What happened

Last week the SEC brought securities fraud charges against App Annie and its co-founder and former CEO and Chairman Bertrand Schmitt for engaging in deceptive practices and making material misrepresentations about how App Annie’s alternative data was derived. App Annie and Schmitt agreed to pay $10 million and $300,000, respectively, to settle the matter. Schmitt also agreed to a three-year prohibition from serving as an officer or director of a public company.

App Annie is one of the largest providers of mobile app performance data. It sells market data about companies’ mobile apps, such as how many times an app is downloaded, how often it is used, how much revenue it generates, and other competitive information. Hedge funds and other so-called trading firms refer to this information as “alternative data” because it is not included in a mobile app company’s financial statements or other traditional data sources. The alternative data market has exploded in recent years as companies seek ways to extract and market data from various emerging sources, including email, mobile devices, social media sites, sensors, IoT-based devices, satellites, and ecommerce portals. The data is commonly used by trading firms to identify patterns and insights and gain market intelligence and advantage. According to the SEC’s Order, App Annie’s terms of service, which were posted on the company’s website, promised that there would be limitations on the ways that App Annie could use customer data. For example, the terms of service stated that the company would not disclose customer data to third parties directly but would instead use anonymized and aggregated data to build a statistical model to generate estimates of app performance.

The SEC found, however, that from late 2014 through mid-2018, App Annie used disaggregated, customer identifiable data to alter its model-generated estimates, often with confidential app performance data, in order to make them more valuable to customers. Gurbir S. Grewal, the SEC’s new Enforcement Division director, said in a statement that “App Annie and Schmitt lied to companies about how their confidential data was being used and then not only sold the manipulated estimates to their trading firm customers, but also encouraged them to trade on those estimates – often touting how closely they correlated with the companies’ true performance and stock prices.” The SEC found that trading firms were making investment decisions based on this data and that App Annie had gone so far as to share ideas with those firms as to how they could use the estimates to trade ahead of earnings announcements.

According to the SEC, App Annie’s failure to adequately disclose how it generated app-performance data misled traders that purchased the information and violated Section 10(b) of the Exchange Act and Rule 10b-5 thereunder. Those traders needed to know whether they might inadvertently use any nonpublic information that could be deemed a violation of insider trading laws.

The SEC further found that App Annie and Schmitt assured their trading firm subscribers that the company had internal controls and processes in place to prevent the sale of material nonpublic information in compliance with the federal securities laws. In fact, the SEC found, the company did not have effective internal controls and did not conduct regular compliance reviews, and while Schmitt and App Annie documented an internal policy to prevent the sale of material nonpublic information, they did not fully implement and enforce it until after App Annie learned of the SEC’s investigation.

Why it matters to alternative data providers

The order signifies that the SEC is scrutinizing alternative data providers, particularly in light of their use by trading firms to develop investment hypotheses and the potential for market manipulation and insider trading. In light of this scrutiny, alternative data providers should evaluate the type of data provided to subscribers and the risks that such data may be considered to be material nonpublic information. Data providers should further ensure that their representations to subscribers accurately describe the data being furnished, and that they adopt and enforce appropriate compliance policies and internal controls around the use and anonymization of such data.