Senior Division of Enforcement officials from the U.S. Securities and Exchange Commission (SEC) shared the stage on May 23, 2023, with SEC alumni, private practitioners, and other professionals in the field at Securities Enforcement Forum West 2023 (the Forum). Forum panelists described recent trends in the SEC’s enforcement actions, its regulatory agenda, and upcoming priorities. Cooperation, self-policing, and self-reporting were recurring themes throughout the Forum, and SEC Staff made clear that such actions are of the utmost importance to the Commission.
Renewed Focus on Cooperation, Self-Reporting, Self-Policing, and Remediation Efforts
SEC Division of Enforcement Director Gurbir Grewal reiterated the importance of cooperation, self-reporting, and self-policing for the SEC-regulated entities. In fact, Director Grewal emphasized that, in many investigations, the subject may avoid charges or receive reduced penalties as a result of their cooperation and self-reporting.
The Staff explained that it views cooperation as more than merely responding to a subpoena. Instead, the Staff expressed that meaningful cooperation means proactively communicating with the Staff attorney on the matter to confirm that any cooperation is adequate and to determine whether there is anything else that can be done to assist the Staff in its investigation. Moreover, the Staff expressed the view that cooperation includes self-policing as a means to self-report. The Seaboard Report—which the SEC issued in October 2001—remains the analytical framework for evaluating company cooperation. Although the SEC’s assessment of cooperation may be well established, private practitioners who spoke at the Forum lamented that the benefits of such cooperation remain somewhat of a black box and that the agency does not sufficiently reward cooperation. While the SEC may reduce penalty amounts due to cooperation, the Staff stated that admissions of misconduct and disgorgement will not be affected by cooperation.
The panelists also discussed self-reporting as an element of cooperation. When asked if a company could recover from failing to self-report, the Staff said it was “possible,” but emphasized that self-reporting is still favored. The Staff explained that there are instances where, because a company self-reported and fully remediated, the SEC imposed a reduced penalty or in some cases no penalty. Additionally, panelists encouraged attorneys and regulated entities to consider the fact that the SEC shares information with a number of other governmental agencies. Therefore, it behooves a regulated entity to self-report to the SEC, especially in instances where other agencies, such as the DOJ, may be involved and other charges—including criminal charges—may be considered. It is best for the regulated entity to proactively tell the SEC this information, rather than have another agency report the conduct to the SEC.
The Staff emphasized the importance of self-policing through compliance programs. The issue of employers’ Bring Your Own Device (BYOD) policies was a focus of discussion at the Forum. BYOD policies dictate how employees can use their personal devices for work-related matters. The Staff noted that companies should only allow messaging systems that have enterprise versions (i.e., meant to be deployed by the company on the back end) to allow for more efficient collection and imaging processes by avoiding the need to image both personal and professional messages and files on an employee’s device. The Staff emphasized that companies should clearly delineate the types of communications that are permissible on a personal device that an employee is using for work-related matters and how to separate work and personal communications. Companies should not only have a BYOD policy, but they should have methods of enforcing and appropriately disciplining employees who violate such policy.
The Staff reiterated that companies should proactively assess their policies and procedures and focus on issues that are of particular importance to the SEC.
Panelists discussed the remediation efforts companies should consider when faced with a potential violation of federal securities laws or an SEC investigation. The Staff indicated that the SEC intends to outline the remediation steps taken, and ultimately which remediation steps merited credit, when drafting releases and orders. When strategizing about which information to provide to the SEC, companies should consider providing a laundry list of everything that has been done and the collateral consequences to a company’s business of accepting any charge given those efforts. The Staff affirmed the SEC’s intention to work with those undertaking remedial efforts to reach a resolution.
Disclosures—Enforcement Trends and Rulemaking Agenda
Timely and accurate disclosures continue to be a top priority for the SEC. Notwithstanding the proposed rules related to cybersecurity and environmental, social, and governance (ESG) disclosures, SEC enforcement actions in these areas have pushed forward. This is likely attributed to what the Staff emphasized as the Commission’s continued focus on the “fundamentals” of disclosures.
In the cybersecurity space, the SEC’s decision is pending in a March 2022 proposed rule that aims to provide investors with more timely and consistent disclosures. Despite this proposed rule, the SEC recently settled with Blackbaud for violating disclosure and disclosure controls provisions of the federal securities laws. The Staff indicated that the Blackbaud case is another example of companies not comporting with the “fundamental” disclosure requirements imposed by the federal securities laws, which were highlighted at least as early as 2018 in SEC cybersecurity-related enforcement actions. The fundamental disclosure requirements the Staff referred to included: who knew what, when they knew, what they found out, and what they understood the scope of the incident to be. Ultimately, the SEC will be focused on scrutinizing how companies determine what to disclose.
At the Forum, the Staff also explained that from an enforcement perspective, the SEC will look at and assess ESG-related disclosures under the existing, traditional framework for false and misleading statements. As an example, the Staff cited a “recent prominent enforcement action”—a March 2023 settlement with Vale, a Brazilian mining company—alleging that Vale made announcements that its dams were held to the strictest international standards when, in fact, Vale knew this was not the case. Vale demonstrates that enforcement actions will proceed, despite a March 2022 proposed rule related to ESG disclosures, which is not yet finalized.
Throughout the Forum, the Staff highlighted the significance of cooperation and the benefits of sufficient self-policing and self-reporting. Although this is nothing new, the Staff indicated that the SEC intends to provide increased reference points to cooperation efforts in SEC orders. This was consistent with the refrain from private practitioners requesting more transparency into the SEC’s approach concerning its actual reductions in penalties that companies receive through their cooperation efforts.
© 2023 Perkins Coie LLP