Securities Industry Commentator by Bill Singer Esq

September 17, 2020

SEC Charges Private Company with Fraud (SEC Release)

SEC Adopts Amendments to Enhance Retail Investor Protections and Modernize the Rule Governing Quotations for Over-the-Counter Securities (SEC Release)

Montana Broker Sentenced to Prison for Multimillon-Dollar Investment-Fraud Scheme (DOJ Release)

Seven International Cyber Defendants, Including "Apt41" Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally / Two Defendants Arrested in Malaysia; Remaining Five Defendants, One of Whom Allegedly Boasted of Connections to the Chinese Ministry of State Security, are Fugitives in China (DOJ Release)
It started as a FINRA arbitration in which an associated person alleged that she was fired in retaliation for reporting misconduct. Among her claims, she alleged that she was a protected whistleblower. In her Complaint, she had named Ameriprise and three individual respondents. The FINRA Arbitration Panel granted Respondents' motions to dismiss. The case moved on to federal district court, and, from there, to federal appeals court. 

SEC Charges Private Company with Fraud (SEC Release)
In a Complaint filed in the United States District Court for the Western District of New York, the SEC alleged that Cygnus Capital Management, LLC and the Estate of Richard Ventrilla (for his conduct) violated  the antifraud provisions of Section 17(a) of the Securities Act, Section 10(b) of the Securities Exchange Act and Rule 10b-5 thereunder, and Sections 206(1) and 206(2) of the Investment Advisers Act of 1940. The SEC is seeks disgorgement plus prejudgment interest from Ventrilla's estate;  and against Cygnus, permanent injunctive relief, civil penalties, and disgorgement plus prejudgment interest thereon. As alleged in part in the SEC Release:

[F]rom at least September 2015 through March 2020, Cygnus and Ventrilla, a Clarence, New York resident who died on September 2, 2020 and was previously convicted of extortion in 1999, made false and misleading statements to investors and misappropriated assets from investment advisory clients. The complaint alleges that Ventrilla told investors that he would invest their funds in publicly traded securities and repay them with trading profits, promising a guaranteed rate of return between 7% and 8%. The complaint alleges that, in reality, Ventrilla had no basis for these statements and used only approximately ten percent of total investor funds to trade securities, spending the majority of investor funds to support his lifestyle or to repay other investors. The complaint also alleges that Ventrilla led at least sixteen investors who had become investment advisory clients to believe that he would manage their assets using separately managed accounts and pay himself a reasonable investment advisory fee. Instead, Ventrilla allegedly misappropriated a significant amount of their funds to support his lifestyle and lied to the clients about their purported portfolio holdings.

The SEC adopted amendments to Exchange Act Rule 15c2-11 that are designed to modernize the rule by purportedly ensuring that broker-dealers do not publish quotations for an issuer's security when current issuer information is not publicly available, subject to certain exceptions. In pertinent part, the SEC Release asserts:

The amendments facilitate transparency of OTC issuer information by: 
  • Requiring to be current and publicly available certain specified documents and information regarding OTC issuers that a broker-dealer or qualified IDQS must obtain and review for the broker-dealer to commence a quoted market in an OTC issuer's security ("information review requirement");
  • Updating the "piggyback" exception, which allows broker-dealers to rely on the quotations of another broker-dealer that initially complied with the information review requirement, to require, among other things, that issuer information, depending on the issuer's regulatory status, be current and publicly available, timely filed, or filed within 180 calendar days from a specified period; and
  • Requiring that issuer information be current and publicly available for a broker-dealer to rely on the unsolicited quotation exception to publish quotations on behalf of company insiders and affiliates of the issuer.
The amendments provide greater investor protections when broker-dealers rely on the piggyback exception by:
  • Requiring at least a one-way priced quotation;
  • Prohibiting reliance on the exception during the first 60 calendar days following the termination of a Commission trading suspension under Section 12(k) of the Exchange Act; and
  • Providing a time-limited window of 18 months during which broker-dealers may quote the securities of "shell companies."
The amendments reduce unnecessary burdens on broker-dealers by:
  • Allowing broker-dealers to initiate a quoted market for a security if a qualified IDQS complies with the information review requirement and makes a publicly available determination of such compliance; and
  • Providing new exceptions, without undermining the Rule's important investor protections, for broker-dealers to:
  • Quote actively traded securities of well-capitalized issuers;  
  • Quote securities issued in an underwritten offering if the broker-dealer is named as an underwriter in the registration statement or offering statement for the underwritten offering, and the broker-dealer that is the named underwriter quotes the security; and
  • Rely on certain third-party publicly available determinations that the requirements of certain exceptions are met.
Montana Broker Sentenced to Prison for Multimillon-Dollar Investment-Fraud Scheme (DOJ Release)
Following a jury trial in the United States District Court for the District of Montana:
  • Sean Finn was convicted on one count of conspiracy to commit securities fraud and wire fraud, four counts of wire fraud, and four counts of securities fraud; but he was acquitted on one count of wire fraud. Finn was sentenced to 87 months in prison and ordered to pay $6,075,000 in restitution and to forfeit $830,000. 
  • Defendants Anthony Brandel and James Warras were found guilty of conspiracy and multiple counts of wire fraud and securities fraud following a jury trial in 2015.  Brandel and Warras were each sentenced on Aug. 3, 2016 to 87 months in prison
In 2015, Defendant Joseph Micelli pled guilty to conspiracy to commit wire fraud and securities fraud and was sentenced on Feb. 23, 2016 to 60 months in prison plus three years of supervised release.  

Defendants Martin Schlaepfer and Hans-Jurg Lips remain at large.

As alleged in part in the DOJ Release:

[F]inn conspired with others in the United States and Switzerland to promote investments and loan instruments that he knew to be fictitious.  Finn and his co-conspirators told victims that, for an up-front payment ranging from $100,000 to $1 million, a Swiss company known as Malom Group AG (Malom), whose name stood for "Make A Lot Of Money," would provide access to lucrative investment opportunities and substantial cash loans. 

The evidence showed that to effectuate this scheme, the defendant and his co-conspirators provided victims with fabricated bank documents purporting to show that Malom held hundreds of millions of dollars in overseas bank accounts, as well as documents falsely stating that Malom had previously closed similar deals.  The evidence showed that when victims wired their money into an escrow account controlled by the co-conspirators, the money was released and disbursed to, among others, Finn for his own personal use.  The evidence further showed that shortly before he was indicted in 2013, Finn fled to Canada, where he was arrested in 2014 and ultimately extradited back to the United States in 2018.  According to the evidence presented at trial, losses to the victims from the scheme totaled more than $3.8 million.   

Seven International Cyber Defendants, Including "Apt41" Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims GloballyTwo Defendants Arrested in Malaysia; Remaining Five Defendants, One of Whom Allegedly Boasted of Connections to the Chinese Ministry of State Security, are Fugitives in China (DOJ Release)
As alleged in part in the DOJ Release:

In August 2019 and August 2020, a federal grand jury in Washington, D.C., returned two separate indictments charging five computer hackers, all of whom were residents and nationals of the People's Republic of China (PRC), with computer intrusions affecting over 100 victim companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, and foreign governments, as well as pro-democracy politicians and activists in Hong Kong.

 The intrusions, which security researchers have tracked using the threat labels "APT41," "Barium," "Winnti," "Wicked Panda," and "Wicked Spider," facilitated the theft of source code, software code signing certificates, customer account data, and valuable business information.  These intrusions also facilitated the defendants' other criminal schemes, including ransomware and "crypto-jacking" schemes, the latter of which refers to the group's unauthorized use of victim computers to "mine" cryptocurrency. 

Also in August 2020, the same federal grand jury returned a third indictment charging two Malaysian businessmen who conspired with two of the Chinese hackers to profit from computer intrusions targeting the video game industry in the United States and abroad.  Shortly thereafter, the U.S. District Court for the District of Columbia issued arrest warrants for the two businessmen.  On Sept. 14, 2020, pursuant to a provisional arrest request from the United States with a view to their extradition, Malaysian authorities arrested them in Sitiawan.  The department appreciates the significant cooperation and assistance provided by the Government of Malaysia, including the Attorney General's Chambers of Malaysia and the Royal Malaysia Police.

In addition to arrest warrants for all of the charged defendants, in September 2020, the U.S. District Court for the District of Columbia issued seizure warrants that resulted in the recent seizure of hundreds of accounts, servers, domain names, and command-and-control (C2") "dead drop" web pages used by the defendants to conduct their computer intrusion offenses.  The FBI executed the warrants in coordination with other actions by several private-sector companies, which included disabling numerous accounts for violations of the companies' terms of service.  In addition, in partnership with the department, Microsoft developed and implemented technical measures to block this threat actor from accessing victims' computer systems.  The actions by Microsoft were a significant part of the overall effort to deny the defendants continued access to hacking infrastructure, tools, accounts, and command and control domain names.  In coordination with today's announcement, the FBI has also released a Liaison Alert System (FLASH) report that contains critical, relevant technical information collected by the FBI for use by specific private-sector partners.

C404 Indictment
Wong Indictment
ZHR Indictment
In a Complaint filed in the United States District Court for the Western District of Texas, the CFTC charged David Seibert with fraudulently soliciting and misappropriating more than $8.3 million of participant funds that he lost in undisclosed trading of commodity interests. Seibert agreed to the entry of a Consent Order whereby a permanent injunction enjoins him from future violations of the Commodity Exchange Act, and imposes a permanent registration and trading bans, while reserving the assessment of monetary damages for a future determination. As alleged in part in the CFTC Release:

The order finds that from March 2016 to April 2019, Seibert operated under a number of fictitious names in connection with his misappropriation scheme: SEI-Equity Investments, a/k/a SEI Equity Investments, a/k/a Seibert Equity Investments, and d/b/a Great America Funding LLC a/k/a Great American Funding, LLC, a/k/a Great American Funding Lender Services. According to the order, Seibert solicited more than $10 million from at least eight members of the public to provide funds for short-term secured loans in return for the promise of high interest from third-party borrowers who purportedly would use their funds for real property improvements.

The order finds that Seibert did not originate any loans. Instead, he pooled and traded the funds in his commodity interest trading account without disclosing he was doing so. He thereafter lost $8,336,148 through these trades, and used other participants' funds for various personal expenses, which he similarly did not disclose. 

In a Complaint filed in the United States District Court for the Middle District of Florida, the CFTC charged 
Avinash Singh with fraudulently soliciting and misappropriating funds through a master commodity pool Highrise Advantage, LLC; and, further, Daniel Cologero, Randy Rosseau, and Hemraj Singh were charged with fraudulently soliciting funds from clients for Highrise through the commodity pools they operated: Green Knight Investments, LLC, Bull Run Advantage, LLC, and King Royalty, LLC. Finally, the Complaint alleges that Surujpaul Sahdeo and his company SR&B Enterprises unlawfully solicited, accepted, and fed client funds to Highrise. The Court issued a restraining order freezing the assets of Singh, Highrise, Green Knight, Bull Run, King Royalty, and SR&B; and prohibiting the destruction or concealment of the defendants' books and records. As alleged in part in the CFTC Release:

The complaint alleges that beginning in or around February 2013 and continuing to the present, the defendants accepted at least $4.75 million from over 150 victims. In soliciting potential victims to participate in Highrise, Avinash Singh falsely claimed to be a successful commodities trader with a track record of positive gains and no losses. Cologero, Hemraj Singh, and Rosseau also allegedly misrepresented the profits Highrise had generated-as well as the potential risk of loss in Highrise-when soliciting funds for their scheme.

The complaint alleges that of the at least $4.75 million accepted, Avinash Singh and Highrise traded only a combined amount of $1,656,000 in forex and misappropriated at least $3 million of victims' funds to pay personal expenses, to transfer to other defendants, and to make Ponzi-type payments to other victims.

Highrise, Green Knight, Bull Run, and King Royalty each issued monthly account statements to their victims that misrepresented their profits and balances. The complaint further alleges that SR&B received at least $1,350,000 in funds from victims in its own name and then transferred this money to Highrise to fund a forex account.

The complaint further charges all defendants with failing to register with the CFTC as required and with violating other regulatory requirements relating to the operation of commodity pools.
In an Superseding Indictment filed in the United States District Court for the Northern District of California, Danil Potekhin a/k/a "cronuswar" and Dmitrii Karasavidi a/k/a "Dmitriy Karasvidi" were charged with charged with conspiracy to commit computer fraud and abuse; computer fraud; conspiracy to commit wire fraud; money laundering conspiracy; and two counts of aggravated identity theft. As alleged in part in the DOJ Release:

The Superseding Indictment describes a number of complex fraud schemes used by the defendants and their co-conspirators to maximize the value of the cryptocurrency that they stole from the customers of these digital currency exchanges.  The first fraud scheme, referred to as a theft attack in the Superseding Indictment, was a scheme to steal digital currency from as many users of a U.S.-based digital currency exchange as possible in a short amount of time.  Beginning in July 2017, Potekhin created and controlled at least 13 separate fake domains for this digital currency exchange.  Using the fake domains, the defendants induced more than 150 victim customers of the exchange to input their user identification and passwords.  Potekhin and Karasavidi, of Moscow, also created multiple fictitious accounts with the same digital currency exchange, and used stolen information from at least three individuals from the United Kingdom to create three of those accounts.  The defendants then used the stolen credentials from the victim customers to access the victims' accounts in August 2017 and withdraw digital currency without authorization.  By linking the fictitious accounts to the accounts of victim customers, the defendants were able to withdraw larger sums of digital currency from victim accounts without authorization. 

The Superseding Indictment further describes a sophisticated market manipulation scheme that began in July 2017 using the stolen customer credentials of the same U.S.-based digital currency exchange and culminated in a manipulation attack that targeted three victim customers.  The defendants first created a number of fictitious accounts on the same platform and each account purchased an inexpensive digital currency known as GAS prior to the manipulation.  Then, on October 29, 2017, the defendants took control of the three victim customer accounts and used the digital currency contained in those accounts, with a value of over $5 million at that time, to purchased GAS at the same time, which increased demand and price.  The defendants and their co-conspirators then quickly converted the digital currency in their fictitious accounts from GAS to Bitcoin and other digital currencies, causing the value of GAS to plummet and leaving the value of GAS that remained in the victim customer accounts worthless, causing a loss to these three victims of approximately $5 million.

The Superseding Indictment also alleges similar fraud schemes that took place between October 2017 and March 2018, and which resulted in theft attacks targeting victim customers of another U.S.-based digital currency exchange and one based abroad.  The value of the stolen digital currency at the time of the thefts was over $11 million.

The Superseding Indictment alleges the defendants laundered the proceeds of the attacks and attempted to conceal the nature and source of the digital currency by transferring them in a layered and sophisticated manner through multiple accounts.  Ultimately, a significant amount of the stolen digital currency was deposited into Karasavidi's account.