1、 This White Paper is provided for your convenience and does not constitute legal advice or create an attorney-client relationship. Prior results do not guarantee similar outcomes. Attorney Advertising. Links provided from outside sources are subject to expiration or change. 2021 Morgan, Lewis & Boc

2、kius LLP SEC ENFORCEMENT AND PUBLIC COMPANIES 2020 KEY CASES AND WHAT WE EXPECT IN 2021 AUTHORS Jeff Boujoukos Laurie Cerveny Susan Resley Justin Chairman January 2021 2021 Morgan, Lewis & Bockius LLP 2 SEC ENFORCEMENT AND PUBLIC COMPANIES 2020 KEY CASES AND WHAT WE EXPECT IN 2021 Most media accoun

3、ts suggest that the incoming Biden administration will usher in a more “aggressive” SEC enforcement posture, with renewed emphasis on investigating potential fraud and controls deficiencies at public companies. SEC Enforcement may face some short-term headwinds to this approach. A dramatic increase

4、in tips, complaints, and referrals during the pandemic, as well as COVID-19-related delays that may extend the 24-month average lifetime of SEC enforcement investigations, will likely require the SEC to selectively allocate stretched resources in 2021. Where are the limited resources likely to go be

5、yond the more standard accounting, revenue recognition, and disclosure cases that the SEC regularly investigates and prosecutes?1 Recent enforcement activity points to several areas of interest to the SEC, and provides a valuable window for public companies into the SECs methods and priorities, incl

6、uding: Coronavirus-Related Public Disclosures Enforcements First Case Enforcements EPS Initiative Harnessing the Data Executive Perquisites Continued Enforcement Focus Insider Trading A Zero Tolerance Policy Buybacks and Rule 10b5-1 Plans A New Enforcement Theory and Likely Rulemaking in 2021 Cyber

7、Intrusions The Current SEC Playbook Whistleblowers 2020 Was a Record Year BACKGROUND - ENFORCEMENT PERSONNEL CHANGES, DATA ANALYTICS, AND A LEGISLATIVE FIX FOR DISGORGEMENT The lasting enforcement legacy of the SEC under former Chairman Jay Clayton may very well be data analytics. While the Commissi

8、on certainly employed data analytics before Chairman Clayton arrived, his emphasis on collaboration among different divisions and offices, such as the Division of Enforcement (Enforcement) and the Division of Economic and Risk Analysis, led to a number of Enforcement cases during his tenure where da

9、ta analytics played a heightened role. During her tenure, former Director of Enforcement Stephanie Avakian extolled the importance of data analytics, and we expect that these techniques will continue to develop.2 During 2020, Enforcement signaled that it would more aggressively use data analytics to

10、 aid in its investigation of public company financial reporting, risk disclosures, and insider trading. A newly created Enforcement Coronavirus Steering Committee worked “with the Divisions Market Abuse Unit to monitor 1 See 2020 SEC Division of Enforcement Annual Report (Nov. 2, 2020), at 3-4 (disc

11、ussion of FY 2020 public company cases). 2 Id. 2021 Morgan, Lewis & Bockius LLP 3 trading activity around announcements made by issuers in industries particularly impacted by COVID-19 and to identify other suspicious market movements for possible manipulation.”3 Similarly, Enforcement warned that t

12、he Coronavirus Steering Committee would use a “systematic process to review public filings from issuers in highly-impacted industries, with a focus on identifying disclosures that appear to be significantly out of step with others in the same industry,” and indicated that Enforcement is “also lookin

13、g for disclosures, impairments, or valuations that may attempt to disguise previously undisclosed problems or weaknesses as coronavirus-related.”4 Such peer-related review has been used to in the past by the Commission to detect securities violations by over-performing investment advisors and to exp

14、ose Ponzi schemes. In the past we have written on the Kokesh v. SEC5 decision, where the US Supreme Court held the five-year statute of limitations in 28 USC 2462 applies to claims for disgorgement in SEC enforcement action.6 This was a significant limitation of the SECs ability to seek disgorgement

15、 for aged misconduct, and former Chairman Clayton pushed Congress for legislative relief.7 In a rare New Years Day session, the Senate overrode a presidential veto and passed into law the National Defense Authorization Act for Fiscal Year 2021 and within its over 1,400 pages was Section 6501, titled

16、: “Investigations and Prosecution of Offenses for Violations of the Securities Laws.”8 This section addresses the issue of disgorgement in two primary ways: (1) by amending the Securities Exchange Act of 1934 to expressly recognize disgorgement as a statutory remedy; and (2) extending the statute of

17、 limitations for claims of disgorgement to 10 years where the underlying violation is pursuant to Section 10(b) of the Exchange Act, section 17(a)(1) of the Securities Act of 1933, the Investment Advisers Act of 1940 or “any other provision of the securities laws for which scienter must be establish

18、ed.”9 While this section does extend the time to bring a claim for disgorgement it is important to note the limitation to instances where the violation involves “scienter” or the intent to defraud (as opposed to negligence). Often SEC actions against public companies are resolved without scienter-ba

19、sed charges. However, this dichotomy between levels of intent may have the apparent unintended consequence of causing Enforcement to pursue scienter-based charges where the statute would otherwise preclude disgorgement. 3 Speech, Securities and Exchange Commission, Steven Piekin, Co-Director of Enfo

20、rcement, Keynote Address: Securities Enforcement Forum West 2020 (May 12, 2020). 4 Id. 5 Kokesh v. SEC, 137 S. Ct. 1635 (2017). 6 Morgan Lewis, LawFlash, US Supreme Court: Five-Year Statute of Limitations Applies to SEC Disgorgement (June 6, 2017). 7 Testimony, Securities and Exchange Commission, Ch

21、airman Jay Clayton, Testimony on “Oversight of the U.S. Securities and Exchange Commission” (Dec. 11, 2018). 8 National Defense Authorization Act for Fiscal Year 2021, H.R. 6395, 116th Cong. 6501 (2019-2020). 9 Id. 2021 Morgan, Lewis & Bockius LLP 4 CORONAVIRUS RELATED PUBLIC DISCLOSURES ENFORCEMEN

22、TS FIRST CASE IN THIS AREA Less than seven months after describing its approach for evaluating COVID-19-related disclosures, the SEC announced a settled action against a publicly traded company in the restaurant industry for allegedly “making misleading disclosures about the impact of the COVID-19 p

23、andemic on its business operations and financial condition.”10 This was the first case brought by the SEC against a public company for allegedly misleading investors about the financial effects of the pandemic. We expect that there are more cases like this under investigation by Enforcement. The SEC

24、 claimed that the company stated in its public that its restaurants were “operating sustainably” during the COVID-19 pandemic.11 The SEC alleged that those filings were materially false and misleading because the companys internal documents at the time showed that the company was losing approximatel

25、y $6 million in cash per week and that it projected that it had only 16 weeks of cash remaining.12 Further, the SEC found that, while not disclosed in its March and April 2020 public filings, the company shared that information with potential private equity investors and lenders in connection with a

26、n effort to seek additional liquidity.13 The SEC also alleged that a March 23 filing described actions the company had undertaken to preserve financial flexibility during the pandemic, but failed to disclose that the company had already informed landlords that it would not pay rent in April due to t

27、he impacts of COVID-19 on its business.14 While neither admitting nor denying the allegations, the company agreed to an Order Instituting Cease and Desist Proceedings finding violations of Section 13(a) of the Exchange Act and Rules 13a-11 and 12b-20 thereunder, which collectively require every issu

28、er of a security registered pursuant to Section 12 of the Exchange Act to file accurate reports on Form 8-K, and to a $125,000 penalty. Lessons of note: This was a fast-paced investigation lasting less than eight months demonstrating Enforcement focus on the accuracy or adequacy of an issuers disclo

29、sures concerning actual or projected risks. The Commission will use unrelated discussions of business issues that are contemporaneous in time to public statements to assert that the public disclosures were insufficient or incorrect. 10 Press Release, Securities and Exchange Commission, SEC Charges T

30、he Cheesecake Factory For Misleading COVID-19 Disclosures (Dec. 4, 2020). 11 Id. 12 Id. 13 Id. 14 Id. 2021 Morgan, Lewis & Bockius LLP 5 ENFORCEMENTS EPS INITIATIVE HARNESSING THE DATA On September 28, 2020 the SEC filed settled actions against two public companies that originated from a self-descr

31、ibed “EPS Initiative” that “utilized risk-based data analytics to uncover potential accounting and disclosure violations caused by, among other things, earnings management practices.”15 In the press release, Enforcement credited the recently formed Division of Enforcement Office of Investigative and

32、 Market Analytics with providing valuable assistance. In the first case, the SECs order found that in multiple quarters the subject company made “unsupported, manual accounting adjustments that were not compliant with GAAP,” and that “these adjustments were often made when the the companys internal

33、forecasts indicated that the company would likely fall short of analyst consensus EPS estimates.”16 The order further found that “the adjustments boosted the companys income, making it possible for the company to consistently report earnings that met or exceeded consensus estimates.”17 The SEC also

34、charged the companys former controller and chief accounting officer with directing the unsupported adjustments, including those made to management bonus accruals and stock-based compensation accounts. The companys former chief financial officer was charged with causing the controller and chief accou

35、nting officer to direct some of the unsupported entries. The SEC found that the company and CFO violated antifraud provisions of the Securities Act of 1933 as well as internal controls and books and records provisions of the Securities Exchange Act of 1934. Without admitting or denying the SECs find

36、ings, the company, the CAO, and the former CFO agreed to cease and desist from future violations of the charged provisions and to pay civil penalties of $5 million, $70,000, and $45,000, respectively. In the second case, the SEC alleged that the subject company inaccurately presented its financial p

37、erformance in late 2016 and early 2017. The order found that during two quarters in which the company was on track to meet or beat analyst consensus EPS estimates, its public filings “included a valuation allowance for its mortgage servicing rights that was at odds with the valuation methodology des

38、cribed in the same filings.”18 In mid-2017 the company belatedly reversed the valuation allowance, increasing its EPS by $0.01 in a quarter when it otherwise would have fallen short of consensus estimates.19 The SEC concluded that the companys disclosures “created the misleading appearance of consis

39、tent earnings across multiple reporting periods.”20 The SECs order concluded that the company violated the reporting, books and records, and internal controls provisions of the federal securities laws. Without admitting or denying the SECs findings, the 15 Press Release, Securities and Exchange Comm

40、ission, SEC Charges Companies, Former Executives as Part of Risk-Based Initiative (Sept. 28, 2020). 16 Id. 17 Id. 18 Id. 19 Id. 20 Id. 2021 Morgan, Lewis & Bockius LLP 6  company agreed to cease and desist from future violations of the charged provisions and to pay a $1.5 million civil penalty. EXEC

41、UTIVE PERQUISITES CONTINUED ENFORCEMENT FOCUS Executive compensation in the form of perquisites or “perks” has been and will remain an Enforcement focus area. The SEC proxy disclosure rules require that companies disclose in the Summary Compensation Table of the proxy statement the perquisites provi

42、ded to a named executive officer if the officers total perquisites exceed $10,000. If the value of a single perquisite exceeds the greater of $25,000 or 10% of the total value of all perquisites reported, then the type and amount of such perquisite must be identified in a footnote.21 The SEC standar

43、d for analyzing whether a benefit is a perquisite considers the following: An item is not a perquisite or personal benefit if it is integrally and directly related to the performance of the executives duties. An item is a perquisite or personal benefit if it confers a direct or indirect benefit that

44、 has a personal aspect without regard to whether it may be provided for some business reason or for the convenience of the company, unless it is generally available on a nondiscriminatory basis to all employees. In recent enforcement actions, the SEC has sanctioned companies that have omitted discus

45、sion of perks paid to executives from their Compensation Discussion & Analysis for violating the requirements of Item 402 of Regulation S-K as well as the companies obligations to file proxy statement and annual reports that do not contain materially false or misleading statements or materially misl

46、eading omissions.22 This included instances where public companies have paid for personal use of private airplanes, charitable donations, yacht and sports car expenses, cosmetic surgery, hotel stays, personal financial planning, transportation for family members, club memberships, and tickets to ent

47、ertainment events.23 In some cases, executives used company credit cards or petty cash equivalents for personal expenses and submitted expense reports and invoices that the SEC found falsely indicated that certain expenses were for business purposes. Sanctions have included civil penalties and the r

48、etention of independent compliance consultants. Recently, Enforcement disclosed that it identifies unreported perks, in part, through data analytics. In the press release for a September 2020 perquisite case, Enforcement announced the action “was generated 21 Executive Compensation, 17 C.F.R. 229.40

49、2(c)(2)(ix), Instruction 4 (2019). 22 See Press Release, Securities and Exchange Commission, SEC Charges Hospitality Company for Failing to Disclose Executive Perks (Sept. 30, 2020); Administrative Proceeding, Securities and Exchange Commission, SEC Charges Texas Company, Executives, and Former Boar

50、d Member with Disclosure Failures (Sept. 21, 2020); Press Release, Securities and Exchange Commission, SEC Charges CEO With Failing to Disclose Perks to Shareholders (May 11, 2017). 23 See Press Release, Securities and Exchange Commission, SEC Charges Hospitality Company for Failing to Disclose Exec

51、utive Perks (Sept. 30, 2020); Press Release, Securities and Exchange Commission, Insurance Company Settles SEC Charges for Failing to Disclose Executive Perks (June 4, 2020); Press Release, Securities and Exchange Commission, SEC Charges CEO With Failing to Disclose Perks to Shareholders (May 11, 20

52、17). 2021 Morgan, Lewis & Bockius LLP 7 by the Division of Enforcements use of risk-based data analytics to uncover potential violations related to corporate perquisites.”24 Former Director Avakian indicated: “We will continue to use risk-based analytics to identify companies that fail to comply wi

53、th the Commissions executive compensation disclosure rules.”25 Lessons of note: Using the terms “risk-based analytics” suggests that the Division of Enforcement has identified factors it believes suggest a higher likelihood of unreported perquisites. Public companies should review procedures for eva

54、luating whether an item is a perquisite, and for valuing and disclosing perquisites in the proxy. Compliance programs should include robust training and documentation components relating to, among other things, non-cash benefits to executives. INSIDER TRADING A ZERO TOLERANCE POLICY Detecting and pr

55、osecuting those engaged in insider trading remains an SEC priority. Enforcement indicated particular vigilance during the COVID-19 pandemic as companies have dealt with a steady stream of potentially market moving information. “Given these unique circumstances, a greater number of people may have ac

56、cess to material nonpublic information than in less challenging times. Those with such access including, for example, directors, officers, employees, and consultants and other outside professionals should be mindful of their obligations to keep this information confidential and to comply with the pr

57、ohibitions on illegal securities trading.”26 While the SEC has yet to bring an insider trading case based on material, nonpublic information arising from the pandemic, in 2020 it brought actions against a number of company insiders, including an administrative assistant in a corporate legal departme

58、nt,27 an accountant in a companys revenue recognition department,28a regional vice president,29 a senior manager in a corporate tax department,30 a 24 Press Release, Securities and Exchange Commission, SEC Charges Hospitality Company for Failing to Disclose Executive Perks (Sept. 30, 2020). 25 Id. 2

59、6 Public Statement, Securities and Exchange Commission, Statement from Stephanie Avakian and Steven Peikin, Co-Directors of the SECs Division of Enforcement, Regarding Market Integrity (Mar. 23, 2020). 27 Litigation Release, Securities and Exchange Commission, SEC Charges Former Legal Department Emp

60、loyee and His Father with Insider Trading (Feb. 20, 2020). 28 Administrative Proceeding, Securities and Exchange Commission, SEC Charges Biotechnology Company CPA with Insider Trading (June 5, 2020). 29 Litigation Release, Securities and Exchange Commission, SEC Charges Pharmacy Chain Employee with

61、Insider Trading (Mar. 26, 2020). 30 Press Release, Securities and Exchange Commission, SEC Charges Amazon Finance Manager and Family With Insider Trading (Sept. 28, 2020). 2021 Morgan, Lewis & Bockius LLP 8 retiring chief financial officer,31 an IT manager,32 and a vice president of an internationa

62、l group within a multinational corporation.33 Further, it is important to recognize that Enforcement no longer relies primarily on tips or questionnaires posed to companies to generate insider trading leads. Data analytics allow Enforcement to analyze trading patterns and activity shortly after a pr

63、ice moving event.34 Further, when it comes to corporate insiders, it appears no alleged illicit gain is too small to avoid Enforcement scrutiny. For example, in 2020 the SEC pursued cases against a corporate president for avoiding a $23,000 loss,35 a general manager of acquisitions for a $21,609 pro

64、fit,36 and a director of capital sourcing for a $13,153 profit.37 Lessons of note: Companies should revisit insider trading policies, including procedures surrounding trading windows. Robust periodic training is imperative, with a recognition that even lower level employees will be exposed to materi

65、al nonpublic information. BUYBACKS AND RULE 10B5-1 PLANS A NEW ENFORCEMENT THEORY AND LIKELY RULEMAKING IN 2021 Company stock buybacks and executive 10b5-1 plans (which allow an executive to structure his or her trades in advance of stock sales) have drawn considerable recent focus from Congress. On

66、 October 15, 2020, the SEC waded into the fray, charging a company with violating the internal controls provisions of Exchange Act Section 13(b)(2)(B) by engaging in a $250 million stock buyback while in possession of material nonpublic information.38 This action is an aggressive departure from trad

67、itional insider trading cases, and the first time that the SEC has ever charged a non-registrant issuer with violating Section 13(b)(2) in connection with controls against insider trading. In this matter, the company was in discussions to be acquired, but these discussions were suspended in October

68、2017. The CEOs of the respective companies agreed to recommence discussions on February 23, 31 Litigation Release, Securities and Exchange Commission, SEC Charges Former CFO of Now-Bankrupt Company with Insider Trading (Nov. 5, 2020). 32 Administrative Proceeding, Securities and Exchange Commission,

69、 SEC Charges California IT Manager and Cousin with Insider Trading (July 21, 2020). 33 Litigation Release, Securities and Exchange Commission, SEC Charges Former Corporate Executive with Insider Trading (Feb. 20, 2020). 34 Speech, Securities and Exchange Commission, Chairman Jay Clayton, Keynote Rem

70、arks at the Mid-Atlantic Regional Conference (June 4, 2019). 35 In re Kirkland, Exchange Act Rel. No. 88498 (Mar. 27, 2020). 36 In re Li, Admin. Proceeding File No. 3-19959 (Sept. 3, 2020). 37 In re Bachinski, Admin. Proceeding File No. 3-20082 (Sept. 25, 2020). 38 Press Release, Securities and Exch

71、ange Commission, SEC Charges Andeavor for Inadequate Controls Around Authorization of Stock Buyback Plan (Oct. 15, 2020). 2021 Morgan, Lewis & Bockius LLP 9 2018. On February 21, 2018, the companys CEO directed its CFO to initiate a $250 million share buyback.39 On February 22, 2018, its legal depa

72、rtment concluded that the company was not in possession of material nonpublic information and approved a Rule 10b5-1 plan to repurchase $250 million of stock in accordance with 2015 and 2016 Board authorizations for share repurchases.40 The buyback was executed over a period of weeks while the compa

73、ny negotiated, and ultimately reached, an agreement to be acquired. A month after completing the buyback, the company publicly announced the acquisition in a deal valuing the company at over $150 per share.41 The SEC concluded that the company repurchased 2.6 million shares of its stock from investo

74、rs at an average price of $97 per share.42 Rather than charge the company with insider trading, which would have required demonstrating scienter an intent to defraud the SEC charged the company with a controls violation. The SEC alleged “insufficient internal account controls” including an “abbrevia

75、ted and informal process to evaluate the materiality of the acquisition discussions that did not allow for a proper analysis of the probability that the company would be acquired.”43 Further, the “informal process did not require conferring with persons reasonably likely to have potentially material

76、 information regarding significant corporate developments prior to approval of share repurchases.”44 As a consequence, the SEC found that the company “violated Exchange Act Section 13(b)(2)(B), which requires all reporting companies to devise and maintain a system of internal accounting controls suf

77、ficient to provide reasonable assurances that, among other things, transactions are executed in accordance with managements general or specific authorizations, and access to assets is permitted only in accordance with managements general or specific authorization.”45 Without admitting or denying the

78、 findings, the company agreed to cease and desist from further violations and to pay a $20 million fine. The SECs two Republican Commissioners, Hester Peirce and Elad Roisman, took the seldom-used step of issuing a Public Statement explaining their opposition to the action and rationale as an overre

79、ach for an internal controls case.46 Future application of Section 13(b)(2)(B) to reach other stock transactions will turn on how broadly the SEC will apply this interpretation of “transactions” and “access to assets.” The authorization or exercise of stock options, for example, is a transaction tha

80、t should be approached with the level of diligence described above. In addition, we expect additional scrutiny and possible rulemaking regarding executive 10b5-1 plans in 2021. While 10b5-1 plans are designed to provide protections for prearranged trades, questions have arisen concerning the need to

81、 further clarify the requirement that an executive entering into the plan does not possess material, nonpublic information at the time that he or she enters into the plan. In an 39 In re Andeavor, Admin. Proceeding File No. 3-20125, 4 (Oct. 25, 2020). 40 Id. 5. 41 Id. 42 Id. 7. 43 Id. 6. 44 Id. 45 I

82、d. 24. 46 Public Statement, Securities and Exchange Commission, Statement of Commissioners Hester M. Peirce and Elad L. Roisman - Andeavor LLC (Nov. 13, 2020). 2021 Morgan, Lewis & Bockius LLP 10 oversight hearing before the Senate Banking Committee on November 17, 2020, both Chairman Clayton and D

83、emocratic members of the Senate appeared to agree that additional rulemaking is necessary to prevent timing trades in a fortuitous manner for that executive, such as a “cooling-off period” between the date the plan is adopted and the first trade. 47 In response to a question for Senator Sherrod Brow

84、n asking if “clear standards to follow and avoid abuses” were necessary, Chairman Clayton stated: “for executives, I am a proponent of a cooling-off period. When you put your plan in place, say you do it in June, there are no purchases or sales, in most cases it is sales, for a period of time. Wheth

85、er that is three months or six months whatever that is, that gives everybody comfort that timing was not planned ahead. That fortuity was an intent. I think that is something we all should explore.”48 Lessons of note: Consider revising internal policies and procedures surrounding approval of share b

86、uybacks to include a formal process that includes a requirement to confer with persons reasonably likely to have potential material information regarding significant corporate developments. Consider applying the same rigor to any approval of a Rule 10b5-1 plan and revisit required cooling-off period

87、s. Consider establishing a Rule 10b5-1 plan for stock repurchases, and consider an appropriate cooling-off period. Ensure that all steps are fully documented in a uniform manner. CYBER INTRUSIONS THE CURRENT SEC PLAYBOOK In the past three years Enforcement created the Cyber Unit designed to “focus t

88、he Enforcement Divisions substantial cyber-related expertise on targeting cyber-related misconduct,”49 issued a report pursuant to Section 21(a) of the Exchange Act on nine public companies that were victims of cyber-related frauds, and considered whether these companies violated federal securities

89、laws by failing to have a sufficient system of internal accounting controls.50 The SEC also adopted a statement and interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.51 These efforts, and two related enforcement actions discussed below,

90、 have set the stage for what has become standard investigative techniques for Enforcement when a cyberincident becomes public. With regard to cyber-related disclosure, in April 2018, the SEC charged a publicly traded company that was a victim of a massive breach of its user database by hackers assoc

91、iated with the Russian Federation that resulted in the “theft, unauthorized access, and acquisition of hundreds of millions of its users data, 47 See Oversight Hearing, Securities and Exchange Commission (Nov. 17, 2020). 48 Id. 49 See Press Release, Securities and Exchange Commission, SEC Announces

92、Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors (Sept. 25, 2017). 50 Morgan Lewis, LawFlash, SEC Issues Report on Cyber Fraud Against Public Companies, Internal Control Requirements (Oct. 31, 2018). 51 Press Release, Securities and Exchange Commission, SEC Adopts S

93、tatement and Interpretive Guidance on Public Company Cybersecurity Disclosures (Feb. 21, 2018). 2021 Morgan, Lewis & Bockius LLP 11 including usernames, birthdates, and telephone numbers.”52 The SEC found that the company violated Sections 17(a)(2) and 17(a)(3) of the Securities Act and Section 13(

94、a) of the Exchange Act and Rules 12b-20, 13a-1, 13a-11, 13a-13, and 13a-15 thereunder by failing to disclose the breach in its annual and quarterly reports. Without admitting the finding, the company settled the matter and paid a $35 million civil penalty. At the heart of the SECs action was the all

95、egation that “senior management and relevant legal staff did not properly assess the scope, business impact, or legal implications of the breach, including how and where the breach should have been disclosed in the companys public filings or whether the fact of the breach rendered, or would render,

96、any statements made by the company in its public filings misleading.”53 Further, the SEC noted that senior management and legal teams did not share information regarding the breach with its auditors or outside counsel in order to assess the companys disclosure obligations and “did not maintain discl

97、osure controls and procedures designed to ensure that reports from the companys information security team raising actual incidents of the theft of user data, or the significant risk of theft of user data, were properly and timely assessed to determine how and where data breaches should be disclosed.

98、”54 With regard to cyber-related insider trading, in March 2018, the SEC charged a chief information officer and a product development manager of software engineering with insider trading in advance of the public announcement of a data breach at their employer that exposed Social Security numbers an

99、d other personal information of approximately 148 million US customers.55 Both individuals concluded that the public announcement of the breach would adversely affect the stock price and either traded to profit or avoid losses in advance of the announcement. These two cases provide insight into Enfo

100、rcement concerns in the wake of cyber events. A publicly traded company that is the victim of a data breach should prepare for SEC scrutiny when the breach becomes public in any manner. This scrutiny will not only focus on the process for responding to, and evaluating reporting arising from the brea

101、ch but, in addition, those with knowledge will be investigated to determine whether they profited from the information before it became public. Lessons of note: Ensure that cyber intrusion related information is not siloed and consider policies and procedures that reflect a process for the gathering

102、 and evaluation of such information in connection with public reporting. Be prepared before the attack, including preparing written action plans for response to cyber intrusions. Consider whether a company-wide blackout on trading is appropriate in light of a suspected data breach. 52 In re Altaba,

103、Admin. Proceeding File No. 3-18448, 1 (Apr. 24, 2018). 53 Id. 14. 54 Id. 15. 55 Press Release, Securities and Exchange Commission, Former Equifax Executive Charged With Insider Trading (Mar. 14, 2018). 2021 Morgan, Lewis & Bockius LLP 12 WHISTLEBLOWERS 2020 WAS A RECORD YEAR Since its first whistle

104、blower award in 2012, the SEC has awarded approximately $728 million to 118 individuals who provided information and assistance that led to successful enforcement actions.56 SEC enforcement actions from whistleblower tips have resulted in over $2.5 billion in ordered financial remedies, including mo

105、re than $1.4 billion in disgorgements.57 Further, the pace and size of SEC whistleblower awards have increased dramatically over the last three years as the program has matured. In FY 2020 alone, the SEC made a record 39 individual awards of approximately $175 million. 58 This marked a 200% increase

106、 in the number of individuals awarded in a single year and, at the time, 31% of the total monies awarded in the programs history.59 Former Director Avakian attributed the sharp increase to efforts within Enforcement to “streamline and substantially accelerate the evaluation of claims for whistleblow

107、er awards.” This included a series of amendments to the SEC Rule approved in September 2020 addressing issues such as a presumption of the statutory award amount for certain awards of $5 million or less, allowing awards where relief is a deferred prosecution agreement or non-prosecution agreement by

108、 the DOJ, and creating summary disposition procedures for award denials.60 The increased pace and size of awards has continued into FY 2021, including an October 2020 award of $114 million, the largest award to date.61 The $114 million award consisted of an approximately $52 million award in connect

109、ion with the SEC case and an approximately $62 million award arising out of the related actions by another agency.62 “After repeatedly reporting concerns internally, and despite personal and professional hardships, the whistleblower alerted the SEC and the other agency of the wrongdoing and provided

110、 substantial, ongoing assistance that proved critical to the success of the actions.”63 Lessons of note: Continue to promote internal reporting through various compliance channels, as that is the best way to learn of issues and remediate them prior to SEC involvement. 56 Press Release, Securities an

111、d Exchange Commission, SEC Awards Over $6 Million to Joint Whistleblowers (Dec. 1, 2020). 57 Public Statement, Securities and Exchange Commission, Chairman Jay Clayton, Strengthening our Whistleblower Program (Sept. 23, 2020). 58 Press Release, Securities and Exchange Commission, SEC Whistleblower P

112、rogram Ends Record-Setting Fiscal Year With Four Additional Awards (Sept. 30, 2020). 59 2020 SEC Division of Enforcement Annual Report, supra note 1, at 5. 60 Press Release, Securities and Exchange Commission, SEC Adds Clarity, Efficiency and Transparency to Its Successful Whistleblower Award Progra

113、m (Sept. 23, 2020). 61 Press Release, Securities and Exchange Commission, SEC Issues Record $114 Million Whistleblower Award (Oct. 22, 2020). 62 Id. 63 Id. 2021 Morgan, Lewis & Bockius LLP 13 Review and update policies to make clear prohibitions on retaliation. Review and update agreements to ensur

114、e that confidentiality and other provisions do not improperly prohibit whistleblower activities. CONCLUSION The coronavirus crisis forced companies to adapt and the same was true for the SEC. Traditionally, public company cases arose through whistleblowers or after public announcements that resulted

115、 in stock price declines. These circumstances still generate the lions share of SEC cases. However, in recent years, significant criticism was levied upon the SEC for failing to identify alleged misconduct before it was publicly exposed. Data analytics is one way for the SEC to identify ongoing viol

116、ations, and Enforcement spent 2020 honing these tools. Increased whistleblower awards are another way, and the SEC devoted significant resources and attention to streamlining and advertising its whistleblower program in 2020. Expect more of the same in 2021. CONTACTS If you have any questions or wou

117、ld like more information on the issues discussed in this LawFlash, please contact any of the following Morgan Lewis lawyers: Boston David C. Boch +1.617.951.8485 Laurie Cerveny +1.617.951.8527 Michael Conza +1.617.951.8459 Jordan D. Hershman +1.617.951.8455 Bryan Keighery +1.617.341.7269 Emily

118、E. Renshaw +1.617.951.8517 Carl Valenstein +1.617.341.7501 Julio Vega +1.617.951.8901 Dallas Danny S. Ashby +1.214.466.4118 Steve Korotash +1.214.466.4114 David I. Monteiro +1.214.466.4133 Frankfurt Torsten Schwarze +49.69.7140.0763 Hong Kong June Chan +852.3551.8600 Eli Gao +852.3551.8677

119、Louise Liu +852.3551.8688 Edwin Luk +852.3551.8661 Billy Wong +852.3551.8555 2021 Morgan, Lewis & Bockius LLP 14 Los Angeles John F. Hartigan +1.213.612.2630 London Thomas J. Cartwright +44.20.3201.5671 Timothy J. Corbett +44.20.3201.5690 Iain Wright +44.20.3201.5630 Moscow/London Carter Bro

120、d +44.20.3201.5623 New York Thomas P. Giblin, Jr. +1.212.309.6277 John T. Hood +1.212.309.6281 Christopher T. Jensen +1.212.309.6134 Howard A. Kenny +1.212.309.6843 Jeffrey A. Letalien +1.212.309.6763 Christina Melendi +1.212.309.6949 Finnbarr D. Murphy +1.212.309.6704 David W. Pollak +1.212

121、.309.6058 Kimberly M. Reisler +1.212.309.6289 Palo Alto Albert Lung +1.650.843.7263 Philadelphia Michael Baxter +1.215.963.4493 G. Jeffrey Boujoukos +1.215.963.5117 Justin W. Chairman +1.215.963.5061 Michael L. Kichline +1.215.963.5366 James W. McKenzie +1.215.963.5134 Laura Hughes McNally +

122、1.215.963.5257 Alan Singer +1.215.963.5224 Joanne R. Soslow +1.215.963.5262 Pittsburgh Celia Soehner +1.412.560.7441 Princeton David C. Schwartz +1.609.919.6680 Singapore Bernard Lui +65.6389.3092 Joo Khin Ng +65.6389.3089 San Francisco Joseph E. Floren +1.415.442.1391 Susan D. Resley +1.415

123、.442.1351 2021 Morgan, Lewis & Bockius LLP 15 Washington, DC Sean Donahue +1.202.739.5658 Keith E. Gottfried +1.202.739.5947 Linda L. Griggs +1.202.739.5245 Ivan P. Harris +1.202.739.5692 Christopher Ronne +1.202.739.5561 David A. Sirignano +1.202.739.5420 George G. Yearsich +1.202.739.5255

124、 ABOUT US Morgan Lewis is recognized for exceptional client service, legal innovation, and commitment to its communities. Our global depth reaches across North America, Asia, Europe, and the Middle East with the collaboration of more than 2,200 lawyers and specialists who provide elite legal services across industry sectors for multinational corporations to startups around the world. For more information about us, please visit .