Protecting Against Fraud, Mis-Appropriation And

SIFMA’s Compliance & Legal Society 2020 Annual Seminar Protecting Against Fraud, Misappropriation and Other Schemes March 18, 2020

I. Introduction

A. Numerous provisions of the federal securities laws require broker-dealers and investment advisers to prevent fraud by their representatives and by customers using their facilities.

II. Latest Developments on Fraud Types and Trends

A. SEC Priorities

1. As the SEC’s Division of Enforcement’s 2019 Annual Report reflects, last year, the SEC continued its focus on, among other things, (1) Ponzi schemes and other fraudulent conduct involving Main Street investors, and (2) cyber- related misconduct. See 2019 Annual Report – Division of Enforcement, available at https://www.sec.gov/files/enforcement-annual-report-2019.pdf (hereinafter “Annual Report”).

B. Focus on Retail/Main Street Investors

1. According to the Annual Report, in fiscal year (“FY”) 2019, the Division sought to “focus its efforts on protecting retail investors,” who are “often particularly vulnerable to the conduct of bad actors in the securities markets.” Id. at 10. In light of its “retail” focus, the SEC highlighted cases it brought last year involving offering frauds, pump-and-dump schemes, and misconduct by investment advisers and broker dealers directed at individual clients in which average investors appeared to be victimized.

2. The Division’s Retail Strategy Task Force (“RSTF”), which was formed in FY 2018, further reflects the SEC’s “intertwining of retail investor protection and technological sophistication. See id. at 11.

3. In FY 2019, RSTF—“undert[ook] a number of lead-generating initiatives and swift enforcement actions built on the use of data analytics.” Id. In addition to leading the Chairman’s Teacher’s Initiative and the Military Service Members’ Initiative, “which focus enforcement and investor education resources on, respectively, teachers, and veterans and active duty military personnel,” id., it also has “strip[ped] wrongdoers of their ill-gotten gains and return[ed] funds to victims as quickly as possible.” Id. This focus has “resulted in the return of nearly $1.2 billion,” including a $1 billion in combined penalties and disgorgement from a series of actions against Woodbridge Group of Companies (“Woodbridge”) handed down in January 2019. Id.; see also Press Release 2019-3, Court Orders $1 Billion Judgment Against Operators of Woodbridge Ponzi Scheme Targeting Retail Investors (Jan. 28, 2019), available at https://www.sec.gov/news/press-release/2019-3 (hereinafter “Press Release 2019-3”).

C. Focus on Cyber-Related Misconduct

1. Regarding the Enforcement Division’s continued focus on cyber-related misconduct, the Annual Report highlighted the fact that in FY 2019, the SEC brought cases involving ICOs and digital assets, securing systems against cyber threats in public companies and regulated entities, and leveraging technology to investigate unlawful trading. . Id. at 12–13. For example, in SEC v. Ieremenko, filed in January 2019, the Commission brought charges against nine defendants “for their alleged roles in a scheme to hack into the SEC’s EDGAR system and extract nonpublic information for use in illegal trading.” Id. at 13; see also Press Release 2019-1, SEC Brings Charges in EDGAR Hacking Case (Jan. 15, 2019), available at https://www.sec.gov/news/press-release/2019-1. The “painstaking” case showcased “ a number of [the Commission’s] complex analytic tools and capabilities” to counteract the “technological sophistication of the perpetrators.” Annual Report at 13.

III. Detecting And Preventing the Latest Schemes

A. Ponzi Schemes

1. In 2013, the SEC adopted amendments to fortify governance of broker- dealer “custody practices.” See 17 C.F.R. § 240.17a-5 (2017); 17 C.F.R. § 240.17a-11 (2017); 17 C.F.R. § 249.639 (2017). Then SEC Commissioner Luis Aguilar explained in a letter, dated July 31, 2013, that the amendments were promulgated in response to the Bernie Madoff Ponzi scheme, and highlighted certain aspects of the amendments to Rule 17a-5(d). See Public Statement from Luis A. Aguilar, Commissioner, SEC, Strengthening Oversight of Broker-Dealers by Instituting a Framework to Prevent Another Madoff (July 31, 2013), https://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1370539742041.

a. In addition to the financial statements and supporting schedules required under the existing rule, broker-dealers would also be required to file a compliance report (or an exemption report) and a related report prepared by an independent public accountant based on the accountant’s review of the broker-dealer’s compliance or exemption report. See Broker-Dealer Reports, SEC Exchange Act Release No. 34 -70073 (July 30, 2013), 78 Fed. Reg. 51910 (Aug. 21, 2013), available at https://www.sec.gov/rules/final/2013/34- 70073.pdf. Such a compliance report would be required to contain a description of each identified material weakness in the Internal Control Over Compliance, as defined in the Rule, over the most recent fiscal year, and a description of any instance of non- compliance with Rule 15c3-1 or paragraph (e) of Rule 15c3-3 as of the end of the most recent fiscal year. Id. at 29-30.

b. The goal of both the new compliance report and the related independent public accountant review of such report was to (1) focus independent public accounts on the custody practices of broker- dealers and (2) to identify control weaknesses.

2. According to the SEC’s Annual Report, for FY 2019, securities offering cases—which include cases involving Ponzi schemes—comprised 21% of the year’s enforcement actions, second only to investment advisory and investment company issues, which accounted for 36% of standalone cases. Annual Report at 15.

3. In FY 2019, the SEC was focused on bringing cases involving Ponzi Schemes targeting seniors and their retirement savings.

a. As noted above, in January 2019, a federal court in Florida levied a $1 billion judgement against Woodbridge and its former owner, Robert Shapiro, for operating a Ponzi scheme that targeted retail investors. See Press Release 2019-3. The $1 billion included $892 million in disgorgement against Woodbridge and its related companies, and $100 million, $18.5 million, and $2.1 million in civil penalties, disgorgement of ill-gotten gains, and prejudgment interest, respectively, against Shapiro. The order was the culmination of the Commission’s December 2017 emergency action charging Woodbridge and the related defendants with “operating a $1.2 billion Ponzi scheme that defrauded 8,400 retailed investors nationwide, many of them seniors who had invested retirement funds.” Id. Additionally, in August 2018, charges were filed against unregistered brokers who unlawfully sold securities of Woodbridge to retail investors. SEC Press Release 2018-157, SEC Charges Unregistered Brokers Who Sold Woodbridge Securities to Main Street Investors (Aug. 20, 2018), available at https://www.sec.gov/news/press- release/2018-157. The five individuals and their companies the SEC named as Defendants in its latest Complaints were among Woodbridge’s top revenue producers, “selling more than $243 million of its unregistered securities to more than 1,600 retail investors.” Id. The SEC alleged that the Defendants “touted Woodbridge as a ‘safe and secure’ investment,” and solicited investors “at seminars and a ‘conservative retirement and income planning class’ they taught at a Florida university.” Id. According to the SEC, when Woodbridge filed for bankruptcy, “investors stopped receiving monthly interest payments and have not received a return of their investment principal.” Id. For its alleged misconduct, Woodbridge agreed to settle the liability portion of the SEC’s charges without admitting or denying the allegations and reached a resolution with the SEC and creditors in a bankruptcy action regarding the ongoing control and management of Woodbridge. Id. As of August, the SEC’s monetary claims against Woodbridge were pending, and the SEC’s investigation was still ongoing. Id. b. In November 2019, the SEC announced charges against a new York investment adviser for operating a multimillion-dollar investment club that was in fact a fraudulent Ponzi scheme. See SEC Press Release 2019-234, SEC Charges Adviser for Running Ponzi Scheme Targeting Haitian Community (Nov. 6, 2019), available at https://www.sec.gov/news/press-release/2019-234. The scheme allegedly targeted members of the Haitian community, as well as defendant Ruless Pierre’s family and friends. Id. The complaint further alleged that Pierre ran an investment club called Amongst Friends Investment Group and that from at least March 2017, he raised over $2 million from 100 or more investors. Id. Pierre was able to induce potential investors by “promising unrealistically high rates of return of at least 20 percent every 60 days,” when in fact he “incurred heavy losses trading securities and concealed them by using new investor funds to pay older investors.” Id. Moreover, the complaint posited that Pierre “fraudulently raised at least $375,000 from more than 15 investors related to a scheme involving the sale of partnership interests in a fast food franchise, with agreements that falsely guaranteed monthly returns of 10 percent plus quarterly profit sharing.” Id. Pierre was charged with violating the antifraud provisions of federal security laws, with a parallel criminal action by the U.S. Attorney’s Office for the Southern District of New York. Id. c. Also in November 2019, the SEC announced that it filed an emergency action and obtained a temporary restraining order and asset freeze against two individuals and two companies they control in connection with an alleged $6 million Ponzi scheme. See Press Release 2019-239, SEC Halts Ponzi scheme Targeting Seniors and Small Business Owners (Nov. 19, 2019), available at https://www.sec.gov/news/press-release/2019-239. The scheme allegedly defrauded “at least 55 investors, many of whom are senior citizens or small business owners.” Id. According to the complaint, Neil Burkholz and Frank Bianco, both of Florida, through separate LLCs, “solicited investors by falsely representing that their proprietary options trading strategies were highly profitable,” when, in reality, “the defendants invested less than half of investor funds and those investments resulted in near-total losses.” Id. Defendants also allegedly “misappropriated the remaining funds by using them to repay other investors and by transferring approximately $880,000 of investor funds to themselves and their spouses for personal use.” Id. The complaint charged Burkholz and Bianco with securities fraud and sought emergency relief such as permanent injunctions, return of allegedly ill-gotten gains with prejudgment interests, and civil penalties. Id.

d. As part of its initiative to protect seniors from Ponzi schemes and other fraudulent conduct, the SEC’s Office of Investor Education and Advocacy issued Investor Alerts to help seniors identify signs of investment fraud. See, e.g., Updated Investor Alert for Seniors: Five Red Flags of Investment Fraud (July 18, 2016), available at https://www.investor.gov/additional-resources/news-alerts/alerts- bulletins/updated-investor-alert-seniors-five-red-flags. One such alert was issued in conjunction with the Division of Enforcement’s Retail Strategy Task Force. See Investor Alert: Ponzi Schemes Targeting Seniors (Apr. 9, 2018), available at https://www.investor.gov/additional-resources/news-alerts/alerts- bulletins/investor-alert-ponzi-schemes-targeting-seniors.

B. Microcap & Penny Stock Fraud

1. As in 2018, in FY 2019, the SEC continued to play an active role in cracking down on penny stock and other microcap fraud.

a. In February 2019, the Commission charged four individuals and related businesses for their alleged roles in two microcap frauds and unlawful securities offerings. See Press Release 2019-13, SEC Files Charges in Elaborate Microcap Stock Fraud (Feb. 15, 2019), available at https://www.sec.gov/news/press-release/2019-13. The complaint alleged that “from approximately December 2012 to June 2013, microcap stock financier Magna Group, which was founded and owned by Joshua Sason, engaged in a scheme to acquire fake convertible promissory notes supposedly issues by penny stock issuer Lustros Inc. and then to convert those notes into shares of Lustros common stock.” Id. The defendants then “sold the shares to unsuspecting retail investors, who did not know that the shares were fraudulently acquired and were being sold illegally.” Id. The effect of the defendants’ sales of Lustros shares was “destroying the value of the Lustros shares held by the public.” Id. Further, the complaint asserted that the Magna Group’s former head of research and due diligence, Marc Manuel, personally negotiated and executed the sham transactions. Id. Moreover, the complaint alleged that in November 2013 Sason and Manuel, through Magna Equities II, purchased another fake promissory note from Pallas Holdings. Id. Magna, along with the note’s issuer, NewLead Holdings Ltd., “later agreed to retire the fake debt in exchange for shares of the issuer through a court-approved settlement agreement.” Id. To obtain such approval, Sason and Magna Equities II “falsely swore to the court that the fake promissory note was a bona fide debt of NewLead.” Id. b. In July 2018, the SEC announced an emergency action charging two individuals with running a microcap pump and dump scheme targeting retail investors. See Press Release 2019-136, SEC Obtains Asset Freeze in Microcap Pump and Dump Scheme Targeting Elderly Retail Investors (July 18, 2019), available at https://www.sec.gov/news/press-release/2019-136. The Commission also obtained an emergency order freezing the two defendants’ assets. Id. The complaint alleged that “Florida resident Garrett M. O’Rourke and Maryland resident Michael J. Black worked together between 2016 and 2018 to fraudulently sell the stock of several microcap companies to investors, including elderly retail investors, using high pressure stock promotional campaigns.” Id. According to the complaint, O’Rourke “aggressively touted the companies to prospective investors through unsolicited cold calls,” in which he also claimed “he had found promising investment opportunities for them,” when in actuality, he sought to convince these investors to “buy the stocks so that he and Black could sell their holdings in the same stocks for profit.” Id. Additionally, O’Rourke and Black allegedly “disguise[d]” their control over one of the microcap companies, “in order to facilitate their illegal sales of the company’s stock in the public securities market, generating millions of dollars in proceeds.” Id. The defendants were charged with violating the antifraud and registration provisions of the federal securities laws. Id. c. In November 2019, the SEC announced that it filed an emergency action and obtained an asset freeze against the operators of a South- Florida based penny stock scheme that defrauded 100 retail investors, including seniors. See Press Release 2019-245, SEC Halts Penny Stock Scheme Targeting Seniors (Nov. 27, 2019), available at https://www.sec.gov/news/press-release/2019-245. The complaint alleged that “NIT Enterprises, Inc., NIT’s CEO Gary R. Smith, Jason M. Ganton, and James E. Clearly, Jr., raised 4.9 million from investors while making misrepresentations.” Id. Specifically, the defendants purportedly claimed that the money raised would be used to fund “its radiation protection products for medical and military applications,” which would lead to significant returns, when, in fact, Smith “misappropriated $1.25 million or 25% of total investor proceeds to pay for personal expenses.” Id. Additionally, the complaint alleged that the defendants misrepresented to investors “NIT’s future profitability, imminent initial public offering, and expectations to ‘double or triple’ their investment.” Id. Moreover, Ganton and Clearly, who had a disciplinary history and prior SEC actions and bars, concealed said histories, of which Smith had knowledge. The defendants were charged with violating the antifraud and registration provisions of the federal securities laws, with the individual defendants also charged for acting as unregistered broker-dealers and violating past Commission orders. Id. 2. Previously, in a December 2016 press release, the SEC announced that it had charged several “gatekeepers” in microcap fraud schemes, barring them from the penny stock industry. See SEC Press Release, SEC Charges Gatekeepers in Microcap Frauds (Dec. 16, 2016), available at https://www.sec.gov/news/pressrelease/2016-265.html. Those gatekeepers included:

a. A securities lawyer (and law firm) who authored misleading registration statements used in connection with “sham IPOs” for microcap issuers in order to transfer unrestricted shares to “offshore market participants.” See In the Matter of Michael J. Muellerleile, Esq. and M2 Law Professional Corp., Admin. Proc. File No. 3-17727 (Dec. 16, 2016) (order instituting public administrative and cease- and-desist proceedings), https://www.sec.gov/litigation/admin/2016/33-10268.pdf.

Michael Muellerleile, a California lawyer, engaged in an illegal scheme to create five public microcap companies in order to issue and disseminate unrestricted securities. Id. at 2. Through his law firm, M2 Law, Muellerleile created registration statements for each microcap company with the knowledge that they contained material misrepresentations and omissions. Id. Muellerleile had friends and family members incorporate private companies, serve as officers or directors of the company, and take the company public. Id. at 4. Muellerleile provided a stock transfer agent with misleading information “to obtain unrestricted shares in the names of straw shareholders, while maintaining control over the issued shares,” and provided a broker-dealer with false and misleading information to create the illusion that valid IPOs had taken place. Id at 2-3. This materially misleading information was then included in Forms 211 and resulted in FINRA granting clearance. Id. at 3. Muellerleile transferred most of the shares, including to overseas market participants. Id. Muellerleile profited through legal fees paid to M2 Law. Id. at 2-3. The Commission thus determined that Muellerleile and M2 Law’s knowing conduct constituted a willful violation of Section 17(a)(2) and (3) of the Securities Act, which prohibit fraudulent conduct in the offer and sale of securities.

b. A transfer agent and supervisor of operations for transferring unrestricted penny stock securities to offshore entities despite red flags that the shares could be part of a fraudulent operation. See In the Matter of Empire Stock Transfer, Inc. and Matthew J. Blevins, Admin. Proc. File No. 3-177729 (Dec. 16, 2016) (order instituting public administrative and cease-and-desist proceedings), https://www.sec.gov/litigation/admin/2016/33-10270.pdf. Empire Stock Transfer, Inc. (“Empire”) and its supervisor, Matthew Blevins, illegally distributed unregistered common stock of four penny stock issuers. Id. at 2. Empire and Blevins transferred large blocks of supposed unrestricted penny stock to offshore “nominees.” Id. Furthermore, Empire and Blevins made multiple transfers despite “repeated red flags,” including that (1) stock transfer requests lacked endorsements by registered owners; (2) on a few occasions, these transfer requests also lacked signature guarantees; and (3) they knowingly transferred all or nearly all of an issuer’s publicly traded float at the direction of the issuer or its affiliate, and not at the direction of individuals whose names were on the stock certificates. Id. at 2. As a result, the Commission determined that Empire and Blevins had willfully violated Sections 5(a) and 5(c) of the Securities Act, making it unlawful for any person to sell or offer to sell unregistered securities absent an available exemption.

3. In FY 2019, the SEC continued policing, or alternatively, protecting the function of these gatekeepers in a number of actions:

a. In February 2019, the SEC announced charges against a broker- dealer, a transfer agent, and three individuals in a microcap shell factory fraud. See Press Release 2019-16, SEC Charges Broker- Dealer and Transfer Agent in Microcap Shell Factory Fraud, available at https://www.sec.gov/news/press-release/2019-16. Collectively the defendants allegedly created over a dozen undisclosed “blank check” companies from 2009 to 2014. Id. Specifically, the complaint opined that “broker-dealer Spartan Securities Group, Ltd. and transfer agent Island Capital Management LLC . . . helped create and sell at least 19 purportedly legitimate public companies that were in fact shams.” Id. To do so, Spartan allegedly filed fraudulent applications to FINRA “to publicly list the companies’ common stock and ultimately enable the shares to become free-trading and available to public investors.” Id. The individuals in the scheme, Carl E. Dilly and Micah J. Eldred, both principals at Spartan, “signed the false applications even though they knew or at least were reckless that the companies were fake,” and “failed to investigate red flags raised by FINRA.” Id. In announcing the charges, Eric I. Bustillo of the SEC stated, “Broker-dealers are critical gatekeepers protecting the integrity of our markets, with obligations under our rules to fulfill that role.” Id. The defendants were charged with violating provisions of federal securities laws, including Exchange Act Rule 15c2-11, which prohibits fraudulent misconduct by registered broker dealers. Id. In July 2019, the SEC charged an Arizona-based attorney and a Missouri-based agent of microcap shell companies with securities fraud and registration violations. See Press Release 2019-130, SEC Charges Securities Lawyer and Microcap Agent with Fraud (July 12, 2019), available at https://www.sec.gov/news/press-release/2019- 130. The complaint alleged that, from February 2015 to April 2017, “attorney William Scott Lawler engaged in schemes to fraudulently transfer control over the shares of two publicly-traded shell companies to his client.” Id. Microcap agent Natalie Bannister also allegedly participated in the scheme by arranging sales of the shell companies’ shares and by engaging in “sham transactions” as directed by Lawler. Id. Additionally, Lawler purportedly “drafted false attorney-opinion letters,” and, along with Bannister, ensured a market for the shell company stock and placed “phony bids.” Id. Marc P. Berger of the SEC commented that “through deception and fraud Lawler and Bannister prevented broker-dealers from performing critical gatekeeping functions,” and that “[a]ttorneys must not misuse their specialized skills and knowledge of the securities laws to engage in fraud at the expense of unwitting investors.” Id. The SEC charged the two defendants with violating the antifraud provisions of Section 17(a) of the Securities Act of 1933 and Section 10(b) of the Securities Exchange Act of 1934, among others.

4. In its Annual Risk Monitoring and Examination Priorities Letter (2019)— previously called the Annual Regulatory and Examination Priorities Letter— FINRA again highlighted microcap fraud as key area of focus for the organization in 2018. See 2019 Risk Monitoring and Examination Priorities Letter (Jan. 2019), available at https://www.finra.org/sites/default/files/2019_Risk_Monitoring_and_Exami nation_Priorities_Letter.pdf.

a. While FINRA emphasized that it was identifying “materially new priorities” than in previous years, fraud, and particularly, microcap fraud nonetheless remained an “ongoing area of focus.” Id.

b. More specifically, FINRA identified fraud schemes targeting senior investors as a top priority. FINRA focused especially on registered representatives using their role as a fiduciary to take control of trusts or other assets and direct funds to themselves. Id.

c. In its annual letter, FINRA highlighted that it “will also review firms’ controls regarding their obligations under amendments to FINRA Rule 4512 . . . and new FINRA Rule 2165.” Id. In previous years, FINRA emphasized that its new Rule 2165 and amendments to FINRA Rule 4512 have provided firms with “even more tools to protect senior investors” from such schemes. FINRA also “remind[ed] firms of their obligation to file a Suspicious Activity Report (SAR) for illicit activity involving the exploitation of senior investors.” See, e.g., 2018 Regulatory and Examination Priorities Letter (Jan. 8, 2018), available at http://www.finra.org/industry/2018-regulatory-and-examination- priorities-letter.

5. In its Annual Risk Monitoring and Examination Priorities Letter (2020)— FINRA again indicated its continuing interest in protecting senior investors in 2020, stating that protecting senior investors remained an area of focus. See 2020 Risk Monitoring and Examination Priorities Letter (Jan. 2019), available at https://www.finra.org/sites/default/files/2020-01/2020-risk- monitoring-and-examination-priorities-letter.pdf.

C. Other Senior/Retail Exploitation Issues

1. In August 2019, the SEC charged a Tallahassee-based investment adviser and its two former principals with defrauding investors, most of whom were retired NFL players participating in a class-action lawsuit against the NFL regarding claims of concussion-related brain injuries. Specifically, the SEC charged the company and two individuals with defrauding investors by advertising that funds would be invested in a variety of instruments, but in fact were invested in settlement advance loans to NFL class-action clients. SEC Press Release, SEC Charges Adviser Firm and Its Principals With Defrauding Retired NFL Players (Aug. 29, 2019), available at https://www.sec.gov/news/press-release/2019-167. The SEC’s Complaint alleged that the Defendants described the named former investment adviser as a successful investment manager without disclosing that he had served jail time for bankruptcy and tax fraud, in addition to being barred by the SEC. Id.

a. In announcing the charges, the Director of the SEC’s Miami Regional Office, Eric Bustillo, stressed the “particularly vulnerable” nature of these investors, “many of whom invested their retirement savings.” Id.

b. The Complaint charged the Defendants violating the anti-fraud provisions of the federal securities laws, and sought permanent injunctions, disgorgement of allegedly ill-gotten gains, prejudgment interest, and financial penalties. Id.; see also SEC Compl. at 20-27 (charging corporate Defendant and individual Defendants under Sections 206(1) and 206(2) of the Advisers Act for fraudulent conduct by an investment advisor), available at https://www.sec.gov/litigation/complaints/2019/comp-pr2019- 167.pdf; id. at 26 (charging Defendants under Section 207 and Section 206(4) of the Advisers Act and Rule 206(4)-8(a)(1) thereunder); id. at 27 (charging one of the individual Defendants with willfully acting as an investment advisor in contravention of his permanent bar in violation of Section 203(f) of the Advisers Act). I. Red Flags and Supervisory Controls

A. Broker-dealers are required to have in place structures which promote meaningful supervision to prevent fraudulent conduct.

B. FINRA emphasized the importance of safeguarding customer assets and adhering to Know Your Client (“KYC”) rules in a series of five cases announced simultaneously in December 2019 (all firms consenting to entry of the orders without admitting or denying the order findings). FINRA found that these five firms failed to gather and maintain “essential facts” for custodians of Uniform Transfers to Minors Act (“UTMA”) and Uniform Gifts to Minors Act (“UGMA”) accounts—special accounts intended to protect and transfer property to a minor beneficiary without the need for a formal trust. FINRA Press Release, FINRA Sanctions Five Firms for Failing to Reasonably Supervise Custodial Accounts: Firms Did Not Know Essential Facts About Customers With Custodial Accounts Established Pursuant to the Uniform Transfers to Minors Act (UTMA) and Uniform Gifts to Minors Act (UGMA) (Dec. 26, 2019), available at https://www.finra.org/media-center/newsreleases/2019/finra-sanctions-five-firms- failure-reasonably-supervise-custodial.

1. In each instance, the firm “failed to establish, maintain, and enforce reasonable supervisory systems and procedures to track or monitor whether custodians timely transferred control over custodial property to UTMA and UGMA account beneficiaries” as required by FINRA Rule 2090. Id. Because of the lack of KYC knowledge and oversight, custodians authorized transactions even after the beneficiaries reached the age where they should have received their custodial property. Id.

2. The firms payed combined fines of $1.4 million, with FINRA commenting on the importance of protecting customer assets, “particularly in the case of UTMA and UGMA accounts, where it is essential for firms to implement supervisory systems reasonably designed to verify custodians’ authority to make investment decisions after the account beneficiaries reach the age of majority.” Id.

C. In December 2019, FINRA also sanctioned a firm based on a lack of customer protection for supervisory failures regarding Unit Investment Trusts (“UIT”) transactions. FINRA Press Release, FINRA Orders Oppenheimer & Co. Inc. to Pay $3.8 Million in Restitution to Customers for Supervisory Failures Involving Unit Investment Trusts (Dec. 30, 2019), available at https://www.finra.org/media- center/newsreleases/2019/finra-sanctions-five-firms-failure-reasonably-supervise- custodial.

1. FINRA cited the long-term nature of UIT investment companies and found that Oppenheimer lacked supervisory systems and procedures sufficient to flag and assess the suitability of approximately $754 million in “early rollover” transactions, where customers may have incurred increased sales charges over time. Id.

2. In its press release, FINRA emphasized that “[p]roviding restitution to investors remains a top priority” and reminded firms that they “must be mindful of costs to customers when recommending a product, particularly when recommending that customers make short-term sales of products that are intended as long-term investments.” Id.

3. Here, FINRA explicitly recognized the “extraordinary” cooperation efforts of Oppenheimer and considered its assistance in the investigation when determining the fine of $800,000 in addition to the more than $3.8 million paid in restitution. FINRA Letter of Acceptance, Waiver, and Consent No. 2016050948101 at 4 (Dec. 20, 2019), available at https://www.finra.org/sites/default/files/2019-12/oppenheimer-awc- 123019.pdf.

D. In 2019, the SEC’s Enforcement Division and Cyber Unit remained focused on supervisory controls including those stemming from cyber-related issues, including cyber-attacks and other information security threats to firms that can compromise client information and subject accounts to various forms of risk. In its 2020 Examination Priorities, SEC specifically noted that it would evaluate the oversight practices related to service providers and network solutions, including those leveraging cloud-based storage. In addition, the SEC noted it would continue efforts to scrutinize for compliance with Regulations S-P and S-ID. 2020 Examination Priorities, SEC Office of Compliance Inspections and Examinations, available at https://www.sec.gov/about/offices/ocie/national-examination- program-priorities-2020.pdf

1. Previously, in September 2018, the SEC announced settled charges against an Iowa-based broker-dealer and investment adviser based on its inadequate cybersecurity policies and procedures that failed to prevent a cyber intrusion “that compromised personal information of thousands of its customers, in violation of Regulations S-P and S-ID.” 2018 Annual Report – Division of Enforcement at 7, available at https://www.sec.gov/files/enforcement-annual-report-2018.pdf.

2. As of this writing, this remains the only action the SEC brought for violations of Regulation S-ID—or the Identity Theft Red Flags Rule. See id. That rule is “designed to protect customers from the risk of identity theft.” Id.

E. In September 2019, the SEC settled a cease-and-desist proceeding against the successor of a dark pool trading company for failing to comply with certain provisions of Regulation Systems Compliance and Integrity (“Regulation SCI”). SEC Press Release, SEC Orders Virtu to Pay $1.5 Million Penalty for Violations of Regulation SCI (Sept. 30, 2019), available at https://www.sec.gov/enforce/34- 87155-s. 1. The SEC order found that KCG America did not: “(a) establish the policies and procedures required by Regulation SCI; (b) file any quarterly or annual reports required by Regulation SCI; (c) conduct an annual Regulation SCI compliance review; (d) comply with various business continuity and disaster recovery plan requirements of Regulation SCI; or (e) maintain the books and records required by Regulation SCI.” See In the Matter of Virtu Americas LLC (f/k/a KCG Americas LLC), Admin. Proc. File No. 3-18563 (Sept. 30, 2016) (order instituting public administrative and cease-and- desist proceedings), https://www.sec.gov/litigation/admin/2019/34- 87155.pdf.

2. The SEC alleged that the Defendant put its investors at risk in violating Regulation SCI, which addressed minor systems problems to prevent them from “potentially creating widespread damage and harm to market participants, including investors.” Id. at 2.

3. The successor company consented to the entry of a cease and desist order, censure, and a $1.5 million penalty.

F. In September 2019, the SEC filed a settled a cease-and-desist proceeding against a clearing agency for failure to implement policies to manage certain risks as required by U.S. laws and SEC and CFTC rules. SEC Press Release, SEC and CFTC Charge Options Clearing Corp. With Failing to Establish and Maintain Adequate Risk Management Policies (Sept. 4, 2019), available at https://www.sec.gov/news/press-release/2019-171.

1. The SEC order found that the clearing agency “failed to establish and enforce policies and procedures involving financial risk management, operational requirements, and information-systems security.” Id. Specifically, the order found that the registered clearing agency, which had been designated as a systemically important financial market utility (“SIFMU”), failed to maintain and enforce policies designed to protect the security of its information systems. See The Options Clearing Corporation, Admin. Proc. File No. 3-19416 (Sept. 4, 2016) (order instituting public administrative and cease-and-desist proceedings), https://www.sec.gov/litigation/admin/2019/34-86871.pdf.

2. The clearing agency agreed to pay a combined $20 million in penalties to the SEC and CFTC and hire an independent compliance auditor to assess its remediation of the violations and subsequent compliance efforts. Id.

G. “Blank Check” Companies

1. Between 2015 and 2019, the SEC filed multiple enforcement actions in related schemes to sell “blank check” companies. See Press Release, SEC Charges Broker-Dealer and Transfer Agent in Microcap Shell Factory Fraud (Feb. 20, 2019), available at https://www.sec.gov/news/press- release/2019-16. 2. In February 2019, for example, the SEC announced charges against a broker-dealer, a transfer agent, and three individuals for their roles in the creation of over a dozen undisclosed “blank check” companies over a five year period from 2009-2014. SEC Press Release, SEC Charges Broker- Dealer and Transfer Agent in Microcap Shell Factory Fraud (Feb. 20, 2019), available at https://www.sec.gov/news/press-release/2019-16 (motions to dismiss denied June 5, 2019), available at https://www.leagle.com/decision/infdco20190605j12).

a. The SEC’s complaint alleges that broker-dealer Spartan Securities Group, Ltd. and transfer agent Island Capital Management LLC helped create and sell “19 purportedly legitimate public companies that were in fact shams,” id., and that all the Defendants were involved in fraudulent schemes to manufacture those public companies for sale that were “fundamentally premised on a deceptive public float of purportedly ‘free-trading’ securities,” SEC Compl. ¶ 3, available at https://www.sec.gov/litigation/complaints/2019/comp24405.pdf.

b. The individual Defendants allegedly “schemed” to “defraud the public” that the 19 companies “were operating businesses with independent management and shareholders, rather than undisclosed ‘blank check’ companies”—aka “shells” or “vehicles”—for sale. Compl. ¶ 6. “In reality, both the management and shareholders were nothing more than nominees for controls persons who” only intended “to sell all the securities of the companies privately in bulk for th[ose control persons’] own benefit.” Id. ¶ 4. The Complaint alleges that the “essential value” of those securities “was their false designation as ‘free-trading’ with the ability to be sold immediately on the public market” and that had the public known the truth, “the securities would have been restricted from such [bulk] sales and would have had little value.” Id

c. The fraudulent scheme was based on “misrepresentations and omissions” made to the SEC, FINRA, and the Depository Trust Company in Form 211 applications broker-dealers are required to file to demonstrate compliance with Rule 15c2-11 under the Exchange Act of 1934. Id. ¶ 4.

d. One of the individual defendants—David Lopez—was Spartan Securities’ Chief Compliance Officer and “the principal responsible for effectuating [Spartan’s] extensive written policies and procedures applicable to Form 211 applications.” Id. ¶ 9. The complaint alleges that Lopez “knowingly and recklessly ignored those procedures and the other requirements inherent in

e. Rule 15c2-11, including failing to conduct any investigation or inquiry into red flags raised by FINRA in the deficiency letters and other adverse information in Spartan Securities’ possession, or even to familiarize himself with the issuers.” Id. The Complaint alleges that, as a result, Lopez was a “substantial factor” in Spartan Securities’ “failure to have a reasonable basis for believing that required information about [certain of the sham] companies was accurate and from a reliable source.” Id.

f. The SEC is alleging that the corporate defendants violated Sections 5(a), 5(c), 17(a)(1), and 17(a)(2) of the Securities Act of 1933 and Section 10(b) and 15(c)(2) and the accompanying rules promulgated thereunder of the Exchange Act and that Lopez aided and abetted violations of 15(c)(2) and Rule 15c2-11 of the Exchange Act.

II. Regulation and Prevention of Fraud

A. Recent AML Regulatory Issues

1. In October 2019, the SEC, CFTC, and FinCEN issued a Joint Statement on Activities Involving Digital Assets to emphasize ongoing AML/CFT obligations for those engaged in activities involving digital assets. SEC Press Release, Leaders of CFTC, FinCEN, and SEC Issue Joint Statement on Activities Involving Digital Assets (Oct. 11, 2019), available at https://www.sec.gov/news/public-statement/cftc-fincen- secjointstatementdigitalassets.

a. The Joint Statement notes that the BSA requires all financial institutions to: (1) establish and implement an effective AML program; and (2) comply with certain recordkeeping and reporting requirements, including the filing of suspicious activity reports (“SARs”).

2. The SEC indicated its future interest in AML compliance in its 2020 Examination Priorities, which highlighted ongoing efforts regarding compliance with AML programs under the BSA, as well as the continuing effort to collaborate with and rely upon FINRA to further scrutinize broker- dealer AML compliance. 2020 Examination Priorities, SEC Office of Compliance Inspections and Examinations, available at https://www.sec.gov/about/offices/ocie/national-examination-program- priorities-2020.pdf.

B. FINRA’s Focus

1. Similarly, FINRA’s 2019 Regulatory and Examination Priorities Letter again highlighted AML as an area of concern. See 2019 Risk Monitoring and Examination Priorities Letter (Jan. 2019), available at https://www.finra.org/sites/default/files/2019_Risk_Monitoring_and_Exa mination_Priorities_Letter.pdf.

2. In May 2019, FINRA released a Regulatory Notice providing guidance to firms on AML red flags and reporting obligations. See FINRA Regulatory Notice to Members 19-18, Anti-Money Laundering (AML) Program FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations (May 6, 2019), available at https://www.finra.org/sites/default/files/2019-05/Regulatory-Notice- 19-18.pdf. FINRA’s guidance included when to report transactions (via filing SARs) to FinCEN based on aggregate funds of at least $5,000 and whether a broker suspects or has reason to suspect that the transaction:

a. “involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location or control of such funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;

b. is designed, whether through structuring or other means, to evade any regulations promulgated under the BSA; has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the broker- dealer knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or

c. involves use of the broker-dealer to facilitate criminal activity.” Id. at 2.

d. In addition, the Regulatory Notice listed several Money Laundering Red Flags, which included examples of red flags from the areas of Customer Due Diligence and Interactions With Customers; Deposits of Securities; Securities Trading; Money Movements; Insurance Products, and Other Red Flags. Id.

3. In addition to penny stock and other microcap fraud casesd outside of the AML space, in October 2019, FINRA fined BNP Paribas Securities Corp. $15 million for deficiencies in anti-money laundering programs and supervisory failures involving penny stocks. Specifically, in the settled action where firm did not admit or deny the allegations, FINRA alleged that BNP Paribas engaged in more than 70,000 wire transfers worth over $230 billion, including more than $2.5 billion sent in foreign currencies, without developing or implementing a written AML program reasonably designed to detect suspicious transactions. FINRA Press Release, FINRA Fines BNP Paribas Securities Corp. and BNP Paribas Prime Brokerage, Inc. $15 Million for AML Program and Supervisory Failures (Oct. 24, 2019), available at https://www.finra.org/media- center/newsreleases/2019/finra-fines-bnp-paribas-securities-corp-and- bnp-paribas-prime.

a. FINRA found that, from February 2013 through March 2017, BNP Paribas violated FINRA Rule 3310 requiring firms to maintain sufficient AML procedures.

b. In addition to the AML program being understaffed, BNP Paribas failed to conduct any “surveillance targeting transactions outside of the traditional exchanges,” and did not review wires conducted in foreign currency. Id. at 2.

c. Once alerts had been generated under BNP Paribas’s wire surveillance system, the AML program failed to include procedures instructing AML team members how to conduct and document their reviews, even after this issue had been raised. Id. at 2-3.

d. In announcing the AWC, FINRA noted the need to maintain an effective AML program when dealing with “high-risk transactions,” explaining: “In order to be effective, a firm’s AML program must be tailored to the firm’s business model and types of customer transactions. . . . the firm must devote sufficient resources to its AML program, including transaction and wire movement monitoring, to ensure that the system is tailored to the business’s unique money laundering risks.” FINRA Press Release, FINRA Fines BNP Paribas Securities Corp. and BNP Paribas Prime Brokerage, Inc. $15 Million for AML Program and Supervisory Failures (Oct. 24, 2019), available at https://www.finra.org/media-center/newsreleases/2019/finra- fines-bnp-paribas-securities-corp-and-bnp-paribas-prime.

17 4. While FINRA chose to emphasize its new areas of focus in its Annual Risk Monitoring and Examination Priorities Letter (2020), FINRA maintained that it will continue to monitor and assess supervisory controls related to firms’ compliance with FINRA Rule 3310 (Anti- Money Laundering Compliance Program). See 2020 Risk Monitoring and Examination Priorities Letter (Jan. 2019), available at https://www.finra.org/sites/default/files/2020-01/2020-risk-monitoring- and-examination-priorities-letter.pdf.