The multibillion-dollar market for alternative data has exploded in recent years among investment advisers that use the data to inform trading decisions. There is an endless array of alternative data sources—including satellite imagery, geolocation data, and social media; even golf courses have found a way to collect, aggregate, and monetize their data.
The Securities and Exchange Commission has taken notice.
In a first-of-its-kind action, the SEC on Sept. 14 announced that App Annie—one of the most commonly used alternative data vendors—agreed to pay $10 million to settle allegations that it and its founder committed securities fraud for material misrepresentations made to the corporate clients whose data App Annie collected and to the fund managers that licensed this data.
App Annie was not charged with insider trading, but the SEC order acknowledged that the data products at issue had the potential to contain material non-public information (MNPI).
This action highlights the critical importance of conducting thorough vendor diligence commensurate with the risks associated with these data products. It also demonstrates the aggressive approach that this SEC, under Chair Gary Gensler, will take in pushing the boundaries of its securities enforcement mandate.
Aggressive Use of Section 10(b)
The SEC’s hook for the securities fraud charges against App Annie was the fact that its data product—which includes app downloads, revenue figures and usage metrics—was sold to investment firms to inform trading decisions. The SEC’s charges were premised on the notion that material misrepresentations related to alternative data products are sufficiently “in connection with” the purchase or sale of securities under Section 10(b) of the Securities Exchange Act of 1934.
Specifically, the SEC concluded that App Annie, in statements to its fund manager clients, had misrepresented the nature of the information it had gathered from its corporate clients and had manipulated this data in a manner inconsistent with its disclosures.
The aggressive application of Section 10(b) raises the stakes for any misrepresentations in connection with these data products, whether by vendors or consumers, including fund managers.
Although this is the first enforcement action by the SEC regarding alternative data, recent SEC exams have intensely focused on how fund managers use alternative data in their investment research process.
The examination staff has probed the vendor diligence that advisers conduct, whereby advisers seek assurances that the data does not contain MNPI obtained in breach of a duty. Similarly, the staff has asked targeted questions about whether data contains personal information obtained in violation of various privacy laws.
In addition to insider trading and other securities fraud risks, private fund managers that acquire alternative data have to consider their obligations under the Investment Advisers Acts of 1940 (Advisers Act), including the requirement that firms have policies and procedures in place to prevent violations of the Advisers Act (17 CFR § 275.206(4)-7) and to prevent the misuse of MNPI (Section 204A of the Advisers Act).
To address these risks, many fund managers subject alternative data vendors to robust diligence. The most common diligence efforts focus on reviewing the so-called “chain of consent”—pushing vendors to show the consents they receive from all sources in the “data chain.”
Key Lessons for Fund Managers
Even though the charges were against a data vendor, the action nonetheless has important lessons for fund managers.
Policies and Procedures
Firms should craft their policies and procedures to be proportionate to the operative risks that alternative data sets pose. It is often useful to clearly delineate the roles and responsibilities of compliance personnel, on the one hand, and investment professionals and data scientists, on the other.
It is not enough to rely solely on contractual representations in data licensing agreements. Managers should conduct diligence of the vendors consistent with the relevant risks before receiving data sets (including sample data sets) that present a risk of MNPI or personal information.
Documentation of this process must demonstrate that the manager understood the data and its sources before approving it, including, as appropriate, evidence that the data was collected consistent with applicable law and without any breach of duty. Vendors that cannot satisfy a manager’s diligence process should not be approved.
The need for diligence doesn’t end with onboarding a vendor—the frequency of diligence can be tailored to the specific risks presented by the vendor and the data products. Ongoing monitoring can identify negative news, enforcement actions and civil litigation that may require additional diligence.
Although much of the vetting is performed by legal and compliance personnel, investment professionals and data scientists are important partners, particularly given they often identify the data sets for acquisition and interface with vendor representatives. Training is a useful way to sensitize these individuals to the compliance risks.
Fund managers that use alternative data should consider whether they are making appropriate disclosures to investors about those risks in offering documents and in their Form ADV.
Lack of Guidance on Web Scraped Data
The SEC’s order did not address public or quasi-public data collected through automation, such as web scraping, for use in data products. App Annie’s updates to its public disclosures acknowledge its use of automated methods to collect data from various sources, but do not offer details about such practices.
This action marks a new stage in the SEC’s increasing focus on alternative data—one likely to include continued examination focus and additional enforcement activity.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Marc E. Elovitz is co-managing partner of Schulte Roth & Zabel and serves as chair of the Investment Management Regulatory & Compliance group.
Kelly Koscuiszka is a partner with Schulte Roth & Zabel in the Investment Management Regulatory & Compliance group.
Craig Warkol is a partner with Schulte Roth & Zabel and the co-chair of its Securities Enforcement practice.
Edward H. Sadtler, a partner and head of the firm’s Intellectual Property, Sourcing & Technology group, along with Charles J. Clark, a partner and co-chair of the firm’s Securities Enforcement practice, contributed to this article.