As we noted earlier this week in our newsflash entitled SEC v. Cuban: A New Decision Casts Doubt on a Key SEC Position on Insider Trading, even after 75 years the parameters of liability under Section 10(b) of the Securities Exchange Act are still not clear, particularly in settings where there has not been a breach of fiduciary duty. A Second Circuit decision issued on Wednesday—this time finding for the SEC—further illustrates the uncertainty.
Facts as alleged
- October 17, 2007, 2:15 pm—someone hacks into a Thomson Financial, Inc. server, obtaining important, nonpublic earnings information about Thomson client IMS Health, Inc.
- October 17, 2007, 2:52 pm—Oleksandr Dorozhko purchases a large number of out-of-the-money and soon-to expire IMS puts. Securities of this sort are traditionally a favored vehicle for investors who have time-sensitive nonpublic information, limited funds and a lack of understanding of the detection powers of enforcement officials.
- October 17, 2007 4:33 pm—IMS announces earnings 28% below expectations.
- October 18, 2008—Market opens, IMS stock drops 28%. Within six minutes of the open, Dorozhko sells all his puts, now well in the money, for a net profit of over $286,000 on an overnight investment of approximately $40,000.
- October 29, 2008—SEC sues Dorozhko, not for insider trading, but for general 10(b) fraud.
The district court, relying on certain insider trading case precedents, denied the SEC’s request for a preliminary injunction to freeze the proceeds. The court reasoned that while hacking might violate any number of other laws, it is not a “deceptive device” under 10(b) because it does not involve a breach of fiduciary duty. The court found that because Dorozhko was an outsider with no relationship to IMS or Thomson, he owed no duty to either and could not be liable for 10(b) fraud.
The Second Circuit reversed, holding that while a breach of a fiduciary duty is required where the fraud is premised on silence, no such breach is required where there has been an affirmative misrepresentation: for example, using a false identity in connection with cracking encryption or otherwise circumventing security measures to obtain material, nonpublic information and then trading on the basis of that information. Such a misrepresentation would constitute a “deceptive device” under 10(b) in violation of, in the words of the opinion, the “ever-present duty not to mislead”. The court remanded the case to the district court for further proceedings as to the nature of the hacking process in this case, noting that hacking might not involve “deception” if, for instance, it was based on discovering weaknesses in the software rather than on misrepresentation.
Is Section 10(b) a broad and flexible provision that can be employed against a range of deceptive practices, or a more limited measure targeted principally at misbehaving fiduciaries? The Cuban and Dorozhko decisions illustrate that we will likely need further guidance from the Supreme Court to answer this question definitively.