Caremark’s Comeback Includes Potential Director Liability in Connection With Data Breaches
A Caremark-based claim against a board of directors alleging a failure to monitor corporate operations has been said to be “the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment,” or at least to withstand a motion to dismiss. Yet, Caremark has taken on renewed importance — as noted by this blog — following recent high-profile successes on duty-to-oversee claims, most notably in Marchand v. Barnhill in 2019 and In re Boeing in September 2021, and recent shareholder lawsuits alleging that data breach- and cybersecurity-related failures would have been preventable were it not for oversight failures by corporate officers and directors, are being plead asserting Caremark claims. (more…)
SEC Encourages Self-Reporting of Recordkeeping Violations Resulting From Employees’ Use of Personal Devices for Business Communications
On December 17, 2021, the U.S. Securities and Exchange Commission (SEC) announced settled charges against a broker-dealer firm for recordkeeping violations arising from its employees’ use of personal devices for business communications. The firm agreed to pay a $125 million penalty and to retain a compliance consultant to conduct a comprehensive review of its policies and procedures relating to the retention of electronic communications found on personal devices. In announcing this enforcement action, the SEC encouraged registrants to self-report similar failures to the SEC. (more…)
SEC Announces Long-Awaited Updates to Broker-Dealer Recordkeeping Requirements
In a much anticipated (and, to many, long overdue) release published in mid-November, the U.S. Securities and Exchange Commission (SEC) proposed to update its decades-old recordkeeping requirements for broker-dealers to, among other things, allow for electronic records to be retained in a manner other than “exclusively in a non-rewriteable, non-erasable format” (aka write once, read many, or WORM). The proposal would allow electronic records to be retained, as an alternative to WORM, using an audit-trail methodology.
SEC Identifies Deficiencies From its Electronic Investment Advice Initiative
On November 9, 2021, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS) released a risk alert (Risk Alert) concerning deficiencies it observed in its examinations of advisers providing electronic advisory services, including advisers known as “robo-advisers.”1 Those deficiencies were in the areas of the robo-advisers’ compliance programs, portfolio management practices (including advisers’ fiduciary obligations), and marketing/performance advertising. (more…)
SEC Fines Alternative Data Provider for Securities Fraud
On September 14, 2021, the U.S. Securities and Exchange Commission (SEC) settled an enforcement action against App Annie Inc., an alternative data provider for the mobile app industry, and its former CEO Bertrand Schmitt. The SEC charged App Annie and Schmitt with securities fraud, under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive practices and materially misrepresenting how App Annie derived its alternative data, thereby inducing trading firms to become subscribers to use App Annie’s data in their decisions to buy and sell securities. (more…)
SEC Continues Focus on Cybersecurity Disclosure Failures, Announces Settled Charges Against Pearson plc
Through its announcement of settled charges against Pearson plc (Pearson) on August 16, 2021, the U.S. Securities and Exchange Commission signaled its continued, high level scrutiny of companies’ public statements related to data security incidents.1 Without admitting or denying the SEC’s findings, Pearson agreed to a cease and desist order (Order) and to pay a $1 million penalty.2 The SEC’s Pearson Order follows its June 2021 announcement that it had settled charges against First American Title Insurance Company (First American) for cybersecurity disclosure control failures.3 Together, the Pearson and First American actions underscore the SEC’s increasingly vigorous enforcement efforts on disclosure control violations related to cybersecurity issues, in particular vulnerabilities that expose sensitive customer information and data breaches. (more…)
Enhanced Focus on Digital Asset Intermediaries by SEC, Congress, and State Securities Regulators
Given the substantial growth in digital asset investments this year, intermediaries offering trading and lending services are now the target of regulatory and enforcement focus that we expect will continue in the coming months and years. Recent examples of this increased scrutiny of digital asset service providers and intermediaries include
- Securities and Exchange Commission (SEC) Chair Gary Gensler’s keynote for the American Bar Association Derivatives and Futures Committee, which touched on the regulation of cryptocurrencies, including statements that decentralized finance (DeFi) are implicated by securities laws
- the letter from Sen. Elizabeth Warren, D-Mass., to Chair Gensler requesting further information about the SEC’s authority to regulate cryptocurrency exchanges
- recent actions by state securities regulators against the financial services platform BlockFi related to a digital asset lending program alleging that these products are unregistered securities offerings
- the SEC settlement with Coinschedule, which operated a token-offering website and failed to disclose the compensation it received from token issuers in violation of antitouting provisions
SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned
On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.1 Without admitting or denying the SEC’s findings, First American agreed to a cease-and-desist order and to pay a $487,616 penalty (Order). This resolution highlights the SEC’s continued focus on cybersecurity. The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021.2
SEC Issues Risk Alert on Observations for Firm Compliance With Suspicious Activity Monitoring and Reporting at Broker-Dealers
On March 29, 2021, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS) issued a risk alert to remind broker-dealers of their obligations related to anti-money-laundering (AML) rules and regulations as well as to provide the staff’s observations of compliance items related to those obligations. The risk alert also is designed to assist broker-dealers with reviewing and enhancing their AML programs. The staff noted that mutual funds may benefit from the examination observations.
This is the latest EXAMS announcement of its expansion deeper into AML issues. This expansion further demonstrates that broker-dealers need to be prepared to address questions and concerns from both the SEC and the Financial Industry Regulatory Authority (FINRA) in a coordinated and efficient matter even if these overlap.
