(Bloomberg View) -- Hacking insider trading!
If you can hack into a big company's computers, what should you do with that power? There are some obvious options. If the company has money, maybe you can steal its money. If it has customers, you can steal their information, and then use that information to try to steal their money, or at least send them spammy emails. Or if it is a public company, maybe you can snoop into its financial information and business plans and try to insider trade on what you find. These are all good options, in the sense that you could imagine scenarios in which they would be lucrative. But they are also all terrible options in the sense that they are blatantly illegal.
But here are a blog post and related a paper -- "Informed Trading and Cybersecurity Breaches," by Joshua Mitts and Eric Talley of Columbia -- discussing a different approach, which is that you could just trade on the fact that you could hack into the computers. Then you can disclose the hack and hope that the company's stock will go down. Cybersecurity breaches tend to be bad news. This approach is ... look, I have my doubts about how lucrative it is; cybersecurity breaches tend not to be such bad news ... but it has the advantage of not being blatantly illegal. Of being legal? I mean, that is not legal advice, but here are Mitts and Talley:
Under current securities law, however, several instantiations of informed cyber-trading would likely be permissible. To be sure, it is almost certainly unlawful for parties to conspire to steal proprietary information from a firm, or to spread false information about a cybersecurity risk in order to manipulate stock prices. That said, if such parties were simply to use publicly available investigatory tools to discover, trade upon, and then expose bona fide cybersecurity vulnerabilities (as Muddy Waters and MedSec were alleged to have done), they would face little scrutiny under current law. They would not run afoul of received insider trading theories, which generally require the breach of a confidential or fiduciary relationship.
The Muddy Waters reference is to when Muddy Waters teamed up with a group of hackers to short the stock of St. Jude Medical because, they alleged, they had discovered a vulnerability in St. Jude's pacemakers. Hacking into pacemakers to kill people: definitely illegal. Hacking into pacemakers (I mean, pacemakers that you own, in a controlled environment) to announce to the world that you can hack into pacemakers and make profits on your pacemaker-company short positions: probably fine, why not.
Mitts and Talley's paper also includes an empirical analysis finding that people trade an unusual quantity of put options just before cybersecurity breaches are announced, which, sure, I guess. Nothing would make me happier than to believe that there is a ring of hackers who are constantly breaking into public companies' computers, buying puts on those companies' stocks, and then waiting for the hack to be revealed and the puts to pay off, but I am not sure I can quite picture it.
But they also have normative recommendations, which are basically that if this isn't already illegal maybe it should be:
Normatively, the debate over how (or whether) securities law should regulate informed trading activities is a complex one, trading off pricing efficiency, liquidity and allocational efficiency concerns. Informed cyber-trading shares many of these traits; but it also tees up other efficiency concerns that are contextually unique. If significant arbitrage profits from advance knowledge of cybersecurity risks were wholly undeterred, several investment decisions would likely follow, both by “hackers” (including cybersecurity firms) attempting to expose vulnerabilities and introduce costs that would not otherwise come to light; and by the issuers themselves, who would undertake costly efforts to frustrate (or divert) hackers' attentions. Such expenditures represent real economic costs that are not generically present in standard information trading contexts. Consequently, such settings plausibly justify enhanced regulatory oversight of / liability exposure for informed cyber-trading.
My general view is that the purpose of financial markets is to find stuff out about companies and then incorporate that stuff in the price, which puts me mostly on one side of "the debate over how (or whether) securities law should regulate informed trading activities." It is tempting to take the same side here. I mean sure a world without profiteering hackers would be better than one with them, but if you have to have profiteering hackers, you might as well channel them into relatively harmless activities. If hackers who break into public companies' computers profit by buying put options and then announcing their hacks, that seems ... less bad than any of the other ways they could profit? The fact that hacking into a pacemaker, shorting the manufacturer's stock, and then announcing your findings is legal, while hacking into a pacemaker and killing its wearer is not, is not some sort of technical loophole in the law. It's much better if the pacemaker hackers announce their findings than if they use them for murder!
Wynn.
Last week the Wall Street Journal reported allegations of "a decades-long pattern of sexual misconduct" by Steve Wynn, the founder and chief executive officer of Wynn Resorts Ltd. Subsequently both Bloomberg News and the Journal have written about how the allegations make Wynn Resorts' board of directors look bad for failing to supervise Steve Wynn, and about how even before these allegations the board got a lot of criticism for overpaying and being too deferential to him. "The Wynn board may be the most compliant board of any major public company," said Steve Wynn's ex-wife Elaine in a court filing last year, and she meant compliant with Steve Wynn. Wynn has an "overall corporate governance profile that ranks among the worst, not the best, of U.S. companies," said Institutional Shareholder Services in 2015. The sexual misconduct allegations do not help:
“A board's governance committee, auditing committee should have been looking at him,” said Jeffrey Sonnenfeld, senior associate dean for leadership studies at the Yale School of Management. “If they didn't know this, how come they didn't?”
It sometimes seems like corporate governance theory misses a critical but informal issue, which is that there are two different kinds of public company. One is a classic public company with hired bureaucrat-managers, and the other is ... well, let me put it this way, it's not a coincidence that Wynn Resorts Ltd. and Steve Wynn share a name, and that Wynn the company's logo is Wynn the person's signature. The basic divide is that the shareholders own a classic public company and hire a manager to manage it for them, while the manager owns the second kind of company and finds shareholders to fund it for him.
This is a fuzzy and informal distinction; corporate and securities law, and the companies' governing documents, tend not to recognize it. I mean, sometimes the distinction is expressed very directly in legal documents and securities disclosures. Facebook Inc., for instance, goes out of its way to tell shareholders that Mark Zuckerberg is the boss, by, for instance, giving him super-voting shares, and by trying to make his shares even-super-voting-er when he worried he might run out of votes. But Wynn the company doesn't have super-voting stock or non-voting stock or other special protections, and Wynn the person doesn't have a majority stake. It just has a culture where Wynn the person is in charge, where the board is made up of his friends and supporters, and where he is protected from activist investors and boardroom coups and even just basic human-resources standards not by formal voting rights but by the fact that his name is on the door.
It is also, by the way, a culture that he had reason to cultivate: "Wynn lost control of his previous company, Mirage Resorts, after shareholder criticism of his spending on art and hotel construction hurt the stock, giving rival Kirk Kerkorian an opening to acquire it with an unsolicited offer." You put your name on the next one!
Elsewhere in Wynn and governance, Wynn Resorts is "is the only firm that has publicly expressed an interest in listing on IEX, the heroes of Michael Lewis's 2014 best-seller 'Flash Boys.'" We have talked a few times about my theory, which IEX seems to maybe partly share, that IEX should differentiate itself in the listings business by having higher governance standards than its competitor exchanges, so that it can market an IEX listing as a commitment to long-term value. I am not sure that they will want to start with Wynn, though.
Not this again come on.
The Securities and Exchange Commission has some rules that provide that, if you do certain sorts of bad stuff, you can no longer do certain sorts of private placements of securities either for yourself or for your customers. There is an obvious intuitive appeal to these rules: Serial securities hucksters often make use of private placements to stay below the SEC's radar, and the SEC wants to keep known hucksters -- the rule calls them "bad actors" -- out of those markets.
But the rules make no real sense for big banks. Sometimes a few employees in a big bank's, say, metals-trading division will do some bad stuff. For instance they might enter spoof orders to buy platinum that they don't really intend to buy. That is bad and they should stop and the bank should pay big fines and whatever. Maybe, if you are very tough, you might think that the bank should be banned from trading platinum for a while, or forever, or that it should be banned from trading metals generally. Maybe you are so tough that you think the bank's trading culture is irreparably broken and it should be banned from trading forever.
But that never really happens, and the rules don't provide an easy way to make it happen. Instead, there is an automatic bar from private placements. But the people who do the private placements sit really far away from the people who do the platinum trading, and the metals trading, and the trading generally, and they never talk to each other. And it would obviously be silly to catch some metals traders spoofing, to fine their bank millions of dollars, and then to say "okay sure you can keep trading metals but you are banned from doing private placements of stock." That doesn't protect investors in private placements, it doesn't protect investors in metals market, it doesn't deter bad conduct by the metals traders, and it just generally has nothing to do with anything.
And so in fact the SEC usually waives these automatic bars when big banks get caught doing bad things that have nothing to do with their private placements business. And then inevitably there is some gnashing of teeth and complaining that The Banksters Are Getting Away With Murder, and I write about it in sadness and perplexity. And here we go again:
On Monday, the Commodity Futures Trading Commission reached settlements with Deutsche Bank, HSBC and UBS Group for a type of market manipulation called spoofing. The banks collectively paid just under $47 million to settle the civil charges without admitting or denying any wrongdoing.
But while the commission and Justice Department trumpeted their crackdown on market manipulation, the settlements included language that gave all three banks an automatic waiver from the bad actor rule — drawing sharp criticism from one Securities and Exchange commissioner, a Democrat.
“I am extremely disappointed by the C.F.T.C.'s actions in this case,” the commissioner, Kara Stein, said on Thursday. “They did not consult with the S.E.C. before injecting themselves into securities markets in which they have little or no expertise. The implications of the C.F.T.C.'s actions are deeply troubling and may put U.S. investors at risk.”
Nope, that is wrong, spoofing by some Deutsche Bank metals traders won't put investors in Deutsche-Bank-run private placements at risk. More: If the automatic bar rules did not exist, there is absolutely no chance at all that Kara Stein would look at Monday's CFTC orders and say "you know the first thing we need to do is to ban these three banks from advising on private placements." Why would such a wild non sequitur occur to anyone?
Well, because the automatic bar is there. So the burden is not to explain why metals spoofing should lead to a private-placement ban, but to explain why it shouldn't. That is easy enough to explain, but you can always find objectors. But of course our financial markets are now in a Trumpian deregulatory phase, in which there is no God and everything is permitted. Perhaps the SEC will just get rid of the automatic bars -- or make them opt-in rather than opt-out -- so that I can stop writing about them.
The crypto.
Today in the Crypto Paradise police blotter, here's the story of a guy who was kidnapped at gunpoint for his ether. "It all began in a Ruby Tuesday's restaurant in Times Square," as so many of the world's great crimes do, and it ended when "the victim eventually escaped his ordeal by running into a deli." In between, there was an Uber that was revealed as a fake when "a gunman popped up from the back seat and demanded the victim hand over his phone and apartment key," and what I guess we are calling a $5 wrench attack:
The gunman also demanded the victim hand over a 24-word password to his Ledger Nano S—a device known as a hardware wallet that lets users store digital currency offline and safe from hackers (though not from kidnappers).
That is probably the scene I look forward to most in the eventual movie:
Gunman: What's the password to this thing?
Victim: It is not so much a password as a string of 24 words generated by a computer with no particular meaning.
Gunman: Fine what are the 24 words?
Victim: Sumo fetid mildew dairying frowsty rummy admonish dip useless indoxyl western bijou pasture cockles rider glycine consign humic jigsaw winnow hurtle lopsided drub roadside.
Gunman: Wait okay sumo fetid mildew daring --
Victim: Dairying, d-a-i-r-y-i-n-g.
Gunman: Sure dairying, then ...
Victim: Frowsty.
Gunman: [shoots him]
Elsewhere bitcoin keeps falling; it was below $8,000 as of 7:30 a.m. today, and while there are not many times that I wish I was an expert in technical analysis, this is one of those times. "If it breaks below the $7,350 support level it will fall all the way to zero," is the sort of thing I might say, if that was the sort of thing I said. I mean I am making up that number obviously. But if your bull case for bitcoin was that it is a good store of value, and if your evidence for that was that it spent most of 2017 rocketing up in price, then at some point its 50-plus-percent fall from its peak might undermine that thesis.
And at Tezos, activist investors in its initial coin offering are trying to replace the board of its foundation with another board, so that the project for which they bought tokens might one day eventually be launched. We ... might ... be seeing ... more of these? A lot of ICOs have raised money by selling tokens, but many fewer have actually built the systems where those tokens could be used. ("Only one in 10 digital tokens issued in ICOs is in use following their sales," Bloomberg News noted late last year.) Everyone is being very patient so far! But eventually they might start inquiring about where their money went.
When they do, they might also want to start inquiring about what sort of governance rights they got with their tokens. I suspect the answers will be disappointing. When we last talked about Tezos I was amused that its promoters characterized its investors' investments as "a non-refundable donation" rather than a "speculative investment." It makes investor activism a bit difficult.
Alternative funding mechanisms.
We talked yesterday about how Elon Musk's The Boring Company is raising $10 million of financing by selling branded flamethrowers, an unusual and quite issuer-friendly form of financing (non-dilutive, you don't have to pay it back) that is not so far off from the current craze for initial coin offerings. There are some differences. (Flamethrower activism: possibly more effective than ICO donor activism!) I said yesterday: "I doubt that the flamethrower sale is being driven by speculative frenzy, though you never know; the Boring flamethrowers are a numbered limited edition and you could imagine them becoming collectors' items." I guess that was right; here's a Boring Company flamethrower listed on eBay for $10,000 as of 7:30 a.m. today, a 1,900 percent "pop" from its issue price. If you started a flamethrower hedge fund and bought in the Initial Flamethrower Offering, you could be getting, not equity-like, but cryptocurrency-like returns.
Meanwhile: "Tesla Inc. sold $546 million of auto lease-backed bonds Thursday, giving Elon Musk a more conventional source of funds after he sold out of a batch of 20,000 flamethrowers to help pay for his proposed transportation tunnels." What a boring company Tesla is, compared to The Boring Company. I mean I am old enough to remember when asset-backed securities were riskier and more exciting than flamethrowers, but whatever. "It's got the Elon Musk magic to it," says an investor about the ABS offering, though I have trouble imagining Musk Instagramming a gleeful video of himself playing with car-lease securitization bonds.
Things happen.
Deutsche Bank Investors See No Silver Lining After Results Slump. (Earnings release, presentation, supplement.) Wall Street Is Taking On More Risk Again. Big Banks Accused of Stifling Competition in Stock Lending. The Changing Face of Shareholder Activism. Pay-ratio disclosure is coming. U.S. Regulator Floats New Way of Measuring Global Swaps Market. Charity Funds Take Off as Tax Law Reshapes Giving. Could Self-Driving Trucks Be Good for Truckers? How to Sell Embarrassing Products. Groundhog Day: Behind The Scenes With Punxsutawney Phil's 'Inner Circle.' Dogfish Head Partners With Mace to Brew a Pepper Spray Beer. Plane full of plumbers diverted due to toilet trouble.
If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Thanks!
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Matt Levine is a Bloomberg View columnist. He was an editor of Dealbreaker, an investment banker at Goldman Sachs, a mergers and acquisitions lawyer at Wachtell, Lipton, Rosen & Katz and a clerk for the U.S. Court of Appeals for the Third Circuit.
To contact the editor responsible for this story: James Greiff at jgreiff@bloomberg.net.
For more columns from Bloomberg View, visit http://www.bloomberg.com/view.
©2018 Bloomberg L.P.
Essential Business Intelligence, Sharp Market Insights, Practical Personal Finance Advice, Daily Fuel, Gold and Silver Prices and Latest Stories — On NDTV Profit.
