A recent report tracking securities class actions relied on historical data to conclude that generally between 1996 and 2018, a mere 3-6% of securities class action settlements had at least one class member opt-out. In recent times, a disturbing trend has surfaced. Specifically, securities class action settlements with opt-outs have almost tripled. Based on these recent trends, between 2019 and 2022, over 11% of all proposed securities class action settlements experienced opt-outs.
The opt-out phenomenon occurs when a class member makes the affirmative decision to exclude its shares (and therefore its ownership interest in the pro-rata share of the settlement proceeds) from the class settlement, often to pursue a separate direct action against the defendant.
Data suggests that as the monetary size of the proposed settlements rises, the likelihood of an opt-out increases. For these larger settlements, the number of opt-outs has become alarming with 30% of settlements over $20 million experiencing at least one opt-out. The figure rises to 62% for settlements over $100 million and 100% for settlements over $500 million.
In these larger settlements, the opt-out is often an institutional investor, such as a pension fund, mutual fund, hedge fund, or other investment management firm. The institutional investors can do the calculations on the size of their ownership interests and whether it warrants the increased litigation costs of bringing a direct action, often fueled by a desire to secure a return on their investments. These opt-outs impede the work after the often difficult, costly, and drawn-out process of achieving a settlement and lead to additional defense costs plus potential incremental indemnity loss. Underwriters are understandably monitoring these statistics closely as opt-outs can hamper their ability to assess the risk surrounding securities class actions reliably and consistently.
The SEC recently filed an enforcement action against a large IT Service Provider (the “Company”) and its Chief Information Security Officer (“CISO”), charging “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In the complaint, the SEC alleged that the company’s public statements about its cybersecurity practices and risks blatantly contradicted internal discussions and assessments about the Company’s cybersecurity policy violations, vulnerabilities, and cyberattacks.
The Company provides network monitoring software to businesses throughout the world. In 2020, the Company provided a software update to its customers for its network management software. Hackers were able to insert malicious code into the update, resulting in a massive cyberattack that affected approximately 18,000 customers, including many national government agencies.
The SEC Complaint charges the Company and its CISO with fraud and internal control failures. Specifically, the allegations suggest that the Company’s public disclosures were widely inconsistent with internal knowledge of known cybersecurity policy violations, vulnerabilities, and cyberattacks. It is alleged that these known risks should have been addressed by both the Company and its CISO individually. According to the SEC, the specific cybersecurity issues highlighted were pervasive and “reflected a culture that did not take cybersecurity issues with sufficient seriousness, and a scheme to conceal these issues from investors and customers.” The complaint alleges that the Company trumpeted its safe and secure cybersecurity practices through misleading statements in three contexts: cybersecurity statements posted to the Company’s website (including statements posted just prior to its second IPO after going private), its S-1 and S-8 registration statements, and the Form 8-K disclosing the cybersecurity breach. The complaint seeks injunctions, disgorgement, and civil monetary penalties, as well as an “officer and director bar” against the CISO.
In its annual report on examination priorities, the SEC stated that information security and operational resiliency, emerging fintech, and anti-money laundering protocols will be areas of risk for market participants. To combat these risks, the SEC will focus on companies' policies and procedures, internal controls, governance practices, oversight of third-party vendors, and responses to cyber-related incidents by reviewing how companies train their staff on issues like identity theft prevention, customer records, and information protection.
The SEC will continue to focus on services, including automated investment tools, artificial intelligence, and trading algorithms, and the risks associated with the use of emerging technologies and alternative sources of data. Among other things, the report also highlights Regulation Best Interest as a focus area for broker-dealers. Exams in that area will focus on complex products, including derivatives and leveraged exchange-traded funds; high-cost products, such as variable annuities; and products that are illiquid, proprietary, or microcap securities.
Additionally, the SEC stated that it will have a specific focus on cybersecurity, cryptocurrency assets, and firms' anti-money laundering programs in the upcoming year. Regarding cryptocurrency — which has been a major focus of the SEC for several years — the latest report indicates that exams will focus on a range of activities surrounding crypto assets and related products, including offering, selling, recommending, trading, and providing advice on such assets. The SEC said it will keep monitoring firms and conduct exams given "the continued volatility of, and activity around, the crypto asset markets."
Director/Officer |
Role |
Company |
Shannon Westhead |
Officer |
Pisces Income Fund, LLC |
Timothy G. Brown |
Officer |
SolarWinds Corporation |
Director/Officer |
Role |
Company |
Shannon Westhead |
Officer |
Pisces Income Fund, LLC |
Timothy G. Brown |
Officer |
SolarWinds Corporation |
Amount |
Director/Officer |
Role |
Company |
$2,650,000 |
Jeetenderjit Singh Sidhu |
Director |
Treadstone Financial Group Ltd. |
$1,053,193.06 |
David Chin |
CEO |
Thor Technologies, Inc. |
Amount |
Director/Officer |
Role |
Company |
$ 2,650,000 |
Jeetenderjit |
Director |
Treadstone Financial Group Ltd. |
$1,053,193.06 |
David Chin |
CEO |
Thor Technologies, Inc. |
https://www.sec.gov/litigation/admin.htm