Judge Rakoff Rejects the SEC-Citi Settlement, But Is "Truth" Really the Purpose of Any Settlement and Does the SEC Need the Courts to Settle its Cases?

This post was written by Amy J. Greer.

Once again, Judge Jed Rakoff has proven to be a thorn in the side of the SEC, rejecting the agency’s $285 million settlement with Citigroup Global Markets. While Judge Rakoff’s opinions are always a good read: sharp, well written, and to the point - and this one is posted at the SDNY website and also available here - one can’t help but wonder whether his effort to bring sunshine to the process so as to further his view of the public’s interest in these proceedings won’t have precisely the opposite result.

Using the hook of the injunctive relief incorporated into the settlement as the touchstone for his analysis of whether the public interest is served by the settlement proffered, Judge Rakoff concludes that the settlement “is neither fair, nor reasonable, nor adequate, nor in the public interest. Most fundamentally, this is because it does not provide the Court with a sufficient evidentiary basis to know whether the requested relief is justified under any of these standards.” Opinion at p. 8. This really gets to the meat of Judge Rakoff’s concern: that a party can settle an SEC enforcement action without admitting or denying the underlying allegations. Apparently, in Judge Rakoff’s view, these missing admissions would provide the Court with the facts needed to decide the propriety of the settlement.

While I concede that in certain circumstances this long-standing SEC policy is silly: when I was at the agency, I recall inquiring why the policy applied to convicted felons, for example, who were willing to consent to the entry of SEC judgments after their criminal convictions, a question I still have today. In most circumstances, however, the analysis is no different than in the settlement of any civil matter. Defendants settle cases – including SEC cases – for a multitude of reasons, many of which have nothing to do with whether or not they actually engaged in the conduct alleged. The SEC settles cases for a similar wide range of reasons, including the fact that they simply cannot try every case, and losing cases is decidedly not good policy, makes for bad precedent, and does not serve to deter future conduct.

Just as the settlements of private civil litigation would stall if admissions were required for settlement, significantly fewer SEC enforcement cases would settle if defendants had to admit to any of the alleged conduct. Just like in private civil actions, many defendants do not agree with the SEC’s conclusions, as alleged in the Complaint, and settling parties tend not appreciate the ability of non-parties to seize upon such admissions to further their own causes.

Notwithstanding Judge Rakoff’s suggestion that “knowing the truth” is the overriding public interest to be served by SEC settlements (Opinion at p. 15), in fact, that is the interest served by confidential SEC enforcement investigations, where neither the public nor the Court has any participation. Once that truth is known, the agency then takes the information and undertakes a necessary calculation to serve its true mission, which is to protect investors; sometimes settling cases, sometimes taking defendants to trial. One wonders whether a forced trial can ever be the right outcome, as Judge Rakoff has accomplished here.

But, of course, to achieve its mission of protecting investors, the SEC does not really need Judge Rakoff and I suspect that what we will see is less use of the courts and, so, less public participation in the process. The SEC can just as easily resolve any enforcement matter it chooses to bring in an SEC administrative proceeding, without any of the drama and uncertainty.

Regulatory Round Up 11. 21. 11

This post was written by Michael A. Grant.



Even Data Privacy Obligations are Bigger in Texas

This post was written by John L. Hines, Jr., Paul Bond, Amy S. Mushahwar, Brad M. Rostolsky and Frederick Lah.

Earlier this year, Texas Governor Rick Perry signed into law Texas House Bill (H.B. 300), which presents more stringent requirements for health privacy, data breach notification obligations, and increased fines for violations. The law will become effective September 1, 2012. The following client alert details what businesses in Texas need to know about this new data privacy law. In addition, we wanted to remind clients about California's amendments to its data breach notification bill, as those changes are set to become effective January 1, 2012. Please feel free to pass this along to any client who may find it relevant.

To view the entire alert, please click here.

Small Businesses to Have Larger Role in Big Contracts

This post was written by Gunjan Talati.

Earlier this month, the government issued an interim rule amending the Federal Acquisition Regulation (FAR) to implement set-aside requirements of the Small Business Jobs Act of 2010. The Small Business Jobs Act amended the Small Business Act to require the government to set aside parts of a multiple-award contract for small businesses; set aside orders placed against multiple-award contracts for small businesses; and reserve one or more contract awards for small businesses under full and open multiple-award procurements.

The interim rule attempts to implement these requirements through additions and revisions to a number of FAR parts and subparts:

• FAR Subpart 8.4—Federal Supply Schedules: The interim rule revises this subpart to clarify that even though the set-aside requirements of FAR Part 19—Small Business Programs—are not mandatory for procurements under Federal Supply Schedules, the ordering activity is allowed, at its discretion, to set aside orders and Blanket Purchase Agreements, or BPAs, for small businesses

• FAR Subpart 12.2—Special Requirements for the Acquisition of Commercial items: The interim rule also clarifies that agencies can set aside orders under multiple-award contracts for the acquisition of commercial items

• FAR Subpart 16.5—Indefinite-Delivery Contracts: The interim rule revision acknowledges that set-asides can be used for orders under multiple-award contracts

• FAR Part 19—Small Business Programs: The interim rule adds a new section that allows agencies to use set-asides under multiple-award contracts and reserve one or more contract awards under multiple-award contracts for small businesses

• FAR Subpart 38.1—Federal Supply Schedule Program: The interim rule includes a reference to the changes in FAR Subpart 8.4, clarifying that set-asides can be used for orders and BPAs under Federal Supply Schedules

Even though many of these changes grant the agencies discretionary authority to use set-asides, whereas many of the existing set-aside requirements in the FAR are mandatory, they present additional avenues through which agencies can increase the credit they receive toward their small business goals.

With agencies under the spotlight for missing these goals, there will likely be a lot of activity under these changes. While the impact on small businesses is obvious—increased set-aside contracting opportunities, the impact on large businesses is not so clear. Certainly, there will be the loss of some opportunities, as large businesses cannot submit proposals on set-aside competitions. However, with careful planning, such as identifying potential subcontracting opportunities, large businesses may be able to soften any blow from the potential loss of work and perform a value service by supporting a small business.

The interim rule went into effect November 2, 2011, and companies or trade groups interested in submitting comments to be considered before a final rule is issued will have until January 3, 2012 to submit their comments.

FTC's Consent Order with ScanScout: The Latest Progression with 'Flash Cookies' and Privacy

This post was written by Mark S. Melodia, Christopher G. Cwalina, Steven B. Roosa and Frederick Lah.

Online advertising network ScanScout, Inc. has agreed to settle the FTC's charges that it deceptively represented that users could opt out of receiving targeted ads by changing their Web browser settings to block and delete cookies. The consent decree stems from the FTC's charges that ScanScout's privacy policy did not adequately inform users about the use and management of Flash local shared objects, otherwise known as "Flash cookies", from being placed on their computers. This news is just the latest progression with the Flash cookie issue. In addition to the ongoing threat of Flash cookie-related litigation, companies should now be put on notice that the failure to properly disclose the use of Flash cookies can result in FTC enforcement. The following client alert provides more detail about the consent decree itself and lists some steps that every company with an online presence should take with regard to their use of Flash cookies and other data collection technologies. Please feel free to pass this along to any client who may find it relevant.

To view the entire alert, please click here.

Tougher EU Data Protection Laws on the Horizon

This post was written by Cynthia O'Donoghue.

In a bid to strengthen the European data privacy rules it is most likely that non-European companies will be held to the same standards as European companies in a bid to further protect EU consumer privacy. 

The EU Justice Minister, Viviane Reding, and the German Consumer Protection Minister, Ilse Aigner, released a joint statement saying that the proposed reforms to the Data Protection Directive due at the end of January 2012 will be changed so that consumers’ privacy is protected regardless of a company’s country of origin. “We both believe that companies that direct their services to European consumers should be subject to EU data protection laws. Otherwise they should not be able to do business on our internal market.”

Reding and Aigner focused their statement not just on social networks but also on data that is stored in a ‘cloud’. They stressed that consumers should have more control over their data and stated “EU law should require that consumers give explicit consent before their data are used. And consumers generally should have the right to delete their data at any time, especially the data they post on the internet themselves.”

The joint statement leads us to conclude that both a new principle of accountability and a ‘right to be forgotten’ will be included in the revised EU data protection law. The statements are also consistent with the increased pressure for social networks, like Google and Facebook, who operate outside the European Union but target EU based consumers, to fully comply with the EU data protection laws. The pressure on such companies can also be seen as a natural progression from the investigations into their handling of personal data that have emanated from France, Germany, the UK and Ireland. To prepare for the new horizon, organisations should start by thinking about compliance. 

Securing Director-Level Communications in the Face of Real, Present Cyber Threats

This post was written by Mark Melodia, Paul Bond, and Frederick Lah.

When it comes to data security training, it may be surprising to learn that the people who run the company often have the greatest need for training. Since directors and executives of companies make important big-picture decisions, it is critical for them – perhaps more than any other employees in the company – to be knowledgeable and mindful about their information-sharing and use practices. Consider the fact that most directors and executives of companies tend to be older than the average employee and thus, probably not as technologically savvy, and the need for proper data security training and measures becomes even more significant.

An article by Mark Melodia and Paul Bond of Reed Smith's Data Security, Privacy & Management team was recently featured in Corporate Compliance Insights. The article highlights five manageable steps that companies should take to secure director-level communications in the face of cyber threats.

Regulatory Round Up 11. 8.11

This post was written by Michael A. Grant.



SFO tells whistleblowers: "It's good to talk"

This post was written by Simon Hart.

The UK’s Serious Fraud Office (SFO) has stepped up its attempts to persuade employees and professional advisors to blow the whistle on fraudulent or corrupt practices within the organisations they serve. The SFO has announced a new “SFO Confidential” service that allows whistleblowers to report concerns either by phone to a dedicated team of SFO operatives, or by using an online service.

The SFO’s Director, Richard Alderman, has said that the SFO operatives are trained in dealing with the anxieties that many whistleblowers have when coming forward to report perceived wrongdoing. The SFO has given assurances that the identities of those who blow the whistle will be protected, and reporting can be done anonymously if desired.

To some degree, the new service is the re-packaging of a service that has always existed. It is not new for the SFO to invite people to call them if they have information relating to fraud or corruption. Whistleblowing has always been one of the main ways that the SFO identifies matters for investigation. However, the current initiative is a clear attempt by the SFO to encourage a greater degree of whistleblowing by recognising the anxieties that whistleblowers may have when picking up the phone.

The strategy of promoting whistleblowing is consistent with the SFO’s attempt over the past 12 months to raise its profile and ram home the anti-corruption message it has developed around the implementation of the Bribery Act 2010. Whether “SFO Confidential” gives rise to more, or more effective, whistleblowing is open to debate. Only the SFO will ever know