Author: Doug Cornelius

You can find out more about Doug on the About Doug page

SEC’s Enforcement Division’s Annual Report

The Securities and Exchange Commission has the same problem as any compliance professional: “How do you prove you’re being effective?”  The Enforcement Division issued its annual report of its ongoing efforts to protect investors and market integrity.

On one hand, remedying the identified harms committed by bad actors on investors is easy to measure. The missing piece is how effective the SEC was at identifying the bad actors. The second prong is a deterrence to the harmful conduct. What bad acts didn’t happen because the potential bad actor changed his mind?

Rightly, the report shows the quantitative and qualitative activities of enforcement.

The quantitative part is easy to lay out: 821 enforcement actions with $3.945 billion in disgorgement and penalties. That’s up from last year which had 754 actions yielding $3.7 billion.

Those are big numbers that should create some amount of deterrence. How much?

Co-Directors of Enforcement Stephanie Avakian and Steve Peiken de-emphasized the importance of those numbers and chose to focus on qualitative metrics such as “the nature, quality, and effects” of the Division’s enforcement program as a better measure of success. The report lays out five principles that guide the Enforcement Division’s assessment of its performance:

  1. focus on the Main Street investor;
  2. focus on individual accountability;
  3. keep pace with technological change;
  4. impose remedies that most effectively further enforcement goals; and
  5. constantly assess the allocation of our resources.

As for the first item, the Annual Report highlights the Retail Strategy Task Force that was formed the past year.  The second is the Share Class Selection Disclosure Initiative. “We do not believe the Commission faces a binary choice between protecting Main Street and policing Wall Street. It must do both.”

For individual accountability, the Annual Report notes that firm does not act autonomously. People do the bad things. The enforcement actions were 70% charges against individuals.

We all are challenged with keeping pace with technological change. The Enforcement Division’s Cyber Unit became fully operational during the past year. The Annual Report has a focus on actions against cryptocurrency and ICOs.

The Enforcement Division wants to have a package of remedies to address misconduct. Besides the penalties and disgorgement, the SEC wants to tailor specific relief to address the misconduct. The report notes that the Kokesh decision limiting the periods eligible for disgorgement reduced the dollar amounts.

The SEC is still under an agency-wide hiring freeze that has been in place since late 2016. The Annual Report notes that the number of positions at the Enforcement Division, including the number of contractors supporting the it’s investigations, has decreased by 10% from FY 2016 to FY 2018.

Sources:

 

Is Stock in a Mutual Water Company a Security?

The Securities and Exchange Commission says “no.”

My first question is what is a mutual water water company? From my view here in New England water comes from the municipality or your own well. California is big and creating whole new communities.

In this case, the Tesoro Viejo Master Mutual Water Company is being formed to supply water to a new community in Madera County, California that will have over 5,000 residential units and 3 million square feet of commercial and retail space. The Water Company will issue stock to owners of lots in the Water Company service area. The shares are appurtenant to the land and can only be transferred with the land. The shareholders still have to pay for the water they use to the Water Company. The Water Company is responsible for maintaining the water infrastructure in the service area.

The Water Company is organized under California’s General Corporation Law.  It is issuing shares of common stock.

Under Section 2(a)(1) of the Securities Act the term “security” means any “note, stock…”

So, it’s clearly a security?

No. The request letter authored by Keith Paul Bishop takes us on a great stroll on the analysis of “what is a security?”

In United Housing Foundation, Inc. v. Forman, 421 U.S. 837 (1975), the United States Supreme Court found that not all stock is a security. In that case, it looked at shares issued and sold as part of housing coop in New York. The Court came up with five characteristics of a stock:

  1. Right to receive dividends
  2. Negotiability
  3. Ability to be pledged
  4. Voting rights
  5. Ability to appreciate in value.

The Court says you should look at the economic realities of the transaction rather than just the mere form.

In the argument for the Water Company, the substance is the sale of real estate, not the sale of securities. The Water Company will not pay dividends and there is will be no market for the shares so there can’t be any appreciation in value separate from the land. The shares can’t transferred without the sale of land and can’t be pledged separately from the land. The ability to vote is also tied to land ownership.

Attorney Bishop then goes on to walk through the “investment contract” analysis under Howey.

There is an investment of money. There is probably exists since there will be aboard governing the Water Company.

But there is no expectation of profit from the Water Company. The purchasers are buying the shares to obtain water services and they still have to pay for the services. There will be no distributions of profits. There may be some increase in value, but no way to realize it. The increase in value can’t be separate from the increase in value of the real estate.

The Securities and Exchange Commission went along with these arguments and granted no-action relief.

Sources:

Go Vote

It’s election day. Make sure you vote today.

Only 42% of registered Americans came out to vote in the 2014 midterms. The numbers get even worse when you look at millennials, only about 20% of millennials showed up in the last two midterm elections. Add in the vast number of unregistered voters and you have a lot of government being selected by a minority of the population.

If you are thinking of not voting, realize that casting your vote sends a message to future candidates and platforms that they can’t rely on just the most vocal electorate.

It’s likely that most of the races on your ballot, like mine, are uncontested. A few may be hotly contested. It doesn’t matter; just go vote.

The New Anticorruption Requirements of the New NAFTA.

>The Trump Administration took great pride in tearing up the North American Free Trade Agreement and imposing a new framework for trade between the United States, Mexico, and Canada. Of course it had to be re-branded, with “America First”, as the US-Mexico-Canada Agreement. This refreshed version of NAFTA includes some increased labor protections for workers, increased standards for duty-free auto shipments, increased access to the Canadian dairy market for US farmers, and a slight tweak to the deal’s dispute-resolution system. I’m sure industry will adjust to the small changes while keeping the important cross-border commerce and manufacturing running smoothly.

One big change is Chapter 27 which adds a new tri-nation framework for anticorruption.

Some highlights of the USMCA’s anticorruption chapter:

  • Each country has to adopt or maintain legislative and other measures as may be necessary to establish public corruption as criminal offenses under its law, in matters that affect international trade or investment, the embezzlement.
  • Each country has to impose internal auditing controls and accounting standards to prohibit the off-the-books spending.
  • Facilitation payments are discouraged, but not prohibited.
  • Bribes can’t be tax deductible
  • Each country has to adopt or maintain appropriate measures to protect whistleblowers on public corruption from unjustified treatment.

This all sounds like most of what is already in place in the US and is exporting those requirements to Canada and Mexico.

Interesting that it take the step further to prohibit private corruption and bribery that was tackled under the UK Bribery Act.

In a concession to the FCPA, facilitation payments (however you want to define them) are not prohibited. Each country at least has to recognize that they have “harmful effects.”

If you expect there to be changes in the United States, you clearly have not been paying attention to the dysfunction in Congress. Assuming the House reverts back to Democratic control, I expect two years of investigation into President Trump and his administration with little else happening.

Sources:

Tone at the Top

I will sound like an obnoxious Boston Sports Fan this morning. Boston is back to being a championship city with the Red Sox winning the World Series. As an announcer said, it’s been five years since they won the World Series. Switching sports, it’s only been one season since the New England Patriots won the Super Bowl.

It has not always been like this. I grew up going to the perennially losing Patriots. We would sit on those cold aluminum benches, just waiting for the team to disappoint us once more. The one time they achieved some success, they got embarrassed by the Chicago Bears in the Super Bowl.

Growing up, it had been so long since the Red Sox had won the World Series. Grandpa Cornelius had just emigrated to the United States when they had last won the title.

What changed for those two teams was a change to the tone at the top. The mantra of compliance. New owners came into each team with a dedication to winning.

John Henry’s Fenway Sports Group bought the Red Sox in 2002. Since then, the team has won the World Series four times. The prior owner was a trust running the team for a decade after the death of the long time owners.

Robert Kraft’s Kraft Sports Group bought the New England Patriots in 1994. Since then it’s been five Super Bowl titles.

New ownership changed the tone at the top.

Phone Phishing

The old-fashioned telephone turns out to be a way to hack into other people’s accounts. Voya Financial was the victim of cybercriminals using their phones instead of their computers.

Voya ran the portal for its investment advisers and registered representatives to to manage the accounts of their customers. Voya also had a support line to help the advisers and representatives with problems on the portal. That included resetting passwords to the portal.

The hackers called the support line impersonating an adviser or representatives and got access to the portal. That gave the hackers access to Voya’s customers and account information.

The bad facts for Voya were that that some of those hacker calls came from phone numbers that Voya had previously flagged for fraudulent activity. I guess that means that the hacker called one person on the support line and failed to get past that support person. So the hacker tried again with a different support person who was more willing to believe the hacker.

At least on of the impersonated representatives called the support line saying he had received an email confirming the password change, but that he had not requested a password change. The red flag was up that Voya was under attack, but at least two other attacks were subsequently successful.

Voya had to pay a $1 million penalty and be subject to a third-party compliance review. The penalty was imposed even though there was known negative financial impact on the Voya customers. It looks like the hackers got in, but couldn’t get money out.

The case appears to be the first action under Rule 201 of Regulation S-ID (17 C.F.R. § 248.201), the “Identity Theft Red Flags Rule”.

Sources:

Phishing Attacks and Securities Law

The Nigerian prince email scams at home have been supplanted by phishing attacks on company accounting groups. The problem has become big enough that the Securities and Exchange Commission released a report indicating that falling victim to this kind of cyber attack could be considered a failure in the company’s internal accounting controls.

The Federal Bureau of Investigation estimated that these so-called “business email compromises” had $675 million in adjusted losses in 2017 based on almost 16,000 complaints. This makes it the biggest out-of-pocket losses from any class of cyber crime during this period.

The SEC focused on nine of these complaints that came from public companies with a combined loss of almost $100 million. Two of those were the biggest, losing more than $30 million each.

The phishing attacks are lumped into two categories: internal impersonation and vendor impersonation.

The internal impersonation is phishing attack, usually a fake email from the CEO. The common elements in the email are

  • the need to keep the transaction secret from other company employees
  • Time-sensitivity
  • foreign transactions
  • directed at mid-level employees not typically involved in the transactions
  • directed at mid-level employees who rarely communicated with the executive being spoofed in the email

The external impersonation is phishing attack generally involving a hack into a vendor’s email system. Then the hacker would send a change of payment instructions to the company, re-routing the payments to the hackers’ accounts. As a result, the company would make a payment on an outstanding invoice to a foreign account controlled by the hacker instead of the real vendor account. The victim company would usually discover the fraud when the real vendor complained about a lack of payment.

The SEC points out that these two types of attacks do not involve a sophisticated use of technology. They rely on weaknesses in accounting controls. The SEC is not suggesting that every public company that is the victim of a one of these attacks is in violation of the internal accounting controls requirements of the federal securities laws. But it’s also not saying that it might be in some cases.

Sources:

Blockchain Exchange Commission

Worried about the security of your cyptocurrency? How about having the Blockchain Exchange Commission protect you.

It won’t.

According to a complaint filed by Securities and Exchange Commission, Reginald Ringgold is a founding member of this very prestigious-sounding, regulatory-sounding Blockchain Exchange Commission. According to it’s LinkedIn page:

The mission of the [Blockchain Exchange Commission] is to protect investors; and assist in maintaining fair, orderly, and efficient markets within the Blockchain Digital Asset Space. The [Blockchain Exchange Commission] strives to promote a market environment with Decentralized Governance and reliance on distributed ledgers rather than internal ledgers that can exploit the public’s trust.

You might want to compare that to the What We do Page on the SEC’s website:

The mission of the U.S. Securities and Exchange Commission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.

Even more fun, the BEC lists it’s address on LinkedIn as 100 F Street NW in Washington D.C. You may know that better as the SEC headquarters.

It looks like the BEC has cleaned up its website, removed its claims of investor protection and stated its address in San Diego.

The information about the BEC came out in an SEC complaint against Blockvest and its founder, the same Reginald Ringgold.

“Don’t look for the needle in the haystack…just buy the whole haystack.” – Reginald Ringgold

The SEC won’t approve Bitcoin ETFs, so Blockvest is creating a token as a fund. The offering is some pool of something that does something, blockchain, blockchain… The whitepaper is a bunch of nonesense.

The Securities and Exchange Commission obtained an emergency court order to halt a planned initial coin offering of Blockvest, which falsely claimed that it was approved by the SEC. The order also halts ongoing pre-ICO sales.

There is no bigger red flag than stating that an offering is approved by the SEC.

Sources:

Compliance Bricks and Mortar for October 12

These are some of the compliance-related stories that recently caught my attention.

‘I had a moral duty’: whistleblowers on why they spoke up by Teri Pengilley, Christopher Thomond , Murdo MacLeod, Sarah Lee and words by Caitlin Disken in The Guardian

To mark the 25th anniversary of the whistleblowing charity Protect (formerly known as Public Concern at Work) – we focus on 12 people who have taken great personal risk to expose everything from warmongers to tax dodgers and sexual and physical abuse. [More…]

Manhattan USAO Charges Former Accounting Professor with Fraud by T. Gorman in SEC Actions

When making investments many think seeing is believing. That often means asking for the key documents and carefully examining them. If it is in the documents then it must be true. If the papers are furnished by a reputable professional such as a former professor who is an accountant at a known firm, the belief can be bolstered. Thus the investors in an intellectual property firm obtained and reviewed the key documents. They invested millions of dollars. The documents were fraudulent. Their funds were misappropriated. U.S. v. Henning (S.D.N.Y. Oct. 9, 2018). [More…]

Insider Trading Laws Haven’t Kept Up With the Crooks opinion in the New York Times by Preet Bharara and Robert J. Jackson Jr.

Insider trading cases are of special significance. They are a manifestation of America’s basic bargain: that the well-connected should not have unfair advantages over the everyday citizen. When regulators and prosecutors make a commitment to punish insider trading, it sends a message that you don’t need special access to make an honest buck. Fighting insider trading is a refusal to accept a rigged system. [More…]

Insider Trading and the Myth of Market Confidence by John P. Anderson in CLS Blue Sky Blog

There are, however, at least two reasons for questioning the validity of the link between market-confidence and the regulation of insider trading. First, insofar as it relies on a socio-psychological claim—that most investors believe insider trading is economically harmful or morally wrong—it is subject to the problem of false consciousness (i.e., the psychological claim could be true though the shared belief is demonstrably false).

Second, even if the problem of false consciousness is set aside, the market-confidence argument’s empirical claim (that a shared public perception that insider trading is prevalent will send most market participants to the sidelines) must be proven; it cannot be simply assumed. Empirical evidence for the market-confidence claim is, however, notoriously weak. And still more concerning, it is difficult to imagine what strong empirical evidence for the claim would even look like. [More…]

Ten Questions the SEC Probably Has for Google by John Reed Stark

Google also mentioned that up to 500,000 Google+ users potentially had their personal data exposed. In addition, Google reported that up to 438 applications may have used the defective Google+ API, which makes estimations of impacted individuals difficult to ascertain. …

What a mess. Let the onslaught of scrutiny begin, which in my opinion will undoubtedly include an investigation by the U.S. Securities and Exchange Commission (SEC), the federal regulator tasked with policing the disclosures to shareholders by public companies like Google.  [More…]

Dear Intermediaries: Don’t manufacture your own red flags by Bill Steinman in the FCPA Blog

I see it time and time again — third parties that would otherwise pass muster under a client’s due diligence process create their own red flags.

They push back on a local registration requirement. They ask that payments be rendered from an offshore account. They fail to disclose adverse media that actually has a reasonable explanation. The diligence process then grinds to a halt as the client scrutinizes the issue. [More…]

“Crypto is the Mother of All Scams”

It looks like the testimony will not be subtle at the Senate Banking Committee today entitled: Exploring the Cryptocurrency and Blockchain Ecosystem.

Peter Van Valkenburgh, Director Of Research at Coin Center, spends his time trying to explain blockchain by calling it decentralized computing. I’m going to guess that his presentation falls on ears that have no idea what he’s talking about.

Nouriel Roubini, Professor of Economics at the Stern School of Business at New York University, is much less subtle. He titles his testimony:
Crypto is the Mother of All Scams and (Now Busted) Bubbles While Blockchain Is The Most Over-Hyped Technology Ever, No Better than a Spreadsheet/Database.

Actually calling this useless vaporware garbage a “shitcoin” is a grave insult to manure that is a most useful, precious and productive good as a fertilizer in agriculture.

He goes on to attack the premise of cryptocurrency. Financial crises happened before fiat currencies and central banking. There were many bubbles and busts before central banking. We all note tulipmania. He takes the position that central banking helps avoid currency runs that occur when a bubble bursts. It may be hard to make this point when the wounds of the 2008 financial crisis still feel fresh.

Professor Roubini also points out the environmental consequences of cryptocurrency. He cites a figure of $5 billion a year spend on energy costs.

My personal take on bitcoins and other cryptocurrency is that they have been a boon to criminals and money laundering. The loose attitude for the exchanges on reporting suspicious transactions has been a boon for moving illegal money around from person to person and laundering it back into the legitimate money system.

Then add in the pump and dump mechanisms of other smaller coin ecosystems, you have fraudsters getting money from ICOs. More money when they fraudulently prop them up, then use them to transmit the proceeds outside the legitimate banking system.

Last night, the International Monetary Fund warned that cryptocurrencies “could create new vulnerabilities in the international financial system.” Cryptocurrency valuations crashed as a result.

You can also add in the “whales” of Bitcoin when talking about stability. Thirty-two Bitcoin wallets collectively own about 1 million bitcoin (i.e 5% of all bitcoins). Five of those wallets are lost. The owner lost the private key and cannot access the accounts. That represents 212,000 coins worth about $1.3 billion. That to me, is an incredible concentration in ownership that can’t lead to anything good.