I.   Introduction~~In our prior update, we noted that the Division of Enforcement has maintained its aggressive, heightened enforcement agenda through an escalation of existing remedies, including increased penalties, individual bars and admissions.  That trend continued in the first half of 2023.~~A.   Active Enforcement Continues~~The Commission has so far not slowed its enforcement strategy, and is unlikely to do so in the months ahead.  In the Consolidated Appropriations Act of 2023, Congress agreed to give the Commission $2.2 billion in funding for the current fiscal year, a $210 million increase over the prior fiscal year.[1]  The Commission is planning to use the increased funding to hire 400 more staff members, including 125 new personnel for its Enforcement Division.  Of those 125 new hires for the Enforcement Division, 33 will be joining the Crypto Assets and Cyber Unit, a sub-unit of the Commission that has already seen heightened activity this year.  With a rapidly expanding workforce, the Commission could end up filing even more enforcement actions this year than the 760 it filed in fiscal year 2022—a 9% increase over the prior year.[2]~~With the funding to accomplish its goals, the Enforcement Division is bringing actions across the entire range of its jurisdiction, with special focus on some areas.  It is clear, for example, that the SEC will do all it can, short of new rulemaking, to tamp down the development of cryptocurrency markets and investments.  The SEC also continues to use broad sweeps involving technical violations against registered entities as a way to send deterrent messages and extract large fines—and then repeat those sweeps on a new round of registrants.  In the area of financial reporting and accounting, this Commission has brought a number of technical accounting and disclosure cases against issuers and individuals, and has pushed the boundaries of its own jurisdiction to bring charges relating to harassment and workplace misconduct under the guise of non-disclosure and internal controls failures.  As all administrations do, the SEC has maintained a steady diet of insider trading cases, and used some of those cases to send a message tied to its rulemaking.  The same is true in the cybersecurity area, where we now have final rules that will no doubt provide additional bases for the SEC to bring new cases.  Finally, the SEC recently awarded its largest whistleblower bounty in the history of the program—greater than the entire amount awarded in all of 2022—that evinces a program that has been wildly successful at attracting more and better tips from individuals with first-hand knowledge of potential wrongdoing.~~B.   Focus on Cryptocurrency~~Under Chair Gensler, the SEC has undertaken an aggressive enforcement campaign focused on crypto assets and platforms.  The current enforcement posture breaks with past Commission statements and is premised on the recently articulated view that it is “clear” the securities laws already apply to the cryptocurrency industry.  Underscoring that viewpoint, Gensler has discussed the importance to the Commission of “rooting out noncompliance [in crypto markets] through investigations and enforcement actions.”[3]  Industry participants, members of Congress, and an SEC Commissioner have criticized the SEC’s approach, so it remains to be seen whether the Commission will ultimately prevail in its current enforcement efforts.  While Chair Gensler points out that the Commission has “successfully brought or settled more than 100 cases against crypto intermediaries and token issuers,” that success has generally been in the form of settled orders.[4]  Litigated matters have sometimes had different outcomes.  For instance, in the SEC’s ongoing litigation against Ripple, the District Court for the Southern District of New York ruled that the SEC could not establish as a matter of law that a crypto token was a security in and of itself[5]—a ruling that has widely been considered a “landmark legal victory for the cryptocurrency industry.”[6]  Judge Rakoff’s recent decision in SEC v. Terraform Labs agreed with this aspect of the Ripple ruling, although that decision rejected Ripple’s distinction between institutional and secondary-market purchasers in assessing whether a securities offering took place.[7]  There is no doubt this area will develop further in the coming months.~~C.   Rulemaking Barely Slows Down~~The last six months have also seen a continuation of this Commission’s rapid pace of rulemaking.  Over the past year, the SEC has promulgated new rules at a scale and breadth that is close to last year’s record-breaking pace.  The proposed and final rules have significant implications for registrants, issuers and market structure.  Each new rule or proposal typically exceeds 200 pages in length.  Many are explicit in their goal to increase potential liability and compliance costs.  Most remarkable about this rulemaking effort is that it lacks any Congressional imprimatur.  Notably, almost every new rule is approved over the dissent of the Republican Commissioners.  Even the Public Company Accounting Oversight Board, which is overseen by the SEC, has gotten into the act and recently issued a 140-page proposal that would drastically change current audit approaches and result in a significant expansion of auditor obligations.  The SEC’s rulemaking frenzy shows no sign of abating, and from an enforcement standpoint, each new rule is yet more fertile ground for future enforcement action.~~D.   Is Everyone Overworked?~~Putting aside the quantitative metrics of enforcement actions and rulemaking proposals, there are voices among Commission leadership arguing that the agency is trying to do too much—overregulating, over-enforcing, and overworking the staff—without taking the time to be thoughtful about its agenda.  For example, two Commissioners recently dissented from a fairly routine decision to file an amicus brief because they and their staff were not given enough time to engage in a “robust deliberative process.”  As the dissent put it: “Because the Commission has limited resources, it . . .  cannot pursue every item on its wish list all at once, but instead it must prioritize.  It is not clear to us that such prioritization is taking place.”[8]  The SEC’s frenetic pace increases not just the short-term risk of potential enforcement investigations, but also longer-term expenses and risks as increased regulation raises the burden on legal and compliance infrastructures.  More regulation and more enforcement begets higher costs of compliance and greater risks of compliance foot-faults.~~E.   Challenges to the SEC’s Home Court Advantage~~Another issue that could have lasting consequences for the SEC’s agenda:  successful challenges to the SEC’s ability to bring enforcement actions in its home court before administrative law judges (“ALJ”).  Over the past few years, the agency has seen challenges to its authority—statutorily expanded by Dodd-Frank—to bring any enforcement matter in an administrative proceeding before an ALJ.  With the simultaneous expansion of the SEC’s view of existing enforcement tools and the significant increase in new, highly technical rules and regulations, the SEC’s ability to bring all manner of claims before an ALJ ratchets up the risks for registrants, issuers, and individuals.  But as things stand right now with challenges to ALJs, the SEC is filing contested matters only in federal district court.  So for now, those who are willing to litigate against the SEC will have the right to an Article III judge, a jury, greater access to discovery, and the Federal Rules of Civil Procedure—if they challenge the SEC in court.~~II.   Commissioner and Senior Staffing Update~~As reported in our 2022 Year-End Alert, the Commission was back to its full strength with five commissioners as of July 2022, and that remains unchanged through the first half of 2023.  That said, there continued to be significant changes in the senior leadership of the regional offices, as well as several changes at the national level.~~III.   Aggressive Enforcement~~A.   “Attention-Grabbing” Sweeps~~The Commission has increasingly favored enforcement sweeps over the course of the last few years—i.e., tackling multiple similar enforcement actions at the same time, and not in a piecemeal fashion.[14]  In fact, the Commission has carried out at least 65 enforcement actions since 2021 that first arose out of an enforcement sweep, imposing over $1 billion in penalties in the process.  Most of the offenses targeted in these sweeps share a few common characteristics: (1) investment advisers or broker-dealers (i.e., the institutional actors that the Commission directly regulates) allegedly committed the targeted offenses; (2) the targeted offenses were all strict liability or simple negligence violations; (3) the alleged facts were all relatively uncomplicated in nature; and (4) the Commission primarily sought “uniform remedies such as censures, cease-and-desist orders, penalties, and undertakings,” and not individualized remedies such as disgorgement.~~Gurbir Grewal, the Director of the Commission’s Enforcement Division, has repeatedly emphasized the Commission’s commitment to an enforcement strategy based on conducting enforcement sweeps.  Calling the sweeps a “powerful tool,” Grewal has said that the Commission often uses the sweeps because they have “much more of an attention-grabbing deterrent effect than doing these cases serially.”[15]  Quickening the pace of investigations through the use of sweeps is, according to Grewal, an important aim of the Commission, and the number of sweeps is therefore likely only to grow in the months and years to come.~~B.   Sweeps Can be Repeated~~As we wrote in our 2022-year end update, the Commission obtained over $1 billion in settlements from fifteen broker-dealers and one affiliated investment advisers last year for not retaining business related communications on personal devices.  As foreshadowed, the Enforcement Division’s subsequent sweeps included a focus on investment advisers.~~Early this year, the Commission began asking some of the country’s largest investment advisers to undertake a self-review of whether their employees had communicated about firm business using unapproved channels.[16]  The category of records that investment advisers are required to maintain is narrower than the broker dealer communications that were the main target of Commission’s first sweep.  (Certain records required under the Commodity Exchange Act were also implicated in the 2022 sweeps.)  Under Exchange Act Rule 17a-4(b)(4), broker dealers have to retain “all communications . . . relating to [their] business as such” while Investment Advisers Act Rule 204-2(a)(7) generally requires investment advisers to retain only communications recommending investments, recording a receipt or disbursement of funds or securities, or placing orders.  It remains to be seen how the Commission intends to apply the record-keeping requirements of the Advisers Act to the subject communications.~~Separate from the second sweep targeting investment advisers, in May 2023, the Commission announced twin settlements with two dual registrants (broker dealers and investment advisers) who had self-reported—in response to the Commission’s publicly announced encouragement in December 2021.  The firms agreed to pay penalties of $15 million and $7.5 million, respectively—well below the fines in the first sweep, but still well above the fines in prior recordkeeping settlements.[17]  More important, the settlements provide no visibility into the benefits the firms received from self-reporting.~~In June 2023, the Commission settled with a dual registrant for violation of the recordkeeping regulations when it mistakenly deleted almost 50 million communications that the registrant’s archive vendor said would be maintained.  The firm agreed to pay a $4 million fine.[18]  According to the Order, the firm self-reported the violation to the Commission in January 2020.~~Meanwhile, FINRA fined a registered representative $15,000 and banned her from working with any FINRA member for fifteen months on allegations that she sent client documents by text using a personal device and then made false statements to investigators from her employer and FINRA.[19]~~Putting aside the risks of enforcement investigations, registrants should also anticipate questions about electronic recordkeeping and off-channel communications by employees in the context of routine compliance examinations.  The Examination Priorities Report for 2023 foretells a concentration this year on registrant compliance and supervisory programs about electronic communications related to firm business.[20]~~C.   Focus on Cryptocurrency~~As previewed above, Chair Gensler has discussed the importance to the Commission of “rooting out noncompliance [in crypto markets] through investigations and enforcement actions.”  These actions typically involve alleged failures to register as broker-dealers, exchanges, or transfer agents and as to products with the Commission, and/or for allegedly misleading investors.[21]~~Industry participants, members of Congress, and an SEC commissioner have criticized the SEC’s approach.  In April, members of the House Financial Services Committee questioned Chair Gensler about the SEC’s impact on the crypto industry.  The Committee’s Chairman, Rep. Patrick McHenry (R-NC), noted that Gensler’s “[r]egulation by enforcement is not sufficient nor sustainable.”  The problem, according to McHenry, is that Gensler is “punishing digital asset firms for allegedly not adhering to the law when they don’t know it will apply to them.”~~Commissioner Hester Peirce has expressed similar sentiments.  In her April statement titled “Rendering Innovation Kaput,”[iii] she said: “[a] commission serious about regulating — and not destroying — [the crypto] market would reflect on this near unblemished record of regulatory failure and do something about it.”  She added that “the Commission dismisses the possibility of making practical adjustments to our registration framework to help entrepreneurs register, and instead rewards their good faith with an enforcement action.”  Among other things, critics of the current enforcement approach question the extent of the Commission’s statutory authority in this area and object to its failure to first adopt rules setting forth clear standards and feasible registration requirements.~~It remains to be seen whether the Commission will prevail in its current enforcement efforts.  While the Commission has touted its enforcement success—according to Gensler, the Commission has so far “successfully brought or settled more than 100 cases against crypto intermediaries and token issuers”—that success has generally been in the form of settled orders.~~During the first half of 2023, the Commission brought cases against two prominent crypto platforms, alleging that they failed to register as securities exchanges and broker-dealers.[22]  It also filed complaints against various other crypto exchanges, all for allegedly not registering with the Commission.[23]  In addition, the Commission charged a handful of individuals in connection with alleged schemes which raised more than $45 million in sales of unregistered crypto assets.[24]  In particular, the Commission alleged the respondents “falsely claimed that investors could generate extravagant returns by investing in a blockchain technology.”  The Commission has brought similar charges against high-level former FTX employees,[25] as well as others.[26]~~Litigated matters have not always gone the SEC’s way.  In June, the SEC filed settled actions against two of the country’s largest crypto platforms in the District of D.C. and the Southern District of New York.  On the immediate heels of these actions, though, the District Court for the Southern District of New York in the SEC’s ongoing litigation against Ripple ruled that the SEC could not establish as a matter of law that a crypto token was a security in and of itself—a ruling that has widely been considered a “landmark legal victory for the cryptocurrency industry.”[27]  Judge Rakoff’s recent decision in SEC v. Terraform Labs agreed with this aspect of the Ripple ruling, although it rejected Ripple’s distinction between institutional and secondary-market purchasers in assessing whether a securities offering took place.[28]~~D.   Insider Trading~~As in prior administrations, the Commission has maintained steady attention on insider trading, bringing a handful of cases in the first half of 2023.  In addition to standard tippee/tipper cases, and in a nod to the continuing work-from-home environment, the SEC announced charges against a registered representative at a New York-based broker-dealer and a compliance officer for an international payment processing company who allegedly obtained material nonpublic information from his girlfriend’s laptop when she was working from home during the COVID-19 pandemic.[29]  The girlfriend was an employee of an investment bank.  Both the broker and the compliance officer traded on this information and made combined profits of more than $750,000.  The broker also recommended the stock to his customers, resulting in profits for customers and commissions for the stockbroker.  The SEC and DOJ filed parallel actions in federal courts.~~The SEC also brought insider trading claims against a CEO for allegedly trading on the basis of material nonpublic information even though he had traded in accordance with a Rule 10b5-1 plan.[30]  Rule 10b5-1 provides an affirmative defense to insider trading where a person demonstrates that, before becoming aware of the MNPI, the person adopted a written plan for trading securities that specified the amount of securities to be traded, the price, and the date on which the sale was to occur.[31]  The Rule 10b5-1 plan must be entered into in good faith, and not as part of a plan or scheme to avoid the securities laws.  The SEC’s complaint alleges that the CEO was aware of MNPI when entering the plans and adopted the plans as part of a scheme to evade insider trading prohibitions because he knew that the company was likely to lose one of its largest customers at the time he entered the trading plans.  This case was filed shortly after the SEC issued final rules governing the use of Rule 10b5-1 plans[32] and may be another instance in which the SEC was sending a message designed to buttress its rulemaking efforts.~~IV.   Investment Adviser Industry Actions~~A.   Disclosure Failures~~The Commission continues to increase regulation of Investment Advisers, with an increased focus on the private fund market as it grows to a more than $25 trillion industry with tens of thousands of funds in operation.[33]  In May, the Commission adopted new amendments to Form PF for hedge fund and private equity advisers.[34]~~Private funds have come under intense scrutiny as the Commission pursues ever increasing levels of disclosure from funds in order to more closely regulate the market.~~In February, the Commission settled against a large religious organization and its asset management firm for disclosure failures.[35]  According to the settled order, in order to obscure the total assets under management, the asset management firm formed separate entities, allocated the religious organization’s assets among the entities and filed individual Forms 13F on behalf of the separate entities, all while maintaining control over all the equity investments.  The asset management firm and the religious organization both agreed to pay a $4 million and $1 million penalty respectively for violations of the Exchange Act for misstating information.~~The Commission’s asset management docket also included perennial Advisers Act themes, such as inaccurate valuations, erroneous fee calculations, and failure to fully disclose and mitigate conflicts of interest:~~In late May, the Commission charged an advisory firm for failure to adopt and implement adequate written policies to value assets in the managed funds.[36]  The Commission alleged that the firm’s written policies were not reasonably designed to value client holdings and assess fees leading to incorrect calculations of fees and inaccurate performance reporting.  The case was settled without admission or denial of Commission findings with a civil penalty of $275,000 and other sanctions.~~In mid-June, the Commission announced and enforcement action against an investment advisory firm for its failure to disclose material information to investors, failure to waive required advisory fees, and inadequate policies to ensure sufficient oversight of fee waivers.[37]  The firm agreed to a cease and desist order and a combined $9 million in penalties.  (For a previous Gibson Dunn alert offering more detailed analysis on this topic, please click here.)~~The Commission also brought an action against a former investment adviser for failure to disclose a conflict of interest arising from his personal relationship with a film distribution company in which the adviser’s fund had invested millions of dollars.[38]  In the course of his employment, the company allegedly helped his daughter secure an acting opportunity in a 2018 film production.  He consented to entry of the order and payment of a $250,000 penalty.~~The Commission instituted a settled action in May against two registered investment advisers for breach of fiduciary duty and compliance failures after they allegedly invested client funds in leveraged exchange traded funds (“ETFs”), despite the unique risks posed by those types of products.[39]  According to the settled order, the advisers misunderstood the riskiness of these particular products, and as a result, were unable to evaluate whether investing in them was in their client’s best interests.  The advisers settled without admitting or denying the Commission’s findings, and agreed to disgorgement, civil penalties, and other sanctions.~~The SEC also instituted a settled action against a New Jersey asset management firm and its founder for alleged improper trading of certain fixed income securities.[40]  The order found that the firm’s rebalancing trading in bonds among advisory clients resulted in an increase in the prices of such bonds at a higher rate than other similar securities.  Over time, the increase in bond values resulted in higher net asset valuation of portfolios and increased fees to the adviser.  The company and founder agreed to pay approximately $19.3 million in combined fees and penalties to settle the matter.~~B.   New Liquidity Rule~~In early May, the Commission instituted its first enforcement action against a mutual fund adviser and certain officers of the adviser and trustees of the mutual fund for violation of the Liquidity Rule.[41]  The Liquidity Rule prohibits mutual funds from investing more than 15 percent of net assets in illiquid investments.  The Commission alleged, among other things, that the parties ignored restrictions and disregarded advice to decrease the fund’s exposure to illiquid assets.  All parties resolved the allegations with the SEC, and paid a range of civil penalties and other sanctions.~~V.   Retail Wealth Management – Reg BI~~The Commission adopted Regulation Best Interest (“Reg BI”) in the first half of 2019.[42]  Reg BI sets a standard of conduct for broker-dealers and associated persons when they make recommendations to retail clients.  It requires broker-dealers to: act in the best interest of the retail customer at the time the recommendation is made, without placing the financial or other interest of the broker-dealer ahead of the interests of the retail customer, and address broker-dealer conflicts of interest with those clients.  Reg BI is understood as being composed of four component obligations: the (1) care obligation; (2) disclosure obligation; (3) conflict of interest obligation; and (4) compliance obligation.[43]~~There has been a dearth of Commission enforcement actions relating to Reg BI thus far.  By contrast, FINRA has recognized Reg BI as an enforcement priority for 2023.  Indeed, FINRA brought its first Reg BI case last September in an action alleging that a registered representative recommended an inappropriate series of transactions to one of his retail customers in order to generate commissions and trading costs.[44]~~The trend of FINRA bringing Reg BI cases has continued thus far in 2023.  In May, FINRA expelled a New York broker-dealer, and suspended and fined its CEO for Reg BI violations, among other things.[45]  FINRA found that the firm made material misrepresentations to customers in connection with the sale of risky pre-IPO securities.  In announcing the case, FINRA said “Firms . . . must reasonably surveil for, and respond to, red flags of excessive trading and churning.  When firms, particularly those with significant disciplinary histories, commit egregious sales practice and supervisory violations, expulsion from FINRA membership may be warranted.”  In the first five months of 2023, FINRA served over 150 breach of Reg BI arbitrations, representing a nearly five-fold increase compared to the same time last year.[46]~~The Commission has not brought any high-profile Reg BI cases since the one case it brought last year.[47]  However, it is expected that there will be more coming down the pike as the Commission’s Staff has now published multiple Staff Bulletins setting forth the Staff’s opinions on implementation of Reg BI.[48]  In many respects, the Bulletins depart, sometimes substantially, from the guidance issued by the Commission in the Adopting Release for Reg BI.  This Staff’s deviation from the Adopting Release heightens the ambiguity about the proper scope of a registrant’s compliance and supervisory programs that were designed to be consistent with the guidance in the Adopting Release.~~VI.   Cybersecurity~~Cybersecurity is top-of-mind at the Commission, at least in part due to high-profile data breaches and ransomware attacks that have exposed sensitive consumer information into the hands of bad actors.[49]  In February 2022, the Commission proposed new rules for cybersecurity risk management for investment advisers, registered investment companies, and business development companies.[50]  The proposals suggest a new cybersecurity risk management regime designed to both prevent attacks in the first instance and respond to them with additional disclosures.  In March, the Commission reopened the comment period on the rules and amendments.[51]  The Commission has indicated it does not plan to approve the new cyber rules until at least October 2023.[52]~~The Commission finalized and adopted a cybersecurity risk governance rule for public companies in late July 2023.[53]  The final rule imposes new reporting requirements on companies that suffer material cybersecurity incidents, raises questions concerning the scope of materiality, and requires new Reg S-K disclosures about how companies govern cybersecurity risks.  Commissioner Pierce criticized the final rule as being overly broad and reading “like a test run for overly prescriptive, overly costly disclosure rules covering a never-ending list of hot topics.”[54]  (For a previous Gibson Dunn alert offering more detailed analysis on this topic, please click here.)~~Enforcement actions relating to cybersecurity risk have continued in parallel with and in support of the rulemaking.  In March, 2023, the Commission instituted a settled action against a public company that manages donor data for non-profits, for allegedly misleading disclosures with respect to a cyber-attack that occurred in 2020.[55]  Shortly after the attack, the company publicly announced that donor bank account information had not been compromised.  The Commission alleged that the company’s quarterly statement omitted the full extent of the attack by categorizing it as a mere hypothetical possibility after they were already aware of the full impact.  The company agreed to a $3 million civil penalty to settle the charges.  The SEC settled this matter before its proposal on cybersecurity disclosure and governance for public companies had been finalized, but the message sent by the settlement was in line with many of the requirements that were proposed and could be seen to buttress those requirements, especially the governance-related aspects.[56]  We expect more cybersecurity enforcement, especially now that new rules are in place for public companies.~~VII.   Financial Reporting and Disclosure~~A.   Financial Reporting and Accounting Cases Remain Steady~~Public company financial reporting and disclosure failure cases, long seen as the bread-and-butter of SEC enforcement, have continued at a similar pace as in previous years.  There were several notable cases in the first half of 2023.~~1.   Fraud and Financial Manipulation~~The SEC filed an action against three executives at an Alabama-based shipbuilding company for engaging in a fraudulent revenue recognition scheme by manipulating cost estimates in order to allow its parent company to meet or exceed expectations.[57]  The complaint alleged that the executives artificially decreased the cost of specific shipbuilding projects by tens of millions of dollars in order to aid the parent company’s estimates for earnings before interest and tax (“EBIT”).  The case remains ongoing.~~The SEC filed an action against the founder of a student loan assistance company that was acquired by, and subsequently dissolved by a large financial services firm.[58]  The SEC alleged that the founder fraudulently enticed and sold her company after misrepresenting the amount of student data that she had.  The founder benefited from the $175 million acquisition, receiving roughly $9.7 million in stock, millions in trusts, and a $20 million retention bonus as a new employee of the financial services firm.  In addition to the SEC’s charges, parallel criminal charges were announced and are pending as well.~~The SEC filed and settled complaints against a health supplement company’s former executives with charges ranging from improper revenue recognition practices to fraud and improper disclosures.[59]  The Commission alleged that the executives inflated their quarterly revenues and gross profits.  Several executives settled charges with a range of sanctions and civil penalties, while charges against other executives remain pending.~~2.   Disclosure Failures~~The SEC settled with a leading financial news organization in connection with alleged misleading disclosures related to its subscription service.[60]  According to the order, the organization failed to disclose to customers that valuations for certain fixed-income securities could be based on a single data input despite being aware that their customers used it to decide fund asset valuations and could be inappropriately impacted.  Without admitting or denying the SEC’s allegations, the organization agreed to pay a $5 million penalty and make improvements to the subscription service.~~The SEC settled charges against a transportation company and its former CEO for their failure to disclose perks provided to the former CEO and other executives, as well as compensation the CEO received for using his own private plane for travel by company executives.[61]  The company and CEO agreed to pay $1 million and $100,000 in civil penalties, respectively.~~B.   Increasing Market Focus on Environmental, Social, and Governance (“ESG”) Strategies for Fund Managers and Public Companies~~Stakeholders and investors have increasingly incorporated ESG into their investment strategies.  Many large investment managers have committed themselves to considering ESG factors in their voting and investment decisions.[62]  Public companies have also begun to address ESG at their annual general meetings at record-high rates,[63] such as by hosting “Say on Climate” votes and votes on diversity, equity, and inclusion.[64]  Companies have also increased their voluntary reporting on ESG matters.  In fact, in 2021, nearly 100% of the S&P and 81% of the Russell 1000 published a sustainability report.[65]~~Opposition to ESG has also grown.[66]  When a large investment manager announced a position on energy investments in state pension funds, 19 state attorneys general wrote to the CEO in dissent,[67] some states issued rules limiting such investments, and other states refused to even meet with certain investment managers.  Other opponents have expressed concerns about so-called greenwashing, whereby companies allegedly overstat