Monday, December 16, 2013

Crowdfunding Intermediaries' Duty to Protect Against Fraud

I have been pondering one of the provisions in the SEC's proposed crowdfunding rules, and I have decided that it's extremely dangerous to crowdfunding intermediaries.

Reducing the Risk of Fraud: The Statutory Requirement

Section 4A(a)(5) of the Securities Act, added by the JOBS Act, requires crowdfunding intermediaries (brokers and funding portals) to take steps to reduce the risk of fraud with respect to crowdfunding transactions. The SEC is given rulemaking authority to specify the required steps, although the statute specifically requires "a background and securities enforcement regulatory history check" on crowdfunding issuer's officers and directors and shareholders holding more than 20% of the issuer's outstanding equity.

Proposed Rule 301

Proposed Rule 301 of the crowdfunding regulation implements this requirement.

A couple of the requirements of Rule 301 don't really relate to fraud, even though the section is captioned "Measures to reduce risk of fraud." Rule 301(a) requires the intermediary to have a reasonable basis for believing that the issuer is in compliance with the statutory requirements and the related rules. Rule 301(b) requires the intermediary to have a reasonable basis for believing that the issuer has means to keep accurate records of the holders of the securities it's selling. Neither of these requirements is particularly onerous because, in each case, the intermediary may rely on the issuer's representations unless the intermediary has reason to doubt those representations.

Rule 301(c)(2) enforces the background check requirement, as well as the "bad actor" disqualifications in Rule 503. The intermediary must not allow any issuer to use its crowdfunding platform unless the intermediary has a reasonable basis for believing that the issuer, its officers and directors, and its 20% equity holders are not disqualified by Rule 503.  To satisfy this requirement, the intermediary "must, at a minimum, conduct a background and securities enforcement regulatory history check" on each such person.

The Problematic Provision

The part of Rule 301 that really troubles me is the final requirement, in Rule 301(c)(2). The intermediary must deny issuers access to its platform if the intermediary "[b]elieves that the issuer or the offering presents the potential for fraud or otherwise raises concerns regarding investor protection." If an intermediary becomes aware of such information after its has already granted access to the issuer, the intermediary "must promptly remove the offering from its platform, cancel the offering, and return (or, for funding portals, direct the return of) any funds that have been committed by investors in the offering."

If this was all the regulation said, it would make sense: an intermediary can't let known or suspected bad actors use its platform. But that's not all it says. Rule 301(c)(2) adds this little nugget:

"In satisfying this requirement, an intermediary must deny access if it believes that it is unable to adequately or effectively assess the risk of fraud of the issuer or its potential offering."

It's one thing to say an intermediary should shut down the issuer if it's aware of problems or if there are red flags that should reasonably cause concern. But this last provision requires the intermediary to refuse access to the issuer unless it can affirmatively determine that the issuer poses no risk of fraud. And, of course, the only way to "adequately or effectively assess the risk of fraud" is through a full investigation of the issuer and its principals. The cost of fully investigating every issuer on the platform would be prohibitive, and certainly too much for the returns likely to be generated by hosting offerings of less than $1 million.

Intermediaries should be required to deny their platforms to issuers who they know pose a risk of fraud and intermediaries should be required to pursue any red flags that arise. But that should be it. Crowdfunding intermediaries should not be insurers against fraud, which is what this provision is trying to make them.

http://lawprofessors.typepad.com/business_law/2013/12/crowdfunding.html

C. Steven Bradford, Financial Markets, Securities Regulation | Permalink

Comments

Professor Bradford,

I do not follow your analysis to your conclusion. When I read the requirement that intermediaries must deny access if the intermediary "believes that it is unable to adequately or effectively assess the risk of fraud of the issuer or its potential offering," that is limited to situations where the intermediary is unable to obtain results from the required background/securities regulatory check or the issuer does not have sufficient operating history to know if it is a legitimate company. The requirement does not seem to create an obligation to affirmatively determine the issuer poses no risk of fraud, but just to "adequately or effectively" assess the risk of fraud.

For example, intermediaries may not be able to conduct background checks on foreign nationals managing U.S. companies because of the privacy rules of the country of citizenship. This would mean the intermediary could not assess the risk of fraud. More problematically, persons with common names will trigger false positives due to the prior malfeasance of persons with the same name.

In the end, the requirement for intermediaries is a "reasonable basis." Full scale investigations are just not reasonable in this context and go beyond what is necessary to "adequately and effectively" assess the risk of fraud.

Posted by: Andrew | Jan 13, 2014 10:29:00 AM

Andrew,

Nothing in proposed Rule 301(c)(2) limits its application to situations where the intermediary is unable to obtain results from the background checks or the issuer does not have enough operating history for the intermediary to know if it's a legitimate company. If the rule said that, it would be less pernicious, although many of the startup companies using the rule aren't going to have sufficient operating history.

Denial of access is not required just when, to quote your post, "the intermediary could not assess the risk of fraud." It applies when the intermediary cannot "adequately or effectively assess the risk of fraud." The only way to adequately assess the risk of whether an issuer or offering is fraudulent is by investigating that offering. A background check doesn't allow one to adequately assess that risk; people without regulatory history engage in fraud all the time.

I suspect the SEC intended your interpretation. If so, they should reword the rule to plainly say that.

Posted by: Steve Bradford | Jan 13, 2014 11:04:23 AM

Post a comment