On September 14, 2021, the United States Securities and Exchange Commission (SEC) settled enforcement action against App Annie Inc., an alternative data provider for the mobile apps industry, and its former CEO Bertrand Schmitt. The SEC has charged App Annie and Schmitt with securities fraud, under Section 10 (b) of the Securities Exchange Act of 1934 and Rule 10b-5, for engaging in deceptive and distorting practices substantially how App Annie derived its alternative data, leading trading companies to become subscribers to use App Annie’s data in their securities buying and selling decisions.

This one-of-a-kind enforcement action shows the SEC is taking an aggressive approach to alternative data. This alert examines the implications of this regulation and points to remember for entities that collect and provide alternative data as well as for consumers of alternative data, such as investment advisers.

SEC enforcement action

The SEC describes App Annie as one of the biggest sellers of market data on app performance on mobile devices (e.g., how often an app is downloaded, how much revenue is generated through the app). App Annie provides an analytics product for businesses with mobile apps that allows them to visualize and track the performance of their app. With this product, App Annie would collect confidential data from these companies. Trading companies will then subscribe to App Annie through a separate product to obtain information that is not typically found in financial statements or other traditional data sources and use that data to inform their investment decisions. This type of non-financial data, when used in securities transactions, is often referred to as “alternative data”.

According to the SEC findings, which respondents neither admitted nor denied, App Annie and Schmitt promised companies that shared their information with App Annie that their company-specific data would not be disclosed to third parties. Instead, App Annie would aggregate and anonymize the data before generating app performance estimates in order to make company data unidentifiable.1

Although App Annie and Schmitt understood companies’ expectations regarding the use of their data, the SEC found that from late 2014 to mid-2018, App Annie manually changed its estimates for some applications using unaggregated data. and not anonymized in order to make them more attractive and valuable to business companies. Despite misusing company confidential information, App Annie and Schmitt have told both customer-facing employees and trading companies that they do not sell material non-public information (MNPI ), that App Annie had the appropriate controls in place to prevent the misuse of confidential data, and that it was in full compliance with federal securities laws.2

The SEC ultimately found that App Annie and Schmitt had violated the anti-fraud provisions of the Exchange Act, Section 10 (b) and Rule 10b-5, by making false representations about the confidential nature of their data estimates to clients of the trading companies that App Annie knew they were relying on. data to make investment decisions. The SEC also found that although App Annie told trading companies that it had adequate internal policies, Schmitt did not ask anyone at App Annie to document and implement an internal policy restricting the use of data from SOEs up to April 2017, and even when the policy was documented (which only excluded some public data), Schmitt and App Annie did not take action to implement the policy. According to the SEC order, it wasn’t until June 2018, when App Annie learned of the SEC’s investigation, that she changed the policy to exclude all state-owned company data from its generation process. estimates and took steps to implement the process she described to clients. .

App Annie and Schmitt agreed to a ceasefire taking effect requiring App Annie to pay a civil fine of $ 10 million and Schmitt a civil fine of $ 300,000. The ordinance also prohibits Schmitt from serving as an officer or director of a public company for three years.

Take away food

While the SEC’s focus on alternative data is not new and has been the subject of reviews by registered investment advisers for a number of years now, it is the first enforcement action. involving an alternative data provider. This enforcement action indicates that the SEC will not hesitate to take an aggressive approach against companies that provide alternative trade-related data, even if the company itself does not engage in the trade.

The willingness of the SEC to charge an entity and an individual with fraud even if they have not dealt in securities, have not dealt in securities or even participated in the securities industry raises questions under the “related to” element of section 10 (b) and rule 10b -5.3 But the SEC might consider this case backed by precedent. In United States v. O’Hagan,4 the Supreme Court, upholding the theory of insider trading hijacking, held that the facts satisfied the element “relating to” because the information in question, a business merger, normally derived its value from its usefulness in securities trading.5 Here too, the SEC order explains that interviewees touted to clients how useful the alternative data in question would be for securities trading purposes. Likewise, in SEC c. Zanford, the Supreme Court found that a fraudulent scheme was “in connection with” a sale of securities and therefore violated Rule 10b-5.6 There, a broker stole the proceeds from the sale of securities from his client’s account. Although the fraud itself did not involve an actual securities transaction, the conduct coincided with the sale of securities, thereby satisfying the requirement for.

Data providers should consider the following when providing data for sale to the trading companies on which their investment decisions are based:

  • Data providers must implement, maintain and modify as necessary the policies and procedures surrounding the use of MNPI. These controls should take full account of any consent or confidentiality agreement with the companies that provide their data for these purposes. If a company states that it aggregates and anonymizes its data before selling it to commercial companies, the process for doing so should be properly documented and periodically reviewed / amended so that the policy is followed and up to date with respect to any changes. in the legal obligations of the company.
  • When selling non-public data to securities companies, data providers should confirm that the data is aggregated and anonymized in accordance with documented policies and that the company is in full compliance with all relevant securities laws. Any disclosures or statements that data providers make to securities companies about the data sold must be accurate so that there is no breach of the obligations of the companies providing the data.

Investment advisers and brokers who enter into contracts with other data providers should develop and maintain sufficient policies and procedures to prevent the misuse of MNPI in connection with such agreements. No one size fits all. But these procedures should focus on obtaining adequate statements that the data provided complies with consent, on due diligence when onboarding these data providers, and on the ongoing monitoring of these relationships. While App Annie has not implicated any charges against securities firms, we expect the SEC to continue to focus on whether investment advisers and brokers develop and maintain policies and procedures. procedures for alternative data reasonably suited to the actual use of such data by companies.

1 In the Matter of App Annie Inc. and Bertrand Schmitt, Administrative Proceeding File No. 3-20549, Litigation Release No. 93975 (Securities and Exchange Commission, Sept. 14, 2021)
2 Username.
3 SEC Commissioner Hester Peirce in a Twitter post said she objected to approval of the settlement on these grounds. https://twitter.com/HesterPeirce/status/1437862378713096197.
4 521 US 642 (1997).
5 Identifier. to 657.
6 535 US 813 (2002).