The Securities and Exchange Commission (“SEC”) reportedly has revved up its focus and issued a significant number of subpoenas targeting technology companies in the digital token space, following on earlier pronouncements from the agency that it would expand its focus on ICOs and cryptocurrencies. The subpoena process is one of the primary weapons in the SEC’s enforcement arsenal, and ICO issuers will need to understand what they can expect over the next few weeks.
What is a subpoena?
A subpoena is a formal request from the SEC staff for documents or testimony, which can be enforced with a court order. The staff can only issue a subpoena if the five-person Commission has authorized a Formal Order of Investigation, which requires the staff to present to the Commission a showing that they suspect there have been potential violations of the federal securities laws. A “sweep” is an informal term referring to a large number of subpoenas sent at the same time to organizations in the same industry or practice, often when the SEC has a concern about a particular type of activity.
It is not uncommon for the staff to send out voluntary requests for information, as well. While there is no legal requirement to respond to a voluntary request, there are significant strategic reasons why it may make sense for an ICO issuer receiving such a request to respond and satisfy the staff’s questions. For example, a failure to respond properly may be the impetus for the staff to obtain a Formal Order, which would lead to a legally enforceable subpoena, gaining little for the ICO issuer other than a bad start to its interactions with the enforcement authorities.
An ICO issuer receiving a subpoena should see:
- a cover letter from the attorney within the Division of Enforcement handling its case;
- the subpoena itself;
- a list of document requests;
- a set of instructions for how to read the requests;
- a copy of the SEC’s data delivery requirements; and,
- a Form 1662, which outlines the SEC’s acceptable uses for the information the ICO is required to provide.
What is an ICO issuer receiving a subpoena required to do?
The first step in responding to a subpoena is always to determine who may have information responsive to the request, and to ensure that no information is lost or destroyed. Often, companies will issue an internal “hold” notice to be sure no one accidentally deletes information called for by the subpoena. It is important to think broadly about all places that might have information, including emails, text messages, drafts of documents, and handwritten notes. Automatic deletion protocols should be examined and, if necessary, turned off until the ICO issuer can consult with counsel.
The next step is usually to contact the Enforcement staff. The subpoena may not be clear, or it may ask for information in a way that does not reflect the way the ICO issuer conducts business. More immediately, the timeframe for responding to the subpoena may not be feasible. The SEC staff is often willing to work with companies on these issues, but their flexibility will depend on the degree of trust and responsiveness the ICO issuer develops, beginning at the earliest stages.
It is critical that an ICO issuer have a firm understanding of the facts before engaging with the SEC staff in any substantive manner. Any information provided at an early stage of the investigation may later prove to be incomplete or inaccurate once the ICO issuer has a fuller understanding of all the facts, requiring the issuer to walk back inaccurate information later in the process. Counsel can assist in these nuanced interactions.
How should an ICO issuer collect and send responsive documents?
The process for identifying and processing documents will vary greatly depending on the ICO issuer. Typically, companies responding to a subpoena will work with counsel to find and review the appropriate documents, place identifying information on each document along with confidentiality provisions, and process the documents in compliance with the SEC data delivery requirements. Documents are typically provided on a DVD or via FTP, depending on a number of factors. Counsel can work with the ICO issuer to determine which documents need to be produced, which are not relevant, and which can be withheld as legally privileged or otherwise protected.
Can the SEC require an ICO issuer to provide confidential business information?
The SEC can compel confidential information, including trade secrets, material subject to an NDA, and personal information. ICO issuers can protect this information by including a FOIA confidentiality request in their submission, and by contacting the appropriate confidentiality officials. That said, an ICO issuer or counsel can work with the SEC staff to determine exactly what information the staff needs to complete its investigation, and working with the staff, it may be possible to address their concerns without providing all the requested material. Any deviation from the subpoena request, however, should be negotiated in full disclosure with the SEC staff.
What happens next?
The process of responding to a document subpoena may take weeks or more, depending on the request. The process is often iterative, with the SEC coming back with new requests after the staff has reviewed the material submitted. ICO issuer should not expect a quick resolution.
It is possible that after reviewing the material, the SEC may wish to interview ICO issuer personnel, either formally in on-the-record sworn testimony, or informally in meetings with the staff. In some cases, the SEC may be willing to pose questions to the ICO issuer via counsel, which enables everyone involved to better organize and present the information.
Many companies have weathered the SEC subpoena process, and with good guidance from counsel, ICO issuers should be able to respond to the SEC’s inquiries with a minimum of disruption to their business.