Yesterday, I discussed the recent hack of the Securities and Exchange Systems’ electronic filing and retrieval system commonly referred to as EDGAR. In a written statement disclosing the hack, Chairman Jay Clayton speculated that the incident may have provided a basis for “illicit gain through trading”. Professor Peter Henning and others have observed that the entire episode is redolent with irony:
For an agency that prizes prompt disclosure of accurate information and has pursued enforcement cases for companies that fail to disclose or update information for investors, it appears that the S.E.C. could use a dose of its own medicine.
S.E.C. Hacking Response Provides Road Map for Compromised Companies (Sept. 26, 2017). See also Professor Stephen Bainbridge’s comments here.
Some may wonder whether the SEC itself could be liable as a tipper of material non-public information.
In SEC v. Obus, 693 F.3d 276 (2d Cir. 2012), the Second Circuit Court of Appeals defined tipper liability as follows:
To be held liable, a tipper must (1) tip (2) material non-public information (3) in breach of a fiduciary duty of confidentiality owed to shareholders (classical theory) or the source of the information (misappropriation theory) (4) for personal benefit to the tipper. The requisite scienter corresponds to the first three of these elements. First, the tipper must tip deliberately or recklessly, not through negligence. Second, the tipper must know that the information that is the subject of the tip is non-public and is material for securities trading purposes, or act with reckless disregard of the nature of the information. Third, the tipper must know (or be reckless in not knowing) that to disseminate the information would violate a fiduciary duty. While the tipper need not have specific knowledge of the legal nature of a breach of fiduciary duty, he must understand that tipping the information would be violating a confidence.
Id. at 286. From what little has been disclosed about the hack, it is at least conceivable that a prosecutor could prove: (1) the information was material and non-public; (2) the SEC breached a duty of confidentiality to registrants (i.e., the sources of the information), (3) the SEC was reckless in tipping the information; (4) the SEC knew the information was material and non-public or acted with reckless disregard of the nature of the information; and (5) the SEC knew or, or was reckless in not knowing, that to disseminate the information would violate a duty to the sources of the information. Even should a prosecutor get past these hurdles, a seemingly insurmountable barrier would remain – the lack of any personal benefit to the SEC.