top of page

Lessons learned from SEC fraud case in terms of cybersecurity and beneficial ownership

Compliance professionals can learn valuable lessons about cybersecurity and beneficial ownership from an international scheme in which hackers compromised dozens of online brokerage accounts to manipulate stock prices.

The Securities and Exchange Commission (SEC) filed charges against 18 people on Monday for allegedly taking part in a scheme where they allegedly gained access to the brokerage accounts of retail investors, forced those accounts to buy large blocks of two microcap stocks, and then forced those accounts to sell their current holdings of the same stocks at inflated prices.

Two overlapping groups of people operating outside of the United States and Canada but involving offshore accounts and exchanges in a dozen countries were allegedly involved in the misconduct, which is alleged to have occurred between 2015 and 2018. According to the SEC, the scheme brought in about $1.3 million in illegal profits.

According to Gurbir Grewal, director of the SEC's Division of Enforcement, "this case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud. The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available."

The fraudsters hired independent hackers, according to the SEC's complaint, which was submitted in U.S. District Court for the Northern District of Georgia, to hack into brokerage accounts and purchase large quantities of the microcap stocks Good Gaming and Lotus Bio-Technology Development Corp. (LBTD).

The complaint stated that "in multiple instances, the defendants sold stock executed directly to the forced purchases in the hacked accounts." The SEC claimed that the activity contributed to the appearance that the stock values were rising.

The broker-dealer companies in charge of those accounts may have viewed the high volume of purchases of one specific stock in one day as suspicious in some cases where the compromised accounts had not previously executed any trades. According to the SEC, the owners of the compromised accounts never gave their consent to the purchases. Broker-dealers paid their clients back for the losses.

One of the alleged fraudsters requested permission to open "more accounts" with the broker-dealer when she opened a brokerage account to trade LBTD shares in order to "spread LBTD share ownership between multiple entities and stay 'under 10%' ownership," according to the complaint. The SEC claimed that the fraudster was attempting to circumvent the agency's beneficial ownership rules, which call for the filing of additional reports by anyone (including groups acting in concert) who is directly or indirectly the beneficial owner of more than 10% of a class of registered securities or who is a director or officer of the issuer whenever they own more than 5% of a class of registered securities.

According to the SEC, the fraudsters eventually transferred a sizable portion of the LBTD stock to another account that was under the control of a different brokerage firm. Through a number of offshore entities with addresses in Switzerland, Belize, the Bahamas, the United Kingdom, and Belize, they concealed their beneficial ownership of LBTD stock.


10 views0 comments