This Week In Securities Litigation (Week of November 6, 2023)
The cases filed by the Commission last week centered on manipulation, misrepresentations, cybersecurity and crypto assets. The agency also adopted new rules regarding security-based swap execution facilities.
Be careful, be safe this week.
Rules: The Commission adopted Rules for the Registration and Regulation of Security-Based Swap Execution Facilities on November 2, 2023 (here).
SEC Enforcement – Filed and Settled Actions
Statistics: This week the Commission filed 3 civil injunctive action and no administrative proceedings, excluding tag-along actions and those that present a conflict for the author.
Misrepresentations: SEC v. Hughes, Civil Action No. 3:23-cv-21816 (D.N.J. Filed Nov. 2, 2023) is an action which names John Hughes, a co-owner of investment adviser Prophecy Asset Management LP. Individual 1 owned part of the advisory. Over a six-year period, beginning in 2014, Defendant Hughes deceived investors regarding the operations of the advisory. Investors were told that the investment funds were diversified, liquid, actively risk managed, generated positive returns each month and that the primary asset was secured by cash. In fact, each representation was false. Defendants fabricated documents to conceal the misrepresentations. Over time the losses at the fund increased to over $350 million. The complaint alleges violations of Securities Act Section 17(a), Exchange Act Section 10(b) and Advisers Act Sections 206(1), (2) and (4). The case is in litigation. The U.S. Attorney’s office for the District of New Jersey filed a charges against Defendant Hughes. See Lit. Rel. No. 25889 (Nov. 2, 2023).
Crypto assets: SEC v. Safemoon LLC, Civil Action No. 1:23-cv-08138 (E.D.N.Y. Filed Nov. 1, 2023) is an action which names as defendants: Safemoon LLC, Safemoon US LLC, Kyle Nagy, Braden Karony, and Thomas Smith. Safemoon was organized in 2021with Defendant Thomas Smith as a 10% shareholder. The firm is based in Utah as is SafeMoon US, organized about the same time. Defendant Nagy created the SameMoon token and is one of the faces of the business along with Defendant Smith. Defendant Karony, another face of the enterprise, also acts as the CEO of the firm while Mr. Smith serves as the CTO. Defendants are alleged to have generated millions through the unregistered offer and sale of the SafeMoon Token. During the offering the price of the Token increased significantly. In addition, over a 12 month period, beginning in March 2021, the trading volume of the SafeMoon Token on crypto asset trading platforms increased about 55,000%. Defendants also created what they called a “liquidity pool” through which the Tokens could be swapped for BNB Tokens, another crypto asset security. Each of the Token transactions was subject to a 10% tax – 5% to be returned to SafeMoon Token holders as a kind of dividend and 5% to be deposited and retained by SafeMoon. While the assets retained were supposed to be “locked,” in fact they were not – Defendants moved them about at will. Defendants also took numerous Tokens and used them to manipulate the price. The complaint alleges violations of Securities Act Sections 5(a), 5(c), and 17(a) and Exchange Act Sections 9(a)(2) and 10(b). The case is in litigation. See Lit. Rel. No. 25888 (Nov 1, 2023).
Cybersecurity SEC v. Solarwinds Corp., Civil Action No. 1:23-cv-09518 (S.D.N.Y. Filed October 30, 2023). Defendant Solar Winds, based in Austin, Texas, was created in 1999, conducted an IPO in 2009, went private in 2016 and two years later went public again. The firm claims to be skilled in the area of cybersecurity. Defendant Timothy Brown is a vice president at the company. The firm has a range of clients from companies to government agencies. Each retains the firm for its presumed expertise in the cybersecurity area. The true level of the firm’s expertise was revealed its Form 8-K, filed on December 14, 2020. There the company disclosed its network monitoring software contained malicious code that had been inserted by threat actors as part of a supply-chain attack. The filing failed to disclose that the vulnerability which permitted Solar Winds to be successfully attacked had been used to attack and harm company customers and a U.S. Government Agency six months earlier. The attack on Solar Winds follows years in which the company and Mr. Brown provided software that numerous companies and government agencies relied on to manage their information technology infrastructure. The statements by Defendants about the software were wrong. For example, the company claimed that its software products were created in a secure development lifecycle that followed standard security practices. Those supposedly include vulnerability, regression, penetration, and product security testing. This claim, and many others, is false. The false statements made by the company also concealed a number of poor cybersecurity practices utilized by Solar Wind. Those included a failure to consistently maintain a secure development lifecycle for software developed by the firm, a failure to enforce the use of strong passwords on all systems and the failure to remedy access control issues which persisted for years. The filings made by the company with the Commission aided the concealment of Solar Wind’s deficiencies by containing general, high-level risk disclosures that inappropriately lumped cyberattacks in a list of risks alongside natural disasters, fires, power losses and telecommunication losses. Mr. Brown and others at the firm knew about, and participated in, the publication of these and other misleading statements. This point is illustrated by a number of internal communications which contradict public statements made by the company. For example, in a January 2018 email senior managers admitted that the discussion by the firm about its Secure Development Lifecycle incorporated in an article is false. In the end, the company became a victim of its own deception when it was attacked and damaged. The complaint alleges violations of Securities Act Section 17(a) and Exchange Act Sections 10(b), 13(b)(2)(B) and the related rules. The case is pending. See Lit. Rel. No. 25887 (October 31, 2023). See Lit. Rel. No. 25887 (Oct. 31, 2023).
Manipulation: SEC v. Schoengood, Civil Action No. 2:21-cv-00979 (S.D.N.Y.) is a previously filed action in which a final judgment was filed against Medifirst Solutions, Inc. on September 25, 2023. The underlying action centered on the firm and its President and CEO, Bruce Schoengood, along with stock promoter Joshua Tyrell who engaging in a fraudulent scheme to evade the registration statements of the Securities Act. The final judgment enjoins the company from violating the antifraud provisions of Section 10(b) of the Exchange Act and Section Sections 5 and 17(a) of the Securities Act. See Lit. Rel. No. 25886 (Oct. 27, 2023).
Article: The Federal Financial Supervisory Authority published a paper titled Crypto Markets: What Can We Learn From the Turbulence? The paper was published on October 19, 2023 (here).
ESG: The Securities & Futures Commission of Hong Kong announced that it is sponsoring the development of an industry-led voluntary code of conduct for ESG ratings and data products providers, on October 31, 2023 (here).