The US Securities and Exchange Commission (SEC) announced Wednesday it charged three former Netflix employees and two of their contacts with insider trading that resulted in a net profit of over US$3 million.
Netflix's internal culture and policies have long been the stuff of intrigue and reflection. Founder Reed Hastings waxed lyrical about it in his book, No Rules Rules, with the tagline "Trust your team. Be radically honest. And never, ever try to please your boss."
Netflix's belief in openness, transparency, and personal accountability among its staff sees it share financial results internally before the numbers are revealed to the market.
In his book, Hastings says of the policy:
The financial world sees this as reckless. But the information has never been leaked. When it does one day leak (I imagine it will), we won’t overreact. We’ll just deal with that one case and continue with transparency.
It looks like that day has come.
According to the SEC complaint, software engineer and Netflix employee Sung Mo "Jay" Jun tipped off his brother, Joon Mo Jun, and a close friend, Jun Woo Chon, to non-public information about Netflix's subscriber base ahead of quarterly earning announcements.
Jun spent the years 2013–2017 at the company, and after leaving allegedly relied on a former colleague and mentee, Ayden Lee, to deliver financial data between 2017 and 2019. Jun shared that information with others, and traded Netflix shares with his insider knowledge.
In July 2019, yet another colleague, Jae Hyeon Bae, was accused of tipping Jun off about Q2 2019 subscriber growth.
The SEC claims the crew traded ahead of 13 earnings announcements and cash kickbacks were involved. According to court documents [PDF], Chon paid Sung Mo Jun US$60,000 from the profits. Bae and Lee allegedly gave away the information for free.
Encrypted messaging apps were allegedly used to communicate about the trading to avoid getting caught.
That tactic didn't stop the SEC Market Abuse Unit's Analysis and Detection Center using data analysis tools to identify traders who were too successful to be relying on their own strategy and good luck.
It didn't help that Chon and Joon Jun allegedly placed trades minutes apart for identical Netflix options contracts on several occasions.
"This case reflects our continued use of sophisticated analytical tools to detect, unravel and halt pernicious insider trading schemes that involve multiple tippers, traders, and market events," said Joseph Sansone, chief of the SEC's Market Abuse Unit in a canned statement.
Jun, his brother, his friend, and his two former colleagues were all charged by the SEC for violating anti-fraud provisions. The defendants have waived their right to a trial and agreed to a civil judgment, with court-determined penalties. Sung Mo Jun, who lies at the center of the alleged crimes, has also agreed to a bar on him serving as a corporate officer or director.
Four of the five were also charged criminally in federal court in Seattle with three counts of insider trading, to which they've pleaded guilty.
- Ex Netflix IT ops boss pocketed $500k+ in bribes before awarding millions in tech contracts
- DaaS-appearing trick: Netflix teases desktops-as-a-service product
- Netflix reveals massive migration to new mix of microservices, asynchronous workflows and serverless functions
A busy week for the SEC
In other news of financial shenanigans, the SEC also announced a US$1 million settlement with London-based purveyor of standardized tests, Pearson, over misleading investors about cyber intrusions.
In 2018, cyber criminals stole millions of student records that included birthdates and email addresses as well as 13,000 school district and university customer log-in credentials.
The SEC's order says Pearson made misleading statements and omitted information. The list of things Pearson allegedly "forgot" to say, or said incorrectly, is quite lengthy and includes:
- Referring to a "hypothetical leak" in a July 2019 semi-annual report, when in reality it had actually happened;
- Saying the data breach may include birthdates and emails, when the company knew for a fact it had;
- Claiming the company instituted "strict protections" when it went an entire six months from notification to patch critical vulnerabilities in the system.
- Omitted in media statements that millions of student data, usernames and hashed passwords were included in the data breach.
The order also concluded Pearson did not have proper disclosure controls and procedures in the first place. And finally that its user base — which mostly does not have a choice in using the product in the first place as the contracts largely lie with education entities — was not adequately informed of the breach.
"As the order finds, Pearson opted not to disclose this breach to investors until it was contacted by the media, and even then Pearson understated the nature and scope of the incident, and overstated the company's data protections," said Kristina Littman, Chief of the SEC Enforcement Division's Cyber Unit in a canned statement.
Without admitting or denying the SEC's findings, Pearson agreed to the financial penalty and a cease-and-desist agreement. The leak impacted operations other than the Pearson VUE business that administers certification exams for many tech vendors. ®