SEC Extends Its Focus on MNPI Clearance Procedures

[On October 15, 2020], the SEC announced a settled enforcement action against a public company in connection with the company’s initiation of a stock buyback program while in possession of material, nonpublic information (“MNPI”). [1] The Commission charged the company with violating Section 13(b)(2)(B) of the Exchange Act, which requires reporting companies to devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed, and access to company assets is permitted, only in accordance with management’s authorizations.

Specifically, the SEC found that the company’s decision–approved by its legal department–to enter into a Rule 10b5-1 trading plan to repurchase the company’s shares on the same day that the company resumed previously suspended, CEO-to-CEO merger discussions violated the company’s own securities trading policy, and therefore fell outside the board’s repurchase authorization. Without admitting or denying the SEC’s findings, the company agreed to the entry of a cease and desist order and to pay a $20 million penalty to settle the action.

The SEC’s order highlights a number of important matters for public companies:

1. Companies should have a disciplined framework for determining whether they are in possession of MNPI when trading is being considered. While acknowledging that the company required and obtained legal department approval of the initiation of the 10b5-1 plan at issue, the SEC viewed that approval as an insufficient control. In that regard, the order emphasized that the legal department’s approval was the result of an “abbreviated and informal process” that “did not require conferring with persons reasonably likely to have potentially material information regarding significant corporate developments”–including the CEO who was personally involved in the merger negotiations.

That emphasis echoes and extends an approach seen several months ago in the SEC’s enforcement action against a private equity firm. [2] In that case, the SEC charged the firm with failing to maintain adequate procedures under the provision of the Advisers Act that requires registered investment advisers to take reasonable steps to ensure that MNPI is not misused. And there, despite efforts by the firm’s compliance personnel to ensure that the firm was not in possession of MNPI at the time of certain trades in a portfolio company’s securities, the SEC faulted the firm for failing to probe more rigorously as to whether the firm possessed MNPI, including by virtue of the firm’s representatives on the portfolio company’s board.

In short, even though sensitive information (such as merger discussions) may be appropriately compartmentalized within a company on a need-to-know basis, lawyers or others responsible for overseeing a share buyback program (or the administration of a company’s personal trading program, securities issuances or SEC filings) should have a way of accessing such information or obtaining confirmation from senior management regarding such information.

2. Whether information is material will be judged with 20/20 hindsight. As a practical matter, the SEC’s determination as to whether information was material will be made with knowledge of how events actually transpired. Here, the SEC determined that the information in question–the resumption of previously-suspended merger discussions between two CEOs–was material. That those discussions ultimately resulted in a merger was not lost on the SEC; that fact was highlighted in the order. Companies should account for the fact that their judgments about the materiality of information will often be made after a possible transaction has become a completed one.

3. The case is another example of the SEC’s expansive view of “internal accounting controls.” Notably, the SEC did not charge the company with violation of the insider trading laws. In the absence of an express requirement similar to the requirements applicable to investment advisers and broker-dealers relating to policies and procedures concerning MNPI, the SEC charged the company with a failure to have had sufficient internal accounting controls. The basis for the charge was that the company did not have a sufficiently robust control to ensure that its share repurchases would be executed in a manner consistent with the board’s authorization–which either implicitly or explicitly (the order does not say) would have required execution in a manner consistent with the company’s securities trading policy.

While it is unclear that Congress contemplated that the term “accounting controls” would include a company’s controls designed to ensure compliance with a company’s securities trading policy, what is clear is that the Commission will not hesitate to read the internal control provisions of the Exchange Act expansively. Indeed, in 2018, the Commission issued a release saying that a company’s failure to have robust cyber fraud protections could also constitute a violation of those provisions, insofar as such failure made the company vulnerable to a theft of corporate assets. [3]

4. The SEC continues to levy sizeable monetary penalties. As noted above, the penalty imposed here was $20 million. While the Clayton Commission has demonstrated its willingness to levy significant penalties in appropriate cases, one has to wonder whether the penalty here is a substitute, at least in part, for the penalty and/or disgorgement that the company might have paid if the SEC had pursued an insider trading violation. (According to the order, the company paid between $90 and $103 per share for stock that the company’s acquirer eventually agreed to purchase at over $150 per share.) Indeed, by ordering the creation of a Fair Fund in this action, the SEC seems to indicate that those shareholders who sold their shares at the time of the buyback were harmed–just as those trading opposite someone who has violated the insider trading laws might be harmed.

* * *

Ultimately, this case is a reminder that a public company (as regulated entities are expressly required to do) should take steps to ensure that its internal controls and processes for administering a stock buyback (as well as other securities transactions and public disclosures) are reasonably designed to ascertain whether the company may be in possession of MNPI–which will be evaluated with the benefit of hindsight.

Endnotes

1See Andeavor LLC, Release Nos. 34-90208, AAER-4190, File No. 3-20125 (Sec. & Exch. Comm’n, Oct. 15, 2020).(go back)

2See Ares Management LLC, Release No. IA-5510, File No. 3-19812 (Sec. & Exch. Comm’n, May 26, 2020).(go back)

3See Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies and Related Internal Accounting Controls Requirements, Release No. 84429 (Sec. & Exch. Comm’n Oct. 16, 2018), available at https://www.sec.gov/litigation/investreport/34-84429.pdf.(go back)