What You Should Do First with Anonymous Reports

There has recently been a rash of similar anonymous whistleblower tips to public companies, each claiming that an unnamed company supervisor boasted about reaping profits from insider trading. The number of public companies receiving very similarly worded anonymous reports leads to the conclusion that they may be hoaxes. While the apparent scheme’s ultimate goals are unclear, companies should be very cautious about engaging with sources of such anonymous complaints, especially given the risk of ransomware and other forms of cyberattack. One theory is that these reports may be the first step in a sophisticated campaign to inject ransomware or facilitate other forms of cyberattack.

These complaints present a challenging development for ethics and compliance reporting systems, since they require companies to quickly assess whether a whistleblower report is bona fide and address issues at the intersection of ethics policies and cybersecurity controls.

Several things should be considered by a company that receives a confidential whistleblower report alleging insider trading that does not name the employee involved:

• The most immediate concern is determining whether the report appears to be authentic and legitimate (regardless of merit), and not a hoax or some form of cyberattack. Anonymous submissions should be handled in accordance with the company’s data and cybersecurity policies and procedures, since files and links are potentially dangerous vectors for cyberattacks. A senior IT employee should review the submission (without seeking to identify the purported whistleblower) and consulted in connection with any engagement
  

Like KC Chiefs quarterback Patrick Mahomes eating green beans in a recent commercial, even though he “100% [doesn’t] like them,” it appeared the Reddit r/WallStreetBets group that banded together to buy GameStop shares “100% don’t care” about market risk and potential investment losses.  

Inspired by social media cheerleaders, thousands of small investors acted with irrational exuberance, driving the share price from less than $20 on January 15, 2021 to $483 on January 28, 2021 before it closed that day below $200, and plummeted more than 40% to $53 on February 4.  

Average investors watched in disbelief as trading markets were turned upside down by investors who appeared to ignore financial and other disclosures, disregarding the risks of possible complete loss of their investments.

Understandably, the executives of GameStop and some players on the social media investor radar screen have so far declined to comment.  The social media blitz was completely outside control of the issuer’s management and they likely don’t have sufficient information to attempt to explain it.  To wit, one of GameStop’s reactions to the inexplicable volatility was to restrict trading in its shares.

Regardless of how this saga ultimately ends for GameStop, it has raised important questions like whether a company should keep its trading window closed even after earnings are announced and the company has disclosed all material nonpublic information.  Normally, there “ought not” be any liability concerns for an issuer in such a situation, but that could be risky when judged in hindsight.  Large

Introduction

The National Defense Authorization Act (“NDAA”) became law on January 1, 2021 after Congress overrode a presidential veto of the legislation. While the NDAA appropriates funds for defense-related activities and the then-President objected to the legislation based primarily on collateral issues like liability for online content, the Act also will have a significant impact on securities law enforcement.  The legislation included language that significantly bolsters the power of the Securities and Exchange Commission (“SEC”) to obtain disgorgement of ill-gotten gains from securities law violators who are unjustly enriched. This is a reversal of fortune for the SEC, which has lost a string of recent notable court cases that curtailed its disgorgement authority.

Summary

The NDAA’s SEC-friendly provisions both solidify the agency’s authority to obtain disgorgement through its enforcement actions and provide a materially longer statute of limitations in which the SEC can file these actions. First, Section 6501 of the NDAA amends Section 21(d) of the Securities Exchange Act of 1934 (“Exchange Act”) to expressly authorize the SEC to obtain disgorgement as a remedy for violations of the securities laws. Prior to this amendment, the Exchange Act authorized the SEC to seek “any equitable relief that may be necessary or appropriate,”1 and courts routinely awarded the agency disgorgement as an equitable remedy. But this longstanding practice was hampered by two recent Supreme Court opinions, Kokesh v. SEC and Liu v. SEC.

In Kokesh, the Supreme Court unanimously ruled that disgorgement constituted a “penalty” rather than “equitable relief” and was therefore subject to the five-year statute

The SEC sued Sequential Brands on December 11 in Manhattan federal court, alleging that it failed to accurately calculate and disclose impairments to its goodwill in 2016 and early 2017.  According to the Complaint, this resulted in Sequential’s misleading investors by filing incomplete periodic reports, and failing to maintain both accurate books and records or a system of accounting controls to assure accurate transaction reporting.      

Goodwill is an intangible asset recorded when one company pays more than net fair value to purchase another company.  GAAP mandates that acquiring companies assess potential impairments to their goodwill at least once a year and after any “triggering events,” and that any impairments to goodwill be recorded.  As alleged in the SEC’s Complaint, Sequential‘s annual goodwill testing beginning in fall 2016 that identified no goodwill impairment.  But weeks later, the company performed two additional internal calculations in December 2016 using the same methodology employed in its annual testing (and described in public filings).  These calculations indicated that Sequential’s goodwill was likely impaired, but the company did not share these results with its auditor.  The SEC alleges that rather than recording this impairment, Sequential performed a third, qualitative assessment that concluded goodwill was not impaired, but failed to account for internal fair value calculations and significant negative developments in its business.  Sequential thus avoided recording any goodwill impairment in 2016, which the Complaint says preserved its operating income at an inflated level, conveyed a false impression of financial health, and led to its filing

In its first enforcement action against a public company for misleading disclosures regarding COVID-19’s business impact, the SEC released a December 4 Order Instituting Proceedings against The Cheesecake Factory Inc. and accepted its offer of settlement for a civil penalty of $125,000.  The charges arose from conduct in the period as the COVID-19 pandemic was first spreading across the United States.

As recounted in the SEC’s Order, Cheesecake Factory repeatedly made 8-K current report filings in March and April 2020.  Those disclosures presented a misleading optimistic assessment that its restaurants were “operating sustainably at present” under an off-premises (takeout and delivery) dining model.  The Order further detailed that the restaurant chain’s “operating sustainably” assessment failed to account for corporate expenses, and its misleadingly positive portrayal was contrary to the reality that Cheesecake Factory was losing $6 million cash per week and its cash on hand could support only a few more months of operations.  Finally, in the latest iteration of “you cannot characterize as a possibility that which has already occurred,” Cheesecake Factory was penalized for the March disclosure that it was “evaluating additional measures to further preserve financial flexibility.”  This omitted that the company had already determined to take some measures, as exemplified by its late March notification to landlords that it would not be making April rent payments.

While just the first of its kind, this action is consistent with the Division of Corporation Finance’s March 25, 2020 Disclosure Guidance that cautioned reporting companies regarding disclosure

BCLP Washington Partner Ashley Ebersole was quoted Nov. 13 by Compliance Week regarding possible new enforcement priorities at the Securities and Exchange Commission under a Biden administration. Much will hinge on selection of a new SEC chairman, as current Chairman Jay Clayton has announced his intent to step down at year end before his term officially is scheduled to end in June 2021. “Selection of the new SEC chair, whether from inside the agency or outside, will signal much in terms of the likely approach,” said Ebersole, a former SEC attorney. He also noted that compliance officers “should be prepared for a continued SEC enforcement focus on pursuing fraud involving Main Street investors, but also a likely redoubling of efforts to sanction conduct by financial institutions.”

On the heels of a nearly $50 million record whistleblower payout in June 2020, the Securities and Exchange Commission announced on October 22 that it shattered that mark by awarding a whistleblower an extraordinary $114 million bounty. As described in the press release, the total included $52 million from the SEC, and a $62 million sum from “related actions by another [unspecified] agency.” The SEC’s Order further detailed that though the award arose from an action that was the subject of submissions from four would-be whistleblowers, the only payout was made to a whistleblower who (i) internally reported his or her concerns, (ii) provided information that caused the SEC and other agency to open investigations into the wrongdoing, (iii) provided “substantial and ongoing assistance” throughout the investigation that saved government time and resources, and (iv) suffered “serious personal and professional hardships” as a result of the whistleblowing activity. The SEC provided scant information on the target or substance of the underlying enforcement action, but the record award comes one month after the agency enacted amendments to its rules that were intended to “further incentivize whistleblowers” – something it would seem to be underscoring with windfall payments.

On October 8, 2020, the U.S. Department of Justice (“DOJ”) released the publication “Cryptocurrency: An Enforcement Framework,” (“Framework”) which described emerging threats and enforcement challenges associated with cryptocurrency. DOJ’s Cyber-Digital Task Force produced the Framework to highlight important relationships DOJ has built with other domestic and international regulatory and enforcement partners, and its strategic response to address emerging issues concerning cryptocurrency and the “blockchain” or “distributed ledger” technology underlying it.  The Framework’s stated goal is to ensure that cryptocurrencies and associated technologies are safe and do not imperil public safety or national security. While DOJ explicitly recognizes cryptocurrency’s potential in the Framework, it also outlines both threats and illicit opportunities that cryptocurrency provides for nefarious actors.

For a full discussion of the Framework, please refer to this BCLP client alert co-authored by Ashley Ebersole, Ben Saul, Mark Sere and Jason Semmes.

For the second time this year (see our previous reported here), a judge in the U.S. District Court for the Southern District of New York determined that an initial coin offering (“ICO”) involving the Simple Agreement for Future Tokens (“SAFT”) framework constituted an unlawful unregistered securities offering, establishing a daunting precedent for both potential and past SAFT issuers.  The most recent such ruling came on September 30, 2020, in response to dueling Motions for Summary Judgment in the SEC v. Kik Interactive Inc. case, as profiled further here.

On September 28, the SEC announced charges against two public companies, Interface, Inc. (“Interface”) and Fulton Financial Corporation (“Fulton”), for violations related to the reporting of improperly calculated earnings per share (“EPS”) that enabled the companies to meet or exceed consensus analyst estimates.  In the case of Interface, charges were also levied against the company’s former Chief Financial Officer (“CFO”) and Chief Accounting Officer (“CAO”) for directing subordinates to book unsupported, manual accounting entries that did not comply with generally accepted accounting principles (“GAAP”). These enforcement actions are a result of the implementation of an “EPS Initiative” by the Division of Enforcement that seeks to leverage risk-based data analytics to identify potential instances of accounting and disclosure violations, including those resulting from earnings management practices.

The SEC focused on accounting entries recorded on Interface’s books during the period from the second quarter of 2015 through the second quarter of 2016. The SEC alleged that Interface reported financial results that did not accurately reflect the company’s actual performance, and, instead, inflated income and EPS figures to show consistent earnings growth.  The alleged misstatements were found to be materially misleading because the earnings reported in two quarters enabled the company to meet consensus analyst EPS estimates when, had the unsupported accounting entries not been made, the company would have delivered results below analyst estimates. The SEC alleged that a lack of adequate internal controls over financial reporting created an environment in which the CFO and CAO (then-Corporate Controller) were able to direct