Key Takeaways | ACC Chicago Roundtable: Updates and Trends from the DOJ and SEC

During a roundtable with Association of Corporate Counsel Chicago Chapter (ACC Chicago) members on April 25, 2024, McDermott Partners Matt Madden, James Durkin and Paul Helms provided guidance on recent US Department of Justice (DOJ) and US Securities and Exchange Commission (SEC) policy announcements impacting compliance programs and whistleblowers and examined enforcement trends against public companies.

Looking ahead, the speakers predicted a continued emphasis on compliance programs, internal controls, and environmental, social and governance strategies that could be affected by the upcoming election. However, they underscored bipartisan enforcement interest in cybersecurity, no matter the election outcome.

Top takeaways included:

1. Top US government officials spoke extensively on the DOJ’s heightened corporate enforcement efforts during this year’s American Bar Association National Institute on White Collar Crime. One headline was the DOJ’s announcement of a new whistleblower program designed to fill gaps and increase corporate prosecutions. The program, which encourages a race to report, could enhance discovery of domestic corruption cases and fraud affecting private companies.
2. The SEC has made parallel efforts to protect whistleblower reporting. The agency filed aggressive actions related to employment and severance agreements that, in the SEC’s view, contained (1) broad confidentiality provisions that do not expressly exclude SEC reporting, (2) attestations that the departing employee had not reported to the government or (3) restrictions on whistleblower rewards.
3. The DOJ announced a safe harbor policy for voluntary disclosures made in connection with mergers and acquisitions. Companies can avoid criminal prosecution if they (1) voluntarily self-report misconduct discovered at the acquired company within six months from the date of closing, (2) remediate the misconduct within one year and (3) fully cooperate with any DOJ investigation. The announcement allows companies to benefit from post-closing diligence.
4. New cybersecurity rules open a new line of attack for SEC enforcement. The new rule requiring cybersecurity incident reporting on Form 8‑K allows the SEC to bring an action for undisclosed cybersecurity events or cybersecurity events not disclosed quickly enough. This type of disclosure lends itself to data-driven enforcement, with the SEC using data analytics to examine trends and contrast issuers’ disclosures to comparable companies.
5. The government could put those data analytics to work in another emerging area of enforcement: shadow trading. In a recent case, an employee of a company being acquired purchased options of a competitor. The case was unusual because the SEC pursued an individual for trading in a competitor, one step removed from the acquiring company or the target. The SEC prevailed at a closely watched trial, though an appeal could affect the outcome. In the meantime, public company executives and directors will need to exercise more caution trading in competitors or related companies.