Securities Industry Commentator by Bill Singer Esq

December 21, 2018

http://www.brokeandbroker.com/4348/finra-awc-wire/
Before you read today's analysis of a recent FINRA regulatory settlement, place a large pillow on the floor directly under your chin because it may cushion the impact when your jaw hits the hardwood not once or twice but possibly three or more times. By way of a brief observation from someone who's been on Wall Street for four decades: When we are confronted by the stupid stuff that folks do, often our first inclination is to assume that the stupid stuff was a mistake; however, notwithstanding our inclination to assume that there may well have been a sensible reason for doing the stupid stuff, it turns out that folks just do stupid stuff. Or, as that great Wall Street regulator Forest Gump so aptly observed "Stupid is as stupid does."

2019 
EXAMINATION PRIORITIES / 
Office of Compliance Inspections and Examinations (SEC Report)
https://www.sec.gov/files/OCIE%202019%20Priorities.pdf
As set forth in part in the SEC Report:

In 2019, OCIE will prioritize certain practices, products, and services that it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. Designed to support the SEC's mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation, the six themes for OCIE's 2019 Examination Priorities, which include perennial risk areas and developing products and services, are:

1. Matters of importance to retail investors, including seniors and those saving for retirement;
2. Compliance and risk in registrants responsible for critical market infrastructure;
3. Select areas and programs of FINRA and MSRB;
4. Digital Assets;
5. Cybersecurity; and
6. Anti-Money Laundering

How's this for a headline that could be turned into a movie or an episodic television drama? 
FBI Arrests Former Washington Resident who Fraudulently Promoted IPO Stock Scheme / Allegedly Defrauded Investors of Millions of Dollars by Posing as a British Billionaire with Inside Track on New Companies (DOJ Release)
https://www.justice.gov/usao-wdwa/pr/fbi-arrests-former-washington-resident-who-fraudulently-promoted-ipo-stock-scheme
27-year-old Keenan A. Gracey was charged in a federal criminal Complaint with wire fraud. In May 2018, the SEC had filed a civil suit against Gracey, and by September 2018, he was subject to a permanent restraining order and required to disgorge $4.4 million in cash and wire transfers that he had fraudulently obtained from investors. What could such a young and apparently clever man have done to attract the attention of both the SEC and DOJ? As set forth in enthralling detail in the DOJ Release:

[B]between 2016 and 2018, GRACEY posed as a British billionaire with degrees from the London School of Economics and Oxford University.  He drove expensive cars such as Bentleys and Ferraris and claimed to own expensive homes in Clyde Hill, Mercer Island, and Newcastle, Washington, as well as in Beverly Hills and San Diego, California.  GRACEY also used falsified bank statements to make it appear he had hundreds of millions of dollars of cash on hand.  The investigation revealed that GRACEY is Canadian, not British, and rented expensive homes and cars to make it appear he was wealthy. 

GRACEY told potential investors he had special access to millions of shares of "pre IPO" stock that would produce returns of as much as 60 times the initial investment.  Some investors gave GRACEY as much as $745,000, believing that they were purchasing stock.  In fact, GRACEY did not own any of the stock he was pretending to sell, and simply stole the victims' money.  According to the complaint, investigators have identified more than 25 investors who transferred over $3.4 million to Gracey through bank wires.

https://www.justice.gov/usao-nj/pr/microcap-company-ceo-sentenced-52-months-prison-securities-fraud
After a two-week trial in the United States District Court for the District of New Jersey, Cary Lee Peterson, former Chief Executive Officer of RVPlus Inc., was found guilty on ttwo counts of false certification in SEC filings and one count of securities fraud. Peterson was sentenced to 52 months in prison plus three years of supervised release and ordered to pay $250,167 restitution. Pererson had submitted false certifications to the SEC via Forms 8-K and 10-Q, which asserted that RVPlus had entered into contracts to provide products/services in the amounts of $1.8 billion; $90 million; and $10.t million; and that the company held $17,590,837 in short-term accounts receivable. The SEC suspended trading in RVPlus on July 19, 2013. Also, Peterson claimed that ECCO2 Corp., a not-for-profit owned by Peterson was an "affiliate organization" of the U.N. Convention on Climate Change, which presented the opportunity to participate in over $100 billion in financial aid to fund ECCO2 projects."  ECCO2 was never an affiliate of the U.N. Convention on Climate Change; and the U.N. wrote to Peterson on two separate occasions demanding that ECCO2 cease making such claims.

https://www.justice.gov/usao-ak/pr/criminal-charges-filed-alaska-conjunction-seizure-websites-offering-ddos-hire-services
== and ==
https://www.justice.gov/usao-cdca/pr/criminal-charges-filed-los-angeles-and-alaska-conjunction-seizures-15-websites-offering
15 internet domains associated with Distributed Denial of Service ("DDoS") services were seized, and criminal charges filed against three defendants who facilitated the computer attack platforms. The sites offered "booter" or "stresser" services to paying users in order to launch DDoS attacks against victim financial institutions, universities, internet service providers, government systems, and various gaming platforms. The action against the DDoS services comes the week before the Christmas holiday, a period historically plagued by prolific DDoS attacks in the gaming world.
Matthew Gatrel and Juan Martinez were named in criminal Complaints charging them with conspiring to violate the Computer Fraud and Abuse Act through the operation of services known as Downthem and Ampnode. Allegedly, Downthem offered DDoS services directly to users who wished to attack other internet users, and Ampnode offered resources designed to facilitate the creation of stand-alone DDoS services by customers. The Complaints alleges that between October 2014 and November 2018, Downthem's database showed over 2000 customer subscriptions, and had been used to conduct, or attempt to conduct, over 200,000 DDoS attacks. Also, David Bukoski was charged with aiding and abetting computer intrusions through his operation of Quantum Stresser, one of the longest-running DDoS services in operation. As of late last month, Quantum allegedly had over 80,000 customer subscriptions dating back to its launch in 2012. In 2018 alone, Quantum was purportedly used to launch over 50,000 actual or attempted DDoS attacks 
READ the informative FBI Public Service Announcement: "BOOTER AND STRESSER SERVICES INCREASE THE SCALE AND FREQUENCY OF DISTRIBUTED DENIAL OF SERVICE ATTACKS" https://www.ic3.gov/media/2017/171017-2.aspx As explained in part in the FBI PSA:

Booter and stresser services are a form of DDoS-for-hire--- advertised in forum communications and available on Dark Web marketplaces--- offering malicious actors the ability to anonymously attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency. Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.

These services can be used legitimately to test the resilience of a network; however, criminal actors use this capability to take down Web sites. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own. Booter and stresser services may also obscure attribution of DDoS activity.

https://www.justice.gov/usao-sdny/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer
No . . . that's not my typo. the over-long press release sub-headline ends with "and." You'd sort of think that someone would have caught that typo given all the media attention that has been sought for this lurid, international crime (allegedly) but these days we have all come to accept that there just isn't a lot of attention to detail with anything emanating out of the Washington, DC. Given the inundation of publicity with this case, I'll keep it brief.
An Indictment filed in the United States District Court for the Southern District of New York charges Zhu Hua a/k/a "Afwar," a/k/a "CVNX," a/k/a "Alayos," a/k/a "Godkiller," and Zhang Shilong a/k/a "Baobeilong," a/k/a "Zhang Jianguo," a/k/a "Atreexp," both nationals of the People's Republic of China ("China"), with conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. The Defendants are allegedly members of a hacking group operating in China known within the cyber security community as Advanced Persistent Threat 10 (the "APT10 Group").  Allegedly, the defendants had worked for a company in China called Huaying Haitai Science and Technology Development Company ("Huaying Haitai") and acted in association with the Chinese Ministry of State Security's Tianjin State Security Bureau. READ the Indictment https://www.justice.gov/usao-sdny/press-release/file/1121711/download
As set forth in part in the DOJ Release (right after the "and"):

Through their involvement with the APT10 Group, from at least in or about 2006 up to and including in or about 2018, ZHU and ZHANG conducted global campaigns of computer intrusions targeting, among other data, intellectual property and confidential business and technological information at managed service providers ("MSPs"), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies. The APT10 Group targeted a diverse array of commercial activity, industries, and technologies, including aviation, satellite, and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production.  Among other things, ZHU and ZHANG registered IT infrastructure that the APT10 Group used for its intrusions and engaged in illegal hacking operations.

https://www.sec.gov/rules/final/2018/33-10593.pdf
17 CFR 229.402 ("Item 402" of Regulation S-K1) is amended by revising paragraph (b) to add Instruction 6; 17 CFR 229.407 ("Item 407" of Regulation S-K) to add new paragraph (i); and 17 CFR 14a-101 ("Schedule 14A") to revise Item 7. As set forth in the "Summary" portion of the SEC Release:

We are adopting a rule to implement a provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The new rule requires a company to describe any practices or policies it has adopted regarding the ability of its employees (including officers) or directors to purchase financial instruments, or otherwise engage in transactions, that hedge or offset, or are designed to hedge or offset, any decrease in the market value of equity securities granted as compensation, or held directly or indirectly by the employee or director. The new rule requires a company to describe the practices or policies and the categories of persons they affect. If a company does not have any such practices or policies, the company must disclose that fact or state that hedging transactions are generally permitted. The new disclosure is required in a proxy statement or information statement relating to an election of directors.

In the Matter of David Pruitt, CPA (Order Granting in Part Motion for More Definite Statement; Admin. Proc. Rul. Rel. No. 6421; Admin. Proc. File No. 3=17950 / December 20, 2018)
https://www.sec.gov/alj/aljorders/2018/ap-6421.pdf
The SEC Division of Enforcement alleged in its Order Instituting Proceedings that L3 Technologies,
Inc., improperly recognized $17.9 million in revenue at its Army Sustainment Division (ASD) subsidiary, and that Respondent Pruitt allegedly instructed a subordinate to create invoices in L3's internal accounting system related to unresolved claims and withhold delivery of those invoices from a customer. The OIP alleges that the failure to deliver the invoices to the customer represented a "violation of a specific internal control of L3 that required delivery of invoices." The OIP charges Pruitt with having willfully violated Exchange Act Section 13(b)(5), caused L3's violation of Exchange Act Section 13(b)(2)(A), and violated Exchange Act Rule 13b2-1. Pruitt has filed with SEC Administrative Law Judge James E. Grimes a Motion for a More Definitive Statement. In considering the Motion, ALJ Grimes finds in pertinent part that [Ed: footnotes omitted]:

The claim that Pruitt violated Section 13(b)(5), which prohibits knowingly circumventing a system of internal controls, includes the factual allegation that the failure to deliver invoices represented a "violation of a specific internal control of" L3. Despite the suggestion in the OIP that Pruitt violated one specific internal control, the Division says he violated up to sixteen internal controls. Contrary to the Division's argument, Pruitt merely wants to know what violations allegedly occurred, not the evidence the Division will use to prove he committed the violations. The controls at issue are not evidence of Pruitt's violation, and the allegation that Pruitt violated Section 13(b)(5) has little meaning without knowing which controls Pruitt allegedly violated. In addition, disclosure will expedite disposition of this case. Within 14 days, the Division shall file a letter listing the "specific internal control of L3" it alleges that Pruitt violated. As to Pruitt's argument about the books-and-records allegation, it is apparent that Pruitt is not asking for the evidence on which the Division will rely but is instead asking for the Division to state the basis for the allegation. The issue is not how the Division will prove that Pruitt falsified or caused to be falsified certain books, records, and accounts but rather what books, records, and accounts are at issue. In light of the Division's argument that the phrase books, records, and accounts is "very broad" and "include[s] 'virtually any tangible embodiment of information made or kept by an issuer,'" it is reasonable to require additional specificity, particularly because greater specificity will expedite disposition of this case. The Division's opposition purports to provide specificity but because it uses the phrases such as and for instance to preface its description of the books, records, and accounts at issue, it is unclear whether the Division's description.

As to Pruitt's argument about the books-and-records allegation, it is apparent that Pruitt is not asking for the evidence on which the Division will rely but is instead asking for the Division to state the basis for the allegation. The issue is not how the Division will prove that Pruitt falsified or caused to be falsified certain books, records, and accounts but rather what books, records, and accounts are at issue. In light of the Division's argument that the phrase books, records, and accounts is "very broad" and "include[s] 'virtually any tangible embodiment of information made or kept by an issuer,'" it is reasonable to require additional specificity, particularly because greater specificity will expedite disposition of this case. The Division's opposition purports to provide specificity but because it uses the phrases such as and for instance to preface its description of the books, records, and accounts at issue, it is unclear whether the Division's description is exhaustive. In the letter listing the internal control Pruitt allegedly violated, the Division shall provide an explanation of the categories of
documents that it alleges are implicated by the phrase books, records, and accounts that Pruitt allegedly falsified or caused to be falsified. If the description of books, records, and accounts found on pages 9 and 10 of the Division's opposition is exhaustive, the Division should so state. If there are additional categories, the Division shall describe them with enough specificity that documents falling within the categories can be identified.

http://www.finra.org/sites/default/files/fda_documents/2015045334101%20Tradition
%20Securities%20and%20Derivatives%2C%20Inc.%20CRD%2028269%20AWC%20va.pdf 
For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Tradition Securities and Derivatives, Inc. submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. In accordance with the terms of the AWC, FINRA imposed upon Tradition a Censure; $100,000 fine, and the firm undertook to submit a certification of compliance with FINRA Rule 3310 and the Bank Secrecy Act. As set forth in the "Overview" section of the AWC:

Between August 2013 and August 2016 (the "Relevant Period"), Tradition facilitated the sale of Venezuelan and Argentinian bonds without having in place a reasonable anti-money laundering ("AML") compliance program that was tailored to the Firm's foreign bond business. Tradition also failed to conduct required due diligence on the accounts of foreign financial institutions ("FFIs").In particular, the Firm did not adequately assess, at account opening or thereafter,the money laundering risks posed by the FF1 accounts, as required by 31 C.F.R.§ 1010.610 and failed to perform periodic reviews of account activity sufficient to determine consistency with information previously obtained about the type,purpose and anticipated activity of the accounts.

Tradition's conduct violated FINRA Rules 3310(a) and (b) and 2010.