Published 26-May-2023 by Susannah Hammond, Theta Lake.
When is a rocket ship not a rocket ship? When it is cited in a legal case alleging a firm and its control person violated U.S. securities laws by offering for sale to the public certain non-fungible tokens (NFTs) without filing the required registration statement with the Securities and Exchange Commission (SEC). The use of emojis was specifically cited by a judge in his ruling against the defendant’s motion to dismiss the case. The judge cited there was an expectation of profit by the purchasers of the NFTs, one of the several requirements in defining an investment contract (known as the Howey Test). Although the literal word “profit” was not used in any of the organization’s tweets, the “rocket ship” emoji, “stock chart” emoji, and “money bags” emoji were all included and, objectively, mean one thing: the expectation of a financial return on investment. The SEC was not a party in the case as it involved a group of potentially harmed investors in a civil class-action case seeking damages from the issuer. The judge’s ruling, as he put it, was a “close call” but he allowed the case to move forward. The case, despite being far from settled, highlights the compliance and legal challenges and uncertainty around the use of emojis.
In the United States, the Securities Act prohibits persons from offering, selling, or delivering by means of interstate commerce any security unless a registration statement has been filed with the SEC. The Securities Act’s definition of a security is broad and includes an investment contract within the definition. The Howey Test refers to the U.S. Supreme Court case for determining whether a transaction qualifies as an “investment contract” and therefore would be considered a security and subject to disclosure and registration requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934. Under the Howey Test, an investment contract exists if there is an “investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others”. As in this instance, the Howey Test is important for blockchain and digital asset projects as certain cryptocurrencies and initial coin offerings (ICOs) may be found to meet the definition of an “investment contract” under the Howey Test. There are four criteria to determine whether an investment contract exists. An investment contract is:
- An investment of money
- In a common enterprise
- With the expectation of profit (in this instance as illustrated by emojis)
- To be derived from the efforts of others
The judge’s conclusion that what the organization offered was an investment contract under Howey was said to be ‘narrow’; it was made clear that not all NFTs offered or sold by a company will necessarily constitute a security, and each scheme must be assessed on a case-by-case basis.
Emojis are a form of communication
Emojis are an inherent part of modern communications, but they must, in a business context, be treated with the same care as every other form of communication or messaging. The use of emojis to illustrate or emphasize a point is commonplace and organizations need to be aware that the same rules apply to communication by emoji as with all other communications. That brings the risks associated with communications with the public in terms of misleading content, investor protection, dissemination of potentially material non-public information as well as the challenges of capturing (preserving and being able to retrieve) the full context of an emoji-laden conversation. Equally, there are potential issues with emojis being used overly casually within a firm with the potential for collusion, misconduct and other socially unacceptable behavior. Firms need to ensure that emojis are expressly covered in not only the suite of preventive and detective controls in place as part of the governance framework but also in the guidance given to employees on all forms of communication. Prevention is better than cure and the best method of prevention is often education. Regular training on the regulatory and compliance expectations around all forms of communication (emojis expressly included) is a good way to keep the message fresh and provide an audit trail. The example of emojis being cited in a legal case leading to the conclusion that an offering was in breach of securities law would make an excellent example for any training program. A potential challenge for firms is the ability to robustly capture emojis (and GIF, edits, reactions and deletions) in their original context so that the meaning of any communication is apparent on both retrieval and surveillance. Most firms have solutions which can capture emails. Less common is the capability to capture all elements and combinations of communications, though that is having to change fast as unified communications platforms cement their place as part of the working infrastructure of organizations. It is that comprehensive level of capture, preservation and retrieval which is essential as part of a modern, risk-aware approach to governance, risk and compliance.
AI can help
The next element for firms to consider is surveillance. Any approach to surveillance has to be built upon the upfront and comprehensive capture of all elements of communications. That said, the practical reality is that the sheer magnitude of communications outstrips the capacity of compliance officers to manually review conversations. The scale and complexity of actively and comprehensively detecting unique and growing risks has prompted organizations to turn to technology including AI to help. The use of AI enables vast volumes of communications to be analyzed. Critically, it also enables organizations to detect risks and breaches at scale, provides alerts at significant speed and can help prioritize what to review. It is this capability that has risk and compliance functions exploring the possibilities and benefits of artificial intelligence (AI), machine learning (ML) and natural language processing (NLP). There are a range of options for consideration as compliance functions refine and develop their use of AI. The applicability of the options will depend on the nature of the business undertaken but in terms of evolution many firms are likely to be working towards the use of industry specific detections to increase line of sight to potential risks. The deployment of purpose-built, pre-trained AI-based risk detections which focus on specific conduct, compliance, or security risks has many potential benefits. The models can be trained to detect specific confidential or personal information including account numbers, email addresses, and birthdates, sensitive documents like customer lists or applications that are shown such as trading screens, HR or finance systems. These targeted detections use high-quality expert sources and domain expertise, which means that the burden does not fall to individual organizations to train the AI models or verify the results. Specifically, it is AI’s ability to understand specific risks in context that reduces both the number of false positives or alerts, as well as risks that would otherwise be missed because audio or transcript are unclear. Context is all important. Well-trained AI can use captured emojis and other elements of communications to take a full context view of a communication. With the right solution, the use of AI enables organizations to find the risks across its communications at speed as well as benefiting from significant efficiencies and cost savings. For all the use of emojis triggered an element of the Howey Test, they are just another form of communication which firms need to ensure is within their organization-wide strategic approach to data management.
Produced by Thomson Reuters Accelus Regulatory Intelligence 30-May-2023