The Securities and Exchange Commission’s $10 million settlement this week with an analytics firm suggests regulators are taking a harder line on the data-broker industry that investors increasingly rely on to make trades, legal experts and former SEC officials say.
The SEC said Tuesday it settled securities fraud charges with App Annie Inc., which analyzes data about consumers’ mobile app usage, for misleading developers about its privacy controls. The agency said the settlement is the first such action against an alternative data provider, a firm that sells third-party information such as geolocation records or credit card transactions to investors who are trying to project companies’ performance.
U.S. securities law gives regulators leeway to police such areas if they are connected to trading. In the case of App Annie, the SEC punished a privately held company for deceptively marketing its data to investment firms, which used the information to buy or sell securities.
“That is a very broad theory of liability,” said Kelly Koscuiszka, a partner at New York law firm Schulte Roth & Zabel. “We see this as not just a precedent in terms of what actions might come against data vendors, but it really, finally gives us some insights into how the SEC thinks about the risks associated with these data products.”
The SEC didn’t respond to a request for comment.
Ms. Koscuiszka, whose clients include App Annie customers from 2014 to 2018, the period the SEC investigated, said the settlement also serves as a warning that the SEC could scrutinize how investors vet vendors that provide this kind of data.
Agency officials examining financial firms in recent years have increasingly asked about their work with alternative data providers, she said.
“I do think it places a lot more emphasis on that diligence process,” Ms. Koscuiszka said.
The alternative data industry has boomed in recent years as hedge funds and asset managers have thrown money into analyzing third-party information, hoping to gain an edge over rivals. Global spending on alternative data topped $1.7 billion last year, according to the market research firm Grand View Research, up from $433 million in 2018.
San Francisco-based App Annie collects data such as downloads, purchases and usage rates from apps. From 2014 to 2018, the SEC said, developers shared such information under the condition that App Annie anonymize and aggregate the data before releasing it to customers.
But the analytics firm broke that promise by using confidential data in a product, known as Intelligence, sold to more than 100 trading firms during the period, the SEC said.
App Annie and its former chief executive,
Bertrand Schmitt,
didn’t admit to or deny wrongdoing as part of the settlement. Mr. Schmitt must pay $300,000 to the SEC, which barred him from serving as an officer or director of a public company for three years.
SEC Chairman Gary Gensler testifies before a Senate committee
Photo:
Evelyn Hockstein/Press Pool
Mr. Schmitt said on LinkedIn Tuesday that he believed that App Annie’s data practices were above board and that the SEC had taken an expansive view of existing law.
“We had obtained legal advice on compliance procedures and even hired an in-house compliance team, but as a private company we did not understand that our level of controls around the use of confidential data in our estimates for Intelligence Reports could form the basis of an SEC action,” Mr. Schmitt said in a post. He didn’t respond to a request for comment.
App Annie said it has bolstered its data and compliance practices and appointed a new executive team since ending the alleged abuses in 2018.
Theodore Krantz,
App Annie’s chief executive, also called for more regulation of his industry’s data practices.
The settlement is the latest cybersecurity or privacy-related action by the SEC this year. In August, the regulator settled charges with several financial companies and an educational publisher over how they disclosed cyber incidents. Separately, the agency this summer sent requests for information to companies affected by a cyberattack on SolarWinds Corp. SEC Chairman
Gary Gensler
has also said that the regulator is considering new cybersecurity rules.
The SEC has run a unit dedicated to cyber-enabled fraud and associated issues for years, said Andrew Lawrence, a partner at law firm Skadden, Arps, Slate, Meagher & Flom LLP.
The broad scope of securities laws, coupled with the regulator’s authority to intervene when investors could be harmed, give it the potential to become a powerful force in shaping company practices, said Mr. Lawrence, who previously worked in the SEC enforcement division.
“There is every indication that the enforcement division is trying to move things more quickly than in the past,” he said.
Write to David Uberti at david.uberti@wsj.com and James Rundle at james.rundle@wsj.com
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8