Why it matters: In September 2015, the SEC and CFTC were busy announcing resolutions of enforcement actions involving both unique facts (Hitachi doing business in South Africa with a "front" for the African National Congress; a former Lieutenant Governor for Kentucky acting as a "front" for a convicted felon) and cutting-edge matters (cybersecurity and virtual currency). Intrigued? Read on.

Detailed discussion: Following is a summary of the unique and cutting-edge enforcement matters in which the SEC and the CFTC were involved in September 2015 (starting with the most recent):

Front and Center—SEC Charges Hitachi With "Books and Records/Internal Accounting Controls" Violations of the FCPA Involving Dealings With a "Front" for the African National Congress: In an unusual case involving unabashedly blatant dealings with a foreign political party, the SEC announced on September 28, 2015 that Japanese corporation Hitachi, Ltd. (Hitachi), a Tokyo-based conglomerate that specializes in the construction of power stations, and whose ADRs traded on the New York Stock Exchange, agreed to pay $19 million to settle civil charges that it violated the books and records and internal accounting controls provisions of the Foreign Corrupt Practices Act (FCPA). The SEC alleged that Hitachi had inaccurately recorded in its financial statements certain improper payments its South African subsidiary had made to Chancellor House Holdings (Pty) Ltd. (CHH), a known "front" for the African National Congress (ANC), South Africa's ruling political party.

A brief statement of the facts contained in the complaint (which were neither admitted nor denied by Hitachi): In 2005, Hitachi created an indirect South African subsidiary (Hitachi Subsidiary) for the purpose of establishing a "local presence" in that country in order to pursue "lucrative public and private contracts." In order to qualify for benefits under South Africa's Black Empowerment Act of 2003, Hitachi sold 25% of the stock in the Hitachi Subsidiary to CHH for approximately $190,000. The facts show that Hitachi chose CHH because its connections to the ANC suggested it could exert influence over the bidding process and because it had no operational capability, an unusual requirement. Indeed, Hitachi and CHH specifically entered into an undisclosed arrangement whereby CHH would receive "success fees" in connection with government contracts that were secured "substantially as a result" of CHH's efforts.

During the course of the arrangement, stories were released in the press, and the press directly contacted Hitachi's executives, noting that CHH was a "front" for the ANC. Nevertheless, Hitachi decided to stick with the arrangement. Hitachi was awarded power station contracts in South Africa worth approximately $5.6 billion, and in April and July of 2008 Hitachi paid CHH—and the ANC—"success fees" aggregating over $1.1 million. According to the complaint, these "success fees" were improperly recorded in the Hitachi Subsidiary's 2008 financial statements as "consulting fees," and that the Hitachi Subsidiary's inaccurate financials were subsequently consolidated into Hitachi's 2009 financial statements filed with the SEC. Moreover, in its 2010 and 2011 financial statements, the Hitachi Subsidiary recorded "dividends" to CHH aggregating over $5 million, which, per the complaint, were in reality "amount[s] due for payment to a foreign political party in exchange for its political influence in assisting Hitachi land two government contracts." Due to the increasing reports in the South African press about the corruption inherent in CHH's relationship with the Hitachi Subsidiary, Hitachi temporarily withheld payment of the dividends to CHH pending assurance from CHH that it would not pass the dividends on to "any political party or official"; however, Hitachi ended up paying CHH over $5 million in dividends plus interest in June 2012. Interestingly, the complaint also points out the fact that, in February 2014, Hitachi repurchased CHH's 25% stake in the Hitachi Subsidiary for approximately $4.4 million, raising the aggregate payments to CHH from the venture to over $10.5 million—a return on investment of over 5000%.

As SEC Director of Enforcement Andrew J. Ceresney said in the press release, "Hitachi's lax internal control environment enabled its subsidiary to pay millions of dollars to a politically-connected front company for the ANC to win contracts with the South African government." Hitachi agreed to pay a $19 million fine and to a "cease and desist" order.

See here to read the SEC's 9/28/15 press release titled "SEC Charges Hitachi With FCPA Violations."

Once More Into the Breach—SEC Charges Investment Adviser With Failing to Adopt Proper Cybersecurity Measures in Advance of Major Security Breach: On September 22, 2015, the SEC announced that R.T. Jones Capital Equities Management (R.T. Jones), a Saint Louis-based investment adviser, agreed to pay a $75,000 penalty and be censured in order to settle charges that it failed to establish cybersecurity policies and procedures (required by the federal securities laws) in advance of a security breach that "compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm's clients."

The facts in the SEC's order, which were neither admitted to nor denied by R.T. Jones, show that, during the nearly four-year period from September 2009 through July 2013, R.T. Jones stored the sensitive PII of over 100,000 individuals, which included thousands of R.T. Jones' clients, on its third-party-hosted Web server (Server). In July 2013, the Server was attacked by an unknown hacker who gained access to the PII contained thereon, leaving it vulnerable to theft. The SEC found that, during the period in question, R.T. Jones had "failed entirely to adopt written policies and procedures reasonably designed to safeguard customer information," giving as examples R.T. Jones' failure to "conduct periodic risk assessments, implement a firewall, encrypt PII stored on its server, or maintain a response plan for cybersecurity incidents." After R.T. Jones discovered the breach, it took mitigating measures such as hiring a cybersecurity consulting firm (which traced the attack to China) to determine the breach's scope, notifying every affected individual about the breach, and offering free identity-theft monitoring through a third-party provider. According to the SEC, to date R.T. Jones has not received any indications of individuals suffering financial harm as a result of the attack.

The SEC found R.T. Jones to be in violation of Rule 30(a) of Regulation S-P promulgated under the '33 Act. As Marshall S. Sprung, Co-Chief of the SEC's Asset Management Unit, said in the press release, "As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients. Firms must adopt written policies to protect their clients' private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs."

In its September 22, 2015 press release, the SEC announced an "investor alert" issued that day by its Office of Investor Education and Advocacy, which offered steps for investors to take if they become victims of identity theft or data breach. Also, relevant to this matter, in a separate press release issued on September 15, 2015 the SEC's Office of Compliance Inspections and Examinations (OCIE) issued an alert regarding its Cybersecurity Examination Initiative, in which the OCIE made clear that it will continue to conduct examinations of registered broker-dealers and investment advisers to ensure they have compliant cybersecurity measures in place and identified (on an attached appendix) the specific cybersecurity areas the OCIE will be focusing on during its second round of examinations of those firms later this year.

See here to read the SEC's 9/22/15 press release titled "SEC Charges Investment Adviser with Failing to Adopt Proper Cybersecurity Policies and Procedures Prior to Breach."

Don't Fly Like This Eagle—First "Distribution-in-Guise" Case Announced by the SEC: On September 21, 2015, the SEC announced that New York-based investment adviser First Eagle Investment Management, LLC (First Eagle) and its affiliated distributor FEF Distributors, LLC (FEF) agreed to pay approximately $40 million (consisting of disgorgement of almost $25 million plus prejudgment interest of $2.3 million and a penalty of $12.5 million) to settle charges that they had improperly used mutual fund assets to pay for the marketing and distribution of fund shares. The case is the first one to arise out of the SEC's recently announced "Distribution-in-Guise Initiative," designed to protect mutual fund shareholders from bearing the costs when firms improperly use fund assets to pay for distribution-related services by, as in this case, "masking the payments as sub-transfer agency (sub-TA) payments." As the SEC made clear in its press release and order, whereas "[f]inancial intermediaries often provide both distribution and shareholder services to mutual funds"—including shareholder services typically provided by the funds' transfer agent, such as sub-TA services—"[i]t is unlawful to use fund assets to pay for [such intermediaries' costs for] distribution and marketing, unless such payments are made pursuant to the fund's 12b-1 plan" approved by the fund's board.

The findings contained in the SEC's order (which were neither admitted to nor denied by First Eagle and FEF) detail a complicated scheme that can be briefly summarized as follows: From January 2008 through March 2014, First Eagle and FEF caused the First Eagle Funds (Funds) to pay nearly $25 million for distribution and marketing (D&M) services provided by two financial intermediaries with whom FEF had contracted in 2000 and 2005 (formalized in 2007), respectively. As the Funds' boards had not approved the payment of D&M services from Fund assets under the Funds' Rule 12b-1 plans, First Eagle and FEF misrepresented the payments to the Funds' boards as being for sub-TA services (which were so authorized). Moreover, the Funds' prospectus disclosures during that time inaccurately stated that First Eagle and FEF were bearing the financial intermediaries' D&M expenses from their own assets.

The SEC found in the order that First Eagle "willfully violated" Section 206(2) of the Investment Advisers Act of 1940 and Section 34(b) of the Investment Company Act of 1940 (Investment Company Act). Moreover, the SEC found that First Eagle and FEF caused the Funds to violate Section 12(b) of the Investment Company Act and Rule 12b-1 thereunder. In addition to paying almost $40 million in disgorgement and penalties, First Eagle and FEF also agreed to cease and desist from further violations and return the $25 million in disgorgement to the Funds' shareholders. The SEC also required FEF to retain an independent compliance consultant to "conduct a comprehensive review of FEF's supervisory, compliance, and other policies and procedures designed to prevent and detect the prohibited use of the Funds' assets to engage, directly or indirectly, in financing any activity which is primarily intended to result in the sale of shares issued by the Funds."

See here to read the SEC's 9/21/15 press release titled "SEC Charges Investment Adviser With Improperly Using Mutual Fund Assets to Pay Distribution Fees, First Case Brought Under 'Distribution-in-Guise Initiative.'"

CFTC Pronounces Bitcoin and Other "Virtual" Currencies to Be Commodities Subject to Its Regulation in Its First Action Against an Unregistered Bitcoin Trading Platform: On September 17, 2015, the CFTC announced that it had settled charges against San Francisco-based Coinflip, Inc., d/b/a Derivabit (Coinflip) and its CEO for conducting activity related to commodity options, including specifically operating a facility for the trading and processing of commodity options, in violation of the Commodity Exchange Act (CEA) and relevant CFTC regulations. The CFTC billed this as its "first action against an unregistered Bitcoin options trading platform" and found, for the first time, that "Bitcoin and other virtual currencies are properly defined as commodities" under the CEA. As a result, the CFTC found that the "commodity option transactions" at issue in this case must be conducted in compliance with the applicable provisions of the CEA and CFTC regulations applicable to "swaps" (the CEA definition that includes commodity options contracts) or must fall within the "trade option" exemption therefor.

The facts in the CFTC's order show that from March through August 2014, Coinflip and its CEO operated an online facility named "Derivabit" that offered to connect buyers and sellers of Bitcoin option contracts via "put and call options" for the delivery of Bitcoins on the Derivabit platform. The CFTC found that the Bitcoin "commodity option transactions were not conducted in compliance with a provision of the CEA or a provision of the Regulations otherwise applicable to swaps, and were not conducted pursuant to the Regulation 32.3 'trade option' exemption." The CFTC further found that Coinflip had been operating a facility for the trading of swaps but had failed to register as a "Swap Execution Facility" or a "Designated Contract Market" as required under the CEA and CFTC regulations.

Coinflip and its CEO agreed to cease and desist from further violations of the CEA and Regulations, and to comply with the undertakings specified in the CFTC order. As CFTC Director of Enforcement Aitan Goelman said in the press release, "While there is a lot of excitement surrounding Bitcoin and other virtual currencies, innovation does not excuse those acting in this space from following the same rules applicable to all participants in the commodity derivatives markets."

See here to read the CFTC's 9/17/15 press release titled "CFTC Orders Bitcoin Options Trading Platform Operator and Its CEO to Cease Illegally Offering Bitcoin Options and to Cease Operating a Facility for Trading or Processing of Swaps Without Registering.

The Case of the Missing Bank CD and the Felon: SEC Charges BDO USA and Five of Its Partners With Issuing "False and Misleading" Audit Opinions: Sometimes truth is stranger than fiction. On September 9, the SEC announced that national audit firm BDO USA, LLP (BDO) agreed to pay over $2 million (consisting of $600,000 in disgorgement of its audit fees plus interest and a $1.5 million penalty) to settle charges that it dismissed "red flags" and issued "false and misleading" unqualified audit opinions about the financial statements of one of its clients, staffing services company General Employment Enterprises (GEE). Also as part of the settlement, BDO admitted to wrongdoing and agreed to various "undertakings related to its quality controls." The five BDO partners charged in the incident agreed to a settlement suspending them from practicing public company accounting for varying periods of time and requiring them to pay penalties ranging from $30,000 to $10,000. On the client side of the equation, the SEC announced that, while it had settled with two of GEE's former executives (who will each pay a $150,000 penalty), the SEC had filed fraud charges in Manhattan district court against GEE's then chairman of the board and majority shareholder Stephen B. Pence (Pence), who also happens to be a former U.S. attorney and former lieutenant governor for the state of Kentucky. The SEC's orders instituting the settlements and the complaint contain sordid allegations involving a missing certificate of deposit worth millions, suspicious payments into company accounts and a "behind the scene" convicted criminal pulling the strings.

A brief summary of the facts as set forth in the SEC's orders entered against BDO and the five partners reveals some questionable goings-on: During its 2009 audit of GEE, BDO was advised by GEE that $2.3 million (representing approximately half of GEE's assets and substantially all of its cash) that had purportedly been invested in a 90-day nonrenewable certificate of deposit (CD) had not been repaid by the bank on its maturity date. BDO further learned upon investigation that there was no record of GEE ever purchasing said CD from the bank. There ensued multiple conflicting stories from GEE management, Pence and other board members about the whereabouts of the missing CD/$2.3 million. Shortly thereafter, GEE received a series of deposits into its accounts aggregating, coincidently, $2.3 million from three entities that were unaffiliated with the bank, one of which was allegedly owned by Pence (who was at that time the chairman of the board and the majority shareholder of GEE). When BDO questioned the deposits, GEE claimed—with no satisfactory backup—that they were "the proceeds of an agreement to assign the purported CD to an unrelated party in return for the value of the CD." The two BDO partners in charge of the audit then consulted with three senior BDO partners about the strange facts uncovered in the audit: the missing CD and $2.3 million, the mysterious deposits equaling the missing amount that showed up later, and the conflicting explanations from GEE executives and board members (including Pence). As a result, BDO issued a five-page letter to GEE setting forth the facts and demanding that the audit committee conduct an independent investigation. A few days later, however, and apparently without BDO ever receiving any coherent explanation from GEE about anything, BDO inexplicably withdrew its demand and subsequently issued unqualified opinions on the financial statements included in GEE's 2009 and 2010 annual reports.

Making things "curiouser and curiouser," the facts in the SEC's complaint against Pence allege that Pence gave off the "false appearance" of acting independently as chairman and majority stockholder of GEE during the time in question but was in reality "acting as an agent" for and doing the bidding of a convicted felon named Wilbur Anthony Huff (Huff). The complaint further alleges that Huff funded Pence's acquisition of a majority stake in GEE and gifted Pence with an aggregate of $500,000 and a $50,000 Cadillac Escalade in 2009-2010. Moreover, the complaint points out that Huff is currently serving time in prison for, among other things, "misappropriating the $2.3 million in question from General Employment." Coincidence? The SEC thinks not. The complaint charges Pence with violations of Section 10(b) of the '34 Act and its related Rules by making false and misleading statements to BDO about the existence of the purported CD, the missing $2.3 million and the "dubious related-party" deposits, and signing GEE's 2009 annual report knowing that it contained misleading statements and omissions about those matters.

See here to read the SEC's 9/9/15 press release titled "SEC Charges BDO and Five Partners in Connection With False and Misleading Audit Opinions."