The U.S. Securities and Exchange Commission (SEC) has recently taken legal action against a prominent electronic trading firm. The implications of this lawsuit are far-reaching, with securities lawyers interpreting it as a stern warning to all firms about the importance of safeguarding material nonpublic information.

This lawsuit alleges that the firm, Virtu, did not implement sufficient security measures to protect a database filled with sensitive customer information, although it had repeatedly told customers that their data was safeguarded by information barriers and a systemic separation between business groups. This database, according to the SEC, contained material nonpublic information, which if misused, could lead to significant market manipulation.

According to the SEC complaint, Virtu used a database without proper safeguards and accessible to virtually all of its employees. This lack of security measures is viewed as a serious oversight by the SEC and forms the basis of their legal action. 

In particular, the SEC alleges that the firm breached Section 15(g) of the Securities Exchange Act (SEA) of 1934. This section mandates brokers and dealers to create, uphold, and implement rules and regulations to avoid the inappropriate use of significant confidential information. Furthermore, the SEC accused Virtu of contravening the anti-fraud stipulations of the Securities Act of 1933.

Virtu has denied the allegations, stating that the SEC’s position appears to be driven by politics and headlines rather than the facts and the law. “Therefore, under these circumstances, we look forward to vigorously defending ourselves in court against these meritless allegations while maintaining our focus on serving clients and markets globally and creating long-term value for our shareholders,” Virtu Chief Executive Officer Douglas Cifu said in a statement.

Wider Implications for Other Firms

Securities lawyers have been quick to interpret this lawsuit as a clear warning to other firms in the industry, as the SEC took more aggressive action against Virtu than expected. They argue that the lawsuit underlines the importance of robust security measures in protecting sensitive customer information and preventing the misuse of material nonpublic information. 

According to a Sidley Austin partner, Stephen Cohen, a 15(g) against a firm usually occurs when there are instances of insider training, and in this case the SEC did not allege insider trading but rather a “theoretical misuse of customer order information.” David Adams, a member at Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, said the SEC seems to have acted more aggressively in this case, as the agency typically only brings enforcement action or initiate a civil complaint in cases where firms make trades based on private customer information.

This lawsuit serves as a stark reminder to all firms about the potential consequences of failing to safeguard customer information. Companies are being advised to review their data protection policies thoroughly and ensure they are in compliance with all relevant regulations. Failure to do so could result in similar legal action from the SEC.