Page 47 - Sheppard Mullin Eye on Privacy 2018 Year in Review
P. 47

You Might Be an Inside Trader If... – Insider Trading and Breaches Part I
Posted on June 20, 2018
Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. The insider trading risk includes risk that the intruder will trade on stolen information and risk that insiders will trade on the knowledge of the breach itself. In this manner, the SEC has added itself to the ever-growing pool of potential regulatory enforcers who may be quick to act in the event of a data breach.
Following this guidance, the SEC charged (and the DOJ indicted) the CIO of Equifax’s United States Information Systems business unit with securities fraud and insider trading. The case arose after Equifax suffered a major cybersecurity breach. The company launched a complex structure of teams to respond to the breach. Only one was informed that Equifax was the victim of the breach. The other teams were told they were working on a “business” or “breach” opportunity for an unnamed client. Initially, Equifax instituted a trading blackout, but only for its employees who were told of the breach.
The SEC complaint alleges that the CIO, who was not on the team that was informed of the breach, nonetheless concluded that the “unnamed client” was actually Equifax. The CIO subsequently exercised all of his vested options to buy Equifax shares. The day after exercising his Equifax options, the CIO was informed of the breach by Equifax’s counsel, and instructed not to trade on that information. Following an internal investigation several months later, the CIO’s conduct was discovered, and he was asked to resign.
The CIO is facing civil and criminal liability not for trading on information he obtained, but for independently figuring out his employer was the victim of a breach. Here, the SEC and DOJ are applying a very broad interpretation of the insider trading knowledge requirement. Under Rule 10b5-1, a trade is “made ‘on the basis of’ material non-public information...if the person making the purchase or sale was aware of the material nonpublic information when the person made the purchase or sale.”
PUTTING IT INTO PRACTICE: If you are a public company, consider revising your incident response plan to include provisions for issuing trading blackouts — when to issue, to whom, by what process, and for how long.
Crypto-Crime –The SEC and DOJ Go After BitFunder and Its BitFounder
Posted on March 5, 2018
Taking further steps into the world of cryptocurrency, two entities of the federal government recently took legal action against BitFunder, a now-defunct Bitcoin exchange, and its founder, Jon Montroll. The Securities and Exchange Commission filed civil charges against BitFunder and Montroll, and the U.S. Attorney’s Office in Manhattan brought criminal charges of perjury and obstruction of justice against Montroll, who was arrested and taken into custody. BitFunder was an exchange that, among other things, empowered its customers to create and trade Bitcoin denominated shares of enterprises. The numerous allegations and charges against the defendants include:
• Montroll used his investors’ funds for personal expenses.
• BitFunder was hacked and victimized by a group of its own users, who stole approximately $750,000 of
customers’ Bitcoins from the company’s wallet, which commingled customers’ funds.
• BitFunder and Montroll failed to disclose this theft and the resulting losses, and tried to cover them up.
• BitFunder and Montroll fraudulently issued securities on BitFunder to raise money to cover their losses,
while telling investors the securities would be used for other purposes.
                 Eye on Privacy 2018 Year in Review 46

   45   46   47   48   49