Photo of Toby M. Galloway

Toby M. Galloway

Subscribe to Toby M. Galloway's Posts

tgalloway@winstead.com
817.420.8262

Toby Galloway is Chair of Winstead's Securities Litigation & Enforcement Practice Group. He also practices in the areas of white-collar defense, governmental & internal investigations...  Read More

and commercial litigation. Before developing his private practice, he served as an attorney with the United States Securities and Exchange Commission, in roles of increasing responsibility, for more than 11 years.

During his last four years at the SEC, Toby was the chief trial counsel for the Commission’s Fort Worth Regional Office. In this capacity, he supervised all litigation for a four-station region. In addition, he handled his own caseload, prosecuting civil enforcement actions involving alleged violations of the federal securities laws. He also served as a Special Assistant United States Attorney for the Northern District of Texas, prosecuting white-collar crime.

 

 

Toby routinely practices before the SEC, CFTC, FINRA, DOJ, Texas State Securities Board, and other state securities regulators, as well as the PCAOB and other regulatory and law enforcement agencies. Toby represents public companies, audit committees and special committees, hedge funds, private equity funds, asset managers, broker-dealers, registered investment advisers, accountants and lawyers, and other institutions in government investigations, securities law enforcement and litigation. He also represents aggrieved investors, and handles complex commercial litigation and has experience in healthcare fraud.

Follow: Read more about Toby M. GallowayToby M.'s Linkedin Profile

Action Implicates Attorney-Client Privilege and Other Concerns

Factual Background

On January 10, 2023, the SEC filed a subpoena enforcement action against Covington, a large law firm that was victimized by the so-called Hafnium cyberattack by Chinese state actors.[1]  Hafnium reportedly was engaged in espionage to determine priorities of the incoming Biden administration in November 2020.  The SEC seeks names of Covington clients whose information was accessed by the attackers.  Covington has refused to supply the name of its clients, arguing that such information is protected by the attorney-client privilege and work-product doctrine, and that compliance with the subpoena would be unduly burdensome.

Continue Reading SEC Files Subpoena Enforcement Action Against Covington & Burling, Seeking Names of Clients Impacted by Chinese State-Sponsored Cyberattack

Recent Enforcement Action

The requirement that financial firms preserve books and records is nothing new.  But how do such firms keep track of employees’ communications on applications like Signal or WhatsApp? 
Continue Reading Financial Regulators Focus on Preservation of Ephemeral Messaging

Corporate officers and directors sometimes view having a Rule 10b5-1 trading plan as an impenetrable barrier to facing insider-trading charges.  But a recent case announced by the SEC demonstrates that such plans are not bulletproof.[1]  If an executive enters into such a plan while in possession of material nonpublic information, insider-trading charges could ensue.
Continue Reading SEC Charges Public Company Executives with Insider Trading Despite Trading Through Purported Rule 10b5-1 Trading Plans

Recently, in SEC v. Spartan Securities Group, Ltd, et al.[1], a Florida federal court held that the Securities and Exchange Commission (“SEC”) could seek disgorgement and direct funds to the Treasury because the defrauded victims could not be identified.[2]
Continue Reading Florida District Court Permits the SEC to Pay Disgorgement to the US Treasury Where Victims of the Fraud Could not be Identified

On May 3, the SEC announced that the Cyber Unit in the Division of Enforcement is renamed the “Crypto Assets and Cyber Unit” and will expand by 20 positions to approximately 50 positions.[1]  Regulation of digital assets has been a key initiative of SEC Chair Gary Gensler, who previously chaired the CFTC.

The press release emphasizes the explosion of crypto markets in recent years and says that the Crypto Assets and Cyber Unit will be vital to protect investors and efficiently regulate financial markets.  The expanded unit will concentrate on investigating securities violations relating to:
Continue Reading SEC Expands and Renames Cyber Unit to “Crypto Assets and Cyber Unit”

On April 5, the Public Company Accounting Oversight Board levied a $100,000 fine against Scott Marcello, the former Vice Chair of Audit at KPMG.  The penalty is noteworthy for two reasons: (1) it’s the largest monetary penalty ever levied by the PCAOB in a case settled with an individual; and (2) it’s the first matter in which the PCAOB has sanctioned someone for failure to reasonably supervise, despite being authorized to impose sanctions on this basis under the Sarbanes-Oxley Act of 2002 (SOX).  See Section 105(c) of the Sarbanes-Oxley Act of 2002 (SOX).
Continue Reading The PCAOB Brings First Failure-To-Supervise Case

On March 16, the SEC filed a municipal bond fraud case against Crosby Independent School District and its former CFO in a $20 million bond offering.[1]  Crosby is a suburb of Houston, Texas.  The SEC also charged the district’s outside auditor with improper professional conduct and suspended her from appearing or practicing before the Commission with a right to reapply after three years.
Continue Reading SEC Settles Municipal Bond Fraud Case Against Texas School District and Former CFO, and Suspends External Auditor

There has been lots of breathless commentary in the financial press and the blogosphere over the SEC’s August 2021 filing of an insider-trading case involving so-called “shadow trading.” Shadow trading as defined in a 2020 academic paper occurs when someone possessing material, nonpublic information (“MNPI”) obtained from his or her employer uses it to trade in the securities of a competitor or economically-linked public company.[1]  This is in contrast to the more usual insider trading, in which the stock being traded is that of the subject company. In Panuwat, the defendant is charged with misappropriating MNPI from his employer and using it to trade in a competitor’s securities.[2]  Earlier this week, a district court in the Northern District of California denied a motion to dismiss the SEC’s complaint, allowing the enforcement action to proceed.[3]

Continue Reading SEC Complaint Upheld in Rare – But Not Unprecedented – Shadow Trading Case

On December 20, 2021, the SEC[1] and DOJ[2] each announced fraud charges against five Russian nationals. The five defendants are charged with a multiyear scheme of hacking into service providers that help public companies make quarterly and annual filings with the SEC through the EDGAR filing system.  By hacking the service providers, the defendants allegedly obtained material nonpublic information (MNPI) regarding earnings releases before those releases were made public.  The defendants then allegedly traded ahead of the release of the MNPI, reaping profits of some $82 million in the process.
Continue Reading SEC and DOJ Bring Parallel Civil and Criminal Charges Against Five Russians for $82 Million Hack-And-Trade Scheme