SEC Enforcement: A Review of 2Q21 (Part II)

This is the second part of a two part series reviewing the results of the Commission’s enforcement program for the first two quarters of 2021. The first part is available here.

During the first half of 2021 the Commission brought a series of significant actions that do not fit into one of the top four categories of actions filed. Examples of those cases are shown below.

Other significant cases

Binary options: SEC v. Spot Tech House, Ltd., Civil Action No. 2:21-cv-00632 (D. Nev. Filed April 16, 2021). The action names as defendants the company, Malhaz Pinhas Patarkazishville and Ran Amiran. Each of the Defendants is based in Israel. Over a five-year period, beginning in 2012, Defendants sold binary options to investors. The scheme was structured so that on one side of each trade was a “partner” of the firm, a person recruited by the company. The payout terms were structured to favor the partner. Investors were not aware of these terms. As a result of the structure, investors lost most of the time. The complaint alleges violations of Securities Act Sections 5 and 17(a) and Exchange Act Section 10(b) and 20(a). The case is pending. See Lit. Rel. No. 25073 (April 19, 2021).

Disclosure: In the Matter of Under Armour, Inc., Adm. Proc. File No. 3-20278 (May 3, 2021). Beginning in the second quarter of 2010 the firm reported year-over-year revenue growth exceeding 20%. The firm repeatedly highlighted this growth pattern. Yet by the second half of September 2015 the firm had seen signs that its long running streak of exceeding analysis expectations was ending. To stem the downward tide the firm began “pulling forward” orders it had for customers that were not to be delivered until a point in the future. In some instances, the practice was discussed with customers. For six consecutive quarters the practice continued. On January 31, 2017 the company missed analyst expectations for the fourth quarter and full-year 2016 period. The stock price dropped about 23%. The Order alleges violations of Securities Act Sections 17(a)(2) and (3) and Exchange Act Section 13(a) and the related Rules. To resolve the matter the company consented to the entry of a cease-and-desist order based on the Sections cited in the Order. Under Armour will pay a penalty of $9 million.

In the Matter of S&P Dow Jones Indices LLC, Adm. Proc. File No. 3-20310 (May 17, 2021) is a proceeding which names the firm as a Respondent. The Order centers on the events of February 5, 2018 when the CBOE Volatility Index or VIX spiked 115%, an unprecedented jump. Respondent publishes an index that measures the return from a rolling long position for VIX futures contracts called the S&P 500 VIX Short-Term Futures Index ER – the Index. That Index is licensed to others. Despite the unprecedented volatility on February 5, 2018, the Index was static during certain intervals between about 4 PM until just after 5 PM. While it should have calculated the pertinent values and reflected the volatility, it did not because of an Auto Hold. That process, which essentially freezes the values, comes into play when certain thresholds are breached. If there is a repetition, the freeze continues. Yet the index is the primary input for the calculation of XIV’s indicative or economic value. It impacts products such as the Credit Suisse Velocity Shares Daily Inverse VIX Short term ETNs which rely on it for updates. The Auto Hold resulted in static Index values being published that were not based on the real time process of certain VIX futures contract. Thus, during the closing hour of 4-5 p.m. investors did not know that they had been purchasing and/or holding a product that had an economic value that was substantially less than what XIV’s calculation agent had publicly reported putting them at risk for being accelerated by its issuer. The next day the Credit Suisse index exercised its right to accelerate XIV. The Order alleges violations of Securities Act Section 17(a)(3). Respondent implemented certain remedial steps. The firm also consented to the entry of a cease-and-desist order based on the Section cited in the Order. Respondent will pay a penalty of $9 million.

Risk – trading: SEC v. Caine, Civil Action No. 1:21-cv-02859 (N.D. Ill. Filed May 27, 2021). The action named as defendants: Anthony Caine, the founder, owner and Chairman of both entity defendants; Anish Parvataneni, co-portfolio manager for P&G Fund and the private funds; LJM Funds Management, LTD., a registered investment adviser until 2018; and LJM Partners, LTD., an investment adviser to several, related private funds. Defendant Caine is the author of a short-term investment strategy used by LJM Funds and LJM Partners. The strategy involved writing (selling) short-dated out-of-the money options on S&P 500 futures contracts known as short options or short volatility trading. The approach could generate stable profits, but in the late stages carried risk of significant losses during large market swings. Investors were offered three variations of the strategy. LJM had a risk officer. The firm materials also addressed the subject of risk. The firm, however, had no real integrated risk control framework except one: Ownership had the last word – Mr. Caine. Nevertheless, Defendants created a marketing narrative, talking points and other materials; investors were told the firm had sophisticated risk management procedures to handle their investment portfolios and control risk. Not only were investors not told the actual risks, in 2017 and early 2018 the firm increased the risk in an effort to achieve targeted returns. In February 2018 the financial markets suffered a large spike in volatility over two consecutive trading days. The funds managed by LJM and LJM Partners suffered trading losses of over $1 billion. The complaint alleges violations of Securities Act Section 17(a), Exchange Act Sections 10(b) and 20(a), Advisers Act Sections 206(1), 206(2) and 206(4) and Investment Company Act Sections 15(c) and 34(b). In a related proceeding Arjuna Ariathural, LJM’s Chief Risk Officer, agreed to be barred with the right to apply for reentry after three years. He also agreed to pay disgorgement and prejudgment interest of $97,444 and a civil penalty of $150,000. See Lit. Rel. No. 2510 (May 28, 2021).

Cybersecurity: In the Matter of First American Financial Corporation, Adm. Proc. File No. 3-20367 (June 14, 2021). First American is a California based provider of products and services tied to residential and commercial real estate transaction. The firm’s Title Insurance and Services segment issues title insurance policies on residential and commercial property along with closing and escrow services. The data collected includes material non-public personal information or NPPI such as social security numbers and financial data. About 91% of the firm’s revenue comes from this segment. In May 2019 the firm had a repository of about 800 million document images that contained non-public and nonpublic personal information. The images with NPPI were supposed to be marked with the legend “SEC.” Tagging the documents in this manner was done manually. There were misclassifications. Prior to May 2019 the firm transmitted documents to customers in secure and unsecure packages. The former required password verification by the recipient. The latter did not. Yet the contents of the secure packages could be shared by the recipient with others without password verification. The system for maintaining and transmitting the materials had a flaw. Before May 2019 a user could take the URL generated as part of a package which contained the link to an image of NPPI and alter the digits to the URL to permit the viewing of other materials. When this flaw was identified the firm’s disclosure control procedures required that it be remedied within relatively short time periods, depending on the severity of the risk. Here the risk should have been categorized as medium but instead was labeled low. It was not remedied within the time limits set for either medium or low risks. Subsequently, on May 24, 2019, a cybersecurity journalist contacted the firm about its web application noting that there was a leak involving over 800 million documents. First American issued a statement that the journalist published noting that the company had learned of a design issue and “took immediate action to address the situation and shut down external access to the application.” The statement was reiterated in a Form 8-K. The senior executives at the firm, however, were not aware of the facts about the incident prior to the statement release. Indeed, those executives were not aware that the vulnerability had been identified months ago. The Order alleges violations of Exchange Act Rule 13a-5. To resolve the matter, First American consented to the entry of a cease-and-desist order based on the Rule. The firm also agreed to pay a penalty of $487,616.

False data: In the Matter of Gateway One Lending & Finance, LLC, Adm. Proc. File No. 3-20372 (June 24, 2021) names as a respondent the finance firm which dealt in the securitization of auto loans until 2016. The firm stopped servicing the loans in 2019. From about 2014 the firm raised over $2 billion from investors through the securitization of interests in pools of auto loans it originated. The investments were supposed to provide investors with a steady stream of income. Gateway, however, furnished investors with false financial information regarding the loans which understated the expenses. Ultimately investors suffered huge losses. The Order alleges violations of Securities Act Sections 17(a)(2) and (3). Respondent resolved the proceedings by consenting to the entry of a cease-and-desist order and agreeing to pay disgorgement in the amount of $3,915,077 and prejudgment interest of $998,115.82. The firm will also pay a penalty in the amount of $1.6 million. The disgorgement will be returned to investors.

Conclusion

As in the first quarter, the agency brought a wide variety of cases during the second quarter. This approach makes it difficult to project the path of the Division. That may change when the new Director of Enforcement takes over later in July.

Two cases brought during the second quarter may, however, suggest key areas of focus for the Enforcement Division in the future. One is Under Armour; the other is First American. The former is a disclosure case while the latter centers on cybersecurity.

Under Armour represents a variation of the more traditional corporate and disclosure case the Commission focused on for years. In those cases, the books were falsified by disregarding basic accounting principles such as revenue recognition rules to falsify the income stream. Following a restatement of the financial statements the Enforcement Division would launch an investigation followed by the filing of any enforcement action.

Under Armour, however, is not based on disregarding accounting principles. In that case the financial numbers were correct — there was no restatement. Rather, the company essentially maintained a long-standing trend of always making projections by “pulling forward sales.” Stated differently, the firm had a negotiation with its customers at the end of every period, inducing them to make purchases that had been planned for future period – a kind of end of the period fire sale every quarter. Eventually it failed and the enforcement action resulted.

This is the kind of corporate disclosure action that cannot be found from a restatement because there is none. It can be found by good data analysis and investigation.

American Financial is a cybersecurity case. While the Commission has brought cases before in this area, the new emphasis stemming from international hacking followed by blackmail calls for increased vigilance. It is essential that issuers carefully evaluate controls and ensure proper implementation through training and educational programs so that confidential data is protected. Viewed in this context First American, along with corporate cases driven by data analysis such as Under Armour are likely to be key areas of concern for the Enforcement Division in the future.