Weinberg & Company

Best Practice Newsletter – August 2024

By August 26, 2024 No Comments

“Do as told by Congress”

Judge Strikes FTC Ban on Noncompetes

 A federal judge in Texas has barred a landmark regulation issued by the U.S. Federal Trade Commission (FTC) in April that would have prohibited employers from using non-compete agreements to prevent employees from joining rival firms.

 U.S. District Judge Ada Brown, in Dallas on August 20, ruled that the FTC’s authority to police unfair methods of competition can’t be expanded to include regulations beyond its mandate.

 “The role of an administrative agency is to do as told by Congress, not to do what the agency thinks it should do”, said the judge.

 In a 27-page opinion Judge Brown said, “the FTC exceeded its statutory authority in implementing the Rule, and the Rule is arbitrary and capricious”, and added ”because it is unreasonably overbroad without a reasonable explanation. The Rule imposes a one-size-fits-all approach with no end date.”

 Judge Brown cited as precedent a case decided in June by the Supreme Court which overthrew the 40-year-old Chevron doctrine, which allowed administrative agencies sweeping powers to impose regulations over businesses and individuals.

 The FTC’s ban would have gone into effect September 4, 2024. This decision does allow the FTC to address non-compete agreements on a case-by-case basis. 

 To view the decision:

https://storage.courtlistener.com/recap/gov.uscourts.txnd.389064/gov.uscourts.txnd.389064.211.0_2.pdf

 Cybersecurity Controls are Not Internal Accounting Controls

Court Curbs SEC Enforcement

 The US District Court for the Southern District of New York ruled that cybersecurity failures can’t be punished as “internal accounting controls” violations. The ruling dealt a significant setback to the SEC’s enforcement actions against companies that have been hit by cybersecurity attacks.

 The case of Securities and Exchange Commission v. Solarwinds Corp. was filed in October 2023 following the SEC’s adoption of new cybersecurity rules that require public companies to report “material” cybersecurity incidents to the SEC within four days.

 In its lawsuit against Austin, Texas-based SolarWinds, the SEC alleged that 1. the company made false statements about its cybersecurity risks and incidents, and 2. that it failed to maintain adequate disclosure and internal accounting controls to manage cybersecurity risks.

 Last month, the court dismissed most of the SEC’s claims against the company, including the SEC’s claims that a cybersecurity failure can be punished as an “internal accounting controls” violation under Section 13(b)(2)(B) of the Securities Exchange Act.

 In his 107-page opinion, Judge Paul Engelmayer rejected the SEC’s efforts to expand the Securities Exchange Act’s “internal accounting controls” provision to include cybersecurity controls.

 The court also limited the SEC’s use of the “disclosure controls and procedures” provision, stating that innocent errors are insufficient to plead deficient disclosure controls. The court also dismissed the SEC’s material misrepresentation claims, finding that the SEC improperly relied on hindsight and speculation.

 Allowing the SEC to expand its interpretation of Section 13(b)(2)(B) of the Securities Exchange Act to cover all systems that public companies use to safeguard their valuable assets, “would have sweeping ramifications,” said the judge in his opinion.

 “It could empower the agency to regulate background checks used in hiring nighttime security guards, the selection of padlocks for storage sheds, safety measures at water parks on whose reliability the asset of customer goodwill depended, and the lengths and configurations of passwords required to access company computers,” he added.

The judge continued, “the surrounding terms that Congress used in Section 13(b)(2)(B) which refer to transactions, preparation of financial statements, generally accepted accounting principles, and books and records are uniformly consistent with financial accounting. And there is no evidence of any other sort that Congress intended its reference to a system of internal accounting controls to reach cybersecurity control.”

 “The history and purpose of the statute confirm that cybersecurity controls are outside the scope of Section 13(b)(2)(B),” the judge concluded.

 The SolarWinds case is one of two cases in which the SEC used Section 13(b)(2)(B) to fine companies for alleged cybersecurity breach disclosure failures. In June, the SEC announced a $2.1 million settlement against R.R. Donnelley & Sons, charging that the company violated the section in its reporting of a 2021 ransomware attack.

 This court’s decision represents a major setback for the SEC’s cybersecurity enforcement authority and could impact future cybersecurity enforcement actions and the way companies manage and disclose cybersecurity risks.

 View the court decision:

https://www.nysd.uscourts.gov/sites/default/files/2024-07/SolarWinds%20Opinion%20%28Dkt.%20125%29.pdf

 Recordkeeping Failures

26 Firms Pay SEC Penalties Totaling $390 Million

 The SEC last week announced charges against 26 broker-dealers, investment advisers, and dually-registered broker-dealers and investment advisers for what the SEC alleged were “widespread and longstanding failures by the firms and their personnel to maintain and preserve electronic communications.”

 The 26 firms agreed to pay a combined $392.75 million in civil penalties, and “acknowledged that their conduct violated recordkeeping provisions of the federal securities laws,” according to the SEC press release. Four of the firms agreed to pay penalties as high as $50 million each, and one paid as low as $400,000. Three firms received lower fines because they “self-reported their violations and, as a result, will pay significantly lower civil penalties than they would have otherwise”. 

 The SEC said that each of its “investigations uncovered pervasive and longstanding use of unapproved communication methods, known as off-channel communications, at these firms.”

 When the SEC published its “2024 Examination Priorities” last Fall, it promised to focus its enforcement activities on SEC-registered investment advisers, investment companies, broker-dealers, transfer agents, municipal advisors, securities-based swap dealers, clearing agencies, and other self-regulatory organizations. These latest enforcement actions are part of that effort.

 For a list of the fined firms see:

https://www.sec.gov/newsroom/press-releases/2024-98

 FinCEN Reporting Lagging

Treasury Resorts to Broadcast Ad Campaign

 The US Treasury’s Financial Crimes Enforcement Network (FinCEN) last week launched a nationwide Public Service Campaign informing businesses of their requirements to file Beneficial Ownership Interest (BOI) reports by year-end.

 Starting January 1, 2024, many companies have been required to report information to the US government about who owns and controls their companies. This was the result of the September 2022 Corporate Transparency Act (CTA), which was enacted into law as part of the Anti-Money Laundering Act. The CTA requires “reporting companies” to file ownership information with FinCEN.

 BOI filing requirements under the CTA encompass a broad swath of business entities, though it primarily affects non-publicly traded companies.

 According to FinCEN, the filing requirement applies to 32.6 million businesses this year alone. During a July appearance before the House Financial Services Committee, however, US Treasury Secretary Janet Yellen said only 2.7 million businesses had complied by end of June.

 Earlier in the year, the AICPA and CPA groups from all 50 states and US territories asked Treasury and FinCEN to suspend enforcement of BOI reporting until pending court cases have been resolved.

 In their letter to Yellen and FinCEN Director Andrea Gacki, the groups said that a March 1, 2024 Alabama court ruling, which found the CTA unconstitutional, had created confusion within the business community.

 “The recent NSBA v. Yellen case which found the Corporate Transparency Act (CTA) to be unconstitutional has only compounded confusion, with most entities believing they no longer have a filing requirement,” noted the groups. This ruling in favor of the National Small Business Association was immediately appealed by the Department of Justice.

 Despite the concerns, Yellen said FinCEN, which reports to Treasury, will not extend the BOI reporting deadline.

 Treasury is hoping its “Café Conversations” Public Service Announcements will encourage more businesses to comply.

 See PSA commercial at:  

https://www.youtube.com/watch?v=sXv_uOgpNGg

DISCLAIMER:
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided “as is,” with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.