SEC Report on Business Email Compromise Signals That It May Pursue Insufficient Internal Controls Cases

Nine unnamed public companies found themselves the target of an SEC investigation after they fell victim to “business email compromises,” a type of cyber fraud that cost them nearly $100 million combined. While the SEC did not initiate enforcement actions against any of these companies, the resulting Report signals the Commission’s intent to pursue companies for internal accounting controls violations, adding another tool (in addition to the Safeguards Rule, the Red Flags Rule, disclosure rules and others) to its enforcement arsenal. In this article, we review the Report’s findings with insight from Davis Polk partner Avi Gesser on SEC enforcement and how to avoid BEC scams. See also “SEC Confirms Cyber Disclosure Expectations in New Guidance” (Feb. 28, 2018).

To read the full article

Continue reading your article with a CSLR subscription.