Doug Cornelius

CCO Liable in Cherry Picking Scheme

According to SEC’s complaint against Strong Investment Management and its owner, Joseph Bronson, for more than four years, Bronson traded securities in Strong’s omnibus account but delayed allocating the securities to specific client accounts until he had observed the securities’ performance over the course of the day. This allowed Bronson to harvest substantial profits at his clients’ expense by “cherry picking” the trades. He would disproportionately allocate profitable trades to himself and unprofitable trades to Strong’s clients.

Of course, there is an additional charge of Strong and Bronson misrepresenting their trading and allocation practices in the firm’s Form ADV filings. The forms stated that all trades would be allocated in accordance with pre-trade allocation statements and that the firm did not favor any account, including those of the firm’s personnel. That does make me wonder if you could get away with cherry picking by stating that you could do so in Form ADV. But let’s not go down that path.

Bronson’s brother and the former chief compliance officer of Strong, John Engebretson, was also charged with failing to perform his compliance responsibilities and ignoring numerous “red flags” raised during the course of the fraudulent scheme. As a result, Engebretson was charged along with Bronson and Strong with violating the compliance requirements of the federal securities laws. Engebretson agreed to settle the charges against him. As part of the settlement, Engebretson agreed to be enjoined, pay a civil monetary penalty in the amount of $15,000, and to be barred from association with any broker, dealer, investment adviser, municipal securities dealer, municipal advisor, transfer agent, or nationally recognized statistical rating organization.

The SEC complaint alleges that as the chief compliance officer, John Engebretson aided and abetted the company’s violations by “carrying out his compliance responsibilities in an extremely reckless manner.”

The SEC Commissioners and senior Division of Examination staff have usually stated three circumstances that lead to CCO liability:

when the CCO is affirmatively involved in misconduct;
when the CCO engages in efforts to obstruct or mislead the Commission; or
when the CCO exhibits “a wholesale failure to carry out his or her responsibilities”

I wish this standard was carried over to the Division of Enforcement. Instead, the enforcement attorneys state this

“Engebretson also aided and abetted [Strong]’s failure to implement compliance policies and procedures in several ways”

It doesn’t say that the CCO was affirmatively involved in misconduct. It doesn’t say that there was a “wholesale failure.” Please just stick with the standard. Say that “Engebretson exhibited a wholesale failure to carry out his or her responsibilities” in the complaint. Is that so hard? We can infer that the failure was wholesale. Later in the complaint, it uses “wholly abdicated his responsibilities.” So close.

Final judgement came out against Strong and Bronson recently and made me realize I never caught this story in 2018.

Sources:

A Drop Box is not Good Custody

Redwood Wealth got into trouble with the Securities and Exchange Commission for missing the custody compliance issues related to an investment program.

Redwood Wealth had some of its advisory clients invest in an affiliated mortgage company. Obviously, there are some disclosure items. Presumably, Redwood Wealth took take of that adequately.

The investment was structured as loans, with promissory notes documenting the loan from the advisory clients to the mortgage company. I’m going to guess that Redwood was not used to dealing with securities that are paper securities. Speaking from experience, it’s a pain in the neck to deal with these.

The question is how you deal with the custody issue. In this case Redwood Wealth has physical possession of the notes and therefore has custody of the securities. An investment adviser is not supposed to have custody like this. It looks like Redwood Wealth placed copies of the notes in an online dropbox. That doesn’t cut it for the Custody Rule.

The other problem is that the notes were not showing up on the clients’ account statements. Again, I would guess that Redwood was not used to dealing with securities that are paper securities. That also placed the notes outside the ability of CCO to review or evaluate whether it was a proper investment for the advisory client.

The SEC is not accusing Redwood of losing client money. Just the opposite. The SEC explicitly states that no Redwood client lost money. However, the SEC still brought an enforcement action and levied a $50,000 fine against Redwood and required it to hire an independent compliance consultant.

Sources:

The Non-Compliant Compliance Officer

You hate to see a peer break bad.

The Securities and Exchange Commission charged Jose Luis Casero Sanchez, a former Senior Compliance Analyst who worked in the Warsaw, Poland office of an international investment bank, with insider trading involving at least 45 corporate events with the investment bank’s clients.

Ugh. He’s giving compliance a bad name.

For an investment bank, a role of compliance is to maintain a list of restricted companies for trading because of material non-public information. It should be held tightly and lovingly. Not used to profit.

The SEC didn’t want to drag the investment bank into the litigation press releases and complaint. The press identified it as Goldman Sachs, who confirmed.

Mr. Sanchez was a Spanish national, worked in Poland and did his illegal trading in US-based brokerage accounts. The accounts were in the name of his parents. He had accounts at Schwab, Interactive Brokers and Tastyworks. I have to admit that I hadn’t heard of Tastyworks before. Apparently if I make 750 referrals to the firm I get a Tesla. (anyone? anyone?)

This is a clear case of insider trading under US law. It’s clear that Goldman had the policies in place prohibiting this kind of behavior. The kind of behavior that Mr. Sanchez was supposed to prevent or stop.

The SEC got IP logs for access to the accounts. Those logs are not always that exact. But in this case they were traced back to Poland. It doesn’t need to be more exact than that to show that Mr. Sanchez was running the accounts, not his parents.

In his first account at Interactive Brokers, the compliance people at Interactive Brokers clearly saw stuff they didn’t like. Mr. Sanchez was trading options and doing really well. I assume they flagged the account, reported it and shut it down.

Undeterred and unafraid, Mr. Sanchez moved on to Schwab and Tastyworks. He continued his options trading. I’ll assume he was taking aggressive positions. For some reason he went back to Interactive Brokers and opened a new account in his mother’s name this time. He churned through companies on the Goldman Grey List of companies being advised.

The last trade mentioned in the complaint was at Interactive Brokers in May 2021. Who wants to bet that the compliance people at Interactive Brokers flagged this account and brought it to the attention of the SEC? I’m willing to bet good money that they did the heavy lifting for the SEC of identifying bad behavior. That’s what good compliance people are supposed to do.

I’m sure the SEC did a great job of then tying the companies involved in the account’s trades back to Goldman. They got the IP addresses from the broker showing that Poland was involved. Goldman looked at the last name on the account and the employees in Poland. (How many Spaniards work at Goldman in Poland?)

Boom!

Then they checked Mr. Sanchez’s browser history and noticed Schwab and and Tastyworks (did I earn that Tesla yet?).

Boom! Boom!

They got you Mr. White.

Sources:

Compliance Bricks and Mortar for September 17

Back blogging on a regular basis for the week. Hoping to keep it up. These are some other compliance-related stories that recently caught my attention.

The Scammer Threat to Your Hotline
By Ted Banks
SCCE’s The Compliance & Ethics Blog

Several of the companies that originally received the fake report have now received a message from one Ofir Gefen, who purports to be a Ph.D. candidate at the National University of Singapore. The messages were, according to Gefen’s email, part of a study to test response times of public companies based on whether the hotline call related to conduct that might benefit the company (e.g., bribery) or the language in the report. Gefen said “Once the claim was made, we’ve only recorded your initial response and did not pursue the matter any further. Thereby interfering with your day-to-day business as little as possible.” He admitted that this study involved a deception, and that there were no real people involved. He tracked response times, and then said (to reassure the companies that received the message) that all identifiable information would be scrubbed, and then the data would be uploaded to Amazon Mechanical Turk (MTurk), which I had never heard of before.
https://complianceandethics.org/the-scammer-threat-to-your-hotline-updated/

Update on Jailed Compliance Officer
By Matt Kelly
Radical Compliance

We have an update on Samuel Bickett, the corporate compliance officer jailed in Hong Kong on trumped-up charges that he assaulted a police officer. He is currently appealing his 18-week prison sentence, and spending the rest of his time helping other inmates he met during an early stint in Hong Kong’s maximum-security prison.
Bickett, you might recall, was sentenced in July on charges that he assaulted a plainclothes police officer in December 2019 while walking through a Hong Kong subway station. One problem with that case, however: the police officer was beating a teen-aged boy participating in pro-democracy protests, and never identified himself as a police officer despite others repeatedly asking whether he was.
https://www.radicalcompliance.com/2021/09/14/update-on-jailed-compliance-officer/

The Economics of Crypto Funds
By Paul P. Momtaz
The CLS Blue Sky Blog

The most striking finding is that crypto funds underperform the market, no matter the benchmark (equally-, value-, and liquidity-weighted crypto market benchmarks). For example, relative to the equally-weighted market benchmark, crypto funds underperform by 21 percent per year. This means that investors are on average better off if they invest in either Bitcoin, Ether, or both.The result is striking because crypto funds underperform the market even before fees. Considering that most of the funds charge investors substantial fees (a performance fee of 20 percent on the profits and a management fee of 2 percent on the assets under management are typical), the underperformance is even more pronounced.
https://clsbluesky.law.columbia.edu/2021/09/15/the-economics-of-crypto-funds/

Del. Court Substantially Denies Boeing Duty of Oversight Claim Dismissal Motion
By Kevin LaCroix
The D&O Diary

Of particular interest is Vice Chancellor Zurn’s conclusion that the plaintiffs had sufficiently alleged scienter — that is, not only that the directors acted inconsistently with their fiduciary duties, but they also “knew of their shortcomings.” Zurn noted that in Marchand the Delaware Supreme Court inferred scienter from the numerous oversight shortcomings alleged; Zurn said that “those allegations support an inference of scienter [in this case] as well.” Zurn added further that no inference is needed in this case, in light of the board’s own words showing that “directors knew the Board should have had structures in place to receive and consider safety information.” Zurn quoted from emails sent after the Ethiopian Air crash, in which the need for Board reporting on safety issues; she also referred to numerous public statements in which the Board was “crowing” about “taking specific actions to monitor safety that it did not actually perform.” These statements “evidence that at the least [the company’s new CEO and board chair] knew what the Company should have been doing all along.”
https://www.dandodiary.com/2021/09/articles/shareholders-derivative-litigation/del-court-substantially-denies-boeing-duty-of-oversight-claim-dismissal-motion/

Must A Corporation Have A Physical Location?
By Keith Paul Bishop
California Corporate & Securities Law

When it comes to corporations, California rejects the possibility of a corporation without a “there”. All California corporations and foreign corporations registering to transact intrastate business in California must annually file a Statement of Information (Form SI-550). Item 3a of the Statement requires disclosure of the corporation’s “complete street address, city, state and zip code of the corporation’s principal executive office”. Lest there be any doubt, the Secretary of State’s instructions state that the address must be a “physical address” and prohibit a P.O. Box address or an “in care of” address.
https://www.calcorporatelaw.com/must-a-corporation-have-a-physical-location

Former employer of ‘Roaring Kitty,’ who pumped up GameStop, fined for lack of oversight.
by Matt Phillips
The New York Times

The insurer MassMutual will pay a $4 million fine to Massachusetts securities regulators as part of a settlement involving the conduct of Keith Gill, a former employee and online trader known as “Roaring Kitty” whose relentless cheerleading for shares of GameStop was at the heart of the meme stock mania earlier this year.
https://www.nytimes.com/2021/09/16/business/roaring-kitty-gamestop-massmutual-settlement.html

“May” Can Be a Failure to Disclose

I’ve complained about the Securities and Exchange Commission focusing on the use of the word “may” in disclosures. I’ve typically expected “may” to offer some optionality for the adviser. The SEC has found it inadequate in several instances. We can agree to disagree.

I just came across a case in which I agree that the use of “may” was clearly inadequate in the disclosure.

Diastole Wealth set up a private fund to help its clients pool investments so that they can indirectly invest in things they would not otherwise be able to invest in individually, like private funds. Diastole is run by Elizabeth Eden. Her son had worked at Diastole. He also owned a piece of the firm.

The son left to set up software companies to make tools to help small investment advisers. Several of Diastole’s client invested in the software companies. A potential problem? Yes. Although Diastole and Eden were aware of these investments they did not select or recommend these investments to the clients and did not receive advisory fees related to these investments. No problem.

The problem comes in 2017 when Eden had the Diastole fund invest in the software companies. To me that seems like a conflict that would need to disclosed. Diastole eventually realized this as well and send a “Disclosure and Conflicts of Interest Waiver” to the fund investors. The Disclosure stated that the firm “may” recommend investments in the son’s software companies. In this case, the investments had already occurred. That’s a problem.

I agree in this case that “may” is misused. If you agree with me that “may” provides optionality, this is not a case of optionality. The investments has already occurred. The Disclosure should have been clear that the investments had already happened. If Diastole wanted to have the option to make future investments, then “may” would be appropriate. It does not work at all when the conflict has already happened.

Sources:

Shadow Insider Trading

Matthew Panuwat was a business development executive at Medivation, an oncology-focused biopharmaceutical company. Panuwat learned from Medivation’s CEO that the company expected to be acquired by a major pharmaceutical company, Pfizer, within a few days, at a premium to the then-market price. Panuwat did not trade in Medivation securities. Rather, within minutes of hearing the news, Panuwat purchased out-of-the-money call options in Incyte Corporation, another oncology-focused biopharmaceutical company that he believed would increase in value when the Medivation acquisition was announced.

If Panuwat traded in Medivation’s stock or Pfizer’s stock, that clearly would have been insider trading.

But he didn’t trade in the stock in play. He traded in Incyte, a completely unrelated company that happened to be in the same industry and about the same size as Medivation. He bet that there would be increased interest in this space and the merger price of Medivation would float the value of similar companies.

Should this be insider trading?

The Securities and Exchange Commission thinks so. It brought charges against Mr. Panuwat for this 2016 trade. I’m sure your noticing the big time gap. The SEC filed just before the expiration of the statute of limitations.

The SEC seems to be hanging its charges on Medivation’s insider trading policy:

“Because of your access to this information, you may be in a position to profit financially by buying or selling or in some other way dealing in the Company’s securities…or the securities of another publicly traded company, including all significant collaborators, customers, partners, suppliers, or competitors of the Company.”

A company’s definition of insider trading shouldn’t be the standard for a government action. Should it?

The SEC states:

Panuwat’s undisclosed, self-serving use of Medivation’s information to purchase securities, in breach of his duty of trust and confidence, defrauded Medivation and undermined the integrity of, and investor confidence in, the securities markets.

Panuwat did make an aggressive trade. He purchased 578 out-of-the-money call options with less than a month left to expiration. The options had strikes from $80 to $85 when Incyte’s stock was trading at $76. I’m sure that triggered some compliance review at his brokerage and probably got red flagged for further review.

The SEC is claiming that Panuwat used confidential information he acquired from his employer. That seems right. The question is how far should that dome of limiting action should spread. The SEC seems to think it should be a big dome. It should reach out to peer/competitor companies.

Given how long this has been sitting around, there must be some hand wringing at the SEC. The complaint is bit short on facts given that there has been five years to gather information.

In compliance, how do you deal with this potential expansion of the insider trading limits? It sounds like insider trading polices and monitoring would have to include peers of the company. Of course, this all assumes this case comes out in favor of the SEC.

Sources:

Cyber Crackdown on Email

The Securities and Exchange Commission sanctioned three broker-dealer/investment advisers for failures in their cybersecurity policies and procedures that resulted in email account takeovers. Each of the firms was using cloud-based email accounts that were hacked. The three firms had not mandated multi-factor authentication for access to the email accounts.

The SEC claimed failure under Rule 30(a) of Regulation S-P (17 C.F.R. § 248.30(a)) (the “Safeguards Rule”). The Safeguards Rule requires financial institutions to adopt written policies and procedures that address administrative, technical and physical safeguards to protect customer records and information. Those policies and procedures have be reasonably designed to

Ensure the security and confidentiality of customer information;
Protect against anticipated threats or hazards to the security or integrity of customer information; and
Protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer.

The SEC did not claim that any customers were harmed, money stolen, or any malicious use of the compromised information. The SEC claimed that the firms failed to design and enforce written cybersecurity policies in a sufficient manner as it related to cloud-based email accounts. The firms either did not require multi-factor authentication or failed to completely implement multi-factor authentication.

Simple takeaway from these actions: If you firm is using web-based email system, mandate multi-factor authentication.

Sources:

The One with Trading in Foreign Currency when There is No Money

Minnesota residents Jason Dodd Bullard and Angela Romero-Bullard raised millions from investors, mostly friends and family, and said it would be used to trade foreign currencies. Instead, the Securities and Exchange Commission claims that the two diverted the money to other uses and falsified account statements. In the classic Ponzi scheme fashion, they used new investors’ money to pay redemptions by earlier investors.

The two produced false account statements for over 14 years. Although the account statements showed good returns, in reality the two had suffered large losses. In October, the two sent an investor a statement showing a balance of over $1.4 million. Unfortunately, the two only had $30,000 in the trading accounts.

The two told some investors that they were not required to be registered with any government agency. They told other investors that they were registered. In response to one investor’s redemption request they told the investor that the withdrawal request had to be approved by regulators. FYI: redemption requests do not have to be approved by government financial regulators.

Instead of investing in foreign currencies, the SEC claims that the two diverted the cash to other businesses they owned, including a horse racing stable, a limousine service and a fitness studio.

Sources:

SEC Complaint: https://www.sec.gov/litigation/complaints/2021/comp25194.pdf
SEC Alleges Empire Racing Stables Used in Ponzi Scheme : https://www.bloodhorse.com/horse-racing/articles/252856/sec-alleges-empire-racing-stables-used-in-ponzi-scheme
Shakopee couple ran $18M Ponzi scheme to fund horse racing: https://www.fox9.com/news/shakopee-couple-ran-18m-ponzi-scheme-to-fund-horse-racing-sec-says

Compliance Bricks and Mortar for September 10

Return Time.
Back to the office.
Back to school for the kids.
And back to blogging more regularly.

These are some of the compliance-related stories that recently caught my attention.

In Silicon Valley, Criminal Prosecutors See No Evil
by David Stretifeld
The New York Times

Federal prosecutors in Northern California took on only 57 white-collar crime cases in the 2020 fiscal year, down from 94 in 2019, according to researchers. Although 2021 is likely to show a rebound, the total will still be far below the heyday of prosecutorial action in 1995, when 350 cases were brought.
https://www.nytimes.com/2021/09/07/technology/in-silicon-valley-criminal-prosecutors-see-no-evil.html

Debevoise & Plimpton on the Latest Round of SEC Cybersecurity Enforcement Actions
By Avi Gesser, James Pastore and Mengyi Xu
The CLS Blue Sky Blog

On August 30, 2021, the SEC filed settled enforcement actions against three groups of broker-dealers and investment advisers for failing to protect confidential customer information in violation of Rule 30(a) of Regulation S-P (the “Safeguards Rule” or “Rule”). One group of the entities was also found to have violated Section 206(4) of the Advisers Act and Rule 206(4)-7, by allegedly providing misleading information in its breach notification to customers. These actions, which were announced just two weeks after the SEC imposed a $1 million civil penalty for an issuer’s allegedly misleading data breach disclosures in connection with a public company’s filings, demonstrate the agency’s increased efforts to enforce its cyber priorities, as we noted in July 2021 with the First American settlement.
https://clsbluesky.law.columbia.edu/2021/09/07/debevoise-plimpton-on-the-latest-round-of-sec-cybersecurity-enforcement-actions

Madoff Victims Get Second Crack at Citigroup’s $343 Million
By Bob Van Voris
Bloomberg

The U.S. Court of Appeals in New York on Monday reinstated a suit against Citi by Irving Picard, the trustee charged with recovering money for Madoff’s victims, over funds transferred to the bank. Picard claimed Citi failed to act on red flags concerning Madoff, but a bankruptcy court dismissed the suit, finding the trustee had not shown the bank acted with “willful blindness” to possible fraud.
The appeals court said “willful blindness” was the wrong standard to apply and the burden of proof shouldn’t have been on Picard. The ruling revived similar claims for $213 million from Legacy Capital Ltd., a British Virgin Islands corporation that invested solely with Madoff, and a $6.6 million claim against Khronos LLC, which provided accounting services to Legacy.
https://www.bloomberg.com/news/articles/2021-08-30/madoff-victims-get-second-crack-at-citigroup-s-343-million?

Bitcoin Uses More Electricity Than Many Countries. How Is That Possible?
By Jon Huang, Claire O’Neill and Hiroko Tabuchi
Illustrations by Eliana Rodgers
The New York Times

[C]onsider this: The process of creating Bitcoin to spend or trade consumes around 91 terawatt-hours of electricity annually, more than is used by Finland, a nation of about 5.5 million.
That usage, which is close to half-a-percent of all the electricity consumed in the world, has increased about tenfold in just the past five years.
https://www.nytimes.com/interactive/2021/09/03/climate/bitcoin-carbon-footprint-electricity.html

SoFi, when the “Fi” stands for “fine”

SoFi Wealth, the robo-adviser ran into trouble when it substituted third-party ETFs with SoFi-sponsored ETFs in its platform.

According to the SEC order, SoFi Wealth failed to provide its clients with full and fair disclosure of its conflicts of interest relating to the transactions, including that it:

SoFi had a preference for placing clients into SoFi’s newly-created proprietary ETFs rather than third-party ETFs, and SoFi’s economic interest in these proprietary ETFs presented a conflict of interest for SoFi Wealth,
SoFi was investing client assets in these proprietary ETFs to help market the SoFi brand as having a broader array of services and products than previously offered, and
SoFi intended to use client assets to capitalize the new SoFi ETFs with significant investment on their second day of trading, making the ETFs more liquid and favorable to the market.

It’s not that an adviser can’t us its own funds or ETFs in client portfolios. It just needs to properly disclose the conflict. SoFi did not.

SoFi’s compliance group probably should have read the J.P. Morgan case from 2015. Morgan got in trouble for having a preference for investing client assets in proprietary funds and not disclosing the conflict.

The complaint once again has the SEC quibbling over the use of the word “may.” The disclosure said that SoFi would select a mix of ETFs “that represent the broad asset allocation determined by these strategies, which may include ETFs for which SoFi is the sponsor.” The SEC issue was that the SoFi investment committee had already approved the replacement of third-party ETFs with SoFi ETFs. I hate that the SEC quibbles over the use of “may.” I don’t see how the word “may” really changes anything in the disclosure.

The big problem was that SoFi replaced the ETFs in client accounts. That means it sold the old choice and had the client buy the new one. No big deal in IRAs. But it is a big deal in taxable accounts. It triggered over $1.3 million in taxable gains for the clients and offered no material benefit to the client.

All the benefit ran to SoFi whose ETFs were now bigger and more liquid.

SoFi had sweetened the pot by waiving the expense fees of the ETF. Again good for the ETF holders, but it would take some time to make up for the taxable gain.

Some compliance lessons. Be careful using the word “may” in disclosures. Don’t replace third-party choices with proprietary choices in taxable accounts unless you also disclose the tax issue.

Sources: