Ali Abbas
SEC charges alternative data provider with securities fraud
The US Securities and Exchange Commission has issued a landmark enforcement action against App Annie, an alternative data provider.
On 14 September, the SEC announced that it would be fining leading alternative data provider, App Annie, $10 million for engaging in deceptive practices and making “material misrepresentations about how App Annie’s alternative data was derived”.
What does App Annie do?
App Annie sells market data pertaining to mobile app performance. This ‘alternative data’ ranges from how many times a company’s app is downloaded to how often it’s used, to the amount of revenue an app is generating for any given company.
Why are they subject to an SEC enforcement?
App Annie – and its former CEO Bertrand Schmitt, who is also subject to enforcement action – knew that companies would only share confidential data about their performance with App Annie on the basis that it 1) would not be disclosed to third parties and 2) the data would be aggregated and anonymized before being modelled to generate insights.
However, despite making these assertions, the SEC has found that App Annie used non-aggregated, non-anonymized data to alter its model-generated estimates to make them more valuable to sell to firms. Moreover, it told their trading firm customers that they generated estimates in a way that was consensual with the companies from which they obtained the confidential data, which it ultimately was not. They also said they had controls to prevent the misuse of that confidential data, and that it met federal securities laws.
Further to that, App Annie would tell trading firms how they might be able to use the estimates to trade ahead of upcoming earnings announcements.
In short, App Annie said it would do one thing, and instead did another. As summarised by Director of the SEC’s Enforcement Division, Gurbir Grewal:
“App Annie and Schmitt lied to companies about how their confidential data was being used and then not only sold the manipulated estimates to their trading firm customers, but also encouraged them to trade on those estimates.”
CUBE comment
In our recent report – Data: Poison or Cure? – we explored the potential of alternative data to redefine the way in which financial institutions carry on their business. We noted how some financial institutions are now able to use mobile phone data, drone footage and biometric data to make intelligent inferences about their customers and prospects – from creating tailored products to assessing their creditworthiness. We also looked at the potential for alternative data to open up banking services to the previously unbanked.
The problem with alternative data – as with almost all emerging tech – is that it is relatively new and not always tried and tested. Inevitably, this opens the floor to risks, as well as the potential for issues or malpractice to fly under the radar.
This landmark case raises a number of points, some technical and some more philosophical:
1. Embed your policies and controls
From a technical standpoint, the SEC’s enforcement spells out a clear message – implement and abide by your policies and controls. Having policies and controls in place is one thing, as is telling customers and prospective customers that you have these in place. However, unless a company is truly embedding those policies and controls within their work/data/infrastructure, they are ineffective and rendered meaningless. Which inevitable equates to non-compliance and regulatory action.
2. Growing companies must still be compliant companies
Anther interesting point is that App Annie was a new company with big ambition and a plan to grow, fast. Compliance, it seems, wasn’t part of that growth strategy. As Schmitt (who will pay $300,000 of his own money) commented in a LinkedIn post:
“We were moving fast and innovating in a new space, but we always understood that compliance was a critical element of the business to ensure that customers could trust the estimates we provided to them. We had obtained legal advice on compliance procedures and even hired an in-house compliance team, but as a private company we did not understand that our level of controls around the use of confidential data in our estimates for Intelligence Reports could form the basis of an SEC action.”
3. Alternative data should not mean ‘alternative’ compliance
On a broader plain, this case raises interesting questions about alternative data and the companies that provide it, which could have far-reaching implications for financial services and the way we define insider trading too.
Alternative data is a growing industry and one that is seldom thrust into regulatory spotlight. Following the SEC’s latest action – it’s fair to suggest that this may be a common thread that, until now, has flown under the radar. I think it’s fair to say that this may not be the last we hear from the SEC on alternative data firms.
CUBE simplifies compliance for financial institutions of all shapes and sizes.