From Elon Musk’s tweets to Floyd Mayweather and DJ Khaled’s promotion of cryptocurrencies, 2018 was, to say the least, an interesting year in regulatory enforcement news. Even if all you do is win, win, win, no matter what, you’re likely to lose when a financial regulatory authority comes after you.
Here are a few of the headlines from the Financial Industry Regulatory Authority (FINRA) and Securities and Exchange Commission (SEC) that caught our eye in the last year, along with a case alleging violations of the Foreign Corrupt Practices Act (FCPA).
Failure to Supervise Communications
Elon Musk had an “excruciating” year, making headlines repeatedly for ill-advised tweets. Some of those rash communications landed him in hot water with the SEC.
It charged him with securities fraud for tweeting “that he could take Tesla private at $420 per share (a substantial premium to its trading price at the time), that funding for the transaction had been secured, and that the only remaining uncertainty was a shareholder vote.” None of these assertions were true. The SEC alleged that these “tweets caused Tesla’s stock price to jump by over six percent” and resulted in “significant market disruption.” Further, the SEC emphasized that “provid[ing] truthful and accurate information is among a CEO’s most critical obligations,” which “applies with equal force when the communications are made via social media or another non-traditional form.”
Am considering taking Tesla private at $420. Funding secured.— Elon Musk (@elonmusk) August 7, 2018
The charges wrapped up quickly, but not before Tesla faced its own charge for failing to create any “disclosure controls or procedures” on Musk’s Twitter account and failing to supervise the account for accuracy and completeness of communications. Musk agreed to step down as Tesla’s chairman, and he and the company agreed to pay a total of $40 million in fines.
FINRA hit Raymond James Financial Services, Inc. with its own substantial fine—$2 million—for failing to adequately supervise its email communications. Over a period of nine years, Raymond James allowed “millions of emails to evade meaningful review,” resulting in an “unreasonable risk that certain misconduct by firm personnel could go undetected by the firm.” Raymond James made at least two critical mistakes: the search terms it used to flag emails for review were designed to return a minimal number of results, reducing false positives at the expense of missing true positives. It also failed to designate adequate resources to review those emails that were flagged for review. FINRA noted that “firms have a clear obligation to reasonably supervise electronic communications, which includes periodically re-evaluating the effectiveness of existing procedures.” While this case dealt specifically with email communications, its lessons clearly apply to all forms of electronic communications.
And, of course, electronic communications include statements on firm websites—as NEXT Financial Group, Inc. found out when it was censured and fined $750,000 for failing to adequately supervise its own online communications. In that case, FINRA found that the firm’s website “omitted material facts” to such a degree that “its communications with the public [were] misleading.” DreamFunded Marketplace, LLC faced a similar charge when FINRA accused the company of making “false, exaggerated, unwarranted, promissory, or misleading claims to investors about offerings promoted through its online crowdfunding portal.”
Hanzo knows: Financial services firms must design their systems so that they can monitor and supervise all of their business communications, whether they’re made by tweet, email, on a website, or otherwise.
Failure to Properly Maintain Records
Several companies failed to correctly maintain records of their communications. FINRA fined Hancock Investment Services, Inc. $100,000 for its improper storage of business-related emails. While Hancock had a system in place to preserve those emails, it did not use “write once, read many” (WORM) format as required by FINRA and the SEC. (Hancock discovered its own error and has since upgraded its email storage to a WORM-compliant cloud-based system.)
Richard Daniel Tabizon II faced his own FINRA penalty for using a personal email account for business dealings. That use, in violation of his firm’s written supervisory procedures, “caused the firm’s business records to be incomplete” because Tabizon’s personal email account wasn’t subject to the firm’s email archiving system.
Additionally, BGC Financial, L.P. settled an action with the SEC for $1.25 million after it lost digital voice recordings that it was obligated to retain under an investigatory legal hold. While BGC had the recordings preserved for a separate litigation hold, “things went awry” when the litigation hold was lifted and the recordings were returned to their standard one-year retention cycle. Being over a year old, they were promptly deleted—without anyone realizing that they should have been retained for a pending SEC investigatory request.
Hanzo knows: Firms need to know about all of their communication channels to collect and preserve them, and they must establish leak-proof procedures to ensure compliance with legal holds and storage requirements.
Failure to Make Appropriate Disclosures
Online and on Social Media
In the “what on earth was he thinking” category, David A. Clark faced sanctions for “publishing an eBook online without prior approval from the firm” and “operat[ing] an unapproved website and a social media page to promote his business.” FINRA charged that his “website contained statements that were false, exaggerated, unwarranted, promissory or misleading,” including claims that “indicated that customer returns would be absolutely protected from losses.” Clark allegedly failed to seek approval from a principal at his member firm for these representations—and the firm, for its part, failed to promptly detect his online extracurricular activities.
One of the best-known cases from 2018 combined three perennial hot topics: celebrities, social media, and cryptocurrency. The SEC charged professional boxer Floyd Mayweather Jr. and record producer DJ Khaled with “failing to disclose payments they received for promoting investments in Initial Coin Offerings (ICOs)” for cryptocurrencies. Mayweather received a total of $300,000 to promote three separate ICOs on Instagram and Twitter, posting that “you can call me Floyd Crypto Mayweather from now on.” Khaled was paid $50,000 to promote a single ICO.
The SEC cautioned that “investors should be skeptical of investment advice posted to social media platforms and should not make decisions based on celebrity endorsements.” Though sound advice, it would have probably had a greater impact if the SEC had found a celebrity to tweet about it.
Hanzo knows: Firms can’t ensure that adequate disclosures are being made unless they know about the communications in the first place—leading to our final category.
Failure to Investigate: Fraud and Bribery Charges
The SEC charged Giga Entertainment Media Inc.—along with five individual officers—with “fraud in connection with a scheme to mislead investors.” The basic scheme was to boost the apparent rating of the company’s mobile application by surreptitiously purchasing “at least 559,662 downloads” of the app while misleading shareholders about the source of its impressive sales. The SEC noted that “exposing Giga’s fraud should remind companies that they cannot buy a crowd and then claim to be popular” and that companies “have to be honest with investors when touting the fruits of such [marketing] efforts.”
Finally, Polycom, Inc. resolved an FCPA charge for an eight-year bribery scheme involving its sales in China through a $16 million settlement with the SEC. That scheme relied on “illicit payments to Chinese government officials in exchange for assistance in securing deals for Polycom products.” Polycom’s Chinese subsidiary funded those payments through product discounts, concealed with “false justifications” for the markdowns. The subsidiary’s senior managers further covered their tracks by “direct[ing] … sales personnel to use non-Polycom email addresses when discussing deals with Polycom’s distributors.” The SEC charged Polycom with “fail[ing] to maintain a sufficient system of internal accounting controls” or to adequately investigate where the money from those discounts was going.
Hanzo knows: All of these categories have some degree of crossover, of course, and together they point to the prevailing need for firms to be able to conduct accurate and thorough investigations quickly and discreetly—if, that is, anyone at the firm is trying to prevent rather than participate in malfeasance.
At Hanzo, our growth has always been driven by listening to our clients and understanding their struggles. We keep a close eye on what’s changing in the world—in terms of regulations, technology, and business pressures—and what those changes mean for regulatory compliance, eDiscovery, and investigations.
By monitoring changes in regulations as well as developments in regulatory enforcement, we ensure that we’re designing our products and services to meet emerging needs. If you need a solution that you haven’t found yet, please reach out to us. We’d love to see how we can help.
If you enjoyed this blog post, you may also be interested in reading:
From the Hanzo Team:
- Looking Back, Moving Forward: Hanzo's 2018 Review and 2019 Predictions
- 5 Reasons to Meet Hanzo at LegalTech 2019
- Web Archiving for FINRA Compliance
- 5 Trends We Saw at FINRA 2018
- Your Guide to SEC 17A-4 Compliance
From the Compliance and Risk Community:
- FINRA 2018 Exam Finding Report and Regulatory Update Reminder by Kaitlyn Gibbs on Compliance Risk Concepts
- The 2018 Year-End FCPA Update by Gibson Dunn
- Following the Money Through Distributors: The Polycom Enforcement Action by Tom Fox on FCPA Compliance Report