| The US Securities and Exchange Commission's fiscal year ends on Sept. 30, which is yesterday. Unlike many financial industry employees, SEC employees do not, as far as I know, actually receive annual bonuses based on how much revenue (fines) they bring in in a fiscal year. Nevertheless they keep busy in September. We talked last year about a paper by Dain C. Donelson, Matthew Kubic and Sara Toynbee — published this year in the Journal of Accounting and Economics — about "the SEC's September spike," finding that "SEC staff respond to performance-reporting pressures and file more enforcement actions in September, the final month of the SEC's fiscal year, than in any other month." Anyway here is the SEC's feed of enforcement news. A lot of US securities law got made in the last week. There are 17 items from yesterday, 21 from Friday, 13 from Thursday, etc. Let's talk about a few of them. This is just a cool insider trading case. There's a guy, Robert Westbrook. He allegedly hacked into the email accounts of several executives at different US public companies. The SEC complaint lays out how he allegedly did that: - He would go to the executive's Outlook email login page and click to reset the password. "Four of the five Hacked Companies used the same password reset portal software," says the SEC, and he was apparently familiar with its workings.
- He subscribed to "an online directory service provider and an online genealogy company," which gave him "personal and family
information that could be used to guess the answers to the security questions that employees at the Hacked Companies may have used to reset their passwords." You can do a lot of damage if you know a public-company executive's mother's maiden name and first pet's name. - He'd reset their passwords and get access to their emails.
- Then he'd read them and look for secret earnings information.
- He would also set up auto-forwarding rules in Outlook to "forward emails containing nonpublic information about the Hacked Company's earnings from the senior executive's Outlook to one of several anonymous email accounts that Westbrook accessed."
- Specifically he set up the rules to try to forward, "among others, emails containing attachments and [the company's] stock ticker in the email subject or body, as well as emails containing 'script' in the email subject or body." The goal was apparently to get draft earnings releases and earnings conference call scripts before the earnings were announced.
- Then he'd sit back and get a steady stream of … I am going to assume a lot of irrelevant emails, but also sometimes information about the company's earnings before they were announced.
- He'd trade on those.
So, fine, good hacking. But even if you get earnings releases in advance, there's no guarantee that you'll make money. My Bloomberg Opinion colleague John Authers wrote last week about an Elm Partners study finding that most people can't trade profitably even knowing tomorrow's news. An earnings release is often a mixed bag: A company might miss on revenue but beat on net earnings; it might beat analyst estimates but miss the real "whisper" estimates; it might have good results but disappointing guidance. If you are a skilled investor who knows the company well, you can read an earnings release and get a sense of whether the market will react favorably or unfavorably, though you will sometimes be wrong. But if your main skill is hacking, what are the chances you'll also get the trade right? But Westbrook allegedly did: He "deceptively obtained material nonpublic information that he used to trade in the securities of the five public companies prior to the release of at least 14 earnings announcements," and the SEC lists all of them. Ten trades were winners, four were losers, the winners were bigger than the losers and his net profit was about $3.4 million. (The SEC reports his gross profit of "approximately $3.75 million," ignoring his losing trades, but that doesn't seem very fair.) This includes buying half a million dollars' worth of one company's stock and call options before its March 2019 earnings report, and making a $236,492 profit when the earnings were good, and then buying $786,364 worth of that company's put options before its March 2020 earnings report, and making a $1.04 million profit when those earnings were mixed: This included a draft revenue forecast that reported second quarter revenue that was somewhat higher than analysts' consensus estimates ($174 million vs. $166.39 million), but also included forecasted revenue for its fiscal year 2020 that was significantly lower than analysts' consensus estimates ($724.7 million vs. $766.09 million). The earnings announcement reflected mixed news, where Company-3 beat certain quarterly expectations but significantly lowered its previous revenue guidance. By the close of business the next day, Company-3's stock price declined approximately 17%.
He read that mixed news and made a million dollars buying puts. That's a good trade. See, to me, the reasons not to hack into a company's computers and insider trade on what you find are (not legal advice!): - It is hard to hack into the computers and get the information.
- Even if you get the information, it is hard to trade on it.
- Even if you get the information and trade on it successfully, you will probably get arrested.
He solved the first two problems, which is impressive. He was very much arrested though. In the standard theory, the job of a board of directors is to supervise the managers of a company on behalf of the shareholders. The chief executive officer, in this theory, reports to the directors, who have the power to hire and fire the CEO; the directors are ultimately the boss. There is an alternative theory. The other theory is: The CEO is the boss of the company, and the directors are her buddies who rubber-stamp her decisions, maybe give her some friendly advice, and vote to give her a giant pay package every year. I think it is probably fair to say that the older theory used to be more true, but that now boards of directors of public companies tend to take their responsibilities more seriously. There are still lots of boards where the directors are buddies with the CEO and let her do whatever she wants, but there are also lots of boards that carefully supervise their CEOs and don't hesitate to act independently — or fire the CEO — in the interests of the company. There are various reasons for this — more emphasis in business school on shareholder value, more focus from institutional investors on governance, more activist hedge funds — but a big one is that US regulation has pushed companies to have boards made up mostly of "independent" directors. In the olden days, boards of directors were often made up mostly of the company's senior employees, bankers, lawyers, accountants, etc., all of whom were paid by the company and so might not want to rock the boat. But the modern standard requires that a majority of directors have "no material relationship" with the company (other than being on the board), so that they can "exercise independent judgment in carrying out their responsibilities." And then there are lots of specific rules about what that means: If, for instance, you have an immediate family member who is an employee of the company, or you work for a business that does a lot of work for the company, then you can't be an independent director of the company. Obviously if you're an employee of the company, you aren't independent, though if you retire from the company and stay on the board then you can become independent after three years. The basic idea is that you want to avoid a situation where the supposedly independent directors are really buddies with management and thus can't properly supervise them. I guess it's a little difficult to police that, though? "You can't be independent if your child is a partner at the company's auditing firm" is a bright-line rule, but not an especially important one. "You can't be independent if you are buddies with the CEO" is much more important, but harder to articulate. Of course you want the board and the CEO to get along. You want them to trust each other, when it's warranted, to work well together and share information and cooperate on the company's behalf. You don't want the personal friendship to outweigh the professional collaboration, but how do you measure that? Here's an SEC enforcement action from yesterday against a director for being buddies with an executive: The Securities and Exchange Commission today announced settled charges against James R. Craigie, a former CEO, Chairman, and board member of Church & Dwight Co. Inc., for violating proxy disclosure rules by standing for election as an independent director without informing the board of his close personal friendship with a high-ranking Church & Dwight executive thereby causing Church & Dwight's proxy statements to contain materially misleading statements.
Craigie was the CEO of Church & Dwight from 2004 through 2015. He stepped down as CEO in 2016, but stayed on the board of directors. In 2019, Church & Dwight started counting him as an independent director, because it was three years since he had been employed by the company. But, says the SEC complaint, "Craigie failed to disclose that he maintained a close personal friendship with a Church & Dwight executive": Craigie and Executive, along with their spouses, had been friends since at least 2017. Craigie, his spouse, other friends, and Executive and Executive's spouse regularly vacationed together both domestically and internationally from 2020 through 2023, and Craigie usually paid for airfare and lodging for Executive and his wife, as well as for other participants on the trips. All told, Craigie paid more than $100,000 for Executive and his spouse to travel on these vacations. Notably, Craigie did not similarly vacation with, nor pay expenses for, other executives at Church & Dwight.
Would it be better or worse if he also vacationed with all the executives? Anyway they were good enough buddies that Craigie leaked some CEO succession information to him: In early 2022, Church & Dwight's CEO informed the Board of Directors that he was considering retiring no earlier than the end of 2023. The Board of Directors then began evaluating internal candidates, including Executive to replace its current CEO after he retired. Craigie participated in the CEO succession process that included Executive despite his undisclosed close personal relationship with Executive. … Craigie disclosed the CEO succession process to Executive. Craigie believes that he made this disclosure to persuade Executive not to resign from the Company after Executive confided to Craigie that he was thinking of resigning. However, Board members had been instructed to keep the search confidential and Craigie did not disclose to the Board that he told Executive about the succession process.
To be fair, Craigie doesn't seem to have tried to get his buddy the top job: "At a Board meeting in August 2022, Craigie, among other Board members, voiced concern about the internal candidates, including Executive," and Craigie proposed an outside candidate for the job instead. But he "did not disclose to the Board that this candidate was a former colleague of Executive or that he had attended an international birthday vacation celebration for Executive with this candidate and other friends of Executive." And: "Craigie and Executive separately discussed that if this candidate was hired, it could provide a viable path for Executive to succeed them." So he was maybe kind of trying to get his buddy the top job, eventually. This all doesn't sound especially bad; I don't think that Craigie couldn't "exercise independent judgment in carrying out [his] responsibilities" because he vacationed with a non-CEO executive. On the other hand, the point of these rules is to rule out independent directors who are too close with management, so it is good for the SEC to police actual friendships between directors and executives that go too far. Roughly speaking, the way distressed debt investing works is that you buy some bonds of a troubled company, and then you try to work with the company to improve its situation and make the bonds more valuable: You agree to give the company more time to pay, or accept less than 100 cents on the dollar, or put in new money, or whatever, to improve your chances of getting paid. There are tricky problems of timing and insider trading. You would feel silly buying $100 million of bonds of some company and then calling them up to say "hey can we work out a deal" only to hear them say "no," or "actually we've already worked out a deal with some other guys." It is important, in doing this sort of work, to have a sense of what is going on, to know how the company thinks and who else holds the bonds and what they're up to. But you don't want too good a sense. You don't want to, like, have detailed conversations with the company before buying the bonds. That would be insider trading. In particular, if a company is considering some sort of restructuring of its bonds, its bondholders might get together and form a committee — an "ad hoc committee of unsecured creditors," often — to negotiate with the company on their behalf. That way the negotiation can be efficient and the bondholders can present a unified front. And the committee will often hire advisers — lawyers and investment bankers — to negotiate with the company. If a company is considering a restructuring of its bonds, and you own some of those bonds, it might be particularly important for you to be able to trade them. That's a volatile situation. If you decide the company is undervalued, you might want to buy a ton of bonds. If you decide it's doomed, you might want to sell all your bonds. You don't want to be locked up, prevented from trading. And so there is a tension: You will want to join the committee to participate in negotiations, but you won't want to get any material nonpublic information from the committee (or the company), so you are still free to trade. You can imagine a crude solution to this problem that goes like this: - You join the committee.
- You say "I don't want to get any material nonpublic information; I want to participate in this committee using solely public information."
- The committee's advisers send you materials that are all marked "BASED ON PUBLIC INFORMATION, GO AHEAD AND TRADE."
- You go ahead and trade.
- Are the materials based entirely on public information? Is there nothing in there that a regulator could object to? Are none of your conversations with the company informative? Shhhhh, shhhhh, don't ask too many questions.
Here is an SEC enforcement action from yesterday against Marathon Asset Management LP "for failing to establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material nonpublic information relating to its participation on ad hoc creditors' committees": According to the SEC's order, one of Marathon Asset Management's core strategies has been to invest in distressed corporate bonds and other similar debt in the United States, Europe, and Asia. As part of this strategy, and because of the nature of its business and its holdings, Marathon Asset Management regularly participated on ad hoc creditors' committees where participants may receive material nonpublic information or engage advisers who are often tasked with analyzing debtors' material nonpublic information. However, the firm failed to establish, maintain, and enforce policies and procedures that were reasonably designed to address the specific risks associated with receiving and identifying potential material nonpublic information as a result of its participation on ad hoc creditors' committees.
Marathon settled for $1.5 million. What is interesting about the SEC's order is that Marathon absolutely did check the boxes; the SEC's concern is that it only checked the boxes. There was a committee: In July 2020, Issuer 1 publicly announced that it was exploring restructuring options due to impacts of the COVID-19 crisis. In or around August 2020, certain analysts employed by Marathon ("Analysts") began discussions with Adviser A about possibly participating in an ad hoc committee composed of unsecured creditors of Issuer 1 ("Committee"). The Analysts believed that Issuer 1 was experiencing financial distress that could potentially impact its ability to stay current on debt payments, including bonds owned by Marathon, in light of the negative impact that COVID-19 was having on Issuer 1's industry. As a result, the Analysts decided to participate in the Committee for the purpose of exploring and discussing potential debt or company restructuring with respect to Issuer 1.
And the committee hired an investment bank ("Adviser A"), and "throughout the Committee-related discussions, Marathon informed Adviser A and the other members of the Committee that it did not wish to restrict trading until it entered into a non-disclosure agreement ('NDA') with Issuer 1." And so "written materials from Adviser A included notations indicating that the information therein was prepared 'on the basis of information publicly available, disclosed by the relevant company(ies) or by third parties, none of which has been independently verified nor audited by [Adviser A],' as well as based on 'Company information, [and Adviser A's] assumptions.'" And Marathon bought a bunch of bonds (and sold credit default swaps) while serving on the committee. And then it eventually signed an NDA, restricted itself, stopped trading and started getting the private-side information: On November 5, 2020, Marathon executed an NDA with Issuer 1 and later that same day restricted all trading in securities related to Issuer 1…. After it executed the NDA, Marathon received materials from Adviser A that had previously been provided to members of the Committee who had signed NDAs with Issuer 1, but not to Marathon, with notations indicating "Private Information included in this presentation," or "Restricted Information included in the document[.]"
This all sounds like the absolutely normal procedure: Marathon was "public-side" while trading, and then "private-side" while under an NDA and fully involved in negotiations. That's what you're supposed to do! The SEC doesn't buy it: While Marathon understood that Adviser A entered into an NDA with Issuer 1, neither the Committee nor Marathon received any written representations regarding Adviser A's handling of any MNPI [material nonpublic information] received from Issuer 1 in connection with the retention of Adviser A. In addition, there is no evidence that Marathon performed any due diligence around Adviser A's handling of any MNPI. … Specifically, there were no policies or procedures for Marathon employees to conduct due diligence concerning advisers' evaluation or handling of any potential MNPI or for obtaining a representation from advisers concerning their policies and procedures for handling of any MNPI.
There is not even really a suggestion that Marathon did get any material nonpublic information while it was trading, just that it didn't check well enough. The concern seems to be that the SEC doesn't want the formalities to be too effective: It doesn't want bondholders to say "well I said I don't want any MNPI, so I'm free to trade," even if they are actually getting material nonpublic information. It wants the burden to be on them to make sure they don't get any inside information. If you are the chief executive officer of a public company, and you want to communicate material news about your company to shareholders, how are you supposed to do it? Traditionally the answer was that you put out a press release, but in recent years some CEOs have taken to spending all day on Twitter (now X), so X is now the natural place for them to announce news. Is that allowed? Wellllll. This is not legal advice, and here I am attempting to glibly summarize a 47-page guidance document that the SEC released in 2008 and an eight-page follow-up from 2013, but I think the rough answer is: - If the company has previously prominently announced in normal official places — like, its securities filings, etc. — that it will be releasing news on its CEO's personal X account, then it can go ahead and do that.
- If it hasn't announced that, then it can't.
- If the CEO is Elon Musk then all bets are off.
The CEO of DraftKings, somewhat understandably, didn't know this: The Securities and Exchange Commission [Thursday] charged DraftKings Inc. with selectively disclosing material, nonpublic information to investors who followed or otherwise viewed the company CEO's social media accounts without disclosing that same information to all investors, in violation of Regulation Fair Disclosure (FD). DraftKings agreed to pay a $200,000 civil penalty to settle the SEC's charges. The order finds that, on July 27, 2023, at 5:52 p.m., DraftKings' public relations firm published a post on the personal X account of the DraftKings CEO. The post, according to the order, stated that the company continued to see "really strong growth" in states where it was already operating. DraftKings' public relations firm posted a similar statement that same day on the CEO's LinkedIn account. At the time of the posts, DraftKings had not yet disclosed its second quarter 2023 financial results, nor had it otherwise publicly disclosed certain information contained in the posts. Shortly after the public relations firm published the posts, it removed both posts at the request of DraftKings. According to the order, even though Regulation FD required DraftKings to promptly disclose the information to all investors after it was selectively disclosed to some, DraftKings did not disclose the information to the public until seven days later when it announced its financial earnings for the second quarter of 2023.
The stock was up 4.6% the next day. The weird part here is that this is not a case of the CEO spending all day on X and just naturally tweeting out material news about the company before it was published anywhere else: This is the company's PR firm posting the news on X before releasing it in any more official place. I suppose there is a continuum between "saying vague nice things about the business," which the PR firm is supposed to do on the CEO's X account, and "releasing material nonpublic information ahead of earnings," which it isn't. This is not a legal analysis or anything, this is just a rough rule of thumb, but I think that if you are a public company and somebody hacks into your computers and steals all of your money, the SEC is going to fine you. "Everything is securities fraud," I often say, and the SEC has a lot of rules now about information security, and if you suffer a catastrophic hack the SEC will be mad at you. Meanwhile if you run a decentralized finance crypto project, the SEC will also be mad at you, for unrelated reasons. (The SEC hates crypto.) If you run a decentralized finance crypto project and somebody hacks your trading protocol and steals a ton of your money, that's doubly bad: The Securities and Exchange Commission [Friday] filed settled charges against Mango DAO and Blockworks Foundation for engaging in the unregistered offer and sale of crypto assets called "MNGO" tokens. The SEC also settled charges against Blockworks Foundation and Mango Labs LLC for engaging in unregistered broker activity in connection with various crypto assets being offered and sold as securities on the Mango Markets platform. The SEC's complaint alleges that by skirting the SEC's registration provisions, Mango DAO, Blockworks Foundation, and Mango Labs deprived investors of critical protections afforded by the federal securities laws.
The main legal problems here are (1) that Mango raised money by selling MNGO governance tokens, which are sort of like stock in the Mango project, and which the SEC therefore believes are securities, so it illegally did unregistered securities offerings, and (2) Mango is a platform for trading other crypto tokens, which the SEC also thinks are securities, so it's an unregistered securities brokerage. But a secondary problem is that Mango was quite famously hacked, or "hacked," or whatever: A trader named Avi Eisenberg exploited its trading and collateral logic to extract about $110 million from Mango. He argued that he was just following the rules of the platform, but prosecutors and a jury disagreed, and he's in jail now. The SEC complaint mentions the Eisenberg hack, but only briefly; it is not central to the case against Mango. I suppose that it got the SEC's attention; it's possible that a similar marketplace that wasn't hacked wouldn't have gotten in trouble. (There are so many crypto projects, the SEC probably thinks they're all illegal, and it has limited bandwidth.) Also, though, the point of the SEC's crackdown on crypto isn't just "we think crypto is bad and want to stop it," though it's mostly that. The point is also that SEC registration and disclosure requirements protect investors by giving them good information and subjecting companies, brokers and exchanges to SEC oversight, which can sometimes catch problems. Mango was (arguably) required to register with the SEC, it didn't, and look what happened. (It got hacked.) Would SEC registration have prevented the problems? Probably not? (Probably Mango couldn't have registered with the SEC.) But in general, in its crypto crackdown, it is smart politics for the SEC to bring cases against crypto projects that (1) didn't register with the SEC and (2) also had problems. Cracking down on pure success stories makes the SEC look unreasonable; cracking down on projects that lost investor money makes it look like a responsible investor protection agency. It is convenient for the SEC that a lot of crypto projects also lose investor money. Okay so. About a decade ago, Valeant Pharmaceuticals International Inc. got in trouble for a complicated revenue-juicing kickback scheme. Activist short sellers — including Andrew Left — publicized the problems, and ultimately Valeant lost more than $100 billion of equity market capitalization. Every bad thing a public company does is securities fraud, and this sure seemed like fraud, so shareholders naturally sued. Ultimately Valeant — which is now called Bausch Health Companies — agreed to about a $1.2 billion class-action settlement. But this settlement did not entirely take care of the claims. Some shareholders opted out of the settlement and pursued their own lawsuits separately, and one of those lawsuits will go to trial soon. Here is a press release from a law firm claiming that, when the settlement was announced in 2020, Bausch disclosed that there were shareholders who opted out, but it "never disclosed the identification of the investors or the quantum of their damages." Eventually, the theory goes, that information came out, and investors realized that Bausch was in more trouble than they thought, because those cases were real cases brought by big shareholders for large claimed damages. Therefore, the theory goes, the stock dropped. Get it? Announcing the settlement of a securities fraud class action was itself securities fraud, and the lawyers want to bring a new securities fraud class action accusing Bausch of doing securities fraud about its old securities fraud class action. Everything is securities fraud, even settling a securities fraud case. Apollo plans to double assets by 2029 as it lays down challenge to banks. Aluminum Squeeze Rolls On With Key LME Spread Spiking Again. Aluminum Cans Froth Up in Shift for Beverage Industry. Investors turn to volatility trades to profit from tight US election. Boeing Weighs Raising at Least $10 Billion Selling Stock. EU policymakers lash out at Berlin's Commerzbank 'hypocrisy.' UniCredit CEO Says EU Needs Bigger Banks as He Eyes Commerzbank. Schwab CEO Bettinger to Step Down as Firm Revamps Its Bank. Jay-Z and Megan Thee Stallion quit BDO after theft allegations. US gunmaker touts Trump-themed 'MAGA Patriot' AR-15 assault rifles. Rancher Gets 6 Months in Prison for Scheme to Create Giant Sheep Hybrid. Andrew Left's Citron Returns to Research With Bullish Call on Prisons. If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Or you can subscribe to Money Stuff and other great Bloomberg newsletters here. Thanks! | 
No comments:
Post a Comment