Signals of Change: New Directions for SEC Enforcement
The newly appointed US Securities and Exchange Commission (SEC) leadership and changes within Congress and the courts signal that enforcement challenges for public companies may be around the corner. As SEC enforcement is anticipated to increasingly target individual directors and officers and cybercrime, organizations may need to review their insurance programs to ensure potential risks that can ultimately affect their bottom lines are managed and mitigated.
On May 2, 2017, Walter J. Clayton was confirmed by the US Senate as SEC Chairman. Clayton, an independent, joined Democrat Kara Stein and Republican Michael Piwowar on the commission; two SEC vacancies remain unfilled. In August and September, President Donald Trump nominated Republican Hester Peirce and Democrat Robert L. Jackson Jr. to fill the two vacancies. Both nominees were recommended by the Senate Banking Committee on November 1and would join the Commission after receiving the approval of the full Senate.
The future direction of the SEC also may be impacted by developments in the legislative and judicial branches. The US Supreme Court recently restricted the SEC’s power to recover disgorgement of ill-gotten gains, while lower courts continue to hear challenges to the SEC’s use of an administrative forum for enforcement proceedings. Meanwhile, the Financial CHOICE Act — which effectively repeals many elements of the Dodd-Frank Wall Street Reform and Consumer Protection Act — was passed by the House of Representatives in June and is currently before the Senate Banking Committee. In addition to its proposed changes to the regulation of financial institutions, the CHOICE Act would affect SEC enforcement practices.
Priorities Announced By The New SEC Leadership
At his confirmation hearing in March, then-nominee Clayton advocated for a shift in enforcement to focus on individuals responsible for violations rather than targeting the corporations that employ them. Outgoing SEC Chair Mary Jo White held similar views; however, the SEC under her leadership also sought and recovered a record level of penalties from corporations. Critics have argued that this enforcement approach unduly punishes investors.1
Chairman Clayton’s emphasis on pursuing responsible individuals rather than corporate violators aligns with the Choice Act.2 That bill would require the SEC staff to present the agency with an economic analysis before approving any case seeking civil monetary penalties from a corporation. As part of this analysis, staff would be required to identify whether the issuer received an economic benefit from the alleged violation and determine whether the shareholders would be harmed by the penalty sought. While the SEC would not be bound to forgo penalties that could be passed on to shareholders, the bill’s analysis requirement aligns with Chairman Clayton’s stated view that penalties should be borne by those who commit violations and gain from any wrongdoing.3
In June, the SEC’s co-directors of the Division of Enforcement, Stephanie Avakian and Steven Peikin, announced that one of their top priorities will be policing cybersecurity. Co-director Peikin said computer crime is the greatest threat to US financial markets, while Avakian predicted that cyber threats will continue to emerge. Chairman Clayton echoed this sentiment in a July speech, saying that cybersecurity coordination among financial regulators is critical.4
In September, the SEC announced that the Enforcement Division has formally created a cyber unit, focused on computer-related market manipulation, hacking to obtain inside information, and intrusions into accounts and trading platforms. Co-director Avakian said in a statement that the cyber unit — which will be headed by former co-leader of the market abuse unit Robert A. Cohen — will help the agency to better detect and investigate cyber threats.
The Enforcement Division’s focus on cybersecurity will likely go beyond pursuing insider trading and market manipulation by hackers. The SEC may also target failures to implement adequate security measures or report data breaches in a timely manner. Although the SEC has not yet brought an enforcement action for securities fraud against an issuer for concealing material information related to a data breach, Avakian said in April that this type of action is “absolutely” plausible. This view was echoed by Chairman Clayton in recent testimony before Congress.
In light of the statements made by Clayton, Peiken, and Avakian, SEC Regulation S-P may be more heavily enforced. Regulation S-P requires broker-dealers, investment advisers, and investment companies to adopt policies and procedures to safeguard the security and confidentiality of customer data and protect against unauthorized access. In May, the SEC issued an alert highlighting security defects uncovered by a survey of 75 registered firms (see FIGURE 1)5. The survey reveals cybersecurity vulnerability among regulated participants. Even if none of these cybersecurity shortcomings violates Regulation S-P, the inconsistent adoption of these best practices may be partly responsible for Peiken and Avakian’s focus on such issues.
Newfound Need for Speed in Investigations
In June, in Kokesh v. SEC, the US Supreme Court unanimously ruled that the disgorgement of improper gains from securities law violations amounts to a penalty. Therefore, according to the Supreme Court, disgorgement cases are subject to the same five-year statute of limitations as all other civil penalties under federal law. This could immediately shake up the SEC’s enforcement strategy by putting beyond reach early gains from ongoing violations. Prior to the ruling, Former SEC Chairwoman Mary Jo White anticipated that imposing the five-year statute of limitations would cost the SEC leverage in settlement negotiations and increase the need for quicker investigations to avoid being precluded from pursuing older violations.6
The focus on speedy investigations and decisive action dovetails with provisions of the Choice Act that are designed to foster faster resolution of SEC investigations. If adopted, the bill would require the SEC to implement time limits on investigations7 and formally close investigations if no enforcement action is to be taken.8
Need for Express Authority
Both the Kokesh decision and the pending Choice Act include an increased emphasis on disclosing the basis for SEC enforcement. In particular, the Choice Act would require the SEC to announce all its legal theories as a matter of regulation, rather than introduce them through enforcement actions.9 If enacted, the bill would in effect bar after-the-fact interpretations of the federal securities law; this is because the SEC would be limited to pursuing enforcement of legal theories it has announced through formal guidance before any alleged misconduct takes place.10
Deeper Threats to SEC Authority
The SEC’s administrative enforcement practices also face a constitutional challenge. Since Dodd-Frank expanded the types of relief the SEC could pursue in an administrative forum, many respondents have argued that the method of appointing administrative law judges (ALJs) is unconstitutional. These respondents contend that under the US Constitution’s Appointments Clause, ALJs should be considered “inferior officers” (for example, persons authorized to exercise “significant authority” under the law) who must be appointed by the President, or if statute provides, by a court or a department head.11 Currently, the SEC’s ALJs are employees of the Commission, so if their responsibilities qualify them as “inferior officers,” they likely were appointed in an unconstitutional manner.
A circuit split has emerged on this issue, which could come before the Supreme Court in its October 2017 term. Notwithstanding these challenges, the SEC has been using its ALJs, as opposed to proceeding in federal court, at a very high rate. During the first half of fiscal 2017, the SEC brought new enforcement actions at the same pace seen in recent years, but chose to use ALJs for 91% of enforcement actions and brought only 9% in federal court.12
Even if the method of appointing ALJs survives the current constitutional challenge, the SEC may be subject to other reforms to its in-house administrative proceedings. Under the Choice Act, a respondent facing an SEC proceeding before an ALJ would have the option to remove the case to federal court or continue before an ALJ with a higher “clear and convincing” burden of proof on the SEC.13 ALJs would also be stripped of authority to issue orders barring respondents from participation in regulated entities or serving as directors or officers of public companies.14 Instead, the SEC would need to proceed in federal court to obtain a bar order.15
The evolving risk landscape under the Trump administration underscores the importance of directors and officers (D&O) liability insurance. Although time will tell how the SEC’s changing authority and enforcement powers may affect companies, D&O insurance remains a powerful risk transfer tool and potentially the last line of financial protection for directors and officers. With the anticipated regulatory focus potentially shifting away from corporations to individuals, companies should stress-test their D&O insurance program, focusing on:
- Conduct exclusions: When can they be triggered by an insurer?
- Severability: Does the behavior or knowledge of one person impact others?
- Investigations coverage: How early in the process are individuals covered? For example, will individuals be covered if the company chooses to conduct an internal investigation which results in self-reporting to the SEC? Will individuals be covered before a lawsuit is filed or before there are allegations of wrongful acts? Is there any entity coverage?
- Rescission: When can the insurer rescind the policy (if at all)?
- Program structure regarding:
- Insurers: Do the insurers on your program have deep claims experience?
- Limits of liability: What analytical tools are used to assess the appropriateness of your total limits and should different limits be secured?
- Dedicated limit for individuals (not the company): Does your program include broad Side-A difference-in-condition (DIC) coverage?
Many organizations will be closely watching the SEC’s approach to cybersecurity. The extent of the impact that cybersecurity issues will have on D&O liability remains to be seen. However, enforcement actions coupled with increased disclosure requirements will likely increase that type of potential exposure. With the uncertainty around the change in regulatory policies, it is critical to work with your insurance adviser to understand how the new administration’s policies could impact your company and its directors and officers and what coverage enhancements are available to address these exposures.
1Dave Michaels & Liz Hoffman, SEC Pick Jay Clayton Is a 180 From Chairman Mary Jo White, Wall Street Journal, https://www.wsj.com/articles/president-elect-trump-to-nominate-jay-clayton-securities-and-exchange-commission-chairman-1483545999 (Jan. 4, 2017) (“Chairman Mary Jo White . . . presided over the SEC in a period when the agency collected record amounts of penalties and disgorged profits from wrongdoers. . . . Many Republicans liked Ms. White personally but thought her agency’s fines punished shareholders.”).
2For further analysis of the Financial Choice Act’s impact on SEC enforcement practices, see Jason M. Halper, Jodi L. Avergun, Joseph V. Moreno, Lex Urban, Kendra Clayton Wharton & Aaron Buchman, Financial CHOICE Act Would Complicate the Choices in Bringing and Defending Against SEC Cases (June 12, 2017)available at http://www.cadwalader.com/resources/clients-friends-memos/financial-choice-act-would-complicate-the-choices-in-bringing-and-defending-against-sec-cases.
3“Corporate employees tempted to cut legal corners or engage in malfeasance will think twice if they know they are likely to pay a price for their wrongdoing. If it is far more likely that the costs will instead be imposed on the company or its shareholders, that deterrent effect is undermined.” House Committee on Financial Services, The Financial Choice Act Creating Hope and Opportunity for Investors, Consumers, and Entrepreneurs, at 116, https://financialservices.house.gov/uploadedfiles/2017-04-24_financial_choice_act_of_2017_comprehensive_summary_final.pdf (April 24, 2017).
4Jay Clayton, Remarks at the Economic Club of New York, https://www.sec.gov/news/speech/remarks-economic-club-new-york (July 12, 2017).
5Office of Compliance Inspections & Examinations, Cybersecurity: Ransomware Alert, https://www.sec.gov/files/risk-alert-cybersecurity-ransomware-alert.pdf (May 17, 2017).
6Mary Jo White & Andrew Ceresney, Inside Insight on Coming Change at the SEC (May 31, 2017 1:30 PM), https://event.on24.com/wcc/r/1420551/8258B929E5B9EAB29F0A48DA80620A05.
7H.R. 10, 115th Cong. (2017), § 826.
8Id. § 817.
9House Committee on Financial Services, The Financial Choice Act Creating Hope and Opportunity for Investors, Consumers, and Entrepreneurs, at 118, https://financialservices.house.gov/uploadedfiles/2017-04-24_financial_choice_act_of_2017_comprehensive_summary_final.pdf (April 24, 2017).
10H.R. 10, 115th Cong. (2017), § 819.
11U.S. Const. Art. II, Sec. 2, Cl. 2.
12Stephen Choi, Sara E. Gilley, Heather Lazur, David F. Marcus & Anat Carmy-Wiechman, Cornerstone Research/NYU Pollack Center for Law & Business Report, SEC Enforcement Activity: Public Companies and Subsidiaries—Midyear FY 2017 Update, at 2, https://www.cornerstone.com/Publications/Reports/SEC-Enforcement-Activity-Midyear-FY-2017-Update (May 9, 2017).
13H.R. 10, 115th Cong. (2017), § 823.
14Id., § 825.
1515 USC § 78u(d)(2).