InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC letter illustrates climate-change disclosures
Recently, the SEC’s Division of Corporation Finance issued guidance to companies that may be required to include information concerning climate change risks and opportunities in “disclosures related to a company’s description of business, legal proceedings, risk factors, and management’s discussion and analysis of financial condition and results of operations.” Such disclosures, as discussed in the SEC’s 2010 Climate Change Guidance, address the following: (i) the effect of pending or existing legislation, regulations, and international agreements related to climate change; (ii) the indirect impact of regulations or the direction of business trends; and (iii) the physical effects of climate change. An illustrative letter provided by the Division outlines “sample comments that the Division may issue to companies regarding their climate-related disclosure or the absence of such disclosure.” The Division clarified that the letter does not provide an exhaustive list of issues that companies should consider, and that any comments issued “would be appropriately tailored to the specific company and industry, and would take into consideration the disclosure that a company has provided in Commission filings.”
SEC awards $36 million to whistleblower
On September 24, the SEC announced that it awarded a whistleblower approximately $36 million for providing information and assistance leading to a successful SEC enforcement action, as well as actions by another federal agency. According to the redacted order, the whistleblower voluntarily provided information regarding an illegal scheme to staff at both agencies and met with SEC enforcement staff on multiple occasions. According to the SEC, the SEC's whistleblower program allows individuals who provide critical information to other agencies to be eligible for a related action award if they are also eligible for an award in the underlying SEC action.
The SEC has awarded approximately $1.1 billion to 214 individuals since issuing its first award in 2012.
SEC sues company for misleading investors
On September 21, the SEC filed a complaint against a Puerto-Rico based company and its two managing members (collectively, “defendants”) in the U.S. District Court for the District of Puerto Rico alleging that they offered and sold to retail investors the opportunity to share the profits of a purported Colombian gold mining operation. According to the SEC, the offering, which was unregistered with the Commission, was part of a fraudulent scheme that raised approximately $2.7 million. The complaint also alleges that one of the members and the company authorized advertisements that promised “exorbitant returns on the investment, and provided investors with false and misleading [decks] that misrepresented the status of the mining operations,” while the other member allegedly signed contracts with investors when he had knowledge that the company’s statements to investors were misleading. The SEC’s complaint alleges violations of the registration and anti-fraud provisions of the federal securities laws, specifically, the Securities Act of 1933 and the Securities Exchange Act of 1934. The complaint seeks a permanent injunction against the defendants, a permanent ban prohibiting the defendants’ participation in the issuance, purchase, offer, or sale of securities in an unregistered offering, disgorgement of ill-gotten gains, and civil penalties.
SEC announces first crowdfunding enforcement action
On September 20, the SEC brought its first regulation crowdfunding enforcement action against several entities and related individuals allegedly involved in a fraudulent scheme to sell nearly $2 million of unregistered securities through two crowdfunding offerings. According to the SEC’s complaint, two of the entities issued securities without registering with the SEC, while their principals diverted investor funds for personal use rather than using the funds for the disclosed purposes. These actions, the SEC claimed, violated the antifraud and registration provisions of the Securities Act of 1933 and Securities Exchange Act of 1934. Among other things, the SEC claimed that one of the individuals—“a driving force behind both offerings”—also allegedly concealed his participation in the offerings from the public to hide a past criminal conviction arising from a mortgage fraud scheme out of concern that it could deter prospective investors. The SEC also charged the crowdfunding platform that hosted the offering, and its founder and CEO, with violations of the Securities Act and Regulation Crowdfunding for ignoring red flags about the other defendants. The complaint seeks disgorgement plus pre-judgment interest, penalties, permanent injunctions, and officer and director bars. Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, stressed the importance of full and honest disclosures in these types of offerings: “As companies continue to raise funds through crowdfunding offerings, we will hold issuers, gatekeepers and individuals accountable and enforce the protections in place for all investors.”
SEC issues whistleblower awards totaling $11.5 million
On September 17, the SEC announced whistleblower awards totaling approximately $11.5 million to two whistleblowers who provided information and assistance leading to a successful SEC enforcement action. According to the redacted order, the SEC paid one of the whistleblowers nearly $7 million for being the initial source that led enforcement staff to open an investigation into hard-to-detect violations and for providing subsequent substantial assistance. According to the SEC, the whistleblower also “made persistent efforts to remedy the issues, while suffering hardships.” The second whistleblower, who provided information several years after the investigation was already underway, was paid more than $4.5 million. The SEC noted that the information was particularly helpful as it was based on the second whistleblower’s more recent experience. However, the SEC reduced the award after determining that the whistleblower delayed reporting to the SEC for several years after becoming aware of the wrongdoing.
The SEC has awarded approximately $1 billion in whistleblower awards to 212 individuals since issuing its first award in 2012.
SEC’s Gensler supports SOFR
On September 20, SEC Chair Gary Gensler issued remarks before the Alternative Reference Rates Committee (ARRC) regarding the transition from the London Interbank Offered Rate (LIBOR) to a “preferable” Secured Overnight Financing Rate (SOFR). Gensler expressed his concerns for the Bloomberg Short-Term Bank Yield Index (BSBY), citing that BSBY's flaws are similar to those of LIBOR, including that “[b]oth benchmarks are based upon unsecured, term, bank-to-bank lending.” He also pointed out that the BSBY term is “underpinned primarily by trades of commercial paper and certificates of deposit issued by 34 banks,” and “the median trading volume behind three-month BSBY is less than $10 billion per day.” In expressing his support for SOFR, Gensler stated that SOFR is based on an approximate trillion-dollar market.
SEC reaches $1 billion milestone in whistleblower awards
On September 15, the SEC announced whistleblower awards totaling nearly $114 million to two whistleblowers who provided information and assistance leading to successful SEC and related actions. According to the redacted order, the first whistleblower was awarded $110 million for providing “significant independent information that bridged the gap between certain publicly available information and the possible securities violations.” The SEC noted that the “$110 million award consists of an approximately $40 million award in connection with an SEC case and an approximately $70 million award arising out of related actions by another agency.” The $110 million award is the second-highest award in the program's history, following an approximately $114 million whistleblower award the SEC issued in October 2020 (covered by InfoBytes here). After the SEC staff opened an investigation and undertook significant investigative steps, a second whistleblower voluntarily provided original information and received an approximately $4 million award.
The SEC has awarded approximately $1 billion in whistleblower awards to 207 individuals since issuing its first award in 2012, which includes over $500 million in fiscal year 2021 alone.
SEC says digital asset trading company violated the Exchange Act
On September 13, the SEC announced charges against three media companies (respondents) for allegedly violating the Securities Act of 1933 (Securities Act) by conducting an illegal unregistered offering of stock and coin security. In addition, two of the companies were also charged for allegedly conducting an illegal unregistered offering of a digital asset security. According to the SEC’s order, between April and June 2020, the respondents generally solicited thousands of individuals to invest in a common stock offering. During the same time period, two of the companies solicited individuals to invest in their offering of a digital asset coin security. As a result of these two unregistered securities offerings, whose proceeds were commingled, the respondents collectively raised approximately $487 million from over 5,000 investors.
The order finds that, through both the stock and coin offering, the respondents violated Sections 5(a) and 5(c) of the Securities Act by offering and selling securities without having properly registered. The order, to which the companies consented without admitting or denying the findings, notes that the respondents are banned from participating in any offering of a digital asset security, and are required to cease and desist from future violations of the Securities Act and assist the SEC staff in the administration of a distribution plan, among other things. Two of the companies agreed to pay, jointly and severally, disgorgement of approximately $434 million plus prejudgment interest of approximately $16 million, in addition to a civil penalty of $15 million each. The other company agreed to pay disgorgement of approximately $52 million plus prejudgment interest of almost $2 million, as well as a civil penalty of $5 million. The order also establishes a Fair Fund to return monies to injured investors.
SEC charges cryptocurrency lending platform involved in $2 billion scheme
On September 1, the SEC filed a complaint against an online cryptocurrency lending platform, its founder, and an additional executive and his affiliated company (collectively, “defendants”) alleging they fraudulently raised approximately $2 billion from retail investors through a global unregistered offering of investments involving digital assets. According to the SEC, the defendants sold securities in the form of investments tied to the company’s lending program, and falsely promised investors that its purported proprietary “volatility software trading bot” could generate monthly returns as high as 40 percent. However, the SEC alleged that instead of trading investor funds, the defendants used the funds for their own benefit, such as transferring funds to a digital wallet controlled by their top U.S. promoter (one of the defendants here). To hide the fact that they were not trading the funds as promised, the SEC claimed the defendants “conducted a Ponzi-like scheme in which they at times used funds deposited by newer investors in order to satisfy withdrawal demands made by earlier investors.” The SEC charged the defendants with violating antifraud and registration provisions of the federal securities laws, and is seeking injunctive relief, disgorgement plus prejudgment interest, and civil penalties. In a parallel action, the DOJ announced the same day that the top U.S. promoter pleaded guilty to criminal charges for his role in the cryptocurrency scheme.
SEC takes action against firms for cybersecurity procedures
On August 30, the SEC announced sanctions against eight firms in three actions for alleged failures in their cybersecurity policies and procedures that resulted in email account takeovers of employee email accounts, which exposed the personal information of thousands of customers and clients at each firm. Each order finds that the firms violated Regulation 30(a) of the Safeguards Rule, “which requires every broker-dealer and every investment adviser registered with the Commission to adopt written policies and procedures that are reasonably designed to safeguard customer records and information.” According to the SEC’s first order against a California-based investment firm, from November 2017 to June 2020, cloud-based email accounts of more than 60 of the firm’s entities' personnel were taken over by unauthorized third parties, which resulted in the exposure of personally identifying information (PII) of over 4,388 customers and clients. According to the order, none of these accounts were protected by multi-factor authentication (MFA), even though the firm’s policies required use of MFA since 2018 “wherever possible.” This failure resulted in sending breach notifications to clients that included misleading template language, which suggested that the notifications were issued much sooner than they actually were after discovery of the incidents. The order, which the company consented to without admitting or denying the findings, imposes a civil money penalty of $300,000, and provides that the company must cease and desist from committing or causing any future violations of the Safeguards Rule.
According to the SEC’s second order against an Iowa-based investment firm, from January 2018 to July 2021, cloud-based email accounts of over 121 of the firm’s representatives were taken over by unauthorized third parties, which resulted in the PII exposure of at least 2,177 customers and clients. The order finds that though the firm discovered the first email account takeover in January 2018, it failed to adopt written policies and procedures for cloud-based email accounts reasonably designed to protect customer records and information, such as the use of MFA. The order, which the company consented to without admitting or denying the findings, imposes a civil money penalty of $250,000, and provides that the company must cease and desist from committing or causing any future violations of the Safeguards Rule.
According to the SEC's third order against a Washington-based investment firm, from September 2018 to December 2019, cloud-based email accounts of 15 of the firm’s financial advisers or their assistants were taken over by unauthorized third parties, which resulted in the PII exposure of approximately 4,900 customers and clients. The order also finds that the firm “failed to adopt written policies and procedures requiring additional firm-wide security measures for all [of the firm’s] email users until May 2020, and did not fully implement those measures until August 2020,” which placed additional customer and client records and information at risk. The policies recommended, but did not require, the use of MFA for accessing sensitive data. The order, which the company consented to without admitting or denying the findings, imposes a civil money penalty of $200,000, and provides that the company must cease and desist from committing or causing any future violations of the Safeguards Rule.