SEC Quarterly round-up
Author: Steven R. Howard
In his regular update Steven Howard discusses recent developments in the United States including the confirmation of a new SEC Chairman and the Financial CHOICE Act 2017.
Jay Clayton sworn in as SEC Chairman
On May 4, 2017, Jay Clayton was sworn in as Chairman of the Securities and Exchange Commission (SEC). He was confirmed by the U.S. Senate two days earlier, after having been nominated by President Trump in January.
Chairman Clayton was formerly a partner at the law firm of Sullivan & Cromwell LLP, where his practice included, among other matters, advising public and private companies on corporate governance, mergers and acquisitions, capital markets offerings, and regulatory and enforcement proceedings.
Chairman Clayton joins the SEC’s two current Commissioners – Kara M. Stein and Michael S. Piwowar. President Trump has not yet nominated individuals to fill the two Commissioner vacancies.
OCIE publishes risk alert in response to “WannaCry” ransomware
On May 17, 2017, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a National Exam Program Risk Alert on cybersecurity in response to “WannaCry,” the ongoing global ransomware attack that began on May 12, 2017.
In the Risk Alert, the OCIE staff (staff) encourages broker-dealers and investment management firms (Firms) to review the alert published by the Department of Homeland Security’s Computer Emergency Readiness Team (DHS Alert). The DHS Alert offers a concise overview and description of the WannaCry ransomware, technical details about how an attack occurs, a summary of ransomware’s potential impact and, most importantly, recommended steps for prevention and remediation.
The Risk Alert also encourages Firms to evaluate whether applicable Microsoft patches for Windows XP, Windows 8 and Windows Server 2003 operating systems are properly and timely installed. The staff explained that “initial reports indicate that the hacker or hacking group behind the [WannaCry] attack is gaining access to enterprise servers either through Microsoft Remote Desktop Protocol (RDP) or through the exploitation of a critical Windows Server Message Block version 1 vulnerability.” Patching such known vulnerabilities may limit a Firm’s risk of a WannaCry attack.
In the Risk Alert, the staff also provided Firms (in particular, smaller registrants) with practical tips for how they might mitigate the risk and impact of future cyber-attacks. Among other things, the staff emphasised that Firms should consider cybersecurity issues in advance, noting that developing a “rapid response capability” may mitigate the impact of future cyber-attacks.
OCIE’s publication of this Risk Alert makes clear the following
- Firms should be considering whether they are vulnerable to a WannaCry attack in particular and whether their current practices leave them unnecessarily vulnerable to future ransomware and other cyber-attacks.
- Notwithstanding the staff’s recognition that “it is not possible for firms to anticipate and prevent every cyber-attack,” Firms of all sizes should actively be taking appropriate steps to prepare for and respond to cyber-attack.
- Smaller registrants should recognize that the Risk Alert not only provides them with practical tips for cyberreadiness, but also effectively puts such registrants on notice that the OCIE expects that they, too, are “conducting penetration tests and vulnerability scans and implementing system upgrades on a timely basis.”
Presidential Executive Order addresses Executive Branch and critical infrastructure cybersecurity
On May 11, 2017, President Trump issued an Executive Order aimed at “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (Order). The Order mandates federal governmental review of cybersecurity policies and practices in two distinct but related spheres: (1) the federal executive branch, which “operates its information technology (IT) on behalf of the American people,” and (2) “the owners and operators of the Nation’s critical infrastructure.” The Order also addresses, generally, consumer cybersecurity issues by highlighting the need to promote an “open, interoperable, reliable, and secure internet” and grow and train a workforce skilled in cybersecurity. Its primary purposes appear to be: (1) collecting information the Administration believes it needs to formulate its cybersecurity strategies; and (2) identifying avenues of potential cooperation between the federal government and other entities that are central to preserving the nation’s security.
The most significant development is the Order’s direction that federal agencies apply to their operations the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. As background, in 2013, President Obama ordered NIST to develop a voluntary framework that would guide critical infrastructure entities in their efforts to identify and address the particular cybersecurity risks faced by their organizations. By its very nature, the NIST project was intended as a collaboration between the government and industry, the idea being that by working together the public and private sectors could create an approach to security that would benefit all actors, even in the absence of comprehensive federal cybersecurity legislation. However, by directing federal agencies to employ the NIST’s framework as part of their operations, the Order shifts this framework from a proposal under discussion and in development to something resembling a set of government-endorsed expectations about how cybersecurity is to be managed – a shift that presents potential benefits but also potential risks to private industry.
It is too early to predict what, if any, actual regulatory changes will come out of the information gathering and review process mandated by the Order. At least with regard to executive agencies, the Order is meant to move the NIST’s framework from development to implementation as a set of best practices. Presumably, any lessons learned from the government’s implementation experiences could be passed along to NIST and to the private actors who were meant to benefit from the framework’s development.
Financial CHOICE Act 2017
On April 26, 2017, Chairman Jeb Hensarling of the House of Representatives Financial Services Committee (Committee) introduced the Financial CHOICE Act (Act). The bill was passed by the Committee on May 4, 2017 on a party-line vote, and will now be considered by the full House of Representatives. It remains to be seen what action, if any, the Senate will take if the bill reaches it.
General overview of provisions of Act
The stated intent of the Act includes: ending ‘‘too-big-to-fail;” holding Washington and Wall Street accountable; eliminating red tape to increase access to capital and credit; and repealing certain provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd- Frank Act). The Act, if passed, would substantially change the federal regulation of financial services by, among other things
- Imposing a series of new requirements on rulemaking by federal financial agencies.
- Repealing the Orderly Liquidation Authority under Title II of the Dodd- Frank Act.
- Repealing the Volcker Rule.
- Increasing penalties for securities and banking violations.
- Repealing the Department of Labor’s fiduciary rule, and requiring further rulemaking to await and be coordinated with similar SEC rulemaking.
- Repealing significant elements of the authority of the Financial Stability Oversight Council, including its authority to designate firms as systematically important financial institutions, or “SIFIs”.
- Exempting banking organizations that meet specified capital requirements from certain laws and regulations regarding capital, liquidity, capital distributions, and restrictions on mergers and acquisitions.
- Heightening the pleading standards and burden of proof in cases brought by mutual fund shareholders under Section 36(b) of the Investment Company Act of 1940 (1940 Act).
Proposal to impose heightened pleading requirement and raise burden of proof for plaintiffs in section 36(b) cases
Title VIII of the bill proposes to impose a heightened pleading requirement, and to raise the burden of proof that a plaintiff must meet to pursue a claim against an investment adviser under Section 36(b) of the 1940 Act. Whether this portion of the bill will become law is uncertain. If Title Vlll passes as drafted and works as intended, however, it is likely both to disincentivize plaintiffs’ firms from bringing section 36(b) cases in the first instance and to improve defendants’ chances of obtaining dismissal or a favorable judgment earlier in the litigation.
As background, section 36(b) imposes a fiduciary duty on the investment adviser of a mutual fund with respect to the fees charged to the fund, and creates a private right of action permitting shareholders to challenge the fees paid to the adviser. In Jones v Harris Associates, L.P., the Supreme Court established the standard that must be met to determine that a fee is excessive under section 36(b). According to the Jones Court, fees are excessive only if “so disproportionately large that they bore no reasonable relationship to the services rendered and could not have been the product of arm’s length bargaining.”
The Jones Court acknowledged the Gartenberg factors that can be considered in determining whether an advisory fee paid by a mutual fund meets this standard.
The motion-to-dismiss stage is a crucial moment in many lawsuits; it is the point at which the judge decides whether a case is dismissed or permitted to move into discovery. As currently written, Title VIII would make two changes that would affect the likelihood of cases clearing this procedural hurdle.
First, Title VIII would require that a complaint brought under section 36(b) “state with particularity all facts establishing a breach of fiduciary duty.” If such facts are “based on information and belief, the complaint shall state with particularity all facts on which that belief is formed.” Generally, under such a particularity standard, a complaint must specify the “who, what, when, where, and how” of evidence used to support a fact in a pleading. Conclusory statements or boilerplate language are not acceptable under this heightened pleading standard. Such a standard would likely impose a significant new burden on section 36(b) plaintiffs.
Second, Title VIII would increase the section 36(b) plaintiffs burden of proof to a “clear and convincing evidence” standard. The current burden of proof in section 36(b) cases, which is the burden applicable in most civil cases, is the “preponderance of the evidence” standard, which requires proof that what the plaintiff claims is more likely than not. In contrast, the “clear and convincing evidence” standard requires evidence that produces an abiding conviction that the truth of the plaintiffs factual contentions is highly probable.
If the bill becomes law, plaintiffs will have greater difficulty in ultimately succeeding in a section 36(b) case. However, whether or not the bill is enacted, the responsibilities of investment advisers and mutual fund boards would remain unchanged. Advisers would continue to bear a fiduciary duty to the funds they advise, and mutual fund boards continue to fulfil the role of “independent watchdogs” who “furnish an independent check upon the management of investment companies.” Consideration of investment advisory contracts is one of the essential duties of mutual fund boards, and the outcome of any particular section 36(b) case may turn on fund directors’ care and consideration regarding the reasonableness of advisory fees charged to a fund.
Shareholder proposal reform
The bill also contains a brief section that would raise the bar for shareholders seeking to put proposals on public companies’ annual meeting ballots.
Under current SEC regulations, a shareholder who has held either one per cent or US$2,000 worth of a public company’s outstanding shares for at least a year is eligible to submit a proposal for inclusion in the company’s proxy statement for its annual meeting. Even if a shareholder proposal fails to garner majority support initially, the proponent may resubmit it as long as it obtained at least three per cent of the vote when last presented. This percentage increases to six per cent with the next resubmission and to ten per cent for any subsequent resubmission. The SEC also generally permits shareholder proposals by a non-shareholder on behalf of a shareholder, a practice that has produced a cottage industry of professional, non-shareholding advocates for proposals.
The Act takes aim at the key shareholder proposal eligibility provisions. The bill would require the SEC to eliminate the alternative US$2,000 ownership threshold and “require the shareholder to hold” at least one per cent of the subject company’s shares. Accordingly, it does not appear to permit aggregation of shares by multiple shareholders to reach this threshold. The bill would also require the SEC to increase the holding period requirement from one year to three years and to increase the minimum shareholder support threshold for resubmissions within a five-year window from the current three per cent (for the first resubmission), six per cent(for the next resubmission) and ten per cent (for any subsequent resubmissions) to 6 per cent, 15 per cent and 30 per cent, respectively.
Lastly, the bill would abolish proposals from non-shareholders completely.
In its current form, the bill would make it harder for shareholders to submit Rule 14a-8 proposals. However, like the other elements of the bill, the shareholder proposal reform provisions may look very different if and when implemented.
DOL’s transition period for the new fiduciary rule went into effect on June 9, 2017
On June 9, 2017, the Department of Labor’s (DOL) new rule defining who is a fiduciary under ERISA (Fiduciary Rule) and related prohibited transaction exemptions (PTEs) went into effect and compliance with the Fiduciary Rule and the related PTEs is required after June 9, 2017. A transition period will run from June 9, 2017 to January 1, 2018 (Transition Period), during which the exemptions from the Fiduciary Rule will be available and only compliance with the “Impartial Conduct Standards” condition of those exemptions will be required. Compliance with the remaining conditions of the Best Interest Contract Exemption (BIC Exemption) and with the PTEs (including amendments to Prohibited Transaction Exemption 84-24 (PTE 84-24), which applies to payment of sales commissions in connection with a plan’s purchase of insurance and annuity contracts) will not be required until January 1, 2018.
The Impartial Conduct Standards generally require that a fiduciary: provides advice in retirement investors’ best interest (i.e. advice that is prudent and loyal); charge no more than reasonable compensation; and avoid misleading statements.
During the Transition Period
- Certain disclosures need not be provided, including (among others): acknowledgment of fiduciary status; written commitment to adhere to the Impartial Conduct Standards; and compliance with the recordkeeping requirements of the exemptions.
- Fiduciaries may rely on the BIC Exemption by complying with the Impartial Conduct Standards.
- Parties receiving compensation in connection with annuity recommendations can rely on the broad transition exemption in the BIC Exemption or they can continue to rely on PTE 84-24, which has historically applied to all annuity products.
During the Transition Period the DOL will continue to review, and may revise significant parts of, the fiduciary regulation and the related exemptions before the January 1, 2018 full-compliance date. This regulatory situation is fluid and uncertain and, while it seems possible that the detailed written and procedural aspects of the BIC Exemption will be scaled back, perhaps substantially, it also remains possible that compliance with all of the remaining conditions of the exemptions could be required as of January 1, 2018.
SEC Chairman Clayton announced that the SEC will undertake analyses of the Fiduciary Rule in an effort to develop a securities law definition of fiduciary.
Financial Reporting Council call for evidence regarding UK’s endorsement of the recently issued Sustainability Standards
The Financial Reporting Council (FRC) has issued a call for evidence (the Call for Evidence) to collect views regarding the proposed endorsement by the UK government in respect of the first two IFRS Sustainability Disclosure Standards issued by the International Sustainability Standards Board (ISSB) in June 2023.