The new Commission regulatory agenda published last week lists climate change as a topic – no surprise there. It also lists market structure which Mr. Gensler has repeatedly addressed in the wake of the GameStop episodes along with stock buy backs and a series of other initiatives. The Commission is charting a busy year.

Be careful, be safe this week

SEC

Agenda: The Commission announced its regulatory agenda on June 11, 2021. For proposed and final rulemaking initiatives it lists: Climate risk; market structure; stock buybacks; investment fund rules; 10b-5-1 affirmative defense provisions; enhancing shareholder democracy; SPACs; and mandated electronic filings and transfer agents.

Whistleblowers: The Commission awarded a total of $3 million to two whistleblowers, according to a release dated June 14, 2021. Since initiating the program in 2012, 172 people have received awards totaling $838 million.

SEC Enforcement – Filed and Settled Actions

Last week the Commission filed 4 civil injunctive actions and 3 administrative proceedings, exclusive of tag-along and other similar proceedings.

Insider trading: SEC v. Brown, Civil Action No. 5:21-cv-04594 (N.D.Ca. Filed June 15, 2021) is an action which names as defendants: Nathaniel Brown, a citizen of New Zealand; Benjamin Wylam, a close friend of defendant Brown; Naveen Sood, a close friend of Defendants Brown, Wylam, Bannon and Ramaiya; Marcus Bannon, a major account manager at Fortinet Corporation; Matthew Rauch, a close friend of Defendants Sood and Bannon; and Naresh Ramaiya, employed at an equipment leasing company owned by Defendant Sood. The action centers on insider trading in the shares of Infinera Corporation and Fortinet, Inc. Over a period of about one year, beginning in April 2016 Defendant Wylam repeatedly sought information from his friend Defendant Brown, an employee of Infinera. After obtaining the information it was passed on to Defendant Sood and later others for trading. About $1.4 million in profits was obtained. Subsequently, in October 2016, Fortinet, where Mr. Bannon worked, he learned that the company would announce negative information at an earnings call. Mr. Bannon told his friend Sood who used the information to trade. It was also passed to Defendants Wylam and Ramaiya who traded. About $270,000 in profits were made. The complaint alleges violations of Exchange Act Section 10(b). Defendants Bannon, Rauch and Ramaiya resolved the charges with each consenting to the entry of a permanent injunction based on the Section cited in the complaint. Each agreed to pay a penalty: Defendant Bannon will pay $281,487; Defendant Rauch will pay $128,230; Defendant Ramaiya will pay $65,780; and Defendant Sood will pay $178,320. Mr. Wylan also consented to the entry of a permanent injunction based on the Section cited in the complain but the Court will determine the amount of the penalty. The U.S. Attorney’s Office for the Northern District of California brought criminal charges against Defendants Brown, Wylan and Sood.

Cybersecurity. In the Matter of First American Financial Corporation, Adm. Proc. File No. 3-20367 (June 14, 2021). First American is a California based provider of products and services tied to residential and commercial real estate transaction. The firm’s Title Insurance and Services segment issues title insurance policies on residential and commercial property along with closing and escrow services. The data collected includes material non-public personal information such as social security numbers and financial data. About 91% of the firm’s revenue comes from this segment. In May 2019 the firm had a repository of about 800 million document images that contained non-public and nonpublic personal information. The images with NPPI were supposed to be marked with the legend “SEC.” Tagging the documents in this manner was done manually. There were misclassifications. Prior to May 2019 the firm transmitted documents to customers in secure and unsecure packages. The former required password verification by the recipient. The latter did not. Yet the contents of the secure packages could be shared by the recipient with others without password verification. The system for maintaining and transmitting the materials had a flaw. Before May 2019 a user could take the URL generated as part of a package which contained the link to an image of NPPI and alter the digits to the URL to permit the viewing of other materials. When this flaw was identified the firm’s disclosure control procedures required that it be remedied within relatively short time periods, depending on the severity of the risk. Here the risk should have been categorized as medium but instead was labeled low. It was not remedied within the time limits set for either medium or low risks. Subsequently, on May 24, 2019 a cybersecurity journalist contacted the firm about its web application noting that there was a leak involving over 800 million documents. First American issued a statement that the journalist published noting that the company had learned of a design issue and “took immediate action to address the situation and shut down external access to the application.” The statement was reiterated in a Form 8-K. The senior executives at the firm, however, were not aware of the facts about the incident prior to the statement release. Indeed, those executives were not aware that the vulnerability had been identified months ago. The Order alleges violations of Exchange Act Rule 13a-5. To resolve the matter, First American consented to the entry of a cease-and-desist order based on the Rule. The firm also agreed to pay a penalty of $487,616.

Conflicts: In the Matter of Intervest International, Inc., Adm. Proc. File No. 3-2366 (June 14, 2021) is a proceeding which names as Respondents the registered investment adviser and an associate, Craig Carson. Over a three-year period representative Carson invested client funds in certain unit investment trusts by acquiring standard shares on which a fee was paid. He also invested client funds in other shares that carried front-end loads. In each instance the client was eligible to acquire the same shares without the payment of fees. By failing to disclose those facts the clients paid over $378,295 in fees, 70% of which were paid to him. The Order alleges violations of Advisers Act Section 206(2). To resolve the proceedings Respondents consented to the entry of a cease-and-desist order based on the Section cited and to a censure. In addition, the firm will pay disgorgement of $113,488.61, prejudgment interest of $16,780.54 and a penalty of $75,000 while Respondent Carson will pay disgorgement of $264,806.75., prejudgment interest of $39.589.34 and a penalty of $50,000. The disgorgement will be put into a fund for clients.

Insider trading: In the Matter of David G. Martin, Adm. Proc. File No. 3-20363 (June 11, 2021) is a proceeding which names the investment banker as a Respondent. The bank where Mr. Martin was employed was retained to advise The KeyW Holding Corporation in a take-over deal by Engineering Group, Inc. in April 2019. Prior to the deal announcement Mr. Martin traded in the securities of KeyW through the account of his live-in girlfriend. He obtained profits of $5,708.51. The Order alleges violations of Exchange Act Section 10(b) and 14(e). To resolve the matter Mr. Martin consented to the entry of a cease-and-desist order based on the Sections cited in the Order. He also agreed to be barred from the securities industry, from serving as an officer or director and to the entry of a penny stock bar with a right to apply for re-entry after 5 years. In addition, he will pay a penalty of $11,417.00.

Fraudulent offerings: SEC v. Radjabli, Civil Action No. 2:21-cv-01761 (D.SC Filed June 11, 2021) is an action which names as defendants Edgar Radjabli, a former dentist and his two firms, Apis Capital Management, LLC and MyLoan Doctors, LLC. Over a period of about two years, beginning in June 2018, Defendant Radjabli engaged in three fraudulent schemes. In the first he conducted a fraudulent offering of digital assets, claiming that he had raised over $1.7 million when in fact no capital had been raised. In the second he manipulated the shares of Veritone Inc., an artificial intelligence firm, by making false statements about the firm. This permitted him to generate illicit stock trading profits of about $162,800. In the third he raised about $19.95 million from 461 investors in an unregistered offering of the securities of Health Care Finance High Yield CD Account. To raise the capital he guaranteed a 6% return and made false statements regarding the future use of investor capital. The complaint alleges violations of Securities Act Sections 5(a), 5(c) and 17(a), Exchange Act Sections 10(b) and 14(e) and Advises Act Section 206(4). Defendants resolved the charges with each consenting to the entry of a permanent injunction based on the Sections cited in the complaint. In addition, Defendant Radjabli will pay disgorgement of $162,800, prejudgment interest of $17,870 and a penalty of $419,330 for which he and the two entity defendants are jointly and severally liable. See Lit. Rel. No. 25115 (June 11, 2021).

False representations: SEC v. Wellness Matrix Group, Inc., Civil Action No. 8:21-cv-01031 (C.D. Ca. Filed June 11, 2021) is an action which names a defendants the firm, a seller of health care products and its consultant, George Todt. In March 2020 Defendants marketed test kits to consumers for COVID -19 that were claimed to be approved by the FDA and the EPA. In fact, neither agency approved any products for the firm – there were no products. The complaint alleges violations of Exchange Act Section 10(b). The case is pending. See Lit. Rel. No. 25114 (June 11, 2021).

Offering fraud: SEC v. Cell>Point, LLC, Civil Action No. 21-cv-1574 (D. Colo Filed June 10, 2021) is an action which names as defendants the development-stage radiopharmaceutical company and its executives, Greg R. Colip and Terry A. Allen. Beginning in January 2016, and continuing until February 2021, defendants engaged in an offering fraud using the firm’s securities to raise over $10 million from at least 151 investors. The fraud had multiple facets which included: Claiming that the firm was close to completing clinical trials on a revolutionary product which was false; that the three managing members of the firm had invested millions of dollars in the company when in fact they had not; telling investors the Founders of the firm had deferred 90% of their compensation, another false statements; and falsely claiming that a Chinese private equity firm had invested $15.4 million when in fact there was no such investment. The complaint alleges violations of Securities Act Section 17(a) and Exchange Act Sections 10(b) and 20(a). The case is pending. See Lit. Rel. No. 25113 (June 11, 2021).

ESMA

Report: The European Securities and Markets Authority issued its Annual Report on June 16, 2021 (here).

Germany

Report: BaFin issued a report on big data and artificial intelligence. The new paper discussed the use of algorithms in decision-making by financial institutions. It was issued June 15, 2021(here).

Hong Kong

Standards: The Securities and Futures Commission announced that it is raising the competency standards for practitioners. Specifically, the regulator will increase the minimum academic qualifications for individuals, broadening the scope of recognized academic qualifications and clarifying the required management expertise on June 18, 2021 (here).

UK

Crypto: A new report issued by the Financial Conduct Authority on June 17, 2021 notes that about 2.3 million adults now hold crypto assets, an increase from the 1.9 million last year (here).

Print Friendly, PDF & Email
Tagged with: , , ,

Cybersecurity is a key topic for issuers and members of the public. A cybersecurity breach can put at risk or expose the personal data of thousands of individual. The Commission has brought a number of cases in this area over the years. With the recent focus on international hacking, and organizations with ties to foreign countries blackmailing firms, concern regarding the installation and maintenance of the proper controls is increasing rapidly. The Commission’s most recent case in this area involved a large real estate firm. It is an example of the type of actions that may soon become a focus for SEC enforcement.

In the Matter of First American Financial Corporation, Adm. Proc. File No. 3-20367 (June 14, 2021) is an example of the type of cybersecurity case that may become a new staple of the enforcement program. First American is a California based provider of products and services tied to residential and commercial real estate transaction. The firm’s Title Insurance and Services segment issues title insurance policies on residential and commercial property along with closing and escrow services. The data collected includes material non-public personal information such as social security numbers and financial data. About 91% of the firm’s revenue comes from this segment.

In May 2019 the firm had a repository of about 800 million document images that contained non-public and nonpublic personal information. The images with NPPI were supposed to be marked with the legend “SEC.” Tagging the documents in this manner was done manually. There were misclassifications.

Prior to May 2019 the firm transmitted documents to customers in secure and unsecure packages. The former required password verification by the recipient. The latter did not. Yet the contents of the secure packages could be shared by the recipient with others without password verification.

The system for maintaining and transmitting the materials had a flaw. Before May 2019 a user could take the URL generated as part of a package which contained the link to an image of NPPI and alter the digits to the URL to permit the viewing of other materials. When this flaw was identified the firm’s disclosure control procedures required that it be remedied within relatively short time periods, depending on the severity of the risk. Here the risk should have been categorized as medium but instead was labeled low. It was not remedied within the time limits set for either medium or low risks.

Subsequently, on May 24, 2019 a cybersecurity journalist contacted the firm about its web application noting that there was a leak involving over 800 million documents. First American issued a statement that the journalist published noting that the company had learned of a design issue and “took immediate action to address the situation and shut down external access to the application” The statement was reiterated in a Form 8-K. The senior executives at the firm, however, were not aware of the facts about the incident prior to the statement release. Indeed, those executives were not aware that the vulnerability had been identified months ago. The Order alleges violations of Exchange Act Rule 13a-5.

To resolve the matter, First American consented to the entry of a cease-and-desist order based on the Rule. The firm also agreed to pay a penalty of $487,616.

Print Friendly, PDF & Email
Tagged with: ,