number 1934 | Page 3 other side to obtain a favorable price), and dark pools (private investment forums for trading securities only sophisticated investors typically utilize) and other Alternative Trading Systems (ATS). Michael Osnato, Jr., Chief of the Complex Financial Instruments Unit, stated that the Complex Financial Instruments Unit would prioritize pursuing not only misconduct with respect to complex products, but also complex market practices. During the Enforcement Panel, Enforcement Workshop, and throughout the conference, cyber security, gatekeeper functioning, insider trading and FCPA emerged as key areas of enforcement for 2016. Cyber Security Avakian emphasized that cyber security remains a top priority at the Division. The Division is looking to bring enforcement actions against 1) registrants and investment advisors that fail to adopt policies and procedures reasonably designed to safeguard client personally identifiable information (PII); 2) individuals who trade on material non-public information obtained by hacking; and 3) companies that fail to disclose when they become aware of a reportable data breach. Avakian referred to the Division’s action against R. T. Jones Capital Equities Management, an investment advisor (R. T. Jones). R. T. Jones agreed to pay US$75,000 to settle the SEC’s charges that the company violated Regulation S-P by failing to establish cyber security policies and procedures to safeguard personal client information (such as employing a firewall or encrypting data). As a result, R. T. Jones was susceptible to an attack that compromised the PII of approximately 100,000 individuals.5 In this regard, Avakian’s remarks are highly consistent with federal regulators across financial and other critical industry sectors, who have been uniformly focused on the need for documented security management programs to adequately protect sensitive consumer information, as well as the integrity, confidentiality, and availability of operational systems and company records. Avakian also highlighted the SEC’s current litigation against more than 30 defendants accused of insider trading on information obtained from hackers. The SEC has alleged a scheme in which two individuals in Ukraine hacked newswire services and stole earnings releases in advance of their release to the market, and sold that information to 30 traders. The traders then traded on the stolen information to reap more than US$100 million in illegal profits.6 The court has granted the SEC’s motion for a preliminary injunction freezing several defendants’ assets. The agency has yet to bring a case against a public company for failing to disclose a data breach, and Avakian reassured public companies that such an action would be warranted only in the event of a “significant disclosure failure.” Avakian recognized that companies who are victims of cyber intrusion may hesitate to report because they risk investigation into their policies and procedures or disclosures. She responded to this concern by explaining that the SEC will not second-guess good faith efforts to take appropriate steps to protect customer information. The Enforcement Panel’s focus on cyber security is consistent with the SEC’s generally high level of interest in encouraging active deliberation about whether public disclosure of serious incidents is legally required, since Congress first pressured the SEC to issue guidance in 2011 explaining how a data breach event might require disclosure to shareholders about material loss contingencies or risk factors. The SEC regularly queries companies about whether they have experienced cyber security incidents in Letter Requests. However, notwithstanding continued Staff interest, few public companies have in fact reported a breach that has had a material effect on business, operations or reputation, consistent with the guidelines. Latham & Watkins February 26, 2016 | Number 1934 | Page 4 Pursuing Gatekeepers The Staff reiterated its focus on pursuing individual gatekeepers (in addition to professional firms), including auditors, lawyers, directors, underwriters, broker dealers, accountants, transfer agents and promoters, even if no client violation is charged. This trend is not new; in 2013, Chair White announced that the SEC would hold accountable “deficient” gatekeepers who “should be serving as the neighborhood watch” for failures that happen on their watch. 7 Avakian acknowledged, however, that gatekeepers must exercise professional judgment, and the SEC will not second-guess good faith exercise of judgment consistent with applicable standards of conduct. Avakian noted that the Staff would look to impose liability on individuals in their role as gatekeeper in two general scenarios: 1) falling short of professional, rule-based standards or industry regulations, and 2) acting inconsistently with affirmative representations. In gatekeeper cases, the SEC frequently seeks and obtains remedies beyond the usual disgorgement and civil penalties. These cases often focus on forwardlooking remedies, such as limits on individual activity (including the inability to work in a compliance or supervisory role, suspension and bar); independent compliance consultants; training requirements; structural changes; and, increasingly, tailored restrictions on the gatekeeper (such as a prohibition on taking new business, a prohibition on providing legal services in an area like Regulation D or unregistered transactions, or a restriction on certain regulated activities, like a bar from involvement in due diligence). Insider Trading The Enforcement Panel briefly touched upon insider trading cases, a traditional area of enforcement at the heart of the Second Circuit’s landmark Newman decision. During a later session with the Office of General Counsel on judicial and legislative developments, the Staff acknowledged the circuit split on the standard for tippee liability. In the Fall Term of 2016, the Supreme Court will decide Salman v. U.S., 8 reviewing a Ninth Circuit decision that held that a tipper who gave his brother material, non-public information to gain a market advantage indicated a close family relationship sufficient to show personal benefit to the tipper,9 as required under Dirks v. SEC. 10 The Court will decide whether a close family relationship between the tipper and tippee is sufficient, or, as the Second Circuit held in U.S. v. Newman, the prosecution must prove “an exchange that is objective, consequential, and represents at least a potential gain of pecuniary or similarly valuable nature.” 11 Solicitor Michael Conley stated his concern that Newman could be interpreted to limit the SEC’s ability to effectively enforce the insider trading laws by raising the SEC’s burden of proof and by breeding confusion with an amorphous standard as lower courts are left to flesh out the meaning of “objective,” “consequential” and a “potential gain of pecuniary or similarly valuable nature.” Avakian, on the other hand, interprets Newman as being limited to its facts. Foreign Corrupt Practices Act Brockmeyer announced that the SEC brought 14 FCPA cases in fiscal 2015, resulting in US$215 million in disgorgement and penalties. The Commission has already brought six FCPA cases this year, resulting in US$200 million in disgorgement and penalties, and 2016 will likely continue to be busy for the FCPA unit. The SEC has brought many of the recent FCPA cases on its own; only three FCPA actions in the last year and a half were brought in parallel with the Department of Justice (DOJ). Brockmeyer expects this trend to continue in 2016, because the SEC will pursue enforcement action where dollar amounts of the improper payments are relatively small, or where only books and records and internal control violations are charged. In our experience, those latter cases are consistent with the SEC’s overall focus on “broken windows” violations, as well as an increased focus on internal controls in the financial reporting area. Brockmeyer noted that FCPA enforcement in 2016 will prioritize investigations of pharmaceutical companies and financial services firms. The Commission will continue to work with its foreign Latham & Watkins February 26, 2016 | Number 1934 | Page 5 counterparts. Brockmeyer announced that in one enforcement action this year, the Staff obtained information from 13 different foreign jurisdictions. The SEC will also seek to use NPAs and DPAs (discussed below) to encourage individual foreign nationals to cooperate. Financial Reporting and Audit Group The Financial Reporting and Audit Group (FRAud Group) is responsible for identifying potential financial reporting issues and referring them to other groups within the Division for further investigation. The FRAud Group evolved from the Financial Fraud Task Force and now includes about 35 attorneys and accountants, and last year became a permanent unit within the Division. Margaret McGuire, Chief of the FRAud Group, explained that the Group seeks to identify susceptibility to fraudulent financial reporting before investor losses manifest, and thus will focus on missing or insufficient internal controls, even where no fraud has occurred. Consistent with Chair White’s remarks, and consistent with its intent to identify issues early, the Group makes significant use of technology to assist in identifying potential investigations. Previously, the Staff had used an accounting quality model (AQM) to assist in identifying potential investigations. McGuire noted that the FRAud Group is now using an expanded tool that builds on the AQM, called the Corporate Issuer Risk Assessment Program (CIRA), which the Commission’s Division of Economic and Risk Analysis developed. CIRA analyzes issuer financial statements and compares them to other public companies to detect anomalous patterns in financial reporting. Using that technology, the FRAud Group has identified 270 issuers for further review. In fiscal 2015, the SEC brought 135 financial reporting matters, compared to 96 in 2014. Incentives for Cooperation Sharon Binger, Director of the Philadelphia Regional Office, reviewed the Division’s 2015 whistleblower awards and the status of the SEC’s cooperation program. Attempting to address skepticism surrounding the benefits of cooperation, she indicated that the Commission would continue to robustly employ cooperation incentives in 2016, such as non-prosecution agreements (NPAs), deferred prosecution agreements (DPAs) and reduced monetary penalties for self-reporting. 2015 Whistleblower Awards and Litigation Binger described 2015 as a successful year for the SEC’s relatively young whistleblower program. The Office of the Whistleblower received nearly 4,000 tips in 2015, up 30% since 2012 (the first year for which the SEC has full-year data). The Commission awarded more than US$37 million to whistleblowers in 2015, with the single largest award being US$30 million (the largest whistleblower payment to date). 12 The Commission has paid more than US$54 million to 22 whistleblowers since the Commission’s new whistleblower rules went into effect in August 2011.13 Binger announced that the Division will continue to award outside and foreign whistleblowers to leverage high quality information. Binger highlighted In re KBR, Inc. as a high mark for the Commission in 2015. KBR was the SEC’s first enforcement action under Dodd Frank Act Rule 21f-17, which prohibits companies from acting to impede whistleblowers from reporting possible securities violations to the SEC. KBR required employees in an internal investigation to sign a confidentiality agreement that warned that individuals could be disciplined or fired if they discussed the subject matter of the investigation without prior approval, which the SEC asserted interfered with the ability of potential whistleblowers to report wrongdoing. To resolve these allegations, KBR paid a US$130,000 civil penalty and revised its confidentiality agreement to clarify that individuals were neither prohibited from reporting misconduct to government agencies nor required to notify KBR or obtain authorization to do so.14 Latham & Watkins February 26, 2016 | Number 1934 | Page 6 In light of the SEC’s continued expressed intent to censor intimidation that prevents reporting, KBR may be the beginning of a cautious shift in the wording of confidentiality agreements.15 Indeed, Binger encouraged employers to review their confidentiality agreements that in word or effect prevent employees from reporting misconduct to the SEC, and stated that the SEC will continue to act against perceived restrictions on potential whistleblowers. Public companies must balance this guidance, however, with legitimate reasons for seeking confidentiality, such as to protect the integrity of the investigation and to preserve the company’s attorney-client privilege in employee interviews. Notably, despite a recent Commission rule interpreting Dodd Frank’s anti-retaliation protection as applying not only to individuals who report conduct to the Commission but also to those who report conduct internally, whether courts will defer to the Commission’s rule remains unclear. Cooperation Program – Five-Year Mark In the five years since its formal inception,16 the SEC’s cooperation program has led to 103 cooperation agreements, six NPAs and nine DPAs. Binger stated that the Commission extends the highest credit to early self-reporters, warning that companies that decide against self-reporting “are taking a gamble” that the SEC does not learn about the conduct in question from its whistleblower program. One enforcement panelist noted there is some skepticism about the benefits of cooperation. Binger explained that benefits of cooperation can include flexibility on charging decisions; reduction in monetary penalties; reduction in suspensions or bars; and/or a reference of the cooperation in litigation or a settlement press release (unless such a mention would not support the Commission’s policy or would affect an ongoing investigation). However, evaluating cooperation, and determining how to reward that cooperation, remains largely with the Staff. Many observers nevertheless remain skeptical, believing that for entities such as public companies and financial institutions, the “benefits” of cooperation are elusive and difficult to quantify, particularly in light of Binger’s observation that “the bar for cooperation has been raised." If you have questions about this Client Alert, please contact one of the authors listed below or the Latham lawyer with whom you normally consult: William R. Baker III firstname.lastname@example.org +1.202.637.1007 Washington, D.C. Brian E. Kowalski email@example.com +1.202.637.1064 Washington, D.C. Sarah A. Greenfield firstname.lastname@example.org +1.202.637.2335 Washington, D.C. Heather A. Blakeman* email@example.com +1.202.637.1008 Washington, D.C. The authors would like to thank Jennifer Archie and Scott Jones for their contributions to this Client Alert. * Licensed to practice in Illinois only. All work supervised by a member of the D.C. Bar. Latham & Watkins February 26, 2016 | Number 1934 | Page 7 You Might Also Be Interested In What You Need to Know About the Cybersecurity Act of 2015 7 Tips for Conducting Effective Cybersecurity Due Diligence in M&A Transactions How to Navigate the SEC’s Proposed Mandate on Clawbacks The Legal Risks Associated With Corporate Sustainability Reporting Client Alert is published by Latham & Watkins as a news reporting service to clients and other friends. The information contained in this publication should not be construed as legal advice. Should further analysis or explanation of the subject matter be required, please contact the lawyer with whom you normally consult. The invitation to contact is not a solicitation for legal work under the laws of any jurisdiction in which Latham lawyers are not authorized to practice. A complete list of Latham’s Client Alerts can be found at www.lw.com. If you wish to update your contact details or customize the information you receive from Latham & Watkins, visit http://events.lw.com/reaction/subscriptionpage.html to subscribe to the firm’s global client mailings program. Endnotes 1 The Enforcement Panel included Enforcement Director Andrew Ceresney; Deputy Enforcement Director Stephanie Avakian; Chief Litigation Counsel Matthew Solomon; Sharon Binger, Director of the Philadelphia Regional Office; Michael Osnato, Jr., Chief of the Complex Financial Instruments Unit; and Robert Cohen, Co-chief of the Market Abuse Unit. During a later Enforcement Workshop, Kara Brockmeyer, Chief of the Foreign Corrupt Practices Act Unit, and Margaret McGuire, Chief of the Financial Reporting and Audit Group, presented, among others. 2 See Jean Eaglesham, SEC Wins With In-House Judges, Wall St. J., May 6, 2015, http://www.wsj.com/articles/sec-wins-with-inhouse-judges-1430965803. 3 Transmittal of Report of Investigation: Case No. 15-ALJ-0482-I from Inspector General Carl W. Hoecker to Chair Mary Jo White (Jan. 21, 2016). 4 See Jarksey v. SEC, 803 F.3d 9 (D.C. Cir. 2015) (affirming the district court’s finding that it had no jurisdiction to hear constitutional challenges to the administrative proceeding while it was pending); Bebo v. SEC, No. 15-1511, 2015 WL 4998489 (7th Cir. Aug. 24, 2015) (same); Gray v. SEC, No. 15-cv-0492 (N.D. Ga. Aug. 4, 2015) (finding that the district court had subject matter jurisdiction to consider constitutional challenges to the SEC administrative proceeding and preliminarily enjoining the proceeding on the ground that there was a substantial likelihood that it violated the Appointments Clause; the SEC has appealed to the 11th Circuit); Hill v. SEC, No. 15-cv-1801, 2015 WL 4307088, -- F. Supp. 3d -- (N.D. Ga. June 8, 2015) (same). 5 In re R.T. Jones Equities Mgmt., Inc., Order Instituting Cease-and-Desist Proceedings Pursuant to Sections 203(e) and 203(k) of the Investment Advisors Act of 1940, File No. 3-16827 (SEC Sept. 22, 2015). 6 Complaint, SEC v. Dubovoy, 2:15-cv-06076-MCA-MAH (D.N.J. filed Aug. 10, 2015). 7 Mary Jo White, Chair, SEC, Remarks at the Securities Enforcement Forum (Oct. 9, 2013); see also William R. Baker III & Joel H. Trotter, Nothing to Fear From the SEC?, Wall St. J., Oct. 28, 2015, http://www.wsj.com/articles/nothing-to-fear-from-the-sec- 1446073083. 8 Order Granting Petition for Writ of Certiorari, Salman v. United States, No. 15-628 (US Jan. 19, 2016). 9 United States v. Salman, No. 14-10204 (9th Cir. July 6, 2015), reh’g denied, (9th Cir. Aug. 13, 2015). 10 Dirks v. SEC, 463 US 646 (1983). 11 United States v. Newman, Nos. 13-1837-cr (L), 13-1917-cr (con) (2d Cir. Dec. 10, 2014). 12 SEC, Annual Report to Congress on the Dodd-Frank Whistleblower Program at 10 (2015). 13 Id. at 1. 14 In re KBR, Inc., Order Instituting Cease-and-Desist Proceedings Pursuant to Section 21C of the Securities Exchange Act of 1934, Exchange Act Release No. 74619 (Apr. 1, 2015). Latham & Watkins February 26, 2016 | Number 1934 | Page 8 15 Erika Kelton, SEC Hits Back at KBR and Other Corporate Bullies Who Threaten Whistleblowers, Forbes, Apr. 2, 2015, http://www.forbes.com/sites/erikakelton/2015/04/02/sec-hits-back-at-kbr-and-other-corporate-bullies-who-threatenwhistleblowers/#7b980a961519 16 See Andrew Ceresney, Speech, The SEC’s Cooperation Program: Reflections on Five Years of Experience (May 13, 2015).