On January 10, 2024, the U.S. Department of Justice (DOJ) and the U.S. Securities and Exchange Commission (SEC) announced settlements with SAP SE (SAP), a German software company, to resolve allegations that SAP violated the U.S. Foreign Corrupt Practices Act (FCPA) by, among other things, making improper payments to government officials in South Africa and Indonesia to secure and retain software and services contracts with government entities. SAP agreed to pay the DOJ and the SEC over $220 million and entered into a three-year deferred prosecution agreement (DPA) with the DOJ. The U.S. regulators coordinated their resolutions with prosecutors in South Africa.

The resolutions provide insights into how the DOJ and the SEC are enforcing the FCPA and how corporations can reduce their FCPA liability.Continue Reading Key Takeaways from SAP’s FCPA Resolutions with DOJ and SEC

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has proposed new rules that would require anti-money laundering/countering the financing of terrorism (AML/CFT) programs for investment advisers.  The pdf is currently available, and will likely be replaced by the Federal Register version once published.  The final form of the rule, if adopted, remains to be determined, as does the compliance date.Continue Reading The U.S. Department of Treasury, Financial Crimes Enforcement Network Proposes New and Expansive Anti-Money Laundering Rules For Investment Advisers

On November 20, 2023, a federal district court in the Northern District of California declined to grant summary judgment to the defendant in SEC v. Panuwat, the first-ever enforcement action by the U.S. Securities and Exchange Commission (the “SEC”) based on the novel insider trading theory of “shadow trading”—the use of one company’s inside information to trade in securities of another, similarly situated, but unrelated company.  The court previously declined to dismiss the case, signaling a potential expansion of insider trading enforcement.  The court’s summary judgment decision provides further guidance as to what may constitute impermissible shadow trading ahead of a trial scheduled for March 2024.

The case centers on Pfizer’s acquisition of Medivation, an oncology-focused biopharmaceutical company.  The defendant, Matthew Panuwat, worked at Medivation and allegedly learned the acquisition was imminent when Medivation’s CEO emailed Panuwat and other employees about the status of the sale process.  Seven minutes later, Panuwat purchased call options in another oncology-focused biopharmaceutical company, Incyte, which he later sold for a profit.  In its January 2022 decision denying Panuwat’s motion to dismiss, the court held that the SEC had adequately pleaded each of the required elements under the well-established “misappropriation theory” of insider trading: materiality, breach of duty, and scienter.  In its recent summary judgment decision, the court held that the SEC had shown genuine disputes of material fact concerning each of those elements and elaborated on materiality and breach of duty for purposes of the shadow trading theory.Continue Reading Shadow Trading: With Trial Looming in SEC v. Panuwat, the SEC’s Latest Insider Trading Theory Takes Further Shape

At the recent 2023 Garrett Securities Law Institute Conference SEC panelists, including Erik Gerding, Director of the Division of Corporation Finance, reinforced how important it is for companies to assess emerging risks for materiality—particularly those risks stemming from Environmental, Social and Governance (ESG) issues and cybersecurity issues—and to ensure that those risks are appropriately disclosed to investors.

The SEC panelists further cautioned that disclosures related to emerging risks should not be generic disclosures based on industry-wide trends or risks, but instead should focus on the particular ESG or cybersecurity risk faced by the disclosing company. The SEC reiterated that disclosures regarding emerging risks must be specific enough for investors to appreciate the risks that the company is actually facing. Continue Reading Disclosing Emerging Risks Top of Mind for the SEC

The U.S. Securities and Exchange Commission’s focus on cybersecurity continues in its most recent effort to modernize financial privacy rules and emphasize transparency between SEC-regulated entities who suffer from a cyber breach and the individuals impacted by the breach. The SEC’s latest proposals focus on registrants including broker-dealers, investment advisors, and investment companies, and seek to impose cyberbreach disclosure requirements similar to those the SEC previously proposed for public companies.

On March 15, 2023, the SEC proposed amendments to current data privacy rules that would require covered firms to adopt written policies and procedures for incident response programs. Under the proposed amendments, such policies and procedures must address unauthorized access to or use of customer information, including procedures for providing timely notification to individuals affected by an incident involving sensitive customer information with details about the incident and information designed to help affected individuals respond appropriately. The proposed changes would come through amendments to rules under Regulation S-P.

Regulation S-P currently requires covered registrants to notify customers about how they use their financial information, but it does not require them to notify customers about breaches. The proposed amendments would also ensure that breaches are properly identified, and that sensitive customer data is monitored to determine whether it was accessed.

In announcing the proposed amendments, Chairman Gensler explained that investors would benefit from a financial privacy rule “more modern than the AOL era.” Continue Reading Highlighting Enforcement Focus on Cybersecurity, SEC Proposes New Disclosure & Incident Response Rules

Just this week, the Securities and Exchange Commission announced its enforcement results from fiscal year 2022. The Commission recovered a record $6.4 billion in penalties and disgorgement from companies and individuals. The announcement touted the 760 total enforcement actions in FY 2022—a nine percent increase from the year before—and summarized areas of innovation and growth within the Enforcement Division. Two such areas are familiar refrains that are worth highlighting: (1) the SEC leveraging its investigative process—emphasizing its use of data analytics—to identify suspicious activity; and (2) its penalties against “gatekeepers” (i.e., individuals and companies who owe a heightened duty of trust and responsibility to clients and investors).Continue Reading Play it again, SEC: Two Familiar Refrains from the FY 2022 Enforcement Results

On September 27, 2022, the United States Securities and Exchange Commission (SEC) announced a settlement with Oracle Corporation (Oracle) to resolve allegations that its subsidiaries in India, Turkey, and the United Arab Emirates violated the Foreign Corrupt Practices Act (FCPA) by creating off-the-books slush funds and using those slush funds to bribe foreign government officials.

Without admitting or denying the SEC’s findings, Oracle agreed to cease and desist from violating the anti-bribery, books and records, and accounting provisions of the FCPA and to pay approximately $8 million in disgorgement and a $15 million penalty.

Notably for both attorneys and companies, the SEC’s order provides insights into how to design an effective corporate compliance program to minimize legal risk, including FCPA risk.

The SEC’s Findings

The SEC found that, from at least 2014 to 2019, Oracle’s subsidiaries in India, Turkey, and the United Arab Emirates “used discount schemes and sham marketing reimbursement payments” to finance slush funds, which were held by Oracle’s “channel partners” (i.e., distributors and resellers) in those markets. The subsidiaries transacted through these channel partners during the relevant period under Oracle’s indirect sales model, by which channel partners sell Oracle products to end customers. According to the SEC, the subsidiaries and the complicit channel partners used the slush funds—which employees of the subsidiaries referred to as the “buffer,” “moneybox,” “pool,” and “wallet”—to bribe government officials in return for business. Specifically, the SEC determined that, among other things, (i) employees of Oracle Turkey and Oracle UAE used slush funds to pay for travel for government officials, including to Oracle’s annual technology conference in California; (ii) an Oracle Turkey employee directed cash bribes to government officials; (iii) an Oracle UAE employee paid approximately $130,000 in bribes to the chief technology officer of a state-owned entity (SOE) in return for six contracts in 2018 and 2019; (iv) Oracle India employees funneled $330,000 to an entity known for paying government officials; and (v) an Oracle India employee maintained a spreadsheet indicating that $67,000 was available to make payments to a government official.Continue Reading Key Compliance Takeaways from Oracle’s $23M FCPA Settlement with the SEC

The U.S. Securities and Exchange Commission (SEC) is putting some muscle behind Regulation Best Interest (Reg BI). On June 16, 2022, nearly two years after Reg BI went into effect, the SEC filed its first federal lawsuit to enforce the rule against a broker-dealer and its registered representatives.

The SEC sued Western International Securities, Inc. (Western), a dually registered broker-dealer and investment advisor, along with five of its registered representatives, in the U.S. District Court for the Central District of California for allegedly violating Reg BI’s care obligation; the defendants allegedly recommended certain high-risk, speculative bonds to retail customers without themselves fully understanding the associated asset risks and without establishing how the investments served the customers’ best interests. The SEC also charged Western with violating its compliance obligation under Reg BI for allegedly failing to maintain adequate policies and procedures and other controls.

The fact that the SEC sued registered representatives — notwithstanding allegations that their firm had inadequate internal controls and policies —  is a strong statement that individuals must use their best judgment to make their own independent inquiries and determinations about the products they recommend to their clients. Registered representatives cannot hide behind their firm’s guidance and control failures to escape primary liability under Reg BI.Continue Reading SEC’s First Reg BI Lawsuit Takes Strong Position on Individual Liability

On January 14, 2022, a federal district court in the Northern District of California declined to dismiss the first-ever enforcement action by the U.S. Securities and Exchange Commission (the “SEC”) based on allegations of “shadow trading” — the use of one company’s inside information to trade in securities of another, similarly situated, but unrelated company.  Continue Reading Shadow Trading: Examining the SEC’s Insider Trading Theory in SEC v. Panuwat

Recent briefing in SEC v. Team Resources, Inc., a long-running case challenging a U.S. Securities and Exchange Commission (“SEC”) disgorgement award, is a reminder of both the significance of the Supreme Court’s 2020 decision in Liu v. SEC and the open questions that remain regarding the SEC’s disgorgement remedy.
Continue Reading SEC v. Team Resources, Inc.: Exploring SEC Disgorgement Post-Liu