This Week In Securities Litigation (Week ending October 19, 2018)

Technology related issues were front and center this week. The Commission announced that it has launched a new Strategic Hub for Innovation and Financial Technology. The Hub will serve as an interface between the agency and the public on fintech related issues. It appears to be similar to LabCFTC and other fintech initiatives launched by regulators in other countries.

The Commission also focused on cyber security issues and their relationship to internal controls in a Section 21(a) report. Drawing from nine investigations the report offers insights and commentary on internal control issues in view of cyber security risks. Those risks stem not just from the design and implementation of the firm’s internal controls but also the human element of understanding and effectively complying with and operating those controls, an element that reaches past much of the typical commentary in the area in enforcement actions.

SEC

FinTech: The Commission launched a new Strategic Hub for Innovation and Financial Technology. The Hub will serve as a resource for public engagement on fintech-related issues and initiatives of the agency (here).

Program: The Commission announced its 2018 Government-Business Forum at The Ohio State University. The form, to be held on December 12, 2018, will focus on small business and capital formation (here).

Report: The Commission issued a report based on nine investigations of firms involved in a variety of industries, cautioning about cyber risks in the context of the issuer’s obligations to maintain proper internal controls. Report of Investigation Pursuant to Section 21(a) of the Exchange Act Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies, October 16, 2018.

Remarks: Commissioner Kara Stein delivered remarks titled The New American Dream: Retirement Security at the Brookings Institute, Washington, D.C. (Oct. 16, 2018). Her remarks focused on educating, incentivizing and protecting investors in the context of retirement investing (here).

SEC Enforcement – Filed and Settled Actions

Statistics: Last week the SEC filed 4 civil injunctive cases and 1 administrative proceeding, excluding 12j and tag-along proceedings.

EB-5 Offering fraud: SEC v. Chen, Civil Action No. 3:18-cv-06371 (N.D. CA. Filed Oct. 18, 2018) is an action which names as defendants: Jean Danhong Chen, the managing partner of the Law Offices of Jean D. Chen, also a defendant; Tony Jianyun Ye, the husband of Ms. Chen and an employee of her firm; Kai Hau Robinson who claimed to be the Managing Director of Global State Regional Center, LLC; Tree Lined Holdings, LLC, a real estate development firm owned by Mr. Ye and Ms. Chen; and Golden State Regional Center, LLC, a firm acquired by Mr. Ye and Ms. Chen. Ms. Chen conducted an immigration law practice. Her clients, in part, were participants in the EB-5 program which offers a path to citizenship for foreign nationals who invest $500,000 to $1 million in certain projects which create a required number of jobs in the United States. From at least 2008 through 2017 Ms. Chen, her husband and others made over $12 million in undisclosed commissions selling interests that are securities in EB-5 projects to the law firm’s legal clients. Defendant Kuansheng Chen aided in this by furnishing an off-shore bank account to receive the transaction based compensation. In addition, Ms. Chen and her husband acquired and operated Defendant Golden State Regional Center, LLC but concealed their involvement from the clients of the law office. When the Defendants became aware of the Commission’s investigation they tried to conceal their activity by refusing to produce documents, scrubbing materials and creating exculpatory records. The complaint alleges violations of Securities Act section 17(a) and Exchange Act sections 10(b) and 15(a). The case is pending. See Lit. Rel. No. 2419 (Oct. 18, 2018).

Unregistered offering: SEC v. Greenlaw, Civil Action No. 2:18-cv-0321 (D. ME.) is a previously filed action against Richard Greenlaw and his related entities. The complaint alleges that Defendants sold unregistered securities in the entity Defendants, advertising on Craigslist that they were selling medical marijuana products that did not contain THC, the active ingredient of the drug. The Court granted the Commission’s motion for judgment, concluding that Defendants violated Sections 5(a) and 5(c) of the Securities Act. The Court’s order imposed statutory and conduct based injunctions. The Court also directed that Defendants pay disgorgement of $340,142 and a civil penalty of $50,000. See Lit. Rel. No. 24318 (Oct. 18, 2018).

Offering fraud: SEC v. Fixelle, Civil Action No. 2:18-cv-15026 (D.N.J. Filed Oct. 16, 2018) is an action which names as defendants Bruce Fixelle, a securities law recidivist and his two controlled entities, Capital Management LLC and Genesis Advisory Services Corp. Mr. Fixelle, an unregistered investment adviser, had mounting debts that included a $1.5 million judgment owed to the Commission. He repeatedly described an investment strategy to his friends that was supposedly successful. The strategy called for the purchase of shares from IPOs and secondary offerings that would be sold the same day. It was touted as safe and proven. In fact it was neither. Part of Mr. Fixelle’s debts came from its failure. Two investors over a three year period beginning in 2014 trusted him with $300,000. The money was misappropriated. The complaint alleges violations of Securities Act section 17(a), Exchange Act section 10(b) and Advisers Act sections 206(1), 206(2) and 206(4). The case is in litigation.

Unprofessional conduct – auditors: In the Matter of Richard J. Bertuglia, CPA, Adm. Proc. File No. 3-18868 (October 12, 2018). The proceeding centers on the audit by BDO USA, LLP of the financial statements of AmTrust Financial Services, Inc., an underwriter of casualty insurance. The audited statements were included in the firm’s 2013 Form 10-K, filed in March 2014 with the Commission. Named as Respondents are: Richard J. Bertuglia, CPA, the engagement partner; John W. Green, CPA, the engagement quality review partner; and Lev Nagdimov, CPA, a senior audit manager. BDO was engaged by AmTrust to conduct an integrated audit of the firm’s 2013 consolidated annual financial statements and ICFR in accord with PCAOB standards (“Consolidated Audit”). The audit firm was also engaged to audit many of the individual subsidiaries’ financial statements. Engagement partner Brtuglia supervised the work of the audit team. Portions of the work were delegated to Mr. Nagdimov. In the fourth quarter of 2013 the engagement team was behind schedule. Specifically, in mid-December 2013 the team estimated that it was about 14 weeks behind. In the first week of January the SEC staff issued a subpoena to BDO, requesting copies of the firm’s work papers and audit files related to AmTrust. To “catch-up” the team essentially completed parts of the work, loaded blank work papers into the firm’s software and later, after the opinion was issued and filed, completed the audit work. Stated differently, the audit was, in essence, backdated to the time the opinion was issued. To resolve the proceedings each Respondent consented to the entry of an order based on Rule 102(e)(1)(ii) denying them the privilege of appearing or practicing before the Commission as an accountant with the right to apply for reinstatement after: as to Mr. Bertuglia, three years; as to Mr. Green, after one year; and as to Mr. Nagdimov, after five years.

Offering fraud: SEC v. Werth, Civil Action No. CV18-8436 (C.D.CA. Filed under seal on Oct. 10, 2018) names as defendants Susan Werth, a convicted felon, and her related entities. Since 2016 Ms. Werth has raised at least $26 million from 17 investors. Without disclosing her background she promised investors their funds would be put into tax deferred real estate projects that could generate returns of as much as 50% within a short period of time. In fact Defendant Werth was operating a Ponzi scheme. She misappropriated much of the investor capital. The complaint alleges violations of Securities Act sections 5(a), 5(c) and each subsection of 17(a) and Exchange Act section 10(b). The Court entered a TRO. The case is pending. See Lit. Rel. No. 24316 (Oct. 12, 2018).

Insider trading: SEC v. Long, Civil Action No. 18-cv-05973 (N.D. Cal. Filed Sept. 28, 2018) is an action which names as a defendant Bryan Long, the former Director of SEC Reporting at eBay, Inc. The action centers on the acquisition by a subsidiary of eBay of Xoom Corporation, announced on July 1, 2015. Prior to the announcement Mr. Long, through his employment, learned about the proposed transaction. Initially he purchased over $10,500 of Xoom call options. Later when he again heard the deal was moving forward he made a second purchase of $5,000 of Xoom call options. Following the announcement of the deal Defendant Long had profits of almost $36,000. The complaint alleges violations of Exchange Act section 10(b). The case is pending. See Lit. Rel. No. 24317 (Oct. 16 2018).

FCPA

Remarks: Brian A. Benczkowski, Assistant AG, delivered remarks at the NYU School of Law Program on Corporate Compliance and Enforcement Conference on Achieving Effective Compliance, New York, New York (Oct. 12, 2018). His remarks focused on the factors considered in determining if a monitor should be used in the settlement of an FCPA action, synthesizing past guidance with evolving, current practice while extending the policy to include guilty pleas (here).

DOJ

RMBS: The Government and Nomura Holding America, Inc., and several of the firm’s affiliates, settled claims regarding the sale of residential mortgage-backed securities or RMBS sold in 2006 and 2007. Nomura agreed to pay a $480 million civil penalty. The Government claimed that Nomura misled investors in connection with the sale of RMBS during the period. Specifically, Nomura is alleged to have claimed that it conducted an extensive, disciplined and carefully developed due diligence process in its RMBS program. In fact the firm knew that a significant number of loans hand not gone through such a process. It also failed to address weaknesses in its due diligence process, all of which resulted in the investor losses.

Criminal cases

Manipulation: U.S. v. Connolly, No. 1:16-cr-00370(S.D.N.Y.). Matthew Connolly and Gavin Black, formerly a supervisor of Deutsche Bank’s Pool Trading Desk and a former derivatives trader, respectively, were found guilty of manipulating the London Interbank Offered Rate or LIBOR by a jury following a month long trial. Specifically, Mr. Connolly was found guilty of one count of conspiracy and two counts of wire fraud. Mr. Black was convicted on one count of conspiracy and one count of wire fraud. The charges were centered on allegations that Mr. Connolly directed subordinates to have the bank’s LIBOR submitters furnish false and fraudulent bids consistent with the firm’s financial interests rather than the underlying market fundamentals. The date for sentencing has not been set. Previously, Deutsche Bank entered into a deferred prosecution agreement to resolve wire fraud and antitrust charges and Deutsche Bank Group Services (UK) Ltd. pleaded guilty to one count of wire fraud and agreed to pay a $775 million fine. Two bank traders pleaded guilty to fraud related charges in connection with the scheme.

Insider trading: U.S. v. Siva, No. 1:17-cr-00503 (S.D.N.Y.) is an action in which Michael Siva pleaded guilty to one count of conspiracy to commit securities fraud and fraud in connection with his role in an insider trading ring. From August 2013 through May 2017 Daniel Rivas was employed at an investment banking firm. Mr. Rivas accessed the firm’s confidential client information and passed it on to three different tipping chains that traded, reaping profits of over $5 million. For one chain Defendant Rivas passed the inside information to long time friend James Moodhe who, through the his daughter transmitted it to Mr. Siva with whom she was living. In at least two dozen instances Mr. Siva used the inside information to trade in advance of public announcements of transactions, reaping over $3 million. Sentencing is scheduled for February 11, 2018. See also SEC v. Rivas, Civil Action No. 06192 (S.D.N.Y.).

Offering fraud: U.S. v. Montoya, No. 1:18-cr-10225 (D. Mass. Plea Oct. 17, 2018) is an action which names Raymond K. Montoya as a defendant. Over an eight year period, beginning in 2009, Mr. Montoya solicited family, friends and others across three states to invest in his fund. Defendant claimed that the fund was successful. By 2014 however, the Fund had incurred substantial looses. While investors transferred millions of dollars to Mr. Montoya and his fund in fact only part of the money was invested. The balance was misappropriated. Defendant pleaded guilty to three counts of wire fraud and two counts of conducting an unlawful monetary transaction. The date for sentencing has not been set. The Massachusetts Securities Division initially filed a civil complaint against Mr. Montoya.

Excess commissions: U.S. v. McLellan, No. No. 1:16-cr-10084 (D. Mass.) is an action which names as a defendant, Ross McLellan, formerly an executive vice president of State Street Bank and global head of its Portfolio Solutions Group and president of the firm’s U.S. broker-dealer. Following trial Mr. McLellan was convicted on one count of conspiring to commit securities fraud and wire fraud, two counts of securities fraud and two counts of wire fraud. The charges were based on a scheme that took place from February 2010 through September 2011 in which Mr. Lellan added commissions to transactions for institutional clients whose portfolios were being handled by the firm as they transitioned. The additional commissions were concealed from clients. This week Mr. McLellan was sentenced to serve 18 months in prison followed by two years of supervised release. Two co-defendants who worked with Mr. McLellan previously pleaded guilty. See also SEC v. McLellan, Civil Action No. 1:16-cv-10874 (D. Mass.).

Confidential information: U.S. v. Middendorf, No. 1:18-cr-00036 (S.D.N.Y. Plea Oct. 16, 2018) is an action which names as a defendant Cynthia Holder, a former Public Company Accounting Oversight Board Inspections Leader and KPMG Executive Director. This week Ms. Holder pleaded guilty to one count of conspiracy to defraud the United States and two counts of wire fraud. Ms. Holder is one of several persons indicted as part of a scheme to secure confidential information from the PCAOB for KPMG about which of the accounting firm’s clients the accounting board would inspect. The goal was to improve the inspection scores of KPMG. In taking these actions Ms. Holder and others, according to the charges, defrauded the SEC and the PCAOB.

Offering fraud: U.S. v. Rhodes, No. 1:18-mj-08768 (S.D.N.Y. Oct. 16, 2018) is an action which names as a defendant Jason Rhodes who was charged with one count of conspiracy to commit securities fraud and wire fraud, one count of securities fraud, one count of wire fraud and one count of investment adviser fraud. The charges are based on a scheme that began in late 2013 in which Mr. Rhodes solicited investors to invest in his hedge fund. Investors were told that their money would be invested. In fact the money was in part misappropriated and in part used to repay other investors. Investor losses exceeded $19 million.

EU

Report: ESMA, the European Securities and Markets Authority, published its first Annual Statistical Report on the EU’s derivatives markets. The report is based on data submitted under the European Markets and Infrastructure Regulation. It provides the first comprehensive market-level view of the EU’s derivatives markets (here).

Germany

Risk management: BaFin, the national securities regulator, published Annex 1: Annotated text of the Minimum Requirements for Risk Management (MaRisk) in the version of 27.10.2017. The English translation is for information purposes only – the German text controls (Oct. 17, 2018)(here).

U.K.

Consultation: The Financial Conduct Authority or FCA, opened a discussion on the impact of climate change and green finance on financial services. The discussion focuses on four areas: 1) Climate change and pensions; 2) enabling competition and market growth for green finance; 3) ensuring that disclosures in capital markets appropriately give adequate information to investors of financial impacts of climate change; and 4) the scope of the new requirements for financial services firms to report on how they manage climate risks.

Print Friendly, PDF & Email
Tagged with: , , , , ,

SEC Issues Report on Cyber-Security Investigations, Internal Controls

Cyber-security has become — or perhaps should be – a key area of concern for every enterprise. The risks are substantial for the firm, its shareholders, executives and customers as recent cases illustrate. Every enterprise large or small is a potential victim. The losses can and often are substantial not just in dollars but also in trust, customers and more. The Commission has issued guidance. The agency has also brought enforcement actions.

Now, however, the Commission has issued a report based on nine investigations of firms involved in a variety of industries, cautioning about cyber risks in the context of the firm’s obligations to maintain proper internal controls. Report of Investigation Pursuant to Section 21(a) of the Exchange Act Regarding Certain Cyber-Related Frauds Perpetrated Against Public Companies, October 16, 2018.

The Report involved investigations of issuers in lines of business that ranged from technology, machinery, real estate and energy to financial and consumer goods. Each intrusion centered on the use of email. Each intrusion succeeded in part because of a human component – a lack of training, failure to understand controls or properly apply them. Collectively the companies lost millions of dollars.

The schemes were not sophisticated. The intruders generally employed one of two methods. The first centered on the use of emails from non-affiliates of the firm to company executives using spoofed email domains and addresses. Typically the email went to finance personnel who were directed to coordinate with outside counsel to complete a deal or transaction. The law firm and attorney names were real. Eventually the intruder would claim that there was a time-sensitive deal or that funds were required for a foreign transaction and request a transfer of funds. The emails in these cases often contained simple errors.

The second centered on impersonating an issuer’s vendors. This scheme usually began with identifying venders of the firm, penetrating their system and then forwarding emails to the company. The intruders would typically correspondent with issuer personal responsible for procuring goods from vendors. They would be requested to initiate changes to the vendor’s banking information. The requests included fraudulent account information. As in the first variation, eventually funds would be wired. Overall the nine issuers involved here lost millions of dollars, most of which has not been recovered.

None of the issuers involved in the underlying investigations were charged. Rather, the investigations are being used to emphasize the fact that cyber-security “presents ongoing risks and threats to our capital markets and to companies operating in all industries. . .” Cyber security risks and management are thus crucial to every issuer. This is particularly true in view of their obligations under Exchange Act section 13(b)(2)(B).

The internal controls provisions of the Exchange Act require that the firm implement a system of internal accounting controls sufficient to provide reasonable assurances that transactions are executed in accord with management’s authorization and that access to assets is only permitted as authorized. Accordingly, when assessing the adequacy of internal controls, it is imperative to consider cyber-security risks. Those risks are well illustrated by the nine investigations here where the “frauds were not sophisticated. . . [and relied] on technology to search for both weaknesses in policies and procedures and human vulnerabilities that rendered the control environment ineffective.” Having systems which factor in cyber-related threats and the related human vulnerabilities, its thus critical, the Report notes.

The Report concludes by noting that “the Commission is not suggesting that every issuer that is the victim of a cyber-related scam is . . . in violation of . . .” the securities laws. Rather, the lesson to be drawn from the Report and the underlying investigations is that “internal accounting controls may need to be reassessed in light of the emerging risks, including risks arising from cyber-related frauds.”

Print Friendly, PDF & Email
Tagged with: ,
Top