At the end of January, partners Daniel Ilan and Alexis Collins participated in a panel co-hosted by The Conference Board and Cleary Gottlieb to discuss cybersecurity and board oversight.

Moderator Doug Chia, executive director of The Conference Board, Nick Mankovich, Vice President and Chief Information Security Officer (“CISO”) at medical technology firm Becton Dickinson, Daniel, and Alexis discussed current cybersecurity risks, how cyber-attacks are changing, and the role that management and the board should play in ensuring that companies are prepared. Continue Reading Cleary Partners Participate in Panel Discussion on Cybersecurity and Board Oversight

On January 29, 2019, the SEC announced four settlements with publicly-traded companies for failure to maintain adequate internal control over financial reporting.

None of the companies was charged with making false or inaccurate statements, either about its ICFR or otherwise; indeed, each had repeatedly disclosed material weaknesses in ICFR over many years.

These cases are interesting for at least three reasons:

  • They were announced together to send a message about the SEC’s focus on its agenda to strengthen accounting and controls at public companies.
  • The cases are about controls, and not about disclosure. Material weaknesses in ICFR are not just a disclosure issue: a continuing failure to maintain adequate controls is a violation of law, even if the failure is fully disclosed and there is no other disclosure problem.
  • The cases join several recent instances in which the SEC has shown a willingness to use the internal controls provisions of the Securities Exchange Act of 1934 independently of specific disclosure requirements.

Please click here to read the full alert memorandum.

Last week, in SEC v. Scoville, the U.S. Court of Appeals for the Tenth Circuit held that Dodd-Frank allows the Securities and Exchange Commission to bring fraud claims based on sales of securities to foreign buyers where defendants engage in fraudulent conduct within the United States.

In so holding, the Court concluded that Dodd-Frank abrogated in part the Supreme Court’s rule, announced in Morrison v. National Australia Bank Ltd., that fraud claims under the federal securities laws can only be brought with respect to transactions in securities listed on a U.S. exchange or transactions in other securities in the U.S.  If adopted more broadly, this ruling would restore in government enforcement actions the more expansive conduct-and-effects test that the Morrison Court rejected.

Please click here to read the full alert memorandum.

On December 26, 2018, the SEC announced settled charges against ADT Inc. after finding that ADT, in two earnings releases, gave undue emphasis to non-GAAP adjusted EBITDA figures because they identified the relevant GAAP measures only later and much less prominently.

Without admitting or denying the SEC’s factual or legal claims, ADT agreed to an administrative settlement finding violations of Section 13(a) of the Securities Exchange Act of 1934 and Rule 13a-11 thereunder, relating to the requirements of Item 10(e) of Regulation S-K that an issuer present “with equal or greater prominence . . . the most directly comparable financial . . . measures” calculated under GAAP when it includes non-GAAP financial measures in filings and certain other reports to the Commission.

This is just the second enforcement action concerning non-GAAP disclosures that the SEC has brought against an issuer in the two-and-a-half years since the issuance of Staff guidance on non-GAAP disclosure requirements, and it is the first during SEC Chair Jay Clayton’s tenure.  It also is the first action related to non-GAAP disclosures finding a violation of only Section 13(a) of the Exchange Act without an accompanying finding that the disclosure in question constituted a material misstatement or omission.

Please click here to read the full alert memorandum.

There have been plenty of press reports about the SEC’s settlement with Elon Musk arising from his tweeting about taking Tesla private.  But the concurrent settlement with Tesla itself provides interesting lessons for disclosure and governance at public companies.

Tesla agreed to pay a $20 million penalty and agreed to several “undertakings” to strengthen its governance and controls including a requirement that it add two independent directors to its Board.  And, under his own settlement, Musk agreed to step down for three years as chairman of the Board of Directors, although he is allowed to continue as CEO.  Continue Reading The Tesla Settlement – What It Means for Other Companies

DOJ has expanded its efforts to give more concrete guidance to companies facing FCPA risk to M&A transactions and the question of successor liability.  In a speech on July 25, 2018, at the American Conference Institute’s 9th Global Forum on Anti-Corruption Compliance in High Risk Markets, Deputy Assistant Attorney General Matthew S. Miner highlighted DOJ’s views on successor liability for FCPA violations by acquired companies.[1]  Miner sought to clarify DOJ’s policy regarding the voluntary disclosure of misconduct by successor companies and to highlight the benefits of such disclosure as spelled out in the joint DOJ and SEC FCPA Resource Guide (the “Resource Guide”).[2]  In general, as with other recent pronouncements and actions by DOJ, such as the FCPA Corporate Enforcement Policy,[3] Miner’s speech seemed intended to highlight ways in which firms can gain cooperation credit (up to and including a declination) in FCPA investigations. Continue Reading DOJ Remarks Provide Guidance on Addressing FCPA Risk in M&A Transactions

During the course of the last month, the Securities and Exchange Commission (“SEC”) brought two enforcement actions related to inadequate disclosure of perquisites.  In early July, the SEC issued an order finding that, from 2011 through 2015, an issuer failed to follow the SEC’s perquisite disclosure standard,[1] which resulted in a failure to disclose approximately $3 million in named executive officer perquisites.[2]   In addition to the imposition of a $1.75 million civil penalty, the SEC order mandated that the issuer retain an independent consultant (at its own expense) for a period of one year to conduct a review of its policies, procedures, controls and training related to the evaluation of whether payments and expense reimbursements should be disclosed as perquisites, and to adopt and implement all recommendations made by such consultant. Continue Reading Recent SEC Enforcement Actions on Inadequate Perquisite Disclosure

A recent report in the Wall Street Journal, drawing on a source “familiar with the matter”, indicates that the Securities and Exchange Commission’s Division of Enforcement has launched a probe into whether certain issuers may have improperly rounded up their earnings per share to the next higher cent in quarterly reports. While the SEC has neither confirmed the report nor otherwise disclosed the existence of any such investigation, the Journal reports that the SEC has sent inquiries to at least 10 companies requesting information about such accounting adjustments that could have inflated reported earnings. The targeted companies have not yet been identified. Whether the reported inquiries amount to a broad-based sweep of issuer accounting practices remains to be seen. However, such an investigation would be consistent with SEC Chairman Jay Clayton’s announced enforcement priorities, which include a focus on public-company accounting practices and the protection of retail investors.

Please click here to read the full alert memorandum.

On May 29, 2018, the U.S. Supreme Court issued an unanimous opinion in Lagos v. United States. Lagos presented the issue of whether costs incurred during and as a result of a corporate victim’s investigation (rather than a governmental investigation) must be reimbursed by a criminal defendant under the Mandatory Victims Restitution Act (“MVRA”). Resolving a circuit split, the Court narrowly held that restitution under the MVRA “does not cover the costs of a private investigation” commenced by a corporate victim on its own initiative and not at the Government’s invitation or request.

The Court’s decision is notable for rejecting the Government’s broad interpretation of the MVRA and for recognizing the “practical fact” that such a broad interpretation would invite “significant administrative burdens.” But the opinion is also notable for what it does not decide. The Court’s opinion expressly leaves unaddressed the question of whether professional costs incurred during a private investigation performed at the Government’s request would be covered by the MVRA.

Please click here to read the full alert memorandum.

On April 24, 2018, Altaba, formerly known as Yahoo, entered into a settlement with the Securities and Exchange Commission (the “SEC”), pursuant to which Altaba agreed to pay $35 million to resolve allegations that Yahoo violated federal securities laws in connection with the disclosure of the 2014 data breach of its user database.  The case represents the first time a public company has been charged by the SEC for failing to adequately disclose a cyber breach, an area that is expected to face continued heightened scrutiny as enforcement authorities and the public are increasingly focused on the actions taken by companies in response to such incidents.  Altaba’s settlement with the SEC, coming on the heels of its agreement to pay $80 million to civil class action plaintiffs alleging similar disclosure violations, underscores the increasing potential legal exposure for companies based on failing to properly disclose cybersecurity risks and incidents.

Please click here to read the full alert memorandum.