We are pleased to present our annual year in review of financial reporting and issuer disclosure enforcement activity for 2016. Like our prior reviews, this one primarily focuses on the Securities and Exchange Commission ("SEC"), but also discusses other relevant developments. In addition to providing an overview of the past year, this review forecasts where activity might be headed in the future. Much uncertainty lies ahead, but there is reason to believe that the regulatory burden could be lightened on public companies.
In the last four years, under SEC Chair Mary Jo White, the Commission brought record numbers of enforcement actions and obtained unprecedented monetary remedies in the billions of dollars. Financial reporting and disclosure actions saw a dramatic rise during this time. In fiscal years 2015 and 2016, the SEC brought over 200 financial reporting and disclosure actions and charged more than 245 individuals.1 This was double the figures from fiscal years 2012 and 2013.2
In 2016, the SEC continued trends that we saw at the end of 2015. Put simply, the enforcement of alleged financial reporting and disclosure violations was active and aggressive. This is due to a number of factors:
Whistleblower Program Comes Into its Own. The Commission relied on whistleblowers across a number of areas, but this year included a $22 million dollar reward to the whistleblower who exposed an alleged financial reporting and disclosure fraud.3 The program has now awarded more than $142 million to 38 whistleblowers, and it shows no signs of letting up. Financial Reporting and Audit ("FRAud") Group and Big Data. The FRAud Group has matured as a component of the enforcement program and is a central testing ground for the agency's overall continued expansion of its use of data. These developments heighten the risk to companies and individuals because they solidify the SEC's focus on financial reporting and disclosure liability. More indirectly, as the FRAud Group and Big Data continue to mature, they increase competitive pressures amongst SEC staff to investigate and bring these financial reporting actions. Non-Fraud Claims, Internal Controls, and Individual Liability. There has been an increasing willingness to bring actions grounded in negligence and the Foreign Corrupt Practices Act's ("FCPA") recordkeeping provisions. The SEC's historical focus on naming individuals in financial reporting cases also showed no signs of letting up. Combined, the focus on individuals and the willingness to bring low-level charges drastically increased the risks to corporate executives and officers. Wide Variety of Matters. The number and variety of financial reporting and disclosure matters demonstrated the prosecutorial bent of the existing leadership. The cases ranged from large-scale accounting fraud to creative uses of the disclosure rules to penalize commercial bribery. The SEC named individuals in almost all the significant matters. It remains to be seen whether the torrid pace of enforcement and the pursuit of technical violations will continue with new leadership at the SEC and U.S. Department of Justice ("DOJ"). Early indications are that the Commission may be less focused on enforcement and more focused on the SEC's other missions of promoting capital formation and fair and efficient markets.4 In this new environment, some areas relevant to financial reporting and disclosure that may receive close scrutiny include: (i) the imposition of large corporate penalties where there was no corresponding corporate benefit; (ii) the increasing use of low-level claims of negligence and nearly strict liability provisions to bring career-ending charges, especially Rule 102(e) and officer-and-director bars, against individuals; (iii) the inability to provide concrete guidance on the benefits of cooperation, including in anti-corruption investigations; (iv) the lopsided playing field created by the use of administrative proceedings; and (v) the use of the FCPA recordkeeping and internal controls provisions to prosecute technical and insignificant violations.
Although little is certain about the SEC's future, new leadership is unlikely to dramatically shift its approach when prosecuting straightforward fraud cases or those instances where investors have been harmed. While we might see an overall decline in enforcement activity, we might also see a push for more balance with the other parts of the SEC's missionmaintaining fair and efficient markets and encouraging capital formationand less of a prosecutorial approach to regulation. For issuers and executives, that could be a welcome change.
2016 ENFORCEMENT IN REVIEW
Whistleblower Program Comes Into its Own
In 2016, the SEC received more than 4,200 tips from whistleblowersa 40 percent increase from the number received the year the whistleblower program began in 2012. This year, the SEC also surpassed the $100 million mark for awards to whistleblowers who provide tips and assist the Commission.5 The program has had a transformative effect on SEC enforcement and shows no signs of slowing down.6
Several of the SEC's largest settlements in 2016 arose in cases brought by whistleblowers. For example, as a result of multiple whistleblowers, a major financial institution admitted wrongdoing related to the misuse of customer cash and improperly risking customer securities, and settled charges with the SEC for $415 million.7 Another whistleblower tipped off the SEC that a large agricultural business violated accounting rules and misstated company earnings regarding a flagship product.8 That whistleblower was a financial executive with the company who allegedly tried to rectify the situation internally and sought outside auditor assistance before providing "a detailed tip and extensive assistance" to the SEC. The Commission awarded the whistleblower $22 million, the second-largest award ever for a whistleblower.
The SEC has also been aggressive in enforcing the anti-retaliation provisions of the Dodd-Frank Act and Rule 21F-17, which precludes companies from impeding a whistleblower's communications with the Commission. For example:
A Delaware company settled with the SEC for using improper confidentiality provisions in severance agreements in alleged violation of Rule 21F-17.9 Between 2011 and 2013, the company's various severance agreements contained some form of a provision that prohibited the employee from sharing with anyone confidential information concerning the company that the employee had learned while employed by the company, unless compelled to do so by law or legal process. None of the confidentiality provisions contained an exemption permitting an employee to provide information voluntarily to the Commission or other regulatory or law enforcement agencies. The SEC settled with a publicly traded company for its alleged violations of the whistleblower employment anti-retaliation provisions in Section 21F(h) of the Exchange Act, added by the Dodd-Frank Act.10 In 2014, a whistleblower raised concerns to his managers, to the company's internal complaint hotline, and to the Commission that the company's publicly reported financial statements may have been misstated due to the company's cost accounting model relating to its used parts business. The whistleblower was subsequently terminated. As a result of the conduct described above, the SEC alleged that the company violated Section 21F(h) of the Exchange Act, which prohibits an employer from discharging, demoting, suspending, threatening, harassing, directly or indirectly, or in any other manner discriminating against, a whistleblower for providing information regarding potential violations of the securities laws to his employer or to the Commission. The SEC agreed to settle with an oil and gas company for $1.4 million for allegedly firing an internal whistleblower who questioned the company's public reports of its oil-and-gas reserves.11 The employee initially rejected a promotion offer, after which management determined that the worker could be replaced by someone less "disruptive." The SEC also alleged that the company's separation agreements impermissibly prohibited voluntary, direct communication with the Commission. The SEC and a technology company settled allegations that the company impeded former employees from communicating information to the SEC through severance agreements with overbroad non-disparagement clauses.12 These clauses forbade former employees from discussing with the SEC or other regulators matters that "disparaged, denigrated, maligned or impugned" the company, and imposed a significant reduction in severance pay for violations of the clause. Nearly 250 employees were bound by these contracts between August 2011 and May 2015. Thus far, the Commission has brought two settled actions under the anti-retaliation provisions of the Dodd-Frank Act, and at least six settled actions against companies for violating Rule 21F-17.13 These represent aggressive interpretations of 21F and it remains to be seen if the SEC continues to allege these violations.
The FRAud Group and Big Data
The FRAud Group began as a task force designed to determine what, if anything, the Enforcement Division should do about the precipitous post-Financial Crisis drop in financial reporting and disclosure matters. Now more than three-and-a-half years old, the FRAud Group has matured into a likely permanent fixture of the enforcement program. The FRAud Group's work has led to the filing of many reported actions.14 The next section of this review discusses some of the notable cases initiated by the FRAud group in 2016. Given the length of time it takes to investigate these types of matters, we might expect the number to grow more quickly in the future.
The early results suggest that the FRAud Group is adding a proactive element to the agency's otherwise reactive enforcement effort in this area (e.g., enforcement...