Securities Industry Commentator by Bill Singer Esq

April 14, 2022

For Wall Street advisors thinking of making a move to another firm, the options can be overwhelming. Where do you even begin? Some think word-of-mouth is the best way to go . . . it's not. There are likely many firms that could be interested in your business but you don't know what you don't know and could be missing out on some great future employers. Should you look only at wirehouses? What about regionals or boutique firms? Should you consider Independents or RIA's? And if you are lucky enough to land in front of a motivated employer, do you know what to ask for and how best to go about it? After all, you want to get the best deal possible, right? Which tends to leave the option used by most savvy Wall Street professionals: Find a trusted industry recruiter who will carefully market you to firms where you present a good fit. Remember that the hiring firms pay the recruiter's fees, so you're going to get expertise at no extra cost.

$11M father-daughter decades-long Ponzi scheme ends with guilty pleas for the whole family (Financial Planning by Justin L. Mack)
In the late 1970s, before I became a lawyer, I was a Business Editor for Prentice-Hall, where I learned the skills necessary to churn out the prose that is the grist for the mill of newsletters. If you really want a challenge, try drafting a punchy article about '40 Act compliance on a sweltering Friday afternoon in August. Been there. Done that. Which is why I truly have an eye for superb journalism and professional writers. Among my two favorite reporters on the Wall Street beat are Tobias Salinger and Justin Mack of "Financial Planning." In a recent article about a horrific Ponzi scheme, Justin Mack regales us with the jaw-dropping details and ties it all up in compelling fashion. A fun read and also a treat to see someone practice his craft with ease and style!

Former UBS Financial Advisor Pleads Guilty to Defrauding over $5 Million Dollars from His UBS Clients (DOJ Release)
Former UBS Financial Advisor German Nino pled guilty in the United States District Court for the Southern District of Florida to wire fraud; and as alleged in the DOJ Release:   

As part of his change of plea, from about 2012, and continuing to 2020, Nino, a resident of Broward County, was a financial advisor working at a branch office of UBS Financial Services Inc. in Miami.  Nino oversaw and managed UBS investment accounts for various customers, including three victims who were related and who had various investment accounts at UBS.  Nino was the financial advisor assigned to oversee and manage the victims' money in the accounts.

From about May 2014 to February 2020, Nino made a total of 62 unauthorized transfers from three UBS accounts belonging to the victims, which totaled $5,833,218.59.  To accomplish the wire fraud scheme, Nino made materially false and fraudulent statements to his victims and concealed and omitted material facts including misrepresenting the true performance, balance, and rate of return of the accounts he managed; forging the signature of his clients on documents purporting to authorize transfers out of the accounts; preparing a fraudulent land purchase contract and forging a victim's signature on the land purchase contract to make it appear that the victim was purchasing land in Colombia by using money from the victim's account; removing one of the victim's email from the victim's UBS email account profile so that the victim would not receive email notifications from UBS about unauthorized transfers; and preparing fraudulent UBS account statements and client review statements, which falsely inflated the balance and value of the victims' accounts. 

SEC Charges Eight Participants in Cross-Border Penny Stock Fraud Scheme (SEC Release)
In a Complaint filed in the United States District Court for the Southern District of New York, the SEC charged Ronald Bauer, Craig James Auringer, Adam Christopher Kambeitz, Alon Friedlander, Massimiliano ("Max") Pozzoni, Daniel Mark Ferris, Petar Dmitrov Mihaylov, and David Sidoo with violating the registration provisions of Section 5(a) and 5(c) of the Securities Act and the antifraud provisions of Section 17(a) of the Securities Act and Section 10(b) of the Securities Exchange Act and Rule 10b-5 thereunder. As alleged in part in the SEC Release:

According to the SEC's complaint, UK-resident Ronald Bauer and various combinations of his associates, Craig James Auringer, Adam Christopher Kambeitz, Alon Friedlander, Massimiliano ("Max") Pozzoni, Daniel Mark Ferris, Petar Dmitrov Mihaylov, and David Sidoo - all of whom reside outside the U.S. - engaged in all or part of a complex scheme spanning at least 2006 to 2020 to fraudulently unload on unsuspecting retail investors the respective defendants' significant shareholdings of at least 17 microcap stocks quoted on U.S. markets.  Prior to engaging in the scheme, Bauer and Mihaylov had each, by consent, been permanently enjoined from such conduct in Commission penny stock fraud enforcement actions against them.

The defendants allegedly coordinated and funded misleading promotional campaigns, surreptitiously unloaded massive quantities of each stock into the very price and demand rises triggered by those campaigns, and directed their illicit proceeds from those illegal sales through multiple networks of offshore shell companies and financial accounts.

According to the complaint, the defendants over time operated in various combinations and played varying roles. For example, Monaco-resident Ferris and Spain-resident Pozzoni initially served as figurehead CEOs of issuers whose stocks were fraudulently unloaded by their accomplices, and later assumed more senior roles in the scheme. Further, Cayman Islands-resident Kambeitz coordinated materially misleading promotional campaigns urging investors to buy the stocks that London-based Bauer, Auringer, and Friedlander, among others (including Sidoo, as to one such stock), simultaneously and massively sold, all while concealing both their ownership and the fact they were acting in concert.
The United States District Court for the Northern District of California entered a Final Judgment on consent permanently enjoining former Benja Inc. Chief Executive Officer Andrew J. Chapin from violating Section 17(a) of the Securities Act and Section 10(b) of the Securities Exchange Act and Rule 10b-5 thereunder, permanently barring him from serving as an officer or director of a public company, and ordering him to pay a total of $2,635,000 in disgorgement and $184,692 in prejudgment interest (the payments are satisfied by Chapin's guilty plea in a related criminal matter for which he was sentenced to 36 months imprisonment and ordered to pay $8,069,900 of restitution to the victims of his fraudulent scheme). As alleged in part in the SEC Release:

[F]rom 2018 to 2020, Chapin, the founder and CEO of Benja, told investors that Benja was a successful online advertising platform that generated millions of dollars in revenue from popular consumer clothing brands and retailers. In reality, the complaint alleged, Benja never did business with the companies. The complaint further alleged that in order to secure investments, Chapin enlisted one or more associates to help induce investments from venture capital investors by impersonating representatives of Benja's purported customers and the supposed founder of a venture capital fund who falsely claimed to have made a large investment in Benja. According to the complaint, Chapin also provided an investor with forged contracts and doctored bank statements.

SEC Obtains Final Judgment Against Former Company Controller Charged with Insider Trading (SEC Release)
The United States District Court for the Central District of California entered a Final Judgment
permanently enjoining Mark Loman from violating the antifraud provisions of Section 10(b) of the Securities and Exchange Act and Rule 10b-5 thereunder, and permanently barring him from serving as an officer or director of a public company, and ordering him to pay a civil penalty of $482.050. Also, Loman agreed to settle an SEC administrative proceeding pursuant to Rule 102(e) of the Commission's Rules of Practice, barring him from appearing or practicing before the Commission as an accountant. As alleged in part in the SEC Release:

[L]oman, the former Controller and Vice President of Finance of OSI, knew that the company was going to fall far short of its revenue and earnings expectations in the last quarter of 2015, and just days before the end of the quarter, Loman made options trades betting that OSI's stock would go down in price. The complaint further alleged that when OSI publicly announced its disappointing quarterly financial results, its stock dropped approximately 35%, netting Loman more than $300,000 on the options trades. As alleged, Loman further profited from the misuse of nonpublic information by purchasing stock in a target company after he learned that OSI was in negotiations to acquire the target at a premium over its market price. According to the complaint, when OSI's intended acquisition was announced publicly, Loman immediately sold his shares, netting more than $100,000.

In a parallel criminal action filed November 21, 2019 by the United States Attorney's Office for the Central District of California, a jury found Loman guilty of four counts of securities fraud and four counts of insider trading. Loman was sentenced to 35 months in prison and ordered to pay a $600,000 fine.

SEC Charges Florida Recidivists with Fraud and Registration Violations (SEC Release)
In a Complaint filed in the United States District Court for the Southern District of Florida, the SEC charged  Joseph Salvatore DeVito a/k/a "Salvatore DeVito" and Dean Anthony Esposito a/k/a "Dean Anthony" with violating the antifraud and securities offering and broker-deal registration provisions of the federal securities laws, and for violating prior SEC Orders against them. The SEC Complaint alleges that DeVito and Esposito violated Sections 5(a) and 5(c), and 17(a)(1) and 17(a)(3) of the Securities Act and Sections 10(b), 15(a)(1), and 15(b)(6)(B) of the Securities Exchange Act and Rules 10b-5(a) and (c) thereunder. As alleged in part in the SEC Release:

[F]rom at least October 2016 through February 2019, DeVito and Esposito solicited and raised money from investors in a series of unregistered securities offerings by Property Income Investors LLC and certain related companies (together, "PII") through a cold calling campaign. The complaint alleges that, at the time DeVito and Esposito were engaged in marketing investments for PII, they were already each the subject of prior SEC permanent injunctions for violating the antifraud and registration provisions of the federal securities laws, and were each barred from the securities industry. As alleged in the complaint, DeVito and Esposito deceived investors in the PII offerings by actively concealing from investors their significant histories of securities-related violations and that they were prevented from selling these securities due to their industry bars. The complaint alleges that DeVito and Esposito accomplished this by using pseudonyms in their communications with PII's investors.

In a Complaint filed in the United States District Court for the Northern District of Illinois, the CFTC charged David Skudder, Global Ag LLC (a registered commodity trading advisor), and Nesvick Trading Group LLC (a registered introducing broker) with spoofing soybean futures contracts and options on soybean futures contracts. Allegedly, Skudder is the founder/principal/registered associated trading person of Global, and a registered associated person of Nesvick. As alleged in part in the CFTC Release:

[F]rom approximately September 2014 through March 2019 Skudder carried out his schemes by placing hundreds of large orders for soybean futures that he intended to cancel before execution (spoof orders) while placing orders on the opposite side in the soybean futures market, or cross-market in the options on soybeans futures market (genuine orders), that would benefit from market participants' reactions to his spoof orders. By placing the spoof orders, Skudder allegedly deceived other traders about supply and demand, misleading market participants about the likely direction of the commodity's price, which made Skudder's genuine orders appear more attractive to market participants and allowed Skudder to execute his genuine orders in larger quantities and at better prices than he otherwise would have, absent the spoof orders.
For the purpose of proposing a settlement of rule violations alleged by the Financial Industry Regulatory Authority ("FINRA"), without admitting or denying the findings, prior to a regulatory hearing, and without an adjudication of any issue, Steven Kent Romjue submitted a Letter of Acceptance, Waiver and Consent ("AWC"), which FINRA accepted. The AWC asserts that Steven Kent Romjue was first registered in 1998, and by June 2009, he was registered with Morgan Stanley. In accordance with the terms of the AWC, FINRA imposed upon Carpenter a $5,000 fine and a six-month suspension from associating with any FINRA member in all capacities. As alleged in part in the AWC:

In approximately January 2016, Romjue entered into an agreement through which he agreed to service certain customer accounts, including executing trades for those accounts, under a joint representative code (also known as a joint production number) that he shared with a retired representative (Retired Representative 1). In approximately February 2018, Romjue entered into a separate agreement through which he agreed to service additional customer accounts, including executing trades for those accounts, under a joint representative code that he shared with a second retired representative (Retired Representative 2). Each agreement set forth what percentages of the commissions each representative would earn on trades placed using the applicable joint representative code. 

From February 2016 through March 2020, Romjue placed a total of 492 trades in accounts covered by his agreements with Retired Representatives 1 and 2 under representative codes other than those he should have used, through which he received a higher percentage of commissions than what he was entitled to receive pursuant to the agreements. Specifically, although the firm's system correctly prepopulated the trades with the applicable joint representative code, Romjue changed the code for the 492 trades to his personal representative code or another representative code. 

Romjue did not ask Retired Representatives 1 or 2 whether he could change the code on the 492 trades at issue and did not otherwise indicate to them that he was doing so. Instead, Romjue assumed that Retired Representatives 1 and 2 agreed with his changing the codes because they did not complain about the commissions they received during this time period. Romjue, however, was mistaken. Romjue's actions resulted in his receivinghigher commissions from the 492 trades than what he was entitled to receive pursuant to the agreements. 

In December 2020, Morgan Stanley paid restitution to Retired Representatives 1 and 2. Romjue reimbursed the firm $182,232, which is the approximate amount of additional commissions that he received from the 492 trades as a result of his falsifying the representative code on the trades. 

By falsifying the representative code on the 492 trades, Romjue violated FINRA Rule 2010. In addition, Romjue violated FINRA Rules 4511 and 2010 by causing Morgan Stanley to maintain inaccurate trade confirmations. 

"Working On 'Team Cyber' " - Remarks Before the Joint Meeting of the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council (FSSCC) by SEC Chair Gary Gensler

Thank you. It's good to be with the Financial and Banking Information Infrastructure Committee (FBIIC) as well as the Financial Services Sector Coordinating Council (FSSCC). As is customary, I'd like to note that my remarks are my own, and I'm not speaking on behalf of the Commission or SEC staff.

As some of you may know, I often like to talk about the founding of our nation's securities laws in the 1930s.

So again, today, I'd like to discuss the '30s-but this time, I actually mean the1830s.

In 1834, exactly a century before the SEC was established, the Blanc brothers in Bordeaux, France, committed the world's first hack. The two bankers bribed telegraph operators to tip them off as to the direction the market was headed. Therefore, they gained an information advantage over investors who waited for the information to arrive by mail coach from Paris.

The brothers weren't convicted for their actions, as France didn't have a law against the misuse of data networks.[1]The Blancs thus pocketed their francs, point-blank.

You may be wondering what all this has to do with the SEC. Well, I think it's telling that the world's firstcybersecurityattack involvedsecurities.

Nearly two hundred years after the Blancs stole information about the securities markets, the financial sector remains a very real target of cyberattacks. What's more, it's become increasingly embedded within society's critical infrastructure.

As the famous bank robber Willie Sutton purportedly once said, regarding why he robbed banks: "Because that's where the money is." [2]

The interconnectedness of our networks, the use of predictive data analytics, and the insatiable desire for data are only accelerating. State actors and non-state hackers alike sometimes try to target various entities and businesses. Why? To steal data, intellectual property, or money; lower confidence in our financial system; disrupt economies; or just demonstrate their capabilities. All this puts our financial accounts, savings, and private information at risk.

Cyber incidents, unfortunately, happen a lot. History and any study of human nature tells us they're going to continue to happen.

Cybersecurity also is central to national security. The war Russia is waging on Ukraine reminds us of the relevance of cybersecurity issues. As President Biden said in a statement in March, "This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience."[3]

Team Cyber

Adopting a heightened posture is a task that requires all of us. Last year, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), said that "cybersecurity is a team sport." "Each and every one of us are a member of Team Cyber," she said.[4]

Folks from the private sector-the folks that many of you in the audience represent-are on Team Cyber's front lines.

Other government entities, such as the Federal Bureau of Investigation and CISA, captain Team Cyber-but the SEC has an important role to play as well.

We have a key role as the regulator of the nearly-$100 trillion capital markets with regard to SEC registrants-ranging from exchanges and brokers to advisers and public issuers. Cyber relates to each part of our three-part mission: investor protection, facilitating capital formation, and that which is in the middle, promoting fair, orderly, and efficient markets.


Given the SEC's mission, and the evolving cybersecurity risk landscape, when considering work at the SEC, I think about it in three ways:
  • cyber hygiene and preparedness;
  • cyber incident reporting to the government; and
  • in certain circumstances, disclosure to the public.
Our cybersecurity policy work relates to four groups of entities:
  • SEC registrants in the financial sector, such as broker-dealers, investment companies, registered investment advisers, and other market intermediaries;
  • Public companies;
  • Service providers that work with SEC financial sector registrants but are not necessarily registered with the SEC themselves; and
  • The SEC itself.

Financial Sector SEC Registrants

Let me first turn to three initiatives related to financial sector registrants.

Regulation Systems Compliance and Integrity

First, I believe we have an opportunity to consider freshening up Regulation Systems Compliance and Integrity (Reg SCI).[5]

What is Reg SCI? It's a rule, adopted in 2014, that covers a subset of large registrants, including stock exchanges, clearinghouses, certain alternative trading systems (ATSs), self-regulatory organizations (SROs) and the like. This financial infrastructure is fundamental for our capital markets. The Consolidated Audit Trail (CAT), as a facility of each of the participant SROs, also is subject to Reg SCI.

The rule helps ensure these large, important entities have sound technology programs, business continuity plans, testing protocols, data backups, and so on. The core goal of Reg SCI has been to reduce the occurrence of systems issues and improve resiliency when they do occur.

A lot has changed, though, in the eight years since the SEC first adopted Reg SCI. Thus, I've asked staff how we might broaden and deepen this rule. For example, might we consider applying Reg SCI to other large, significant entities it doesn't currently cover, such as the largest market-makers and broker-dealers?[6]

To that end, in 2020, the Commission proposed to bring large government-securities trading platforms under the Reg SCI umbrella.[7] At our January Commission meeting, we re-proposed this rule expanding the types of platforms that would become ATSs, which has the potential to expand the number of platforms covered by Reg SCI.[8]

I think there also might be opportunities to deepen Reg SCI in order further to shore up the cyber hygiene of important financial entities, including and beyond our Treasury market.

Funds, Advisers, and Broker-Dealers

In February, the Commission proposed new rules that would require registered investment advisers, registered investment companies, and business development companies to shore up their cybersecurity practices. Broadly speaking, these rules and amendments focus on four areas. It would require investment funds and advisers to:
Adopt written plans to address cybersecurity risks;
  • Disclose certain cybersecurity incidents to the public;
  • Report certain cybersecurity incidents to the Commission; and
  • Fulfill certain recordkeeping obligations.[9]
I also have asked staff for recommendations on similar appropriate measures for broker-dealers.

I think such reforms could reduce the risk that these registrants couldn't maintain critical operational capability during a significant cybersecurity incident.[10] I believe they could give clients and investors better information with which to make decisions, create incentives to improve cyber hygiene, and provide the Commission with more insight into intermediaries' cyber risks.

Data Privacy

I've also asked staff for recommendations around when and how financial registrants should update customers about cyber events-particularly when their personal data may have been accessed.

Congress first addressed this issue in the Gramm-Leach-Bliley Act of 1999. The Commission adopted Regulation S-P in the wake of that law. It requires registered broker-dealers, investment companies, and investment advisers to protect customer records and information.[11] It's the reason that, to this day, a lot of us receive notices informing us about companies' privacy policies.

More than two decades since Reg S-P was adopted-an eternity in the cybersecurity world-I think there may be opportunities to modernize and expand this rule. This possibly could include proposing to require breach notifications when a customer's information is accessed without authorization.

Public Companies

Next, let me turn to public companies' disclosure with respect to cyber risk and cyber events.

The basic bargain is this: Investors get to decide what risks they wish to take. Companies that are raising money from the public have an obligation to share information with investors on a regular basis.

Disclosure regimes evolve over the decades. Cybersecurity is an emerging risk with which public issuers increasingly must contend.

To this end, in March, the Commission proposed rules that would enhance issuers' cybersecurity disclosures in two key ways.[12]

First, it would require mandatory, ongoing disclosureson companies' governance, risk management, and strategy with respect to cybersecurity risks. This would allow investors to assess these risks more effectively. For example, under the proposed rules, companies would disclose information such as:
  • management's and the board's role and oversight of cybersecurity risks;
  • whether companies have cybersecurity policies and procedures; and
  • how cybersecurity risks and incidents are likely to impact the company's financials.
  • Second, we proposed requiring mandatory, material cybersecurity incident reporting, because such material cybersecurity incidents could affect investors' decision-making.
A number of issuers already provide cybersecurity risk disclosure to investors. I think companies and investors alike would benefit if this information were presented in a consistent, comparable, and decision-useful manner.

Service Providers

Next, service providers often play critical roles within our financial sector. These service providers go far beyond the cloud. They can include investor reporting systems and providers, middle-office service providers, fund administrators, index providers, custodians, data analytics, trading and order management, and pricing and other data services, among others. Many of these entities may not be registered with the SEC.

I've asked staff to consider recommendations around how we can further address cybersecurity risk that comes from service providers.[13]


Finally, to state the obvious, the SEC is not immune to cyberattacks either.

Agency staff continue to work to protect SEC data and information technology, as well as the industry data we need to carry out our mission. This work aligns with the Administration's efforts to improve the nation's cybersecurity.

In addition, we continue to evaluate our data footprint and improve our data collection processes so that we collect only the data we need to fulfill our mission.


In conclusion, we're living in a time of rapid technological changes subject to ever present cybersecurity challenges. These cyber risks have implications for the financial sector, investors, issuers and the economy at large. The SEC has a role to play, along with the rest of Team Cyber.

Nearly two centuries after that first cyber hack, I think we can think about how to protect ourselves against the cybersecurity pitfalls of the '30s-not the 1830s or the 1930s, but the 2030s.
= = = = =
[1] See Tom Standage, "The crooked timber of humanity" (Oct. 5, 2017), available at

[2] See Federal Bureau of Investigation, "Willie Sutton," available at

[3] See The White House, "Statement by President Biden on Our Nation's Cybersecurity" (Mar. 21, 2022), available at

[4] See Jen Easterly, "Cybersummit 2021 Keynote Address" (Oct. 6, 2021), available at (see 3:32).

[5] See Securities and Exchange Commission Division of Trading and Markets, "Spotlight on Regulation SCI," available at

[6] In fact, several commenters back in 2014 suggested that we might consider adding Reg SCI requirements to other entities, including security-based swap data repositories, security-based swaps execution facilities, and non-ATS broker-dealers., p. 72363-54.

[7] See Securities and Exchange Commission, "SEC Proposes Amendments to Include Significant Treasury Markets Platforms Within Regulation ATS" (Jan. 26, 2022), available at

[8] See Securities and Exchange Commission "Statement on Government Securities Alternative Trading Systems" (Jan. 26, 2022), available at

[9] See Securities and Exchange Commission, "Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies" (Feb. 9, 2022), available at See Securities and Exchange Commission, "Statement on Cybersecurity Reforms in the Investment Management Industry" (Feb. 9, 2022), available at

[10] Broker-dealers that are Financial Industry Regulatory Authority (FINRA) members have business continuity plan obligations under FINRA. See "4370. Business Continuity Plans and Emergency Contact Information," available at

[11] See "Regulation S-P," available at

[12] See Securities and Exchange Commission, "Statement on Proposal for Mandatory Cybersecurity Disclosures" (Mar. 9, 2022), available at

[13] While focused on the most critical systems, eight years ago, the SEC addressed third-party relationships in adopting Reg SCI. SCI entities are "responsible for having in place processes and requirements to ensure that it is able to satisfy the requirements of Regulation SCI for systems operated on behalf of the SCI entity by a third party for certain financial sector entities." See Regulation Systems Compliance and Integrity, p. 72276.
It's not just Charles Schwab or Robinhood. It's not just GameStop. It's not all the fault of Reddit or social media. To the contrary, Wall Street expanded to a point where its operational capacity doesn't keep pace. In the rush to cut commissions, expand online trading, and cater to those eager to "play" the stock market, brokerage firms are frequently overwhelmed by surges in volume or computer outages. Sure, there are times when it's just the nature of technology. More recently, a finger might even be pointed at COVID. But where are the industry's regulators? Where are the consequences for a lack of planning or a lack of funding or a lack of management? In a recent lawsuit against Schwab, customers raise many of these issues -- and not for the first time . . . and likely not for the last time.

( Blog)
There are times when you read something and you think it says something. Then you re-read that same document and realize that you inferred quite a bit that was not stated or implied. Then your re-read that document, yet again, and realize that it doesn't actually say anything and, in truth, is pointless. All of which brings us to a 2021 FINRA Arbitration Award. Which brings us to a 2022 federal court opinion -- a second one, at that. Which brings us nowhere but at the end of the beginning of a circle.
In today's blog we are left wondering. FINRA makes an exceptionally strong regulatory case against a former Morgan Stanley registered representative, who is charged with multiple violations. All in all, it's not a pretty picture that FINRA paints. It's the strength of FINRA's case that may raise an eyebrow or two when you learn that the rep was not barred from the industry. Of course a 20-month suspension isn't a light slap on the wrist. Still -- you read the allegations and see what you think.