Our columnist frets about today's 'intangible liabilities'
On the last day of June 2009, Igors Nagaicevs got to work. The 34-year-old Latvian stock trader established a small position in Build-a-Bear Workshop (BBW) in his personal trading account. BBW had traded less than 100,000 shares a day for weeks, so when he hacked into a retail brokerage account he was easily able to manipulate the firm’s price to his advantage by executing trades in the hijacked account. Before closing out the fraudulent trades, he cashed out his own holdings, reaping a neat $50 profit for the day.
The subsequent legal complaint filed by the SEC in January 2012 doesn’t state whether Nagaicevs held a long or short position in BBW, but the end result was the same. Over the next 14 months, he repeated the scheme 158 more times, manipulating prices in 104 lightly traded NYSE and National Association of Securities Dealers stocks, taking either long or short positions in his own account, then using hacked retail accounts to manipulate prices in his favor. He made more than $850,000 in illegal profits and caused more than $2 mn in losses at the hijacked accounts before the scheme was finally shut down.
IROs are used to operating in the ambiguous zone between results and expectations, risk and reward, but the current landscape is revealing new features that are increasingly challenging to navigate. Protagonists operating remotely attempt to manipulate events without ever leaving their keyboard; many are crossborder actors. Where hacks are involved, success depends on exploiting obvious and easily preventable security weaknesses in many cases.
Fast forward to 2014 when North Korea hacked the emails of Sony Pictures executives in retaliation for an upcoming movie spoofing the country’s leader. Several Sony executives lost their jobs following the leaks. In 2015 we had the Panama papers, where 11.5 mn documents, some dating back decades, were leaked to news outlets around the world detailing financial dealings of more than 214,000 separate offshore entities and attracting the attention of tax authorities and prosecutors around the world.
Which brings us to more recent times. We have presidential tweet storms assailing CEOs and sending stock prices a-twittering, a slowly unfolding drama surrounding Russian email hacks, leaks and fake news. Into this supercharged environment we now see politically energized protests targeting companies, given velocity and reach through social media. Just ask Uber chief executive Travis Kalanick, forced to resign from US President Donald Trump’s economic advisory council in blowback following Trump’s controversial immigration ban.
The line between business news and political news has blurred. Reputations, corporate and otherwise, are being assaulted out of unexpected quarters, forcing CEOs to tread carefully. The market, by definition, is transaction-driven so fraudulent trades will be discovered only after the fact – if at all. In a highfrequency world, trigger-happy trading algorithms will respond to presidential tweets before any human has time to think. Stolen emails are too sexy for news media to ignore, ensuring wide distribution. And as that wise philosopher Anonymous has rightly pointed out, ‘a lie can travel halfway around the world while the truth is putting on its shoes.’
While experienced IROs know that a reputation for honesty and integrity is the best defense against an unexpected assault, a good dose of vigilance is also required. Maybe we need a new accounting term to describe these threats. How about intangible liabilities? Oh, and the SEC never located Nagaicevs. He’s still out there.
Business and financial journalist Brad Allen is a former IRO and served as NIRI national board chair between 1996 and 1997
This article appeared in the summer 2017 issue of IR Magazine