SEC Enforcement and COVID-19: How Lessons from the Financial Crisis Apply Today
By Amy Greer, Jennifer Klass, Peter Chan, A. Valerie Mirko and Kurt Oldenburg, Baker & McKenzie LLP*
May 27, 2020
Based on public statements, including a recent speech discussing the operation of the Division of Enforcement’s COVID-19 Steering Committee (Enforcement speech), it is clear that the SEC Enforcement Staff (the Staff) is already thinking ahead to the types of enforcement investigations and actions that may follow the COVID-19 Crisis. In doing so, the Staff likely will draw on its experience following the 2008 global financial crisis (2008 Crisis) to identify potential patterns of misconduct that occur during periods of extraordinary market volatility and financial stress. Below we discuss the various areas that the SEC Enforcement Division is currently focused on, as well as our analysis of the enforcement actions arising out of the 2008 Crisis, with a particular focus on the asset management industry.
As discussed below, a key lesson from the 2008 Crisis is that public companies and asset managers, even in the midst of tackling the immediate problems of a crisis, should develop the situational awareness to identify conduct or deficiencies that may be subject to hindsight scrutiny by the SEC. And when issues are identified, firms should take reasonable steps to document their processes and analyses, augment or amend their policies and/or disclosures and make necessary adjustments to their business and plans to protect clients and/or investors, so when the SEC comes knocking after this crisis, they can demonstrate their good faith judgment and efforts.
Enforcement Actions Arising From the 2008 Crisis May Inform COVID-19 Cases
When we reviewed prior enforcement actions from the 2008 Crisis, we found they generally shared one or more of the following themes:
- Failure to adequately disclose “bad news” in the face of red flags, including a variety of valuation and liquidity issues;
- Crisis, as a form of real life stress test, with the result that certain products or investments are exposed as riskier than represented (either at sale or in subsequent reporting or disclosures) or certain financial operations or controls are proven to be deficient; and
- Actual “bad acts” taken in response to the crisis, such as insider trading, market abuse, risky trading strategies, and mismanagement of redemption requests.
With these themes in mind, we expect that SEC enforcement investigations coming out of the COVID-19 Crisis will cover: (i) public companies with operations or finances impaired by the crisis; (ii) investment vehicles with underlying assets affected by the current crisis; and (iii) investment advisers and broker-dealers with business operations impacted by this crisis, or whose sales practices will be reviewed with the benefit of hindsight in the wake of market impacts from the crisis. These categories are not mutually exclusive, and some of the enforcement risks discussed below may apply to varying degrees for all market participants.
Inadequate Disclosure of “Bad News”
Following the 2008 Crisis, the SEC pursued cases against public companies in the banking and financial industry for inaccurately disclosing losses that had already occurred, and also for failing to disclose “known uncertainties” regarding potential future losses evident from financial market trends. In addition, the SEC prosecuted a number of companies that allegedly misapplied accounting rules in ways that served to delay or obscure mounting losses, overvalued and/or impaired assets, or otherwise painted a rosier picture to investors than the economic reality supported.
This focus will obviously affect asset managers that are public, but it will also have an impact on the portfolio companies and investments that asset managers invest in on behalf of clients. Given the near universal impact of this crisis, one can readily foresee post-COVID-19 enforcement investigations, extending to virtually any industry, evaluating whether certain accounting treatments are masking bad financial results and cases against companies that allegedly failed to timely disclose negative financial or economic impacts of this crisis.
“Although many of the SEC’s pronouncements regarding disclosure are directed at public companies, the adequacy of Form ADV disclosure continues to be a primary area of focus for both OCIE and the Enforcement Division. As a result, asset managers should revisit their Form ADV disclosure to consider whether there are additional risk factors or other changes in investment strategies that should be disclosed to clients and investors.”
In the wake of the 2008 Crisis, the SEC also focused heavily on failures related to asset valuations. Similarly, we can now expect the Staff to look at how funds and investment vehicles are valuing illiquid assets, including loan portfolios, real estate and high-yield bonds that are negatively impacted by the COVID-19 Crisis. The Staff might consider whether valuations consistently complied with stated methodologies and will be suspicious of any deviations that conveniently improve asset value. Required periodic disclosures or reports to investors that purport to advise as to asset value or losses will likely get a very close look from regulators.
Recent warnings from the SEC only heighten and confirm these risks. On March 25, 2020, the SEC Division of Corporation Finance confirmed that it is “monitoring how companies are reporting the effects and risks of COVID-19 on their businesses, financial condition, and results of operations and is providing guidance as companies prepare disclosure documents during this uncertain time.” Similarly, the SEC’s Office of Chief Accountant issued a statement highlighting accounting areas that may involve significant judgments and estimates in light of the evolving status of COVID-19 including, but not limited to: fair value and impairment considerations, leases, debt modifications or restructurings, hedging, revenue recognition, income taxes, going concern, subsequent events, and adoption of new accounting standards. Most recently, the SEC Chairman and Director of the Division of Corporation Finance issued a statement urging public companies to include “as much information as is practicable” regarding the financial and operational effects of COVID-19 in forward-looking statements to investors. Finally, in the Enforcement speech, Division of Enforcement Co-Director, Steven Peikin, described that the COVID-19 Steering Committee is focusing on these very issues and noted that “[r]ecognizing that the economic impacts of any downturn may vary across different industries and sectors, the Steering Committee has developed a systematic process to review public filings from issuers in highly-impacted industries, with a focus on identifying disclosures that appear to be significantly out of step with others in the same industry. We are also looking for disclosures, impairments, or valuations that may attempt to disguise previously undisclosed problems or weaknesses as coronavirus-related.”
Crisis as a Real Life Stress Test Exposing Previously Unknown Risks or Deficiencies
The current crisis, like the 2008 Crisis, may also expose latent risks and deficiencies in operational infrastructure. The SEC may look into whether such risks and deficiencies, in hindsight, were reasonably avoidable.
Business Continuity Plans and Cybersecurity. Because of the widespread business disruption in this crisis, we can anticipate that the Enforcement Staff will likely open investigations into deficiencies related to the implementation of business continuity plans (BCPs). The Office of Compliance Inspections and Examinations (OCIE) has already sent firms pandemic-related exam requests seeking information concerning how BCPs were or are designed to address pandemic risks. For example, one unique characteristic of the current environment is that COVID-19 has negatively impacted operations in all geographical regions, even though many firms’ BCPs had envisioned that impairment in one geographic region could be mitigated by backup centers elsewhere. Even if firms implemented what they believed to be adequate procedures for cybersecurity and data protection, such protections may prove inadequate, or fail to address unique requirements imposed by some jurisdictions, given the sudden transition for almost all employees to remote work during the current crisis, and the heightened cybersecurity and data privacy risks associated with this change.
Suitability and Risk Associated with Complex Products and Strategies. Following the 2008 Crisis, the Enforcement Division honed in on complex products and investment strategies—resulting, in part, in the formation of the Division’s Complex Financial Instruments Unit. That focus is likely to continue in the coming months. The SEC likely will review disclosures and reporting related to such products or investments represented to be relatively safe options but, when tested during a crisis, were not so. For example, structured products such as collateralized loan obligations and securitized loans, as well as high-yield bonds and bond funds, are likely to undergo increased scrutiny, with a focus on retail investors in particular.
“[A] key lesson from the 2008 Crisis is that public companies and asset managers, even in the midst of tackling the immediate problems of a crisis, should develop the situational awareness to identify conduct or deficiencies that may be subject to hindsight scrutiny by the SEC.”
Bad Acts and Unfair Conduct
As with any market crisis, there will be a focus on actual or alleged “bad acts” and unfair conduct, such as insider trading, market abuse, risky trading strategies, and mismanagement of redemption requests.
Unfair Treatment of Redemption Requests. Issues surrounding redemption requests by fund investors were a significant Commission focus during and after the 2008 Crisis. We can expect that as redemption requests spike, and some funds gate their redemptions, the Enforcement Staff will look at how funds manage the requests to determine whether stated procedures are being followed to process redemptions fairly, or if they are improperly providing special treatment to themselves or certain investors.
Insider Trading. As noted above, the SEC Co-Directors of the Division of Enforcement recently confirmed that “substantial resources” will be committed to the detection and investigation of insider trading related to the COVID-19 pandemic. Rapidly-evolving financial impacts of COVID-19 and extensions of public reporting deadlines will create more opportunities for insiders to buy or sell stocks before disclosures move the markets. For the same reason, the Staff will be on the lookout for selective disclosure of material nonpublic information in violation of Regulation FD.
Manipulative or Disruptive Trading. A volatile and hyper-sensitive market in the midst of a crisis is particularly susceptible to manipulative or disruptive trading. For instance, following the 2008 Crisis, the SEC prosecuted illegal cross trading of assets after rating agency downgrades. Sales of such assets at prices that unfairly benefitted one client or portfolio over another resulted in enforcement action. In the current volatile market, the Staff will monitor and investigate cross trades executed at prices the Staff views to be outliers. The Staff will also look for patterns of trade cancellations in order to identify potential spoofing and other manipulative trading.
Risk Mitigation Best Practices for this Crisis
Situational Awareness. Like the proverbial frogs that do not realize the water has reached a boil, market participants often do not realize that they are staring at red flags the SEC will later find to be problematic. Developing the situational awareness to identify conduct or deficiencies that could be seen as red flags, and take some action, is key. The action taken need not be perfect or complete, but documentation that a problem was identified and a plan was commenced is a big first step to avoid a claim of negligence. One way to proceed is to assign specific persons from the legal or compliance department, or outside counsel, to review actions or decisions being taken to manage the crisis in the broader context of how such conduct or decisions could be viewed after the crisis, particularly by the SEC and other regulators.
Assess Disclosure in the New Reality. Many institutions are operating in a new reality such that longstanding disclosure, including disclosure of risk factors, may no longer be adequate or complete. As reminded by the SEC, firms should review their current disclosure in the context of the COVID-19 Crisis. Incorporating a deliberative process to understand how the crisis has impacted the firm or its investment strategies is a good step toward identifying whether there has been a material change, what new information should be disclosed, and when that disclosure may be required. The SEC has made clear that historical information may be “substantially less relevant” in the current crisis and that investors should be given as much information as possible on how the company has adjusted, and expects to adjust in the future, its operational and financial affairs in response to the COVID-19 Crisis. Although many of the SEC’s pronouncements regarding disclosure are directed at public companies, the adequacy of Form ADV disclosure continues to be a primary area of focus for both OCIE and the Enforcement Division. As a result, asset managers should revisit their Form ADV disclosure to consider whether there are additional risk factors or other changes in investment strategies that should be disclosed to clients and investors.
Adjust and Enhance Operational and Cybersecurity and Data Privacy Protection. Because of the unexpected nature of the COVID-19 Crisis, firms may be finding deficiencies and gaps despite their previously established BCPs, cybersecurity and data privacy protections. It is important in the midst of the crisis to make reasonable adjustments and enhancements to try to address such gaps and deficiencies, and to otherwise be actively monitoring the effectiveness of security and controls. Enforcement actions are more likely against firms that fail to respond to deficiencies and gaps, or take insufficient steps to monitor security, than against firms that are vigilant and make good faith and timely adjustments.
Document Good Faith Judgments and Actions. Document contemporaneously and review steps and decisions made to address risks and problems arising from the crisis. Firms that are able to produce documentation and evidence of a deliberative process will be better positioned to demonstrate good faith judgment and actions should a regulator come knocking after the crisis.
Firms should consider the lessons learned from the SEC Enforcement Division’s investigations and actions after the 2008 Crisis. They will shed light on potential reactions from the SEC that may follow the COVID-19 Crisis.
*Amy Greer is a Partner in the New York and Washington, DC offices of Baker & McKenzie LLP. Ms. Greer may be reached at firstname.lastname@example.org. Jennifer Klass is a Partner in the New York office of Baker & McKenzie LLP. Ms. Klass may be reached at email@example.com. Peter Chan is a Partner in the Chicago office of Baker & McKenzie LLP. Mr. Chan may be reached at firstname.lastname@example.org. A. Valerie Mirko is a Partner in the Washington, DC office of Baker & McKenzie LLP. Ms. Mirko may be reached at email@example.com. Kurt Oldenburg is an Associate in the San Francisco office of Baker & McKenzie LLP. Mr. Oldenburg may be reached at firstname.lastname@example.org. This article is for general information purposes and is not intended to be and should not be taken as legal or other advice.
TAGS: Compliance Corner, Columns, SEC Enforcement, Coronavirus, COVID-19