SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors

The Securities and Exchange Commission today announced two new initiatives that will build on its Enforcement Division’s ongoing efforts to address cyber-based threats and protect retail investors. The creation of a Cyber Unit that will focus on targeting cyber-related misconduct and the establishment of a retail strategy task force that will implement initiatives that directly affect retail investors reflect SEC Chairman Jay Clayton’s priorities in these important areas.

Cyber Unit

The Cyber Unit will focus the Enforcement Division’s substantial cyber-related expertise on targeting cyber-related misconduct, such as:

• Market manipulation schemes involving false information spread through electronic and social media
• Hacking to obtain material nonpublic information
• Violations involving distributed ledger technology and initial coin offerings
• Misconduct perpetrated using the dark web
• Intrusions into retail brokerage accounts
• Cyber-related threats to trading platforms and other critical market infrastructure

The unit, which has been in the planning stages for months, complements the Chairman’s initiatives to implement an internal cybersecurity risk profile and create a cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.

“Cyber-related threats and misconduct are among the greatest risks facing investors and the securities industry,” said Stephanie Avakian, Co-Director of the SEC’s Enforcement Division.  “The Cyber Unit will enhance our ability to detect and investigate cyber threats through increasing expertise in an area of critical national importance.”

Over the past several years, the Enforcement Division has developed substantial expertise in the detection and pursuit of fraudulent conduct in an increasingly technological and data-driven landscape.  The Cyber Unit will consolidate and advance these efforts, and include staff from across the Enforcement Division.

Robert A. Cohen has been appointed Chief of the Cyber Unit.  Since 2015, he and Joseph Sansone have been Co-Chiefs of the Market Abuse Unit.  Mr. Sansone will continue to lead the Market Abuse Unit as its Chief.

Retail Strategy Task Force

The Retail Strategy Task Force will develop proactive, targeted initiatives to identify misconduct impacting retail investors.  The Enforcement Division has a long and successful history of bringing cases involving fraud targeting retail investors, from everything involving the sale of unsuitable structured products to microcap pump-and-dump schemes. 

This task force will apply the lessons learned from those cases and leverage data analytics and technology to identify large-scale misconduct affecting retail investors.  The task force will include enforcement personnel from around the country and will work with staff across the SEC, including from the SEC’s National Exam Program and the Office of Investor Education and Advocacy.

“Protecting the welfare of the Main Street investor has long been a priority for the Commission,” said Steven Peikin, Co-Director of the SEC’s Enforcement Division.  “By dedicating additional resources and expertise to developing strategies to address misconduct that victimizes retail investors, the division will better protect our most vulnerable market participants.”

Statement from Chairman Clayton

“When Stephanie and Steve approached me with these initiatives, I endorsed them wholeheartedly.  They reflect the division’s continual efforts to pursue new forms of misconduct while keeping a watchful eye out for our Main Street investors,” said SEC Chairman Jay Clayton.

SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors

The Securities and Exchange Commission today announced two new initiatives that will build on its Enforcement Division’s ongoing efforts to address cyber-based threats and protect retail investors. The creation of a Cyber Unit that will focus on target…

Pharmaceutical Company Paying Penalty for Misleading Investors About Sales Metric

The Securities and Exchange Commission today filed fraud charges against a Massachusetts-based biopharmaceutical company that exaggerated how many new patients actually filled prescriptions for an expensive drug that was its sole source of revenue.

Ae…

SEC Announces Agenda for October 12 Investor Advisory Committee Meeting

The Securities and Exchange Commission today announced the agenda for the October 12 meeting of its Investor Advisory Committee.  The meeting will begin at 10 a.m. in the Multipurpose Room at SEC headquarters at 100 F Street, N.E., Washington, D.C., and is open to the public.  The meeting will be webcast live and archived on the committee’s webpage for later viewing.

The committee will hold three panel discussions covering blockchain technology and implications for securities markets, law school clinic advocacy efforts on behalf of retail investors, and electronic delivery of information to retail investors, which may include a Recommendation of the Investor as Purchaser Subcommittee.

The committee welcomes new members Allison A. Bennington, a Partner and General Counsel at ValueAct Capital, and Mina Nguyen, a Managing Director at AQR Capital Management.  Members of the committee represent a wide variety of investor interests, including those of individual and institutional investors, senior citizens, and state securities commissions.  For a full list of committee members, see the committee’s webpage.

The Investor Advisory Committee was established under Section 911 of the Dodd-Frank Act to advise the Commission on regulatory priorities, the regulation of securities products, trading strategies, fee structures, the effectiveness of disclosure, and on initiatives to protect investor interests and to promote investor confidence and the integrity of the securities marketplace.  The Dodd-Frank Act authorizes the committee to submit findings and recommendations to the Commission.

SEC Announces Agenda for October 12 Investor Advisory Committee Meeting

The Securities and Exchange Commission today announced the agenda for the October 12 meeting of its Investor Advisory Committee.  The meeting will begin at 10 a.m. in the Multipurpose Room at SEC headquarters at 100 F Street, N.E., Washington, D.C., an…

SEC Suspends Trading in Company Purporting Involvement in Hurricane Harvey Relief Efforts

The Securities and Exchange Commission today suspended trading in a company amid questions surrounding its statements about sending response teams and equipment to help with Hurricane Harvey disaster recovery efforts in Houston and surrounding areas.

The SEC’s trading suspension order says that a recent press release issued by Texas-based Grupo Resilient International claimed that the company added a “FEMA approved contractor” to the board of its subsidiary and was deploying workers and preparing to deploy a network of mobile broadband trailers to assist in relief efforts.

The SEC’s order also says there are questions regarding the adequacy and accuracy of statements made by the company on other matters in prior press releases.  Grupo was previously known as Paradise Ridge Hydrocarbons and trades under the ticker symbol GRUI.

Earlier this month, the SEC issued an alert that warned investors to be vigilant for investment scams related to Hurricanes Harvey and Irma, noting that scam artists often exploit the latest crisis in the news cycle to lure investors into supposedly promising investment opportunities.

“This is further reminder of the need for vigilance when investing in penny stock companies, especially when they are being touted in connection with humanitarian aid during a natural disaster such as Hurricane Harvey.  Investors are reminded to keep on the lookout for schemes that seek to attract people who are eager to invest with companies that genuinely provide assistance to those in need,” said Stephanie Avakian, Co-Director of the SEC’s Division of Enforcement.

Under the federal securities laws, the SEC can suspend trading in a stock for 10 days and generally prohibit a broker-dealer from soliciting investors to buy or sell the stock again until certain reporting requirements are met.

The SEC appreciates the assistance of the Financial Industry Regulatory Authority. 

SEC Adopts Interpretive Guidance on Pay Ratio Rule

The Securities and Exchange Commission has approved interpretive guidance to assist companies in their efforts to comply with the pay ratio disclosure requirement mandated by Section 953(b) of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  Under the Commission’s rule implementing the pay ratio requirement, companies are required to begin making pay ratio disclosures in early 2018. 

“It’s our priority to make sure that we implement disclosure rules mandated by Congress in a way that is true to the mandate and, to the extent practicable, allows companies to use operational data and otherwise readily available information to produce the disclosures,” said Chairman Jay Clayton.  “Today’s guidance on pay ratio reflects the feedback the SEC has received and encourages companies to use the flexibility incorporated in our prior rulemaking to reduce costs of compliance.”  

In particular, the guidance:

• States the Commission’s views on the use of reasonable estimates, assumptions and methodologies, and statistical sampling permitted by the rule

• Clarifies that a company may use appropriate existing internal records, such as tax or payroll records, in determinations about the inclusion of non-U.S. employees and in identifying the median employee

• Provides guidance as to when a company may use widely recognized tests to determine whether its workers are employees for purposes of the rule

The Commission’s staff is also providing guidance separately about the pay ratio rule.  Bill Hinman, Director of the Division of Corporation Finance noted, “This additional staff guidance, which includes examples illustrating how reasonable estimates and statistical methodologies may be used, is intended to assist companies with their compliance efforts and reduce the costs associated with preparing disclosures.  We encourage companies to contact the division staff if additional interpretive questions arise as the compliance date approaches.” 

Telecommunications Company Paying $965 Million For FCPA Violations

Sweden-based telecommunications provider Telia Company AB has agreed to pay $965 million in a global settlement with the Securities and Exchange Commission, U.S. Department of Justice, and Dutch and Swedish law enforcement to resolve charges related to violations of the Foreign Corrupt Practices Act (FCPA) to win business in Uzbekistan.

According to the SEC’s order, Telia entered the Uzbek telecommunications market by offering and paying at least $330 million in bribes to a shell company under the guise of payments for lobbying and consulting services that never actually occurred.  The shell company was controlled by an Uzbek government official who was a family member of the President of Uzbekistan and in a position to exert significant influence over other Uzbek officials, causing them to take official actions to benefit Telia’s business in Uzbekistan.

“Corporate bribery is not just unfair and illegal, it has terribly corrosive effects on business, government, and society,” said Stephanie Avakian, Co-Director of the SEC’s Enforcement Division.  “As this global settlement demonstrates, the SEC continues to work closely with our counterparts at home and abroad to expose and pursue such corruption.”

Telia consented to the SEC’s order requiring the company to pay $457 million in disgorgement, and the company also agreed to pay a criminal fine of more than $508 million imposed by the Department of Justice.  Portions of each amount could be offset by payments made in overseas settlements or proceedings brought by the Dutch Openbaar Ministerie or the Swedish Åklagarmyndigheten.  Telia’s overall payment to the four agencies must be at least $965 million.

The SEC appreciates the assistance of the Department of Justice Criminal Division’s Fraud and Money Laundering and Asset Recovery Sections as well as the Internal Revenue Service, Department of Homeland Security, Dutch Openbaar Ministerie, National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway, Swedish Prosecution Authority, Office of the Attorney General in Switzerland, and Corruption Prevention and Combating Bureau in Latvia.  The SEC also appreciates the assistance from regulators and law enforcement in France, Spain, and Hong Kong as well as the Financial Conduct Authority, British Virgin Islands Financial Services Commission, Cayman Islands Monetary Authority, Bermuda Monetary Authority, Cyprus Securities and Exchange Commission, and Central Bank of Ireland.

SEC Chairman Clayton Issues Statement on Cybersecurity

SEC Chairman Jay Clayton today issued a statement highlighting the importance of cybersecurity to the agency and market participants, and detailing the agency’s approach to cybersecurity as an organization and as a regulatory body.

The statement is part of an ongoing assessment of the SEC’s cybersecurity risk profile that Chairman Clayton initiated upon taking office in May. Components of this initiative have included the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.   The statement provides an overview of the Commission’s collection and use of data and discusses key cyber risks faced by the agency, including a 2016 intrusion of the Commission’s EDGAR test filing system. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.  Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. An internal investigation was commenced immediately at the direction of the Chairman.  

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” said Chairman Clayton. “We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

The statement also outlines the management of internal cybersecurity risks, including the incorporation of cybersecurity considerations in disclosure-based and supervisory efforts, coordination with other government entities, and the enforcement of the federal securities laws against cyber threat actors and market participants that do not meet their disclosure obligations.

Chairman Clayton writes, “By promoting effective cybersecurity practices in connection with both the Commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency.”

Thomas J. Butler Named an Associate Regional Director for Examinations in New York Regional Office

The Securities and Exchange Commission today announced that Thomas J. Butler has been named an Associate Regional Director for the Investment Adviser and Investment Company examination program in the agency’s New York Regional Office.  Mr. Butler is leaving his current position as Director of the SEC’s Office of Credit Ratings (OCR), a position he has held since June 2012.

“I am delighted to welcome Tom to the team,” said Pete Driscoll, Acting Director of the Office of Compliance Inspections and Examinations. “The New York region is responsible for more than 2,800 registered investment advisers with more than $18 trillion in assets under management and over 200 investment company complexes. Tom’s significant industry experience and leadership prior to and at the SEC will be invaluable to the experienced and dedicated staff in the New York examination program.”

Prior to his 2012 appointment as the inaugural Director of OCR, Mr. Butler was a Managing Director at Morgan Stanley Smith Barney and Citigroup, held senior financial advisory and structuring roles at UBS and Babcock & Brown, and worked at two major law firms. Mr. Butler received his undergraduate degree from Rutgers College and his law degree from Rutgers School of Law at Newark.

Jessica Kane, Director of the SEC’s Office of Municipal Securities (OMS), has been appointed to serve as Acting Director of OCR on an interim basis following Mr. Butler’s departure.  In turn, Rebecca Olsen, Deputy Director of OMS, will serve as Acting Director of that office while Ms. Kane is assigned to OCR.

CEO Charged With Using Secret Accounts for Insider Trading in Company Stock

The Securities and Exchange Commission today charged the former CEO of a Silicon Valley-based fiber optics company with insider trading in company stock by using secret brokerage accounts held in the names of his wife and brother.

The SEC alleges that Peter C. Chang, who also was the founder and chairman of the board at Alliance Fiber Optic Products, generated more than $2 million in illicit profits and losses avoided by trading on nonpublic information and tipping his brother ahead of two negative earnings announcements and the company’s merger.  

According to the SEC’s complaint, Chang was the company’s largest shareholder and required under the federal securities laws to disclose his ownership of company securities as an officer and director.  Chang allegedly traded company shares secretly in the family member accounts, often times from his work computer after attending board meetings where confidential information was discussed.   He also allegedly tipped his brother in Taiwan with nonpublic information to trade ahead of the earnings announcements in 2015 and an announcement in 2016 that the company would be acquired via tender offer by Corning.

Chang allegedly tried to hide his control over one of the accounts by posing as his brother in communications with one of the brokerage firms, and he allegedly obscured his relationship with his wife in response to a market surveillance inquiry by the Financial Industry Regulatory Authority. 

“As alleged in our complaint, Chang betrayed his company and its shareholders for his personal gain by trading in clandestine accounts right after learning extremely confidential information in board meetings,” said Jina L. Choi, Director of the SEC’s San Francisco Regional Office. 

The SEC’s complaint charges Chang with violating Sections 10(b), 14(e), and 16(a) of the Securities Exchange Act of 1934 and Rules 10b-5, 14e-3, and 16a-3.  The complaint seeks disgorgement with prejudgment interest plus a penalty, permanent injunction, and officer-and-director bar.

In a separate action by the U.S. Attorney’s Office for the Northern District of California, criminal charges were unsealed against Chang.

The SEC’s investigation, which is continuing, has been conducted by Serafima Krikunova and supervised by Jennifer J. Lee of the San Francisco office with assistance from John Rymas of the Enforcement Division’s Market Abuse Unit.  The SEC’s litigation will be led by Susan F. LaMarca.  The SEC appreciates the assistance of the U.S. Attorney’s Office for the Northern District of California, Federal Bureau of Investigation, Financial Industry Regulatory Authority, and Options Regulatory Surveillance Authority.

Catherine McGuire to Retire After More Than 40 Years at the SEC