Last week, the Securities and Exchange Commission (SEC) announced that App Annie Inc. and its former CEO and Chairman Bertrand Schmitt agreed to a $10 million settlement for violations under Section 10(b) of the Exchange Act and Rule 10b-5. This settlement represents a new era in enforcement: for the first time, the SEC charged an alternative data provider with securities fraud, ostensibly for having sold material nonpublic information to unwitting buyers.
Background
“Alternative data” is information that, unlike a company’s financial statements, is not available in commonly used and accessible data sources. App Annie, a privately held company, is one of the largest providers of alternative data. It sells mobile app performance data to trading firms who then use the estimates in making investment decisions.
App Annie offered a free product called “Connect” that app developers could use to obtain information about the success of their own app. The program looked at measures like an app’s total downloads, customer usage and retention, and the total revenue the app generated for the company. But in exchange, App Annie could also make its own use of that information.
When obtaining consent to use the information collected from Connect, App Annie promised developers that it would not disclose app developers’ data to other parties. In its Terms of Service, App Annie further stated that it would use aggregated and anonymized versions of the confidential data only in a statistical model that generated estimates of app performance. The estimates were then sold to trading firms in a subscription service called “Intelligence.”
However, the SEC’s order states that, contrary to its promises, App Annie did not merely aggregate and anonymize app data. Instead, App Annie used app data it had collected to manually tinker with the results of its statistical modeling so that the estimates that App Annie ultimately sold to traders better reflected the actual performance of the apps. In other words, according to the SEC, App Annie used the actual confidential data derived from Connect to make its estimates “more valuable.”
The problem, however, according to the SEC’s order, is that App Annie didn’t tell the trading firms what it was doing. App Annie instead represented that its estimates were derived in compliance with the representations it had made to app developers—i.e., that the app data had been aggregated and anonymized. Further, App Annie specifically affirmed that it had internal controls to protect against any misuse of material nonpublic information. Traders then went out and used the data to develop investment strategies and “to buy and sell securities based on App Annie’s Intelligence estimates,” without knowing that these Intelligence estimates were “based on App Annie’s material misrepresentations and other deceptive practices.”
The SEC Order
The SEC charged App Annie and Schmitt with engaging in deceptive practices and making material misrepresentations to trading firms about their alternative data. In addition to App Annie’s $10 million settlement, Schmitt will pay a $300,000 fine and will be barred from serving as an officer or director of a public company for three years.
As we have previously shared, in the last few months the SEC has signaled its intention to change its enforcement practices and suggested that a more rigorous securities fraud enforcement era has arrived. The SEC is also increasingly focusing on cybersecurity and data use issues. The App Annie settlement is evidence of both trends.
In relevant part, Rule 10b-5 makes it unlawful for any person to “make any untrue statement of a material fact” or “to engage in any act, practice, or course of business which operates or would operate as a fraud . . . in connection with the purchase or sale of any security” (emphasis added). The SEC’s action against App Annie hinges on a broad interpretation of the phrase “in connection with.” App Annie did not itself use the nonpublic information it had gathered to make its own investments, and App Annie was not specifically charged with insider trading. Instead, the SEC’s action is based on App Annie’s having allegedly represented to its customers – who did buy and sell securities – that App Annie had effective internal controls in place to prevent the sale of material nonpublic information when, according to the SEC, App Annie did not. With App Annie, the SEC has made clear that, at least in the SEC’s view, making false representations about the characteristics of data that you are selling may be a sufficient basis for a 10b-5 violation, even if you yourself are not buying or selling securities and even if the alleged victims of the fraud are ostensibly benefitting from it.
Those currently dealing in alternative data should be aware of the risk that the SEC may continue to look to push the boundaries of federal securities laws. And alternative data companies aren’t the only ones that risk being caught in the SEC’s widening enforcement net. Buyers of alternative data may face scrutiny as well and be asked to defend their diligence efforts. When it comes to buying and selling data, everyone involved should be aware of the potential risks.
