In a clear setback for the SEC, Judge Engelmayer's SolarWinds decision held that a public company's cybersecurity controls are not part of its “system of internal accounting controls” within the meaning of Section 13(b)(2)(B) of the Exchange Act. Rather, that provision is limited to controls designed to ensure the “accuracy and completeness of the financial information on which the issuer's annual and quarterly reports rely.”1 Accordingly, the court dismissed the SEC's claim that SolarWinds' allegedly defective cybersecurity controls violated Section 13(b)(2)(B).
Footnote
1 SEC v. SolarWinds Corp., No. 23 Civ. 9518, 2024 WL 3461952 (S.D.N.Y. July 18, 2024).
Click here to continue reading.
Originally published by New York University School of Law's Program on Corporate Compliance and Enforcement Blog.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.