What the Tesla Settlement Means for Other Companies

There have been plenty of press reports about the SEC’s settlement with Elon Musk arising from his tweeting about taking Tesla private. But the concurrent settlement with Tesla itself provides interesting lessons for disclosure and governance at public companies.

Tesla agreed to pay a $20 million penalty and agreed to several “undertakings” to strengthen its governance and controls including a requirement that it add two independent directors to its Board. And, under his own settlement, Musk agreed to step down for three years as chairman of the Board of Directors, although he is allowed to continue as CEO.

At the center of the relief against Tesla are several measures to monitor Musk’s public statements. Specifically, Tesla must implement “mandatory procedures and controls” with two interrelated purposes. First, “to oversee all of Elon Musk’s communications regarding the Company in any format, including, but not limited to, posts on social media (e.g., Twitter), the Company’s website (e.g., the Company’s blog), press releases, and investor calls.” Second, “to pre-approve any such written communications that contain, or reasonably could contain, information material to the Company or its shareholders” (emphasis added). Tesla is also required to establish a new committee of independent directors and retain or designate an experienced securities lawyer to assist in overseeing senior executives’ social media posts and to advise the Company on its compliance with the federal securities laws.

What lessons should other public companies be drawing from the Tesla case? We would summarize them this way:

• A public company should evaluate whether its officers need guardrails around their communications practices to ensure compliance with the federal securities laws. The compliance objectives include in particular (a) making timely filings as required under the Exchange Act, (b) avoiding selective disclosures that would violate Regulation FD, and (c) avoiding false or misleading statements. These objectives can be met by training, by policies and procedures on the use of social media, and by rules on content. The board should be apprised of any action in this regard and should have an opportunity to weigh in.
• The evaluation should consider whether there are red flags concerning the officers’ actual practices, and whether they are especially prolific or distinctive in using social media to communicate on company matters. In either case, if the company does not adopt procedures to address the compliance objectives highlighted above, the company and the board may be falling short of the SEC’s view of what constitutes reasonable controls.

The specific measures imposed on Tesla—oversight and pre-approval—are essentially prophylactic: to forestall violations of the Exchange Act, just as companies do with their policies in other areas of the law like insider trading or anti-corruption. It appears that, in the SEC’s view, Tesla should have realized that additional discipline was required to be sure Musk’s communications complied with the Exchange Act, not just filing requirements and Regulation FD, but more importantly in connection with the prohibition on false and misleading statements. Based on his past conduct—some of which the complaint summarizes—and his unusual personal prominence, Tesla should have anticipated that Musk might release material, non-public information via Twitter and therefore should have taken this into account in crafting its policies, procedures and controls. If a company evaluates this kind of risk, and imposes proportionate guardrails, then it can hope to prevent violations and, if they occur, to avoid being held responsible together with the offending representative.

It is instructive in that respect that Tesla was not charged with an antifraud violation. It would be easy to imagine the SEC charging Tesla with violating Section 10(b) and Rule 10b-5, based on the public statements of its CEO, because Musk’s scienter could be imputed to the company through basic respondeat superior principles. Although Musk acted alone, taking his colleagues at Tesla by surprise, Musk was clearly acting within the scope of his position as CEO.

Of course, the decision not to force Tesla to settle to an antifraud charge may have resulted from the give-and-take in the settlement negotiation. But it may also reflect a philosophical shift at the SEC, away from the “broken windows” enforcement policy of the past toward a more tailored approach to fit the circumstances. The SEC may have been satisfied to hold the individual actor (Musk) accountable with a fraud charge, but permit the Company to settle to a non-scienter controls charge focused on preventing future violations and to continue being led by its founder and CEO. True, the Company itself paid a $20 million penalty, but this may have been the SEC’s reaction to the Tesla Board’s conduct both before and after Musk’s offending tweet. This tailored approach to enforcement would fit with recent public remarks by SEC Chair Jay Clayton and Enforcement co-Chief Steve Peikin about the SEC’s desire to ensure individual accountability but also be mindful of not inflicting gratuitous harm on shareholders of public companies. Interestingly, Tesla’s consent to the judgment explicitly bars it from seeking reimbursement of the civil penalty, but Musk has indicated that he will purchase $20 million worth of stock from Tesla in the company’s next open trading window, which will arguably soften the impact on Tesla of the civil penalty.

The specific charge against Tesla was thus failure to maintain disclosure controls and procedures (DCPs) as required by Exchange Act Rule 13a-15. The application of Rule 13a-15 to the Tesla situation might not seem obvious, because DCPs are defined as relating specifically to Exchange Act filings. Here there were no Exchange Act filings, and since Musk’s assertions were found to be false and misleading it is hard to argue there should have been Exchange Act filings. There was also no violation of Regulation FD, since Musk’s Twitter account was an identified channel for disclosures pursuant to Regulation FD. Nevertheless, the rule requiring DCPs provided a basis for the SEC to impose undertakings designed to prevent future violations.

It’s important to keep that in mind, in order to draw the right lessons from Tesla. There is no requirement, under Rule 13a-15 or otherwise, that every company must impose oversight and pre-approval on all communications by its officers. A company might decide, after evaluating the training and practices of its officers, that this is not necessary. But the Tesla case does provide a warning to companies as well as executives that, depending on the circumstances, additional guardrails in the form of policies, procedures or enhanced controls might be necessary based on specific, identifiable risks.