The Boardroom Blog

Supreme Court Prohibits Use of Administrative Courts in SEC Fraud Actions

In a 6-3 ruling last Thursday, the Supreme Court ruled that defendants are entitled to a jury trial where the Securities and Exchange Commission (SEC) seeks civil penalties for securities fraud claims. The decision effectively overturns the portion of the Dodd-Frank Act authorizing the SEC to impose civil penalties through its own in-house proceedings; instead, the SEC must now pursue civil penalties in federal court because of the “close relationship” between common law fraud and the SEC’s securities fraud regime.

Background

Between 2007 and 2010, George Jarkesy started two investment funds, raising about $24 million from 120 accredited investors. Patriot28, which Jarkesy managed, served as the funds’ investment adviser. According to the SEC, Jarkesy and Patriot28 misled investors by (1) misrepresenting the funds’ investment strategies, (2) lying about the identity of the funds’ auditor and prime broker, and (3) inflating the funds’ claimed value so that they could collect larger management fees.

The SEC initiated an enforcement action against Jarkesy and Patriot28, seeking civil penalties for alleged violations of the antifraud provisions of the Securities Act of 1933, the Securities Exchange Act of 1934, and the Investment Advisers Act of 1940. Relying on the Dodd-Frank Act, the SEC opted to adjudicate the matter itself rather than in federal court. In 2014, the presiding administrative law judge (ALJ) issued an initial decision. The SEC reviewed this decision and issued its final order in 2020, levying a civil penalty of $300,000 against Jarkesy and Patriot28.

On appeal, the Fifth Circuit vacated the SEC’s final order, holding the agency’s decision to adjudicate the matter in-house violated Jarkesy’s and Patriot28’s Seventh Amendment right to a jury trial. After the Fifth Circuit denied rehearing, the Supreme Court granted certiorari.

The SEC’s Action Implicates the Seventh Amendment

Chief Justice Roberts first framed the threshold issue – whether the SEC’s securities fraud claims implicate the Seventh Amendment, which guarantees the right to a jury trial for suits at common law. Because the SEC’s claims are “legal in nature,” the Seventh Amendment applies.

In arriving at this conclusion, the Court stressed that monetary civil penalties at common law serve retributive or deterrent purposes. And while courts of equity could order a defendant to return unjustly obtained funds, only courts of law issued monetary penalties to “punish culpable individuals.” The Court explained if a civil remedy is designed to punish or deter conduct, it is a type of remedy at common law and can only be enforced in courts of law.

Per the Court, the SEC’s civil penalty scheme cites these legal considerations, including deterrence and punishment. In sum, the “close relationship” between the SEC’s securities fraud claims and common law fraud implicate the Seventh Amendment and entitled Jarkesy to a jury on the claims.

Public Rights Exception Does Not Apply

The Court held that the “public rights” exception to the Seventh Amendment did not apply. Here, the Court identified the classes of cases fitting within this exception, including government revenue collection, immigration, and tariffs designed to promote competition. But because the SEC’s securities fraud claims did not fall within any of those well-defined exceptions, the Dodd-Frank Act could not siphon a common law action from an Article III court.

Another Loss for the SEC

It will be interesting to follow how the SEC responds to this—whether it be by pursuing civil penalties less often or by pursuing more cases in federal court rather than in-house. This ruling feels like a continuation of efforts to limit the SEC’s ability to take punitive actions. In 2020, in Liu v. Securities and Exchange Commission, No. 18-1501, the Supreme Court limited disgorgement awards to ensure disgorgement was not being used as a penalty but represented actual profits from the fraud net of “legitimate expenses”. However, the SEC has continued to obtain disgorgement awards in the four years since. Having to try a case in federal court seems to be a higher hurdle than the Liu limitations of disgorgement and is likely to have a more meaningful impact on the SEC’s approach to future cases.

This decision also comes on the heels of the Fifth Circuit vacating the SEC’s recently adopted private fund rules, which the SEC designed to enhance compliance rules for private fund investment advisers. Additionally, several private fund industry groups have asked the Fifth Circuit to vacate the SEC’s new short-selling rules, which require investment managers to disclose details about their short positions. We previously outlined the SEC’s adopted Rule 13f-2 here. When the Fifth Circuit issues an opinion in that case, we will provide an update.

NEW RIA PRIVACY AND CYBERSECURITY OBLIGATIONS

Sven Stricker

On May 16, 2024, the Securities and Exchange Commission (“SEC”) unanimously voted to adopt amendments to Regulation S-P (“Amended Regulation S-P”), which were proposed last year. Adopted in 2000, Regulation S-P governs the way SEC registered investment advisers (“RIAs”) (and certain other financial institutions) protect sensitive customer information such as social security numbers, names, phone numbers, and addresses. For an RIA that manages private funds this would include the protected information of the fund’s investors. Amended Regulation S-P expands protection of customer information and establishes standards for data breach notification and recordkeeping. 17 CFR § 248.30. Below, we outline a few key takeaways from Amended Regulation S-P as they apply to RIAs. The SEC’s Adopting Release can be viewed here.

Incident Response Program

Amended Regulation S-P requires RIAs to develop, implement, and maintain written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer information. These written policies and procedures must include a program reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, including customer notification procedures. At a minimum, an incident response program must include the following procedures:

Assessment

Assess the nature and scope of any incident involving unauthorized access to or use of customer information and identify the customer information systems and types of customer information that may have been accessed or used without authorization.

Containment and Control

Take appropriate steps to contain and control the incident to prevent further unauthorized access to or use of customer information.

Notice to Affected Individuals

Notify each affected individual whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization. The notice must be transmitted by a means designed to ensure that each affected individual can reasonably be expected to receive actual notice in writing.

Generally, an RIA must provide the notice as soon as practicable, but not later than 30 days, after becoming aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred.

The contents of the notice must include, among other things, the nature and date of the incident, the data involved, and means for the affected individuals to contact the RIA. Further, the notice must recommend that the affected individual periodically obtain credit reports from each nationwide credit reporting company and that the individual have information relating to fraudulent transactions deleted.

Oversight of Service Providers

An RIA’s incident response program must also include written policies and procedures designed to provide oversight, including through due diligence and monitoring, of its service providers (broadly defined to include any third party that receives, maintains, processes, or otherwise is permitted to access customer information through its provision of services directly to an RIA). Specifically, the policies and procedures must be reasonably designed to ensure that service providers (1) protect against unauthorized access to or use of customer information; and (2) notify the RIA as soon as possible, but no later than 72 hours after becoming aware of a security breach so that the RIA can timely notify affected clients and investors.

Although an RIA may require service providers to notify affected individuals on the RIA’s behalf regarding data breaches, the obligation to ensure that affected individuals are notified rests with the RIA.

Recordkeeping

Amended Regulation S-P also includes new recordkeeping requirements, which include creating and maintaining:

written documentation of any detected unauthorized access to or use of customer information, as well as any response to and recovery from such unauthorized access to or use of customer information required by the incident response program;
written documentation of any investigation and determination made regarding whether notification to customers is required;
written policies and procedures required as part of service provider oversight; and
written documentation of any contract entered into pursuant to the service provider oversight requirements.

Updates to Annual Privacy Notice

Current Regulation S-P requires that a “clear and conspicuous” notice of the RIAs privacy practices be provided to customers annually. Amended Regulation S-P clarifies that this means at least once in every consecutive 12-month period. Nevertheless, the current exceptions to the annual notice requirement (including an exception if the RIA has not changed its policies and practices with respect to disclosing protected information since it last provided a privacy notice to its customers) remain in effect.

Compliance Period

Per the SEC’s Press Release, Amended Regulation S-P will become effective 60 days after publication in the Federal Register. Larger entities (RIAs with $1.5 billion or more in assets under management) will have 18 months after the date of publication in the Federal Register to comply with Amended Regulation S-P, and smaller entities will have 24 months after the date of publication in the Federal Register to comply.

Going Forward

To the extent RIAs do not currently maintain an incident response program, they should work on creating policies and procedures consistent with Amended Regulation S-P. Many RIAs will already have policies and procedures addressing data breach events. For example, many RIAs in Texas must already report data breaches to the Office of Texas Attorney General, if a data breach affects 250 or more Texans. In these cases, RIAs should review and update those existing policies and procedures to meet the compliance deadlines.

Covered institutions should also review their contracts with service providers and update those contracts as necessary to ensure service providers provide notice to the RIA as soon as possible after a data breach event, but no later than 72 hours after a service provider becomes aware of a data breach event.

Finally, RIAs should revisit their recordkeeping protocols surrounding data breach events to ensure those protocols record, maintain, and regularly update compliance efforts regarding amended Regulation S-P.

SEC CONTINUES PUSH AGAINST CRYPTOCURRENCY PLATFORMS’ “UNREGISTERED SECURITIES” DESPITE INDUSTRY PUSHBACK

Josh Sherman

The U.S. Securities and Exchange Commission continues to push forward in the face of industry resistance and legal uncertainty with enforcement actions against cryptocurrency exchange platforms for allegedly offering unregistered securities. Earlier this month, the SEC filed its opposition to Kraken’s motion to dismiss in one such action, while Coinbase moved to certify an interlocutory appeal of the court’s denial of its motion to dismiss in another. A common thread running through these cases is whether the purchase and sale of cryptocurrency assets counts as an “investment contract” under the Supreme Court’s 1946 decision in Howey. The Securities Exchange Act of 1934 says that “securities” under the SEC’s purview include “investment contracts,” which the Supreme Court in Howey defined as “contract[s], transaction[s], or scheme[s] whereby a person invests his money in a common enterprise and is led to expect profits solely from the efforts of the promoter or a third party.” Applying the Howey test to cryptocurrency exchanges, courts have come up with different answers.

Kraken

On April 9, 2024, the SEC filed its response to Kraken’s February 22 motion to dismiss, in case number 3:23-cv-06003 in the Northern District of California, which the SEC initiated against Kraken in November of last year. In its motion, Kraken argues that the exchanges of certain cryptocurrency tokens on its platforms cannot constitute “investment contracts,” because the SEC has not plausibly alleged (1) the existence of any contracts, (2) post-sale obligations owed by digital asset issuers to Kraken customers, (3) investments in a common enterprise, (4) participation in a common enterprise, or (5) reasonable expectations of profits based solely on issuers’ efforts. In its response, the SEC argues that it has plausibly alleged the last three facts and that it need not allege the first two, calling Kraken’s contrary position a “perversion” of Howey. The motion is set to be heard on June 12.

Coinbase

On April 12, Coinbase moved to certify an interlocutory appeal of the denial of its motion to dismiss, in case number 1:23-cv-05738 in the Southern District of New York, which the SEC initiated against Coinbase in June of last year. The parties’ arguments at the motion to dismiss stage in the Coinbase action largely mirrored those in the Kraken one, and the court sided with the SEC.

Coinbase’s motion highlights that the Southern District itself has split over how Howey applies in the cryptocurrency context. In July 2023, in the SEC’s action against Ripple Labs in case number 1:20-cv-10832, the court issued a summary judgment ruling finding that Ripple’s token was not a security itself; that it was a security when it was sold directly to institutional investors; and that it was not a security when it was sold on public exchanges, used as payment for services, or used to compensate employees. But later that month, another court in the Southern District denied Terraform Labs’ motion to dismiss the SEC’s case against it, in case number 1:23-cv-01346, finding that the SEC had plausibly alleged Terraform offered “unregistered investment-contract securities” under Howey.

Coinbase’s motion also points out that in the SEC’s failed attempt to appeal the summary judgment ruling in its case against Ripple, the SEC argued that the “investment contract” question was purely legal, as Coinbase does in its motion.

The SEC has not yet responded to Coinbase’s motion. But last month, it offered as supplemental authority the court’s decision in SEC v. Wahi et al., case number 2:22-cv-01009 in the Western District of Washington, where the court entered a default judgment against Sameer Ramani, an associate of a former Coinbase manager. In its ruling, the court found that Ramani engaged in insider trading of securities based on the purchase and sale of cryptocurrency assets. Coinbase responded with its own letter to the court the next day—pointing out, among other issues, that the court in Wahi concluded that the cryptocurrency assets themselves constituted “investment contracts,” despite the SEC’s position in its action against Coinbase that the assets themselves are not securities.

Meanwhile, Coinbase reinvigorated its efforts to force the SEC to engage in rulemaking to support its cryptocurrency-related enforcement actions in case number 23-3202 in the Third Circuit. Coinbase’s previous such attempt—which it initiated in July 2022 prior to the SEC’s enforcement action against it—languished in December of last year, after the SEC responded with a two-page letter disagreeing with Coinbase’s position that the existing legal landscape of federal securities laws is “unworkable” as applied to cryptocurrency exchanges. Coinbase filed its brief in support of its new petition on March 11, and the SEC’s response is due May 10.

Takeaways

Since June 2023, the SEC has anchored down in its position that it has regulatory and enforcement authority over cryptocurrency exchanges, predominantly under the theory that buying and selling certain cryptocurrency assets constitutes “investment contracts” as defined by the Supreme Court in Howey. While industry stakeholders seek more clarity, the SEC seems reluctant to formally engage in rulemaking that would further solidify its stances. Decisions in the SEC’s actions against Kraken and Coinbase, among others, may shed more light on the legal landscape.

President Biden Signs Executive Order Establishing Framework for Artificial Intelligence Regulation

On October 30, 2023, President Biden signed an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “Order”), which establishes an initial framework for the U.S. Government to follow to develop policies to regulate emerging artificial intelligence (“AI”) technologies. The Order’s purpose is to jumpstart a Federal Government wide effort to formalize standards and laws that ensure responsible and safe development and use of AI, which begins with a directive to develop guidelines, standards, and best practices for AI safety and security. According to a Fact Sheet the White House released with the Order, these AI standards are intended to protect Americans’ privacy, advance equity and civil rights, stand up for consumers and workers, promote innovation and competition, and advance American leadership globally. More specifically, the standards are intended to address chemical, biological, radiological, nuclear, cybersecurity, and other foreseeable national security risks, as well as risks from social harms like fraud, discrimination, and dissemination of misinformation.

As initial guidance that establishes a framework for AI policies and regulations, the Order tasks several federal agencies with developing and implementing the directives over the course of the next 90 to 365 days. The National Institute of Standards and Technology (NIST) is tasked with developing the standards, tools, and tests to help ensure that AI systems are safe, secure, and trustworthy. NIST will coordinate with the Department of Homeland Security (DHS), Department of Energy (DOE), and other agencies to develop rigorous standards for “red team” testing, which is testing aimed at breaking the AI system to expose vulnerabilities. The DHS will apply the NIST testing standards to the United States’ critical infrastructure and will work with the DOE to address AI systems’ threats to critical infrastructure.

The Order comes after, and the fact sheet refers to, voluntary commitments from fifteen major technology companies, including Microsoft, Google, Amazon, and Meta, amongst others, to work towards developing regulations and standards for the safety, security, and trustworthiness of AI. Accordingly, the Order initially requires, by invoking the Defense Production Act, only developers of large AI systems exceeding a specified threshold of computational power to apply the rigorous NIST testing standards to their systems and report the results before releasing the AI system to the public. The Department of Commerce is tasked with further defining the computational power and technical requirements of an AI system that will be subject to the testing and reporting requirements moving forward to ensure all AI systems that pose a threat to national security and the risks described above are captured in the future.

In addition to developing standards to ensure AI systems are secure, agencies are tasked with developing AI guidelines to address social and economic issues affecting Americans, including, equality and civil rights, fraud or deception caused by AI-generated unauthentic content, AI invading (and increasingly replacing) the workforce, AI’s capabilities to advance US healthcare and education, and the preservation of the gamut of individuals’ privacy and data that is captured by or used to “teach” AI. In response to claims AI systems may include or develop discriminatory practices, the Department of Justice and Federal civil rights offices are directed to develop both policies to prevent and address discriminatory practices in AI systems, including algorithmic discrimination, and best practices for prosecuting and investigating civil rights violations. The Department of Commerce is tasked with developing content authentication and watermarking measures to combat fraud and misinformation caused by generative AI, which can be used to create “deepfake” photos and videos, for example. The Department of Labor is tasked with developing best practices to minimize AI harms and maximize AI benefits to workers, and producing a report on the potential impacts AI may have on the future of the labor market, including by job displacement. The Department of Health and Human Services and the Department of Education are respectively tasked with investigating how AI can best improve the health and education systems, including through development of medications and AI based educational tools. Understanding that AI systems require massive amounts of data input in order to learn, a core element of the standards NIST is directed to develop is to preserve and protect individuals’ privacy and data that is used to train AI systems.

Finally, the Order promotes innovation and competition in the AI space by expanding grants and providing access to a publicly available national database of AI research and tools, directs the Secretary of State and heads of other agencies to coordinate with the international community on AI initiatives to advance US leadership in the AI space, establishes measures to ensure the responsible and effective governmental use of AI, and charges the National Security Council to develop a National Security Memorandum to keep the United States on the forefront of emerging AI technologies.

The Order is a necessary step to cement the United States as a leader in the development and efficient use of AI technology to make Americans’ lives better, while at the same time protecting Americans from AI’s potential negative effects from misuse that could drastically outweigh any benefits AI can offer. The next year should provide significantly more clarity on AI regulation as the relevant agencies implement their directives from the Order.

Corporate Transparency Act: Beneficial Ownership Information Reports Required Beginning 2024

The Financial Crimes Enforcement Network (“FinCEN”), a division of the US Treasury Department, issued its final rules (the “Reporting Rules”) under the Corporate Transparency Act (“CTA”), establishing reporting requirements of the beneficial ownership and control of companies formed or registered to do business in the United States and defined as “reporting companies” under the CTA. The CTA became effective in 2021 as part of the Anti Money Laundering Act of 2020, and the Reporting Rules’ stated purpose is “to help prevent and combat money laundering, terrorist financing, corruption, tax fraud, and other illicit activity, while minimizing the burden on entities doing business in the United States.”

The Reporting Rules will specifically impact the private investment world as well as many owners and managers of other small businesses in the US. This is because the Reporting Rules require entities to file reports with FinCEN containing certain information about the individuals with beneficial ownership and/or substantial control of those entities. The required ownership and control information will be familiar to anyone who has disclosed beneficial ownership information to a bank or lender to obtain financing. But beginning next year, the Reporting Rules will require certain entities to self-report beneficial ownership and substantial control information directly to FinCEN as a standing requirement to do business in the United States. The Reporting Rules are not optional, and they impose significant penalties for non-compliance (monetarily and imprisonment).

While the purpose of the CTA is not to compile a publicly available corporate ownership or control database, it may seem that it effectively eliminates the privacy and anonymity features individuals desire by forming a limited liability company, a limited partnership, or other corporate entity. The information required to be reported, however, is not subject to disclosure in response to requests under the Freedom of Information Act or similar laws. FinCEN is only permitted to disclose such information to certain agencies and only for limited purposes, including, for example, to financial institutions to assist in anti-money laundering activities, and to national security, intelligence, and law enforcement agencies.

Entities to Which the Reporting Rules Apply

The Reporting Rules apply to “reporting companies,” defined as foreign or domestic entities either formed in or registered to do business in the United States through the filing of a document with a secretary of state or similar authority, and include limited liability companies, limited partnerships, corporations, etc.

The CTA has exempted several types of entities from the definition of a “reporting company,” noting that many of the exempted entity types are already subject to substantial federal and/or state regulation. With respect to small businesses, relevant exemptions include:

(1) “large operating companies,” which are companies with more than 20 employees, $5M in revenue, and a physical presence in the US; and

(2) “inactive entities,” which are companies not engaged in active business and formed before January 1, 2020, have no assets, are not owned by a foreign person, and that have not received or sent money over $1,000 or had an ownership change in the past year.

Information that Must Be Reported

Reporting companies must file a report that includes certain information about itself and each of its “Beneficial Owners” and “Company Applicants.” Beneficial Owners are generally individuals who own or control 25% or more of the entity’s ownership interests (directly or indirectly), or who exercise “substantial control” over the entity (e.g., manager of a limited liability company, general partner of a limited partnership, etc.). A Company Applicant is the individual who registers or files the formation documents for the reporting company. In addition to a manager or owner of a reporting company, a Company Applicant would also include individuals like lawyers that form or register the reporting company.

The reporting must file information including the following: full legal name; any trade name or “doing business as” name; principal place of business address; jurisdiction of formation; and taxpayer identification number.

Reporting companies must also provide the following for each Beneficial Owner and Company Applicant: legal name; date of birth; residential street address (Beneficial Owner and/or Company Applicant) or the business address (Company Applicant); and a passport or driver’s license number and a copy of the document.

Filing Deadlines

The Reporting Rules require new reporting companies (formed or registered in the US on or after January 1, 2024) to file their report with FinCEN within 30 days of formation or registration within the US. Existing reporting companies (registered in the US before January 1, 2024) must file their initial report by January 1, 2025. Existing reporting companies do not need to include information on the Company Applicant. Importantly, reporting companies have 30 days to file an update when the reporting company’s information or any of its Beneficial Owner’s information has changed.

Penalties

Failure to comply with the Reporting Rules and update or file initial reports can result in civil penalties of $500 per day of noncompliance and criminal penalties of up to $10,000 and 2 years imprisonment.

Impact and Going Forward

As detailed above, unless an exemption applies, the Reporting Rules will affect many US small business owners who may not even be aware of the CTA and Reporting Rules, yet will be subject to the associated obligations and potential liability. This is not a complete summary of the CTA and Reporting Rules and only highlights some of the central points. Earlier this year, FinCEN published beneficial ownership information reporting guidance, as well as FAQs on the Reporting Rules that include a Small Entity Compliance Guide. Even with such guidance, it still may be difficult for affected entities to correctly determine whether they are a “reporting company” or fall within an exemption. Managers and directors of entities are encouraged to begin planning now on how to best comply with the CTA if they haven’t already started.

NVIDIA and CEO Huang Face Securities Fraud Claims

In a 2-1 split, the United States Court of Appeals for the Ninth Circuit revived securities fraud claims under Section 10(b) and Rule 10b-5 against chip maker NVIDIA and its CEO, Jensen Huang – claims previously dismissed by the Northern District of California.

In their amended complaint, class action plaintiffs alleged that during the Class Period (May 10, 2017, through November 14, 2018), NVIDIA and three of its officers, including Huang, knowingly or recklessly made materially misleading or false statements regarding the impact of cryptocurrency sales on NVIDIA's financial performance in order to minimize the extent to which NVIDIA's gaming segment depended on the notoriously volatile demand for cryptocurrency. The district court dismissed both Plaintiffs’ first complaint and amended complaint on the basis that Plaintiffs failed to sufficiently plead that NVIDIA and its officers’ false or misleading statements were made knowingly or recklessly. Plaintiffs appealed.

On appeal, the Ninth Circuit reversed, in part, holding that Plaintiffs adequately alleged that (1) Huang made materially false or misleading statements and (2) Huang made those statements with the required scienter.

Falsity Allegations: Although the sufficiency of Plaintiffs’ falsity allegations was not addressed by the district court, the majority opinion placed particular importance on the fact that Plaintiffs’ outside expert arrived at the same conclusion as an independent investigation regarding crypto-related revenue during the Class Period. Both concluded NVIDIA understated its crypto-related revenues by about $1.1 billion from May 1, 2017, to July 31, 2018. Plaintiffs pointed to multiple occasions where Huang affirmatively stated that NVIDIA’s crypto-related revenues were $150 million for a quarter – actual revenue from crypto-related sales was nearly $350 million for that quarter.

Because Huang’s statements on quarterly earnings calls and subsequent interviews substantially downplayed crypto-related revenue during the Class Period, the Ninth Circuit concluded this led “investors and analysts to believe that NVIDIA’s crypto-related revenues were much smaller than they actually were.” When NVIDIA’s subsequent earnings disclosures revealed it was significantly more dependent on crypto sales than Huang previously expressed, its stock price dropped 28.5%.

The dissent was critical of the majority’s approach, pointing out that the Ninth Circuit has never allowed an outside expert to serve as the primary source of falsity allegations under the Private Securities Litigation Reform Act (PSLRA). Moreover, the dissent noted that plaintiffs’ expert did not rely on NVIDIA’s internal data or documents, but instead relied almost exclusively on generic market research and post hoc calculations.

Scienter Requirement: The Ninth Circuit majority then concluded that Plaintiffs sufficiently pled scienter under the PSLRA with respect to Huang’s statements. Here, the majority relied on confidential statements from former NVIDIA employees, who “confirmed that Huang personally reviewed NVIDIA’s sales data through [NVIDIA’s] centralized sales database” and that “Huang was the most intimately involved CEO he had ever experienced.” On this basis, Plaintiffs’ amended petition provided sufficient particularity to support the probability that a person in the position occupied by the former employees would possess the information alleged. Accordingly, the Ninth Circuit held that plaintiffs sufficiently stated a claim for relief under Section 10(b) and Rule 10b-5 against Huang and NVIDIA. The majority further reasoned that “[w]hile the PSLRA significantly altered pleading requirements in private securities fraud litigation, it did not impose an insurmountable standard.”

Going Forward: NVIDIA’s dominant position in the A.I. chip market and the promise of generative A.I.’s future development has contributed to NVIDIA’s recent $1 trillion market capitalization. In fact, NVIDIA’s stock price has increased by over 11,000% during the last ten years. Given this Ninth Circuit reversal at the pleadings stage, investors will likely fix a keen eye on how NVIDIA categorizes and discloses its revenue from A.I.-related sales.

SEC Adopts New Rules for Private Funds, but They're Less Restrictive Than Originally Proposed

In an open meeting on August 23, 2023, the U.S. Securities and Exchange Commission voted to adopt new rules for private fund managers under the Investment Advisers Act of 1940. The new Rules reflect the most substantial overhaul of private funds adviser regulation since Dodd-Frank in 2010. But they are significantly less restrictive than the version first presented for public comment in February of last year. The SEC adopted two new Rules for all private fund advisers: the “Restricted Activities Rule” and the “Preferential Treatment Rule.” For registered private fund advisers, the SEC adopted three additional new Rules: the “Quarterly Statement Rule,” the “Private Fund Audit Rule,” and the “Adviser-led Secondaries Rule,” as well as amendments to the Advisers Act Compliance Rule which is applicable to all SEC-registered investment advisers.

Restricted Activities Rule

Intended to protect investors from certain fee and expense practices and potential conflicts of interest, this new Rule prohibits certain actions for all advisers—but with notable exceptions. This is a change from the blanket prohibition in the SEC’s original proposal. Under the new Rule—unless disclosed—advisers may not: (1) charge investors for their regulatory or compliance fees or expenses; (2) net taxes against a clawback of their carried interest; or (3) allocate or charge portfolio-level fees or expenses on a non–pro-rata basis. And without consent from a majority in the interest of private funds investors (excluding advisers’ and related persons’ interests), advisers may not charge their clients for fees or expenses associated with governmental or regulatory investigations. Nor, without such investor consent, may advisers borrow assets from their private fund clients. The Rule as adopted does not—as originally proposed—prevent advisers from seeking reimbursement, indemnification, exculpation, or limitation of liability with respect to private funds or their investors for breaches of fiduciary duty, willful misfeasance, bad faith, or negligence in connection with their services. Nor does the new Rule—as originally proposed—prohibit advisers from collecting fees for services not performed. The SEC explained, in declining to adopt an express prohibition, that this practice constitutes a breach of fiduciary duty and is therefore already implicitly prohibited. This new Rule generated the most controversy during the comment period, and its implementation as adopted represents the most significant departure among the new Rules from those that the SEC originally proposed.

Preferential Treatment Rule

Meant to ensure a level playing field for investors, this new Rule prohibits certain practices that treat certain private fund investors preferentially—unless certain exceptions are met. The new Rule generally prevents private fund advisers from allowing any investor to redeem its interests on terms reasonably expected to materially harm other investors. As proposed, there were no exceptions. As adopted, such redemption is permitted if the adviser has offered and will continue to offer the same ability to all investors, or if other binding law mandates such a redemption right for the investor. It also generally prohibits advisers from disclosing information to any investor that they reasonably expect would materially harm other investors. As originally proposed, there were no exceptions. But as adopted, the practice is permitted if the adviser discloses the same information to all interested investors. The new Rule also prohibits any other preferential treatment—unless such treatment is detailed in annual written disclosures. For current investors, the disclosures must specifically describe all preferential treatment. For prospective investors, the disclosures need only specify preferential treatment relating to material economic terms.

Quarterly Statement Rule

Aimed at increasing transparency for investors, this new Rule requires registered advisers to make quarterly disclosures about fees, expenses, performance, and potential conflicts of interest—unless quarterly disclosures complying with the Rule are already prepared by another person. The requisite quarterly statements must prominently disclose how expenses and fee offsets are calculated, as well as performance results calculated with and without capital call lines, with cross-references to funds’ governing documents. The SEC also amended Rule 204-2 to require advisers to retain books and records in connection with the preparation and distribution of these quarterly statements. When originally proposed, the Quarterly Statement Rule required disclosure within 45 days of the end of each calendar quarter. As adopted, for “funds of funds,” disclosures must be made within 75 days of the end of the first three fiscal quarters and 120 days of the end of the fiscal year. Otherwise, funds must issue their quarterly statements within 45 days of the end of the first three fiscal quarters and 90 days of the end of the fiscal year.

Private Fund Audit Rule

Intended to prevent asset misappropriation and ensure accurate valuations, this new Rule requires an annual independent financial statement audit for each registered adviser's fund that complies with Rule 206(4)-2 (the Custody Rule). But the Rule does not, as originally proposed, impose any audit requirements on top of those in the Custody Rule. Nor does it require auditors to report any issues to the SEC.

Adviser-led Secondaries Rule

Similarly intended to prevent fraud and ensure accurate valuations, this new Rule requires either a fairness or a valuation opinion from an independent provider in connection with any secondary transaction led by a registered adviser. Advisers also must provide written disclosures summarizing any recent material business relationships with the independent provider. But the Rule does not, as originally proposed, require a fairness opinion; a valuation opinion can also suffice. Nor does it apply to tender offers. And the opinion must be distributed to investors before the due date of the election form—not, as originally proposed, before the transaction closes.

Advisers Act Compliance Rule

The SEC adopted the amendments to this Rule as originally proposed, requiring all registered advisers to document in writing the annual review of their compliance policies and procedures.

Bottom Line

While the new Rules provide more transparency for private fund investors, advisers should take comfort in the fact that the Rules as adopted impose significantly less restraint than as originally proposed, and investors may likewise appreciate that the SEC incorporated feedback aimed at preventing the Rules from imposing potentially unnecessary costs on private funds.