CISO Liability to be Tested as SolarWinds Case Heads to Court

SolarWinds Begins Defense Against SEC Claims Over Security Lies

Three years and a day after SolarWinds Corp. disclosed one of the most aggressive cyberattacks in history, attorneys for the company and its top security officer will face the US Securities and Exchange Commission in court over the agency’s groundbreaking enforcement action against the company.

***

The case may determine the agency’s tolerance for a company’s ambiguity over its cyber hygiene. The dispute will also shape the SEC’s threshold for executives accused of lying about their network security, and influence the standard the agency will apply to individual corporate security leaders who will soon be asked to comply with new disclosure obligations.

“We can expect to see these cases continue, and that the SEC will continue to see cybersecurity as a priority,” said Jennifer Lee, a partner at Jenner & Block LLP and former assistant director of enforcement at the SEC. “Depending on what happens in the litigation, the SEC may change its approach—they may become more aggressive if they win, they may moderate if it loses.”

SEC Must Scrutinize Auditing Watchdog Before Offering More Funds

The Public Company Accounting Oversight Board, a private corporation created by the Sarbanes-Oxley Act of 2002, posted a summary in November of its otherwise nonpublic $385 million budget for 2024, representing a 10% funding increase over the current year. That’s on top of a 12% increase last year and 11% the year before.

In just over 20 years of existence, the PCAOB has achieved an astonishing cumulative funding increase of nearly 400%—far outpacing inflation, wage growth, and even recklessly irresponsible overall federal spending.

No wonder the board can pay each of its five leaders appointed by the Securities and Exchange Commission annual salaries exceeding half a million dollars—more than the $480,000 Anthony Fauci reportedly received in 2002 as the highest paid federal government official. The PCAOB essentially has an evergreen money tree.

S&P gives Tether poor marks in new stablecoin scale

Credit rating firm S&P Global has started providing risk assessments of eight of the world’s top stablecoins, with the two of the mostly widely used, Tether and Dai, given near bottom marks.

***

“The assets (backing the stablecoins), for us, are the most fundamental starting point” S&P analyst Lapo Guadagnuolo said, explaining one of the key reasons for calculating the scores was their growing use as a means of payment.

Tether’s lowly score reflects a lack of information about who or what holds its reserve assets. A large chunk of those are U.S. government bonds and cash-like equivalents, but there is also “significant exposure” to riskier assets, S&P added.

DOJ Official Defends Corporate Settlements That Stop Short of Guilty Pleas

Settlement agreements known as deferred prosecution agreements and nonprosecution agreements, which stop short of requiring corporate guilty pleas, don’t let businesses off the hook, Acting Assistant Attorney General Nicole Argentieri, who heads the department’s criminal division, said Tuesday at a U.S. Senate Judiciary Committee hearing.

“Those are really serious agreements that are highly negotiated,” she said. “They require forward-looking change by a company. They’re not a pass.”

Senators from both parties raised concerns about the Justice Department’s efforts to crack down on corporate crime. The lawmakers focused on the use of the settlement agreements along with decisions in some instances to not prosecute executives.

SEC Cyber Reporting Mandates: How to Request a National Security or Public Safety Delay

The new guidance highlights the importance of having a process in place to review cybersecurity incidents at the time they occur, determine materiality and reporting obligations, and assess whether a notification delay request based on public safety or national security grounds should be requested before the four-day SEC public notification obligation deadline. It also underscores the importance of having relationships – directly or through counsel – with FBI contacts that can help. In our experience, the FBI’s cyber teams are often highly responsive and try to help victims with discretion.

There is only a short window of time between making a materiality decision, requesting a notification delay, and public disclosure of a cybersecurity incident. Companies would be well served by preparing for these short deadlines now.

U.S. Presidential Candidates Including Vivek Ramaswamy Chat About Crypto, Target Federal Regulators

While the speakers’ comments were often constructive, they also degenerated, at times, into shameless self-promoting spiels. All three blasted the Securities Exchange Commission’s crackdown on crypto exchanges including Coinbase, Kraken and Binance, and called for the agency’s powers to be curtailed.

“We want to see an SEC that… doesn’t treat everybody they’re regulating as an adversary,” Hutchinson said as he called for an end to regulators’ “guidance-by-enforcement” strategies.

Ramaswamy vowed to reduce the agency’s workforce as part of his goal to eliminate 75% of bureaucratic jobs, noting that the third U.S. president, Thomas Jefferson, who died nearly 200 years ago, would be “turning in his grave” over the agency’s actions toward crypto, a technology that was invented roughly 15 years ago.

Binance Moves to Dismiss SEC Lawsuit, Arguing Regulator Hasn’t Met Legal Requirements to Sue

Binance also pushed back against the SEC adding the exchange’s guilty plea with the DOJ and consent order with FinCEN, or Zhao’s own DOJ plea, in the ongoing case.

The SEC argued that the settlements showed that Binance was well aware it was operating in the U.S., serving U.S. customers and otherwise tapping infrastructure within the U.S. for transactions.

“Zhao’s and Binance’s plea agreements and the Consent Order provide further grounds for this Court to deny the Joint Motion to Dismiss,” the SEC said.

In another Tuesday filing, Binance argued that securities laws wouldn’t apply like the Bank Secrecy Act or International Emergency Economic Powers Act (two laws governing the charges Binance and Zhao settled) did.

“Jurisdictional admissions under the BSA do not bring any of the SEC’s claims within the reach of the securities laws,” Binance and Zhao claimed. The filing also argued that the settlements and consent order didn’t implicate securities laws.

Attorney General James Secures More Than $22 Million from Cryptocurrency Platform for Operating Illegally

New York Attorney General Letitia James today secured more than $22 million from KuCoin, one of the largest cryptocurrency trading platforms, for failing to register as a securities and commodities broker-dealer and for falsely representing itself as a crypto exchange. Today’s consent order resolves Attorney General James’ lawsuit against KuCoin and requires the company to refund over 150,000 New York investors more than $16.7 million and pay more than $5.3 million to the state. KuCoin is also banned from trading securities and commodities in New York and is prohibited from making its platform available to New Yorkers. This consent order continues Attorney General James’ work to increase oversight and regulation of cryptocurrency companies and protect New York investors, which has recovered more than $500 million from predatory cryptocurrency platforms to date.