by T. GormanPosted on Posted in SECActions

Offering frauds have long been an area of focus for SEC enforcement. Currently, it is one of the key types of cases on which the Division of Enforcement is focused. Typically, offering fraud cases are based on a business deals which are “too good to be true.” Frequently, the promised returns for a simple, small investment are claimed to be huge and available within a relatively short time.

The Commission’s most recent case in this area is different. In the most recent action in this area investors were offered interests in a privately held firm that was about to launch a familiar investment product – an ETF. The papers looked typical. The deal looked typical. It was a fraud. SEC v. Bolton, Civil Action No. 3:22-cv-00055 (M.D. Tenn. Filed January 26, 2022).

David Bolton, defendant, was previously a registered securities representative in Indiana. He is the owner of Millennia Shares, LLC, which had its principal place of business in Bowling Green, Kentucky. In October 2017, the state of Kentucky administratively dissolved the entity. Subsequently, Mr. Bolton established its principal place of business in Brentwood, Tennessee. In October 2020 the state dissolved that entity.

Over a period of about one year, beginning in August 2018, Mr. Bolton sold interests in his firm Millennia Shares. Potential investors were told in written memoranda and at meetings that the company would earn revenue by creating and launching an ETF, a popular, well known investment product. The memoranda furnished to potential investors listed typical items such as operating costs for the company and a salary of $7,000 or $10,000 per month for Mr. Bolton.

Ten investors responded, purchasing shares in Mr. Bolton’s firm. Following the investments Mr. Bolton withdrew funds from the company. The withdrawals far exceeded the amounts to which he was entitled under the terms of the offering documents. In addition, he diverted funds furnished by investors for a second firm employee. After the company ceased operations, he emptied the bank accounts. The complaint alleges violations of Securities Act Section 17(a) and Exchange Act Section 10(b). The case is pending. See Lit. Rel. No. 25318 (January 26, 2022).

by T. GormanPosted on Posted in SECActions

Cybersecurity is a critical area for every firm today. Threats from hacks that can cause severe damage to any business are ever present and growing by the moment. Every business should be looking at its preparedness in this key area.

As firms undertake to examine their preparedness it may be helpful to consider the recent comments of SEC Chair Gary Gensler. In remarks delivered at the Northwestern Pritzer School of Law’s Annual Securities Regulation Institute (January 24, 2022)(here). Mr. Gensler identified four areas keyed to cybersecurity where he is directing staff to assess what updates are necessary to supplement the applicable Commission rules.

First, cybersecurity begins with the financial sector and Reg SCI – Regulation Systems Compliance and Integrity. That rule, written in 2014, covers a group of registrants that include stock exchanges, clearinghouses, alternative trading systems, self-regulatory organizations and others. Stated differently, it covers the financial infrastructure of the capital markets.

The Regulation has helped ensure that key capital market entities are prepared in the area of cybersecurity. Yet in the intervening years since its passage there have been many changes and developments. Staff has been directed to examine how Reg SCI can be broadened and expanded into new areas. One may be Treasury trading platforms. This topic will be addressed shortly. No doubt virtually every business would benefit from examining its cybersecurity systems and policies in a similar manner – not just how to update but also broaden and enhance them.

Second, Chair Gensler addressed funds, advisers, and broker-dealers. These are entities for which cybersecurity can impact many of their key books, records and policies. The array of records these entities keep lead Mr. Gensler to conclude that reforms in the cybersecurity area could benefit the registrants and strengthen their policies and procedures.

Third, data privacy. Regulation S-P was adopted to focus on customer and data privacy at regulated entities such as brokers, investment companies and investment advisers. Adoption was completed two decades ago. Accordingly, Mr. Gensler requested that staff develop recommendations about how customers and clients of these firms are notified about cyber events that impact their data, always a key question.

Fourth, service providers. Firms such as investor reporting systems and providers, middle-office service providers, fund administrators and other, similar firms are key in this area. Chair Gensler has directed staff to assess how the Commission can address the risks that come from these providers.

Finally, the SEC is assessing how it can be better prepared in this critical area – the agency is clearly not immune. Indeed, there is no business entity that is immune from the risk of cybersecurity. While Chair Gensler’s ideas may not apply to every private sector firm, the approach does – it is critical for all to carefully evaluate the question of preparedness in the area of cybersecurity. If you don’t, the Commission, with updated policies and procedures, may assist.

Tagged with: ,