Courtesy of Joseph T. McClure
In the wake of the Facebook-Cambridge Analytica scandal, data privacy emerged as a hot-button issue that politicians of all ideological persuasions will add to their stump speeches before the 2020 elections. It also appears likely to join issues such as climate change, gun violence, and workplace sexual misconduct as the basis for a Section 10(b)/Rule 10b–5 securities fraud claim. In the absence of specific legislative solutions to address some of these politically-sticky issues, regulators and private parties have played a role in policing the conduct of public companies using tools found in securities law.
Rule 10b–5 (promulgated under Section 10 of the Securities Exchange Act of 1934) makes it a crime to make false or misleading statements in connection with the purchase or sale of securities. Consequently, a true statement that becomes untrue, half-true, or misleading may be actionable under the rule if the maker fails to update their previous statement.
The application of this rule to the divisive issues mentioned above is fairly simple: Company A does a Bad Thing. Company A does not disclose that Bad Thing because it will create bad publicity. Sometime later, the public finds out about the Bad Thing and the stock price of Company A falls. When the price falls, inevitably, there are investors who purchased stock without knowledge Company A did the Bad Thing but who definitely think the Bad Thing should have been disclosed. These investors will argue that if they had known about the Bad Thing, they would have valued the stock at a lower price, thus the losses they suffered due to the poor timing of their purchase were purchases made in connection to a misleading statement (which can be an omitted statement) issued by the company and/or its executives.
Given the relatively straightforward nature of this activity, private shareholders, in addition to regulatory agencies—primarily the Securities and Exchange Commission—and the Department of Justice may seize the opportunity to impose punishment on the company for the Bad Thing. It doesn’t matter that the Bad Thing is not itself illegal; it is clearly distasteful judging by the market’s reaction. In the absence of specific legislation or a regulatory framework that addresses the conduct itself, legal action by regulators and private citizens creates a method of punishing the distasteful conduct. These actions yield both punitive and deterrent effects.
Matt Levine of Bloomberg has frequently discussed this phenomenon in his daily column, “Money Stuff.” Drawing from his thoughts, I wrote an article that further explores the topic, particularly as it relates to Facebook’s failure to disclose misuses of personal data by Cambridge Analytica in the run-up to the 2016 United States presidential election.
In the absence of a more specific legal framework, using securities law as a punitive tool is a convenient and politically expedient method of punishing bad behavior. This is certainly true in the case of Facebook, who has repeatedly made headlines for their careless handling of user data.
Another example where this practice has been put to use is New York state’s lawsuit against Exxon. New York brought this action under the Martin Act, a New York state “blue sky law” (the important distinction from federal securities law is that it gives the New York Attorney General special authority to prosecute securities fraud without having to plead scienter or direct reliance). This lawsuit dates to 2015, when then-Attorney General Eric Schneiderman subpoenaed Exxon “to determine whether the company lied to the public about the risks of climate change.” The interesting part is that “the public” has two aspects: the citizens of New York and the investing public. It is the investing public which made decisions to buy or sell Exxon securities based on the information that Exxon disclosed to the public. If that information was not an accurate representation of the risks known to Exxon at the time the information was reported, then it will certainly look like Exxon committed securities fraud. The New York State Office of the Attorney General has taken that position, and it is hard to disagree with the theory as it is laid out in the complaint.
In substance, the complaint alleges that Exxon kept two separate data sets on climate change: one set was based on scientific research and kept for internal planning purposes and the other set was disclosed in various public releases with titles such as “Outlook for Energy” and “Energy and Climate” and “Managing the Risks.” These were not official SEC filings, like 10-Ks or 10-Qs, but the information in the releases represented how “proxy costs” were calculated. “Proxy costs” are essentially how Exxon models the future costs of carbon emissions when the company considers new projects. It is not a purely scientific figure and has variance based on some generalized assumptions. The “costs” relate to the cost of future regulation, which Exxon assumes will increase as policymakers become more focused on environmental protection.
The complaint states “Exxon represented to investors that all of the company’s business units incorporated its proxy cost as part of its business planning process, also known as ‘planning and budgeting.’” Put simply, Exxon represented that it assumed regulation of carbon would increase in the future, therefore contemplated projects were evaluated based on what Exxon predicted would be profitable in the future. Exxon wanted the public to think it was being responsible with the projects it chose, choosing only those projects that were more environmentally friendly. But, the “proxy costs” were essentially made-up numbers, and their internal numbers painted a very different picture. For major projects, “Exxon … assumed that existing costs would remain flat indefinitely into the future rather than applying a proxy cost.” So “[b]y using cost assumptions for its impairment evaluations that differed from, and were more favorable than, those it used for other business purposes and stated in its public communications, Exxon misled investors concerning the value of its assets.” To simplify the accounting, this means that in comparison to the future projected expenses Exxon represented to the public, future projects would cost significantly more than disclosed, and current projects were incurring expenses that were underreported.
If Exxon believes their external “proxy costs” are accurate (or even reasonable), then Exxon’s financial statements are inaccurate. Based on the public releases, shareholders think they invested in a company that is well-prepared for a future of increased regulatory scrutiny, but in fact, they invested in a company that was not taking the threat of climate change seriously. As the Attorney General said: “[b]y not following its public representations regarding the application of proxy costs … Exxon substantially understated its projected costs when making investment decisions and conducting business planning[.]” According to the complaint, if investors had known the true future costs to Exxon, they would not have invested at the same price, and if Exxon had actually stuck to reduced-emission projects with lower future costs, its carbon footprint would be smaller.
Using securities law to punish Exxon for misrepresenting its role in climate change may appear politically attractive, but there are significant practical and policy reasons why we should view this practice with skepticism. Most significantly, using securities law as an all-purpose punitive tool prevents a more robust debate about the underlying issues and postpones the use of democratic processes to address the bad behavior. A legislative or regulatory scheme specifically tailored to the use of personal data or ensuring accurate representation of the effects of climate change would presumably be more effective at deterring and punishing conduct that society deems objectionable. Securities laws are supposed to regulate capital markets, not function as the government’s catch-all legal tool for policing the conduct of public companies. It is easy to point out that something is bad and should be punished. The hard part is building consensus in the democratic process to develop a regulatory scheme that addresses the problem. Using securities law as a blunt object short-circuits this process.
Another peril of using securities law as an all-purpose enforcement mechanism is the potential for abuse, or overuse, given the detachment from congressional intent. If executive agencies are enforcing securities law in a way unintended by its drafters in Congress, a democratic deficit results. We expect the enforcement of our laws to make intuitive sense: it would be difficult to succinctly explain to a foreign visitor why we might use a capital market regulatory tool to address pervasive data misuse or climate change. Federal regulation of capital markets is based on maintaining the integrity of a financial marketplace, not to pass judgment on which companies are good and which are bad. In a 1933 speech to Congress prior to passage of the Securities Act and the Exchange Act, President Roosevelt assured the public of “full publicity and information, and that no essentially important element attending the issue shall be concealed from the buying public.” His promise “add[ed] to the ancient rule of caveat emptor, the further doctrine ‘let the seller also beware.’ It puts the burden of telling the whole truth on the seller.” This was a promise for transparency of information, but the implication was that the Acts would ensure transparency of financial information related to public companies.
There are some gray areas where nonfinancial information becomes material to financial performance. For example, in 2011, shares of Apple nosedived upon news of Steve Jobs’s cancer diagnoses, and in 2019, Tesla’s stock dipped after Elon Musk was filmed smoking marijuana while recording a podcast. These are just two of many examples that show seemingly attenuated nonfinancial information can be material to shareholders, thus, presumably, requiring disclosure. At a time when information is exchanged instantly over the internet, the threshold for materiality is being pushed ever lower.
Of course, this securities law remedy is only available against public companies. Private companies can commit this sort of “fraud” too, but it is much harder to estimate fluctuations in the market value of private companies, thus making it difficult to determine the damages to shareholders. Avoiding shareholder lawsuits is just one advantage to remaining private. At a time when remaining private appears more attractive than ever, the increasingly frequent use of securities fraud lawsuits to police nonfinancial misconduct is yet another incentive to remain private. But, if fewer companies are publicly traded, both the public and private markets are less efficient. Companies will be limited in their access to capital, and retail investors will be limited in their investment opportunities. Fewer choices on both sides of the curtain will restrict economic growth or, at the least, restrain the efficiency of capital markets.
Finally, and perhaps most troubling is the judgements inherent in predicating liability on the deception of shareholders. If millions of users’ personal information is disseminated without their knowledge, and misused to their detriment, it seems odd to think that it is the shareholders of the company who deserve recompense for this harm. In the case of Exxon, were shareholders harmed by the company’s deception when the company profited from less environmentally-friendly projects? This problem becomes pricklier when you consider the shareholder lawsuit against CBS in the wake of very public sexual harassment allegations against then-CEO Les Moonves. If the court were to find in favor of the plaintiffs, the court would be finding that CBS’s non-disclosure of pervasive sexual harassment (and possibly assault) by its CEO inflicted harm on the shareholders, rather than the women who were sexually harassed. Daniel Hemel and Dorothy Lund put an even finer point on it: “the claim that workplace-based sexual harassment damages shareholders through the misallocation of human capital might be interpreted to imply that the female employees of publicly traded corporations are themselves corporate assets.”
Securities law is a tool increasingly utilized by private shareholders and governmental entities in pursuit of punishing blameworthy corporate conduct that eludes more direct criminal or regulatory penalties. In some instances, this use is satisfying and useful to accomplishing the important governmental interest of deterrence and ultimately punishing people who do bad things. But, as with any blunt legal tool, it carries significant potential for abuse and introduces a theory of liability which may produce an unintended stigma. Although I applaud its use in limited circumstances, I urge caution to its cheerleaders and remain hopeful that its responsible use only serves to spur the democratic polity into action and address critical issues such as climate change and data privacy.