SEC announces new guidance for public company disclosures on cybersecurity risks

Purpose To discuss the new guidance on public companies’ disclosure obligations regarding cybersecurity risks and incidents, which was recently unanimously approved by the Securities and Exchange Commission (SEC). Design/methodology/approach Outlines the general disclose requirements and the materiality standard set forth by the SEC, explains specific guidance on public company cybersecurity disclosure, and discusses cybersecurity risk management and insider trading policies. Findings In addition to clarifying the disclosure requirements with respect to cybersecurity issues, the article discusses two additional areas of concern identified by the New Guidance that public companies should consider in the context of cybersecurity and related disclosure. First, public companies must design and maintain policies and procedures to help manage cybersecurity risks and respond to incidents as they occur. Second, public companies should consider adopting insider trading policies that specifically prohibit management and other corporate insiders from trading on the basis of material non-public information regarding a cybersecurity risk or incident. Originality/value Practical analysis of the guidance on disclosure obligations regarding cybersecurity risks and incidents, including discussion surrounding two aspects of cybersecurity not previously addressed in prior SEC staff guidance on the topic.

Download Full-text

Securities and Exchange Commission announces enforcement initiative directed at reporting violations by public company insiders

Journal of Investment Compliance ◽

10.1108/joic-01-2015-0002 ◽

2015 ◽

Vol 16 (1) ◽

pp. 19-24 ◽

Cited By ~ 1

Author(s):

Richard J. Parrino ◽

Peter Romeo ◽

Alan Dye

Keyword(s):

Securities And Exchange Commission ◽

Timely Manner ◽

Public Companies ◽

Content Type ◽

The Past ◽

Public Company ◽

The Us ◽

Securities Laws ◽

Enforcement Activity ◽

Disclosure Obligations

Purpose – The purpose of this paper is to review the enforcement initiative announced by the US Securities and Exchange Commission (SEC) in September 2014 directed at reporting violations of the Securities Exchange Act of 1934 (Exchange Act) by public company officers, directors and significant stockholders. The paper considers the notable features of the first round of SEC enforcement actions pursuant to that initiative and proposes measures public companies and their insiders can adopt to enhance compliance with their reporting and related disclosure obligations under the Exchange Act. Design/methodology/approach – The paper examines the SEC’s enforcement initiative against the backdrop of the agency’s enforcement activity since 1990 for violations by public company insiders of the reporting provisions of Sections 13 and 16 of the Exchange Act. The paper summarizes the features of the reporting violations that attracted SEC enforcement interest in the recent proceedings and identifies the factors apparently weighed by the SEC in determining the amount of the penalties sought against those charged with the violations. Findings – The SEC’s latest enforcement actions are unprecedented for insider reporting violations. The new enforcement initiative represents an abandonment by the SEC of its largely passive approach of the past dozen years in which it charged insider reporting violations only when they related to fraud or other major violations of the securities laws. If reporting violations are flagrant, the SEC now promises to target the offenders for enforcement on a stand-alone basis without regard to other possible wrongdoing. The SEC also cautions that, as it did in some of the recent enforcement actions, it may charge companies that promise to assist their insiders in the preparation and filing of their reports, but do not to make the filings in a timely manner, with contributing to the filing failures. Originality/value – The paper provides expert guidance from experienced securities lawyers.

Download Full-text

SEC charges broker-dealer for failure to protect against insider trading by employees

Journal of Investment Compliance ◽

10.1108/joic-01-2015-0004 ◽

2015 ◽

Vol 16 (1) ◽

pp. 59-62

Author(s):

Daniel A. Nathan ◽

Tiffany Rowe

Keyword(s):

Insider Trading ◽

Private Equity ◽

Public Information ◽

Securities And Exchange Commission ◽

Confidential Information ◽

Securities Litigation ◽

Content Type ◽

Improper Use ◽

Failure To Protect ◽

Securities Laws

Purpose – To alert broker-dealers to Securities and Exchange Commission charges brought against a broker-dealer for ineffective controls over employee use of confidential information and to provide guidance regarding development and implementation of controls to protect against improper use of material non-public information by employees. Design/methodology/approach – Reviews Securities and Exchange Commission settlement order with broker-dealer for violations of securities laws for failure to adequately prevent insider trading by employees and provides guidance for implementing control to prevent insider trading. Findings – The Securities and Exchange Commission’s charges are the first to be brought against a broker-dealer for failure to adequately protect against insider trading. A broker used a customer’s confidential information regarding an impending acquisition by a private equity firm to purchase stock in the target company. The broker-dealer settled charges of violations of the federal securities laws for failing to adequately establish, maintain, and enforce policies and procedures to protect against insider trading by employees with access to confidential client information. Originality/value – Practical guidance regarding internal controls at broker-dealers from experienced securities litigation and regulation lawyers.

Download Full-text

Mark Cuban defense verdict highlights difficulty of proving “misappropriation” theory of insider trading

Journal of Investment Compliance ◽

10.1108/joic-02-2014-0012 ◽

2014 ◽

Vol 15 (1) ◽

pp. 38-40

Author(s):

Jonathan Green ◽

Aaron Miner

Keyword(s):

Insider Trading ◽

Design Methodology ◽

Public Information ◽

Content Type ◽

Jury Verdict ◽

Turn On ◽

Securities Analysts ◽

Confidentiality Agreement ◽

Corporate Insiders ◽

Relationship Of

Purpose – To summarize and draw conclusions from the insider trading suit brought against well-known entrepreneur Mark Cuban in 2008. Design/methodology/approach – Summarizes the facts of the 2008 case, brought by the SEC against Cuban for allegedly misappropriating material, non-public information conveyed to him purportedly pursuant to a confidentiality agreement. Reviews the basics of the misappropriation theory of insider trading, and the basis of the jury verdict in Cuban's favor. Concludes by stressing that securities analysis and major investors should still remain cautious, and explains why. Findings – The Cuban verdict appears, at first glance, to be a substantial victory for securities analysts and major investors whose businesses depend on regular communications with corporate insiders or others who possess material non-public information. It demonstrates the challenges the SEC faces under existing law in establishing a relationship of trust and confidence between the recipient of alleged material, non-public information and the source of that information for purposes of proving misappropriation liability. Nevertheless, the Cuban judgment did not ultimately turn on the existence of such a relationship, and the contours of misappropriation liability remain unsettled. Accordingly, securities analysts, investors and any other entity or individual who receives information pursuant to a confidentiality agreement should remain cautious and refrain from acting on material, non-public information regardless of the circumstances. Originality/value – Practical explanation by experienced litigators.

Download Full-text

COVID-19 considerations for SEC cybersecurity guidance, disclosure, enforcement, and parallel proceedings: navigating the new normal

Journal of Investment Compliance ◽

10.1108/joic-08-2020-0018 ◽

2020 ◽

Vol 21 (2/3) ◽

pp. 111-126

Author(s):

Aldo M. Leiva ◽

Michel E. Clark

Keyword(s):

Securities And Exchange Commission ◽

Effective Vaccine ◽

Resource Reallocation ◽

Securities Litigation ◽

Public Companies ◽

Content Type ◽

Business Operations ◽

Expert Analysis ◽

Securities Industry ◽

Remote Operations

Purpose To examine the COVID-19 pandemic’s effects on regulated entities within the context of cybersecurity, US Securities and Exchange Commission (SEC) compliance, and parallel proceedings. Design/methodology/approach Describes the SEC’s ability to conduct its operations within the telework environment, its commitment and ability to monitor the securities market, its enhanced monitoring of the adverse effects of SEC-regulated companies from COVID-19, its guidance to public companies of disclosure obligations related to cybersecurity risks and incidents, the SEC Office of Compliance and Examinations’s (OCIE’s) focus on broker-dealers’ and investment advisories’ cybersecurity preparedness, the role and activities of the SEC Division of Enforcement’s Cyber Unit, and parallel proceedings on cyberbreaches and incidents by different agencies, branches of government or private litigants. Findings SEC-regulated entities face many challenges in trying to maintain their ongoing business operations and infrastructure due to severe financial pressures, the threat of infection to employees and customers, and cybersecurity risks posed by remote operations from hackers and fraudsters. The SEC has reemphasized that its long-standing focus on cybersecurity and resiliency within the securities industry will continue, including ongoing vigilance over companies’ efforts to identify, assess, and address the inherent, heightened cybersecurity risks of teleworking and the resource reallocation that business need to sustain their operations until a safe and effective vaccine is developed for COVID-19. Originality/value Expert analysis and guidance from experienced lawyers with expertise in securities, litigation, government enforcement, information technology, data protection, privacy and cybersecurity.

Download Full-text

Are your customer accounts in order? – SEC announces sweep of broker-dealers and implementation of the customer protection rule initiative

Journal of Investment Compliance ◽

10.1108/joic-02-2017-0009 ◽

2017 ◽

Vol 18 (1) ◽

pp. 68-74

Author(s):

Melissa Beck Mitchum ◽

Bob Xiong

Keyword(s):

Current Account ◽

Design Methodology ◽

Securities And Exchange Commission ◽

Content Type ◽

Policies And Procedures ◽

Practical Guidance ◽

Reporting Mechanism

Purpose To explain the Customer Protection Rule Initiative announced by the Securities and Exchange Commission (SEC) and offer practical guidance for complying with Rule 15c3-3 under the Securities Exchange Act of 1934. Design/methodology/approach This article discusses Rule 15c3-3 under the Securities Exchange Act of 1934, related interpretative guidance, and the Customer Protection Rule Initiative announced in June 2016 by the SEC. Findings This article concludes that broker-dealers should take advantage of the Customer Protection Rule Initiative’s self-reporting mechanism and use this time to review their current account arrangements with banks, existing internal policies and procedures, and account documentation. Originality/value This article contains valuable information about the SEC’s Customer Protection Rule Initiative and practical compliance guidance from experienced securities lawyers.

Download Full-text

Emotional Acumen on the Propensity of Graduating Technology Students to Whistle-Blow About Organizational Cyber Security Breaches

International Journal of Smart Education and Urban Society ◽

10.4018/ijseus.2018100101 ◽

2018 ◽

Vol 9 (4) ◽

pp. 1-14 ◽

Cited By ~ 1

Author(s):

Nimisha Bhargava ◽

Mani Kumari Madala ◽

Darrell Norman Burrell

Keyword(s):

Decision Making ◽

Cyber Security ◽

Ethical Decision Making ◽

Moral Dilemma ◽

Securities And Exchange Commission ◽

Complex Nature ◽

Public Companies ◽

Security Breaches ◽

Technology Students ◽

Corporate Insiders

Emotional acumen is relatively a new concept compared to the other decision-making variables in the existing literature. Comprehending the procedure in which the individuals captivate themselves in ethical decision-making and the factors stimulating this procedure may be imperative for burgeoning more efficient education for ethics. The U.S. Securities and Exchange Commission issued new guidance calling on public companies to be more forthcoming when disclosing nature and scope of cybersecurity breaches. The statement also warns that corporate insiders must not trade shares when they have information about cybersecurity issues that is not public yet. Understanding the emotional underpinnings is critical to guiding how individuals deal with the complex nature of morally infused predicaments, their awareness of the moral dilemma, judgments about the potential consequences and their intention to act or propensity to whistle-blow related to cybersecurity breaches are significantly affected by the emotional acumen.

Download Full-text

Corporate Insider Trading: New Dimensions In Liability

Journal of Applied Business Research (JABR) ◽

10.19030/jabr.v2i4.6563 ◽

2011 ◽

Vol 2 (4) ◽

pp. 106

Author(s):

Barbara Crutchfield George ◽

Maria Boss

Keyword(s):

Supreme Court ◽

Insider Trading ◽

Public Information ◽

United States Supreme Court ◽

The United States ◽

Securities And Exchange Commission ◽

High Court ◽

Lower Courts ◽

The One ◽

Directors And Officers

At first glance it may appear that the law which prohibits the use of material non-public information only applies to the technical insider (e.g., corporate directors and officers). However, the scope of the prohibition encompasses persons other than technical insiders. Because the statutory language in Section 10 (b) is broad in scope, and for that matter never mentions directly or indirectly the term insider trading, the United States Supreme Court will ultimately have to determine to whom the term insider can be applied. At the present time there is a conflict between the lower courts and the Securities and Exchange Commission (SEC), on the one hand and the U.S. Supreme Court, on the other, in the handling of insider trading cases: the lower courts and the SEC are expanding the scope of liability for insider trading, but this expansion has been rejected by the high court when it has been confronted with such expansion attempts.

Download Full-text

US public auditing reforms may follow 2020

Emerald Expert Briefings ◽

10.1108/oxan-db250905 ◽

2020 ◽

Keyword(s):

Audit Quality ◽

Securities And Exchange Commission ◽

Fiscal Year ◽

Donald Trump ◽

Public Accounting ◽

Content Type ◽

The Public ◽

Securities Law ◽

Budget Proposal ◽

Public Company

Subject US public accounting oversight and proposed reforms. Significance Earlier this month, President Donald Trump released his budget proposal for the 2021 fiscal year. Among the proposals is merging the Public Company Accounting Oversight Board (PCAOB) into the Securities and Exchange Commission (SEC) beginning in 2022. The move would further weaken US securities law and the accounting framework, which has steadily eroded in recent years. Impacts Shifting oversight over audit quality to the SEC would greatly reduce resources available for this function. House Democrats will be reluctant to give Trump legislative victories before November. Under Trump, the SEC will further shrink its enforcement activities; this process began before he became president.

Download Full-text

Does insider trading pay?

Journal of Financial Crime ◽

10.1108/jfc-07-2018-0068 ◽

2019 ◽

Vol 26 (2) ◽

pp. 647-664

Author(s):

Aneta Spaic ◽

Claire Angelique Nolasco ◽

Lily Chi-Fang Tsai ◽

Michael S. Vaughn

Keyword(s):

Insider Trading ◽

Choice Model ◽

Securities And Exchange Commission ◽

Federal Courts ◽

Criminal Proceedings ◽

Financial Benefit ◽

Criminal Cases ◽

Average Amount ◽

Content Type ◽

Her Family

Purpose This paper analyzes trading and tipping activities in insider trading litigation decided by federal courts from January 1, 2012 to December 31, 2014. Design/methodology/approach Legal documents from the US Securities and Exchange Commission, LexisNexis and Westlaw databases were coded to determine profile, patterns of trading and settlement outcomes. Findings Results of statistical analysis indicate that a defendant in both civil and criminal cases is more likely to trade on the information when he/she receives a direct, financial benefit from breaching his/her duty of confidentiality. The defendant tipper is also more likely to pass on the information to a close personal friend, business associate or family member. The average amount of profit of defendants in both civil and criminal proceedings substantially exceeds the average amount of their settlements. Originality/value This paper offers support for the rational choice model – insider trading is often based on rational calculations of benefits not only to the defendant but also to his/her family and associates. Although the threat of civil enforcement and criminal proceedings may possibly deter him/her from committing the crime, results indicate that the amounts of settlement in both proceedings are considerably lower than the amount of profits obtained from the offense.

Download Full-text

Repeat offenders: examining cases of multiple years of internal control weaknesses

Managerial Auditing Journal ◽

10.1108/maj-05-2019-2302 ◽

2020 ◽

Vol 35 (4) ◽

pp. 499-520

Author(s):

Kathleen Bakarich ◽

Devon Baranek

Keyword(s):

Financial Reporting ◽

Internal Control ◽

Securities And Exchange Commission ◽

Repeat Offenders ◽

Content Type ◽

Public Company ◽

Material Weaknesses ◽

General Material ◽

Current Sample ◽

One Year

Purpose This study aims to identify characteristics of firms reporting multiple years of material weaknesses in internal control over financial reporting (MWICFR), labeled “Repeat Offenders”, and examine their characteristics and the types of material weaknesses they report using both broad and COSO-based classification schemes. The analysis compares these firms with firms reporting only one year of MWICFR and examines the differences between Repeat Offenders reporting consecutive and non-consecutive weaknesses. Design/methodology/approach Univariate and multivariate analyses were conducted on a sample of 1,793 firm-year observations, split into Repeat Offenders and non-Repeat Offenders, and collected from AuditAnalytics and Compustat from 2007 to 2015. Findings On average, 40% of adverse opinions in ICFR each year can be attributed to Repeat Offenders. Compared to one-time MWICFR firms, Repeat Offenders are significantly more likely to report general material weaknesses and, within the COSO framework, are significantly more likely to report issues with Segregation of Duties and Processes and Procedures. Repeat Offenders reporting consecutive years of MWICFR are significantly more likely to have general weaknesses than non-consecutive Repeat Offenders and are also significantly more likely to report issues with Segregation of Duties and Personnel. Research limitations/implications Prior studies have examined unremediated ICFR issues in the periods immediately following SOX implementation. This study extends this literature with a longer, more current sample period, focusing on both broad and COSO-specific control issues, as well as examining consecutive and non-consecutive MWICFR and firms with more than two years of MWICFR. Originality/value This study underpins recent Securities and Exchange Commission and Public Company Accounting Oversight Board concerns regarding pervasive ICFR issues. This study identifies some of the characteristics of firms associated with weaker ICFR and pinpoints more specific areas within internal controls that frequently lead to adverse opinions.

Download Full-text