Subject to Inquiry

Subject to Inquiry


Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends

State Regulators Announce Cryptocurrency Crackdown

On May 21, the North American Securities Administrators Association (“NASAA”) announced a massive and coordinated series of enforcement actions by U.S. state and Canadian provincial regulators to combat fraudulent practices involving cryptocurrency-related investment products.

As cryptocurrencies have gained in popularity, companies have increasingly turned to a method known as an initial coin offering (“ICO”) to raise capital. ICOs, however, are ripe for potential fraud. As the Washington Post has explained, “consumers face higher risks of being misled at a time when the intense demand for bitcoin has prompted many retail investors to take extreme steps to gain exposure to the currency…”

Given ICOs’ high risk of fraud, state regulators are increasingly scrutinizing such offerings as well as other practices involving cryptocurrency-related investments. In fact, according to NASAA, state regulators have opened nearly 70 inquiries and investigations into cryptocurrency-related companies. Moreover, there are 35 pending or completed enforcement actions related to ICOs or cryptocurrencies since the beginning of May. In short, state agencies are using state securities laws to crack down on fraud and deception in the cryptocurrency market.

These coordinated state actions have caught the attention of federal regulators as well. U.S. Securities and Exchange Commission (“SEC”) Chairman Jay Clayton issued a statement praising the NASAA for taking action. Chairman Clayton warned “fraudsters in this space that many sets of eyes are watching, and that regulators are coordinating on an international level to take strong actions to deter and stop fraud.” Chairman Clayton further reminded investors that “regulators are committed to protecting investors in these markets.”

As the recent NASAA announcement and SEC Chairman Clayton’s comments demonstrate, regulators in the United States and abroad are increasingly turning their attention to the cryptocurrency market. The intensifying spotlight on ICO’s and cryptocurrency should encourage companies pursuing an ICO or other activities involving cryptocurrency-related investments to seek legal counsel and to comply with all state laws, federal laws, and SEC regulations.

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims

Series of DOJ Enforcement Policy Announcements Provides Promising Guidance

In a series of key policy announcements between November 2017 and May 2018, the Department of Justice has demonstrated an increasingly coherent perspective on how it will handle key aspects of white collar criminal enforcement. The policies largely reiterate a message federal prosecutors have delivered for years regarding what they want to see from companies that discover misconduct in their ranks: prompt voluntary self-disclosure of violations; full cooperation with DOJ investigations; swift, meaningful remediation; and implementation and maintenance of effective compliance programs. What is different is the increasing certainty DOJ is willing to provide in return, including concrete benefits such as a presumption of declination or significant reduction of penalties. DOJ is also seeking to deliver more rational resolutions to complex cases to prevent “piling on” by multiple enforcement agencies in the U.S. or abroad — a policy that reflects the increasing reality and inequity many companies face when seeking to resolve large-scale white collar matters across an often balkanized and disjointed enforcement landscape.

We are early in the assessment of this still-developing evolution of DOJ policy, but on initial review these seem to be positive steps of which companies of all sizes should take heed.

DOJ Announcements

In November 2017, Deputy Attorney General Rod Rosenstein announced the implementation of a revised Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, which followed and supplanted a multi-year FCPA Pilot Program that had been initiated under the Obama Administration. Rosenstein noted in announcing the new policy that it “enables the Department to efficiently identify and punish criminal conduct, and it provides guidance and greater certainty for companies struggling with the question of whether to make voluntary disclosures of wrongdoing.” Justifying this new policy, he stated that “[t]he government should provide incentives for companies to engage in ethical corporate behavior. That means fully cooperating with government investigations, and doing what is necessary to remediate misconduct — including implementing a robust compliance program. Good corporate behavior also means notifying law enforcement about wrongdoing.”

The new policy’s primary thrust is that if a company “satisfies the standards of voluntary self-disclosure, full cooperation, and timely and appropriate remediation, there will be a presumption that the Department will resolve the company’s case through a declination.” That presumption can be overcome if there are aggravating circumstances, or if the offender is a recidivist. Importantly, this new policy has been incorporated into the U.S. Attorneys’ Manual, a step Rosenstein has made clear over the past few months should and will be DOJ practice going forward whenever new polices are put in place.

On March 1, 2018, John Cronan, acting assistant attorney general for the Criminal Division, took this new policy a significant step forward by publicly announcing that the principles of the FCPA Corporate Enforcement Policy would not stay confined to FCPA actions, but would also be applied to all of the Criminal Division’s corporate criminal investigations as non-binding guidance.

The next day, Rosenstein explained this shift during remarks at an event in San Diego, stating that corporate America “is often the first line of defense for detecting and deterring fraud” and that real compliance measures “help the department preserve its finite resources.” Further, he made clear that DOJ wants to “reward companies that invest in strong compliance measures.” Rosenstein assured the audience that DOJ will not “employ the hammer of criminal enforcement to extract unfair settlements” but is “committed to finding effective ways to ensure that individual wrongdoers are held accountable for corporate criminal behavior.” And while he reaffirmed that of course corporate misconduct can be “serious or pervasive enough” to warrant action against an entity, the DOJ will “think carefully about accountability and fairness.”

Two weeks ago, Rosenstein announced yet another policy shift to encourage “coordination” among law enforcement when “imposing multiple penalties for the same conduct” and to “enhance relationships with … law enforcement partners in the United States and abroad, while avoiding unfair duplicative penalties.” Through its third major policy announcement in six months, DOJ is seeking to “discourage disproportionate enforcement of laws by multiple authorities” – “piling on,” so to speak. Rosenstein made clear in his remarks that such piling on can deprive companies of certainty and finality, and harm “innocent employees, customers, and investors who seek to resolve problems and move on.”

This so-called “piling on” policy has four essential features. First, it affirms that “criminal enforcement authority” shouldn’t be used “for purposes unrelated to the investigation and prosecution of a possible crime” (i.e., DOJ shouldn’t threaten prosecution simply to induce a larger settlement). Second, it encourages coordination among law enforcers to achieve an “overall equitable result.” Third, DOJ attorneys are encouraged to “coordinate with other federal, state, local, and foreign enforcement authorities seeking to resolve a case with a company for the same misconduct.” Fourth, several factors are established to evaluate whether multiple penalties are justified in a particular case, such as egregiousness, statutory mandates, risk of delay in finalizing a resolution, and the quality of a company’s disclosures and cooperation.

Policy Evolution

The DOJ has historically moved at a very deliberate pace from an enforcement policy perspective, and has been loath to cede discretion or flexibility in how it resolves high-stakes investigations. That makes this relative flurry of policy announcements potentially significant. Although DOJ has certainly retained a significant amount of prosecutorial discretion, it has anchored these policies on far more concrete benefits to cooperating corporations. For many companies navigating the discovery of potentially significant corporate misconduct, these policies could make the decision whether to self-disclose easier. At least, that is the clear hope for DOJ.

These policies also appear calibrated to address a few other key DOJ principles:

  • Compliance Programs Are Critical: The importance for corporations to implement and operate robust and effective compliance programs is nothing new. This concept has for years been enshrined in the standards of the U.S. Sentencing Guidelines, the Principles of Prosecution of Business Organizations and countless other sources of federal judicial, law enforcement and regulatory guidance. However, the focus on compliance programs has shifted over time from being one of many important factors to increasingly being a threshold necessary to qualify for credit. The FCPA Corporate Enforcement Policy drives that point home. It requires implementation of an effective compliance and ethics program as part of the timely and appropriate remediation required to qualify for full credit under the policy, including:
    • Ensuring there is a culture of compliance;
    • Dedicating appropriate resources to compliance;
    • Staffing the compliance function with personnel of adequate quality and experience;
    • Providing the compliance function adequate authority and independence;
    • Performing effective risk assessments;
    • Compensating and promoting compliance personnel appropriately;
    • Auditing to ensure effectiveness; and
    • Implementing an appropriate reporting structure.
  • Individuals Remain in the Crosshairs: If anyone needed a reminder that the principles of the Yates Memo are alive and well within DOJ, the recent policy announcements should suffice. In reiterating what DOJ means by “full cooperation,” the FCPA Corporate Enforcement Policy provides, among other things, that corporations must:
    • Disclose all relevant facts and attribute them to specific sources (where it would not violate attorney-client privilege) (i.e., no general narratives);
    • Disclose all facts related to involvement in the misconduct by the company’s officers, employees or agents;
    • Disclose all facts regarding potential misconduct by third-parties; and
    • Do all of the above on a proactive basis.
  • Full Cooperation and Appropriate Remediation Means Full Cooperation and Appropriate Remediation: The FCPA Corporate Enforcement Policy makes explicit the extent to which companies will need to be detailed, fulsome and proactive in cooperating with DOJ in its investigations, and will need to take extensive and demonstrable steps — on a prompt basis — to remediate identified misconduct. The underlying concepts of what is outlined in the policy are familiar, but there is every reason to expect that DOJ will hold companies to a high standard in measuring satisfaction of these standards given the significant benefits being offered in the form of declination or significant penalty reductions.
  • DOJ Is Looking to Streamline ; In the announcements of these policies, Rosenstein and the other DOJ representatives have made repeated reference to efficiency and to effective allocation of DOJ resources. Although the proof will be in the pudding, DOJ seems to be signaling through the comments and the structure of these policies a desire to streamline enforcement matters, shorten the often extended multi-year timelines that have become a structural reality for complex white collar matters and thereby free prosecutorial resources for other enforcement priorities.

What This Means for Companies

Corporations that discover misconduct in their ranks never face easy decisions in the wake of that discovery, and these recent policy announcements will not alleviate that sting. However, for many they will offer a level of comfort and confidence by providing an increasingly clear and certain roadmap they can follow in investigating, remediating and disclosing the misconduct. Those companies best suited to take advantage of these policies will be the ones that study these policies now, and both internalize and operationalize the messages being sent. This is particularly true with respect to investment in and continuous improvement of compliance and ethics programs. This is the one area where corporations not currently under investigation have the most agency to control their fate in anticipation of (and in an effort to foreshorten, if not avoid) future investigations.

This article originally appeared in The FCPA Blog.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

No Changes to CFPB This Year

In a statement on Thursday, April 26, a key House Republican on CFPB issues effectively admitted that despite his own efforts and those of the Trump Administration including Acting CFPB Director, Mick Mulvaney, Congress will almost certainly make no changes to the structure of the CFPB this year.  As a result, there will probably be no change from a single-Director to a Commission, nor will changes be made to the way in which the CFPB is funded, or to the Director’s independent status.

In remarks to the U.S. Chamber of Commerce, Jeb Hensarling, Chairman of the House Financial Services Committee, conceded that he is now willing to accept the bi-partisan banking deregulatory bill that passed the Senate recently as S. 2155, which makes no changes to the CFPB’s structure.  As we reported previously, several Senate Democrats who supported S. 2155 have made clear they would not accept amendments to it by the House that would weaken the CFPB.

Chairman Hensarling indicated that he would still like to pursue his CFPB reforms as separate bills, but most observers agree that if those reforms cannot be attached to the Senate bill, they will not become law this year.  White House statements indicate that President Trump would like to sign S. 2155 into law by Memorial Day.

Enforcement and Prosecution Policy and Trends, Financial Institution Regulation

Senate Votes to Strike Down Key CFPB Bulletin on Lending Discrimination in the Indirect Auto Market

On Wednesday, the U.S. Senate voted almost entirely along party lines to invalidate, under the Congressional Review Act, the Consumer Financial Protection Bureau’s (CFPB) (in)famous 2013 Bulletin on lending discrimination in the indirect auto market via discretionary mark-ups and dealer compensation policies.  The 2013 Bulletin, construing the Equal Credit Opportunity Act and its implementing rule, Regulation B, had served as the basis for a number of substantial CFPB enforcement actions against indirect auto lenders, with large fines and loud protests from industry.

The U.S. House of Representatives has been poised to vote down the 2013 Bulletin for some time, and is very likely to follow the Senate’s lead and make the invalidation effective.  If as expected the House does act, this would mark the second time in the past year that Congress has voted to strike down a rule issued by the CFPB.  (Last December, the Government Accountability Office’s General Counsel issued a formal legal opinion concluding that the 2013 Bulletin was, in fact, a “rule” subject to the Congressional Review Act, paving the way for yesterday’s Senate vote.)  The first instance, of course, was Congress’ decision to invalidate the CFPB’s rule regarding arbitration.

Despite the Senate’s action Wednesday, efforts to weaken the CFPB by statute along the lines proposed by its Acting Director Mick Mulvaney and Republican congressmen continue to face challenges in Congress.  While such proposals have passed and would likely easily pass again in the House of Representatives, no such measure was included in the recent package of reforms that passed the Senate with bipartisan support.  Several of the Senate Democrats who voted for that package have indicated that they are not inclined to support measures that would weaken the CFPB structurally. 


Enforcement and Prosecution Policy and Trends, Financial Institution Regulation, Securities and Commodities

Does United States v. Ying Expand the Knowledge Requirement for “Classical” Insider Trading?

On March 14, 2018, the SEC and DOJ sued Jun Ying, a former Chief Information Officer within an Equifax Inc. business unit, for insider trading. Specifically, they accused him of knowing about a significant Equifax data breach prior to its public disclosure and, while in possession of that material nonpublic information, exercising his Equifax options and selling those shares. When Equifax subsequently announced the data breach its stock price fell, giving Ying a loss avoided of over $117,000.

This fact pattern, were that all there is, seems a rather straightforward, uncontroversial application of the “classical” theory of insider trading. Under that theory, a corporate insider, such as Ying, violates Section 10(b) and SEC Rule 10b5 by trading in the company’s securities “on the basis” of material nonpublic information about the corporation. Chiarella v. United States, 445 U.S. 222, 230 (1980); United States v. Newman, 773 F.3d 438 (2d Cir. 2014) (abrogated on other grounds by Salman v. United States, 137 S. Ct. 420 (2016)). According to the SEC’s Rule 10b5-1, a trade is “made ‘on the basis of’ material non-public information . . . if the person making the purchase or sale was aware of the material nonpublic information when the person made the purchase or sale.” Rule 10b5-1(b) (emphasis added). To prove a criminal violation, the DOJ must also establish that the defendant acted “willfully,” 15 U.S.C. § 78ff(a), defined in this context as “a realization on the defendant’s part that he was doing a wrongful act under the securities laws.” Newman, 773 F.3d at 447 (quoting United States v. Cassese, 428 F.3d 92, 98 (2d Cir. 2005)).

However, here, both the SEC and DOJ acknowledge in their charging papers that, at the time of his trading, Ying was not “aware” of Experian’s data breach – at least not explicitly. Indeed, when he traded, Equifax had disclosed this information to only a select few insiders, of which Ying was not one. To the contrary, Equifax had explicitly lied to Ying and told him that the data breach he and his team were working on was for an Equifax client. As one of Equifax’s business lines is assisting clients with data breaches, this explanation seemed plausible. As time went on, however, the behavior of his superiors and colleagues made Ying suspicious that there was no “client” and that it was Equifax that had been breached. Based on his suspicions, Ying exercised his outstanding Equifax options and sold his shares.

But suspicions were all they were – Ying is alleged to have “put 2 and 2 together” according to the SEC’s Complaint. Indeed, Equifax did not reveal to Ying that it was the hacking victim until days later. Nevertheless, notwithstanding his avowed lack of actual knowledge, Ying was charged with criminal insider trading by the DOJ and sued civilly by the SEC.

Clearly the government believes that, notwithstanding his lack of actual knowledge, Ying’s strong suspicion that Equifax, and not a client, had suffered a data breach, is sufficient to satisfy the knowledge requirement of Rule 10b-5 and create insider trading liability. This expands Rule 10b5-1’s knowledge requirement beyond actual awareness and into the realm of constructive knowledge at best, and mere suspicion at worst.

Thus, as this case progresses, it will be interesting to see whether the facts show Ying had constructive knowledge of Equifax’s data breach or something less, and whether as a matter of law, whatever he “was aware of” at the time he traded, is deemed sufficient to create liability.

While we have not seen cases addressing whether actual, as opposed to constructive, knowledge is required in the classical insider trading context, under the “misappropriation theory” of insider trading, a tippee must have actual knowledge that a tipper received a personal benefit in connection with the disclosure of the material nonpublic information in order to be convicted of insider trading. United States v. Newman, 773 F.3d 438 (2d Cir. 2014) (reversing tippee criminal convictions because the government failed to prove the tippees had actual knowledge that the tipper received a personal benefit in connection with disclosure of the material nonpublic information). Absent actual knowledge of the personal benefit, there is no liability. Id. Given that a tippee can be quite removed from the actual insider who initially tipped the information, one can see how courts would be reluctant to impose anything other than an actual knowledge requirement for insider trading liability. For corporate insiders, however, a court may feel that constructive knowledge is sufficient given the unique information available to insiders that they can use to potentially piece together what is, in fact, material nonpublic information. Clearly this is the government’s view of what Ying did here. See, e.g., SEC Complaint at para. 33 (“Ying used the information entrusted to him as an Equifax employee to conclude that Equifax was the victim of the breach, and that the ‘breach opportunity’ idea suggesting a client was the victim was merely a cover story.”).

The battle lines are drawn. Stayed tuned to see how it is resolved.

Enforcement and Prosecution Policy and Trends

Supreme Court Holds DOJ’s Feet to the Fire in Tax Crime Case

In Marinello v. United States, an opinion released yesterday, the Supreme Court adopted a narrowing interpretation of the tax code’s broadest criminal provision, the “tax obstruction” statute 26 U.S.C. § 7212(a).  The Court’s opinion is good news for taxpayers, their advisors, and the sound administration of the law.

Marinello concerned whether the crime of “corruptly … endeavor[ing] to obstruct the due administration” of the tax laws (i) prohibits obstruction only of pending IRS audits and collection efforts, or (ii) instead applies more broadly.  The government urged that the crime included conduct well before any IRS audit, so long as it was motivated by a desire to cheat on one’s taxes – including otherwise-lawful conduct like dealing in cash, or avoiding the creation of records not required by law.

DOJ urged a broad interpretation of the tax obstruction statute because the tax laws themselves are broad: tax administration is “continuous, ubiquitous, and universally known,” DOJ argued.  But the Court correctly recognized that the breadth of the tax laws is itself a reason for caution, to avoid making every lapse in bookkeeping or business judgment a potential tax crime.  And a person of ordinary moral sensibilities might recognize that (say) using cash or discarding receipts makes the IRS’s job harder.  He might even realize some of these practices could invalidate a tax deduction, if he thought about it.  But he would not believe such conduct to be a crime.  On the government’s view, it could be – limited only by DOJ’s self-restraint.

Marinello wisely prohibits that result, requiring the government to prove the intent to obstruct a pending or foreseeable tax administration “proceeding” before it can obtain a § 7212(a) conviction.  That “proceeding” must be something beyond processing tax returns and refunds, or other functions IRS performs in the background.  In practice, Marinello means DOJ will charge tax obstruction only where obstructive conduct concerns some direct interaction between a taxpayer and an IRS employee – an audit, civil summons enforcement, dealings with the Appeals Office, enforced collection, Tax Court proceedings, or a tax crime investigation.

Off limits to DOJ going forward are tax obstruction charges based on pre-audit activities, like employing or promoting fraudulent tax shelters, or accounting misconduct.  Of course, such conduct can still be prosecuted using the more traditional crimes like tax evasion, conspiracy, or filing false returns.

And that’s the main virtue of Marinello: holding the government to its burden of proof under the traditional tax crimes.  DOJ’s pre-Marinello view (followed by most circuits until today) let the government salvage felony tax charges in failed tax evasion cases.  Indeed, the primary effect of § 7212(a) in cases without a pending proceeding was to make tax obstruction a backstop felony charge when the defendant’s conduct looked like tax evasion, but the government could not prove a tax loss or the falsity of a document submitted under penalties of perjury.  The broad view, in other words, made it easier for the government to charge felonies that should have been declinations or misdemeanors like failure to file.

Moreover, the broader view of §  7212(a)  allowed the government to bring charges based on otherwise-legal conduct which did not directly threaten the integrity of the tax system, but merely risked doing so.  Indeed, DOJ frequently used §  7212(a) to prosecute lawful conduct that, it contended, was rendered illegal by an intent to cheat on one’s taxes – actions like dealing in cash, as in Marinello, or using offshore banks or shell companies.

But there’s no reason for such a broad crime to exist.  The DOJ has a valid prosecutorial interest in false returns and the underpayment of taxes.  If a taxpayer intends for dealing in cash or other pre-“proceeding” conduct to result in underpaid taxes or false returns, the government should prosecute with the traditional tools at its disposal.  But it should be compelled to pay the price those statutes require: proving an actual harm to the tax system via a false return or lost tax revenue.  Otherwise-legal conduct several degrees removed from the government’s real interests should not be enough.

In other words, tax crimes are intended to protect the federal fisc and ensure the integrity of self-reporting.  They do not create a general code of accounting or business ethics.  No harm, no foul.

Marinello also answers the question of whether audit avoidance – tax planning intended to lower the audit profile of a client’s return or transaction – can, by itself, be tax obstruction.  The answer is no, except in the exceedingly rare cases where a “proceeding” is already pending.  But that answer provides only limited comfort, as DOJ can still pursue overly aggressive planning for clients under other statutes.

In sum, Marinello continued the Court’s recent trend of reining in DOJ’s interpretation of broadly worded white collar crimes.  And it appropriately recognizes that prosecutorial discretion and mental state requirements are not reliable limits on criminal laws broad enough to reach innocent conduct.  The net effect will be holding DOJ’s feet to the fire, deterring it from bringing cases that don’t provably implicate the core interests of tax enforcement.


“White Hat” Ethical Hackers and Corporate Investigations

This post originally appeared in our sister publication, Password Protected.

A “white hat” is an ethical computer hacker who specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. According to the Ethical Hacking Council, “The goal of the ethical hacker is to help the organization take pre-emptive measures against malicious attacks by attacking the system himself or herself; all the while staying within legal limits.” White hat hackers usually present their skills as benefitting their clients and broader society. They may be reformed black hat hackers or may simply be knowledgeable of the techniques and methods used by hackers. However, white hats have been known to offer broader hacking services, such as information gathering about persons or entities at odds with those hiring the white hat. Ethical hackers have been compared to digital versions of private investigators or investigative reporters.

In considering whether to engage a white hat hacker, there are a number of precautions that a company should take to increase the likelihood that the white hat will be credible, professional and ethical and only engage in lawful activities during the course of the engagement.

Credibility. Consider existing relationships, references and certifications. For example, the EC-Council offers a Certified Ethical Hacker accreditation. Many large consulting firms provide ethical hacking services. References from trusted peers are also extremely important.

Background Check. Conduct a thorough background check. Although the white hat may be affiliated with a reputable consulting firm, verify his or her experience and credentials and investigate possible criminal history. Do not assume that what the hacker tells you is true.

Engagement Letter. Have the hacker sign an engagement letter or similar contract that clearly defines the engagement, prohibits any illegal or unethical conduct, and addresses liabilities, indemnification and remedies where appropriate. Specify the hacking methods that are and are not acceptable and which information systems, networks and data may be accessed. Require the hacker to provide proof of adequate professional liability insurance.

Confidentiality Agreement. Require the hacker to sign a confidentiality or non-disclosure agreement that strictly prohibits the use or sharing with others of any information gathered as part of the engagement and that specifies the penalties for violation or references penalties set forth in the primary agreement.

Oversight. Monitor the hacker’s activity and be on the lookout for any suspicious activity—both during and after the white hat’s work. Ensure that the hacker remains within the scope of work defined within the engagement letter. If the scope of work changes, revise the engagement letter accordingly. Keep in mind that access to information systems presents opportunities to set conditions for future remote access or other unauthorized, nefarious activities.

Work Product. Consider the desired work product that will be developed over the course of the white hat’s engagement and whether the white hat should report to the General Counsel or outside counsel to protect privilege. In order to be admissible in evidence in civil litigation, the white hat must be willing to submit a signed affidavit, which describes under oath the results of the investigation, and to possibly testify. Not every white hat makes a good witness.


Supreme Court Holds Internal Complainants Are Not Dodd-Frank Whistleblowers

In an important case clarifying the scope of the anti-retaliation provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the U.S. Supreme Court held on Feb. 21, 2018, that the law unambiguously requires an individual to report a securities law violation to the SEC in order to claim whistleblower protection under the provision. This means an employee who makes only an internal report may be protected by the Sarbanes-Oxley Act of 2002, but is not also protected under Dodd-Frank.

In 2010, Congress passed Dodd-Frank and established a robust whistleblower program designed to motivate employees to report securities law violations to the U.S. Securities and Exchange Commission (SEC). In addition to entitling whistleblowers to cash rewards, Dodd-Frank includes an anti-retaliation provision that prohibits employers from discriminating against or terminating employees for making such reports to the SEC.

The interplay between the definition of “whistleblower” and the identification of protected activity under Dodd-Frank has confounded the courts since shortly after Congress passed the law. A “whistleblower” is an individual who reports a securities law violation to the SEC.  However, “protected activity” includes making disclosures required or protected under the Sarbanes-Oxley Act, which does not require a report to the SEC.

To harmonize these provisions, some courts concluded that including Sarbanes-Oxley-protected reports created a narrow exception to the requirement that an employee provide information to the SEC in order to claim whistleblower status under Dodd-Frank. The SEC likewise expanded the definition of “whistleblower” when it issued its final rule implementing Dodd-Frank to cover an employee who reported security violations to his or her supervisor, but not to the SEC. This definition was codified in 17 C.F.R. § 240.21F-2. In 2015, the SEC reiterated that whistleblower protection is not contingent on an employee providing information to the SEC, but even covers internal reports of wrongdoing.

In the case before the Supreme Court, Paul Somers sued his former employer, Digital Realty Trust Inc., alleging that Digital Realty fired him shortly after he reported to senior management (but not to the SEC) suspected securities law violations. Both the U.S. District Court for the Northern District of California and the U.S. Court of Appeals for the Ninth Circuit found Dodd-Frank ambiguous and deferred to the SEC’s final rule and interpretive guidance. The case presented the Supreme Court with a circuit split, in which the Ninth and Second Circuits held that employees were protected by merely reporting to their supervisor, while the Fifth Circuit held that employees must provide information to the SEC to avail themselves of the law’s protections.

The Supreme Court found no ambiguity in Dodd-Frank’s anti-retaliation provision, which protects an individual who provides “information relating to a violation of the securities laws to the Commission.” The court found that, not only does the plain language of the law require a report be made to the SEC, but also that Dodd-Frank’s “core objective” was to motivate reports to the SEC. Dodd-Frank’s purpose, the court found, was narrower than that of the Sarbanes-Oxley Act, which was designed to disturb the “corporate code of silence” that kept employees from reporting fraud “even internally.”

This case presents a welcome resolution to the circuit split over whether internal whistleblowers can maintain a Dodd-Frank anti-retaliation lawsuit against their employers. The distinction and decision are important because significant differences exist between the anti-retaliation provisions of Dodd-Frank and Sarbanes-Oxley. To seek relief under Sarbanes-Oxley, an individual must file a complaint with the Secretary of Labor within 180 days of the alleged violation. By contrast, Dodd-Frank’s whistleblower provision contains a six-year statute of limitations and no administrative exhaustion requirement. The two laws also provide for different remedies.

To read the Supreme Court’s opinion, click here.

For further information about Sarbanes-Oxley, Dodd-Frank or whistleblower protections, please contact the authors, your McGuireWoods contact or a member of McGuireWoods’ labor and employment or government investigation and white collar litigation groups.

Enforcement and Prosecution Policy and Trends

SEC Launches Self-Reporting Initiative for Investment Advisers

In line with Chairman Jay Clayton’s oft-stated priority of protecting the long-term interests of Main Street investors, on Feb. 12, 2018, the Securities and Exchange Commission’s Division of Enforcement announced the launch of a new self-reporting initiative for investment advisers. This new initiative — the Share Class Selection Disclosure Initiative — aims to address undisclosed conflicts of interest associated with the receipt of 12b-1 fees by investment advisers, their affiliates or their supervised persons paid by advisory clients who were eligible to invest in a lower-cost share class of the same mutual fund.

The SEC’s position on investment advisers’ disclosure obligations regarding conflicts of interest as they pertain to mutual fund share classes are well-known. Indeed, the Office of Compliance Inspections and Examinations released a National Exam Program Risk Alert on the topic in July 2016, as well as identified mutual fund share class disclosures as one of its 2018 National Exam Program Examination Priorities. Additionally, the SEC has brought numerous enforcement actions against investment advisers for deficient disclosures concerning conflicts of interest arising from the receipt of 12b-1 fees.

This focus is expected to continue: Enforcement has been clear that mutual fund share class selection practices will remain a priority, and enforcement actions outside of the self-reporting initiative will likely result in more serious charges.

Self-Reporting Initiative

The new self-reporting initiative is available to investment advisers, other than those already contacted by Enforcement on this issue, that did not explicitly disclose in their Forms ADV the conflict of interest associated with the 12b-1 fees the firm, its affiliates or its supervised persons received for investing advisory clients in a fund’s 12b-1 fee paying share class when a lower-cost share class was available for the same fund. To participate, an eligible investment adviser must self-report by June 12, 2018, and, within ten days of providing that notification, confirm its eligibility by submitting the SEC’s questionnaire. For any participating eligible investment adviser, Enforcement will recommend the following standardized settlement terms to the SEC:

  • On a neither-admit-nor-deny basis, entry of an order directing the respondent to cease and desist from committing or causing any violations and future violations of Sections 206(2) and 207 of the Investment Advisers Act of 1940 (IAA)
  • A censure
  • A respondent-administered distribution to affected clients of disgorgement of ill-gotten gains and prejudgment interest thereon
  • Remedial undertakings, including, to the extent necessary, correcting any relevant disclosures, moving clients to lower-cost share classes, updating relevant policies and procedures, and notification of the settlement terms to clients

Key Considerations

Importantly, eligible investment advisers that participate in the self-reporting initiative will not face the panoply of more draconian relief available to and obtained by the SEC in prior share class disclosure enforcement actions. Specifically, eligible investment advisers will not be required to pay a monetary penalty. Nor will there be any requirement to retain an independent compliance consultant and adopt and implement all of its recommendations. Investment advisers that elect not to participate in the self-reporting initiative and subsequently face an enforcement action for share class disclosure violations should anticipate financial penalties greater than those imposed in past actions involving similar conduct.

Similarly, the violations against participating eligible investment advisers will be limited to Sections 206(2) and 207 of the IAA. Generally, IAA Section 206(2), a non-scienter-based fraud statute, imposes a fiduciary duty on the investment adviser to disclose to its clients all conflicts of interest that may impact the investment adviser’s ability to render objective advice. IAA Section 207 makes it unlawful for any person willfully to make any untrue statement of, or omit to state any, material fact in Forms ADV.

Enforcement has indicated that it does not intend to recommend additional charges relating to the conduct at issue in the self-reporting initiative, even where the facts would support such charges. In this regard, previous share disclosure enforcement actions have also included findings that the investment adviser failed to seek best execution, in violation of IAA Section 206(4), and failed to adopt and implement policies and procedures reasonably designed to prevent violations as required by Rule 206(4)-7 thereunder. Thus, eligible investment advisers that do not avail themselves of the self-reporting initiative should, if supported by the facts, expect to face these additional charges in any share class disclosure enforcement action.

The self-reporting initiative is available only to investment advisers. Participation does not shield eligible investment advisers from investigation or separate enforcement actions for other misconduct. There is no similar program for individuals, and Enforcement has expressly provided no assurances that associated persons will be offered similar settlement terms for their involvement in the violations.

Next Steps

The deadline to self-report is four months away, but investment advisers would be well-served to act quickly to determine whether they will participate in the self-reporting initiative. In this regard, investment advisers should promptly review their Forms ADV and supplements to assess the sufficiency of their conflicts of interest disclosures associated with 12b-1 fees. To be sufficient, the disclosures must clearly describe the conflicts of interests associated with (1) making investment decisions in light of the receipt of the 12b-1 fees, and (2) selecting the more expensive 12b-1 fee paying share class when a lower-cost share class of the same fund was available to the same investor.

Investment advisers that identify deficient disclosures and intend to self-report should consider voluntarily undertaking the remedial measures that will otherwise be ordered under the self-reporting initiative.

Should you wish to discuss the self-reporting initiative, please contact any of the authors or any of McGuireWoods’ securities enforcement and regulatory attorneys.


Full D.C. Circuit Court, Reversing Decision Below, Holds that CFPB’s Independent Structure is Constitutional; also Reinstates Important RESPA Rulings

In a long-awaited constitutional decision regarding the Consumer Financial Protection Bureau (“CFPB”), the full D.C. Circuit Court of Appeals today in PHH v. CFPB reversed a prior ruling by a three-judge panel that the CFPB is unconstitutionally structured.  As we previously reported, that prior panel’s prior decision — stayed since its issuance in October 2016 — had held that Congress had unconstitutionally impeded the President’s Article II authority to “faithfully execute[]” the laws by creating an independent agency headed by only a single Director (as opposed to a multi-member commission structure).  The prior panel’s remedy had been to strike language from the Dodd-Frank Act that makes the Director removable only “for cause,” a change that would have made the Director removable at the pleasure of the President and turned the CFPB from an independent agency into an executive agency, with other regulatory ramifications.

Today’s ruling holds that the removable-only-for-cause provision, even as applied to a single Director, is compatible with the Constitution.  Thus, there will be — for now — no changes to the CFPB’s structure.  While a different outcome would have had many impacts across time, the status quo should remain intact unless the U.S. Supreme Court disturbs the ruling.  Currently, the CFPB is led only by a temporary, “Acting Director,” OMB Director Mick Mulvaney, and the President has not yet submitted to the Senate a nominee to fill that position for a full, five-year term.  But once there is a new, Senate-confirmed Director, that person would be removable only “for cause” (technically, for “inefficiency, neglect of duty, or malfeasance in office”), with a term that will last for at least two years into the next four-year presidential term.  Separately, today’s ruling also reinstated the prior panel court’s decisions — all adverse to the CFPB — on important issues relating to the Real Estate Settlement Procedures Act (“RESPA”).

On the constitutional question, today’s court saw no legally important distinction between the Supreme Court-approved multi-member independent commission structures — such as those that lead the FTC and the SEC — and the independent single-Director structure of the CFPB.  The prior panel and PHH had relied heavily on that distinction, with PHH arguing that “multi-member commissions contain their own internal checks to avoid arbitrary decisionmaking.”  The prior panel also noted that whereas staggered, multi-member commissions allow a President in a four-year term to exert some influence by nominating at least some commissioners, a President during a four-year period would on some occasions have such no influence over the CFPB’s Director, who serves a five-year term.

Today’s court found the distinction between a single Director and a multi-member commission “untenable,” with “no footing in precedent, historical practice, constitutional principle, or the logic of presidential removal power.”  The “removal-power doctrine,” it said, does not rely on “the competing virtues of various internal agency design choices.”  Today’s court also noted that the Supreme Court approved for-cause protection for a single individual in its decision upholding the independent counsel statute.

PHH retains a separate challenge:  that the appointment of the ALJ who initially considered its case violated the Constitution’s Appointments Clause.  Today’s court did not reach that issue because it recently upheld a closely analogous ALJ-appointment structure at the SEC in Lucas v. SEC.  Even more recently, however, the Supreme Court agreed to review that decision regarding SEC ALJs, so PHH possibly could still get a day in court on that issue.

A.                RESPA

Today’s court also reinstated the earlier panel’s important decisions regarding RESPA’s prohibition on paying fees / kickbacks for referrals of real estate settlement business.  Those RESPA decisions had been stayed, until today, as part of the broader stay on the prior panel’s October 2016 opinion.  The reinstated RESPA decisions are that:

  1. Courts and the CFPB must give effect to an important RESPA exception, which allows settlement service providers who receive referrals to pay the referrer, nonetheless, for other “goods or facilities actually furnished or for services actually performed” (but not, of course, for the referral). The novel interpretation advocated by the CFPB in this case would virtually have read this exception out of the books, exposing settlement service providers to increased RESPA risk.  The panel court, in the now-reinstated portion of its opinion, held that the exception must apply so long as the payment is for no more than the reasonable market value of the goods or services actually provided.
  2. Even if the Director’s novel interpretation of that RESPA exception in this case had been permissible, the Director violated the Due Process Clause by imposing it on PHH retroactively.
  3. A three-year statute of limitations applies to both administrative proceedings and civil actions (lawsuits in court) enforcing RESPA. Before the panel, the CFPB had taken the position that no statute of limitations applied to its administrative proceedings enforcing RESPA — or, by extension, to administrative proceedings enforcing any of the 18 other consumer protection laws it has authority to enforce.  The reinstated portion of the panel’s decision, moreover, held that the CFPB — in administrative proceedings and in court — must abide by applicable statutes of limitations found in those 19 consumer protection laws.

B.                 Next Steps

PHH may well seek review of this ruling by the U.S. Supreme Court.  Although the likelihood of that Court accepting the case cannot be predicted, the Court has previously showed an interest in cases like this one that present issues at the intersection of constitutional and administrative law; the Court’s very recent decision to review the related Lucas v. SEC decision on the appointment of ALJ’s is an example of that interest.  Regarding the reinstated RESPA rulings, it is extremely unlikely that the CFPB, now under Republican control, will appeal.

At the CFPB now, as noted, only an Acting Director is in charge.  But any new, Senate-confirmed Director would be entitled to serve a five-year term with for-cause removal protection, unless the Supreme Court disturbs today’s ruling.  Thus, that new Director, if he or she chooses, could serve at least two years into the next four-year Presidential term.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.