In 2019, OCIE will prioritize certain practices, products, and services that it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets. Designed to support the SEC's mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation, the six themes for OCIE's 2019 Examination Priorities, which include perennial risk areas and developing products and services, are:1. Matters of importance to retail investors, including seniors and those saving for retirement;2. Compliance and risk in registrants responsible for critical market infrastructure;3. Select areas and programs of FINRA and MSRB;4. Digital Assets;5. Cybersecurity; and6. Anti-Money Laundering
[B]between 2016 and 2018, GRACEY posed as a British billionaire with degrees from the London School of Economics and Oxford University. He drove expensive cars such as Bentleys and Ferraris and claimed to own expensive homes in Clyde Hill, Mercer Island, and Newcastle, Washington, as well as in Beverly Hills and San Diego, California. GRACEY also used falsified bank statements to make it appear he had hundreds of millions of dollars of cash on hand. The investigation revealed that GRACEY is Canadian, not British, and rented expensive homes and cars to make it appear he was wealthy.GRACEY told potential investors he had special access to millions of shares of "pre IPO" stock that would produce returns of as much as 60 times the initial investment. Some investors gave GRACEY as much as $745,000, believing that they were purchasing stock. In fact, GRACEY did not own any of the stock he was pretending to sell, and simply stole the victims' money. According to the complaint, investigators have identified more than 25 investors who transferred over $3.4 million to Gracey through bank wires.
Booter and stresser services are a form of DDoS-for-hire--- advertised in forum communications and available on Dark Web marketplaces--- offering malicious actors the ability to anonymously attack any Internet-connected target. These services are obtained through a monetary transaction, usually in the form of online payment services and virtual currency. Criminal actors running booter and stresser services sell access to DDoS botnets, a network of malware-infected computers exploited to make a victim server or network resource unavailable by overloading the device with massive amounts of fake or illegitimate traffic.These services can be used legitimately to test the resilience of a network; however, criminal actors use this capability to take down Web sites. Established booter and stresser services offer a convenient means for malicious actors to conduct DDoS attacks by allowing such actors to pay for an existing network of infected devices, rather than creating their own. Booter and stresser services may also obscure attribution of DDoS activity.
Through their involvement with the APT10 Group, from at least in or about 2006 up to and including in or about 2018, ZHU and ZHANG conducted global campaigns of computer intrusions targeting, among other data, intellectual property and confidential business and technological information at managed service providers ("MSPs"), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies. The APT10 Group targeted a diverse array of commercial activity, industries, and technologies, including aviation, satellite, and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production. Among other things, ZHU and ZHANG registered IT infrastructure that the APT10 Group used for its intrusions and engaged in illegal hacking operations.
We are adopting a rule to implement a provision of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The new rule requires a company to describe any practices or policies it has adopted regarding the ability of its employees (including officers) or directors to purchase financial instruments, or otherwise engage in transactions, that hedge or offset, or are designed to hedge or offset, any decrease in the market value of equity securities granted as compensation, or held directly or indirectly by the employee or director. The new rule requires a company to describe the practices or policies and the categories of persons they affect. If a company does not have any such practices or policies, the company must disclose that fact or state that hedging transactions are generally permitted. The new disclosure is required in a proxy statement or information statement relating to an election of directors.
The claim that Pruitt violated Section 13(b)(5), which prohibits knowingly circumventing a system of internal controls, includes the factual allegation that the failure to deliver invoices represented a "violation of a specific internal control of" L3. Despite the suggestion in the OIP that Pruitt violated one specific internal control, the Division says he violated up to sixteen internal controls. Contrary to the Division's argument, Pruitt merely wants to know what violations allegedly occurred, not the evidence the Division will use to prove he committed the violations. The controls at issue are not evidence of Pruitt's violation, and the allegation that Pruitt violated Section 13(b)(5) has little meaning without knowing which controls Pruitt allegedly violated. In addition, disclosure will expedite disposition of this case. Within 14 days, the Division shall file a letter listing the "specific internal control of L3" it alleges that Pruitt violated. As to Pruitt's argument about the books-and-records allegation, it is apparent that Pruitt is not asking for the evidence on which the Division will rely but is instead asking for the Division to state the basis for the allegation. The issue is not how the Division will prove that Pruitt falsified or caused to be falsified certain books, records, and accounts but rather what books, records, and accounts are at issue. In light of the Division's argument that the phrase books, records, and accounts is "very broad" and "include[s] 'virtually any tangible embodiment of information made or kept by an issuer,'" it is reasonable to require additional specificity, particularly because greater specificity will expedite disposition of this case. The Division's opposition purports to provide specificity but because it uses the phrases such as and for instance to preface its description of the books, records, and accounts at issue, it is unclear whether the Division's description.As to Pruitt's argument about the books-and-records allegation, it is apparent that Pruitt is not asking for the evidence on which the Division will rely but is instead asking for the Division to state the basis for the allegation. The issue is not how the Division will prove that Pruitt falsified or caused to be falsified certain books, records, and accounts but rather what books, records, and accounts are at issue. In light of the Division's argument that the phrase books, records, and accounts is "very broad" and "include[s] 'virtually any tangible embodiment of information made or kept by an issuer,'" it is reasonable to require additional specificity, particularly because greater specificity will expedite disposition of this case. The Division's opposition purports to provide specificity but because it uses the phrases such as and for instance to preface its description of the books, records, and accounts at issue, it is unclear whether the Division's description is exhaustive. In the letter listing the internal control Pruitt allegedly violated, the Division shall provide an explanation of the categories ofdocuments that it alleges are implicated by the phrase books, records, and accounts that Pruitt allegedly falsified or caused to be falsified. If the description of books, records, and accounts found on pages 9 and 10 of the Division's opposition is exhaustive, the Division should so state. If there are additional categories, the Division shall describe them with enough specificity that documents falling within the categories can be identified.
Between August 2013 and August 2016 (the "Relevant Period"), Tradition facilitated the sale of Venezuelan and Argentinian bonds without having in place a reasonable anti-money laundering ("AML") compliance program that was tailored to the Firm's foreign bond business. Tradition also failed to conduct required due diligence on the accounts of foreign financial institutions ("FFIs").In particular, the Firm did not adequately assess, at account opening or thereafter,the money laundering risks posed by the FF1 accounts, as required by 31 C.F.R.§ 1010.610 and failed to perform periodic reviews of account activity sufficient to determine consistency with information previously obtained about the type,purpose and anticipated activity of the accounts.
Tradition's conduct violated FINRA Rules 3310(a) and (b) and 2010.