While Title IV of The Jobs Act (Reg A+), the amended and expanded securities regulation, changed in mid-2015, organizations have been slow to change their processes until there was a clear understanding of how to use these new funding tools and stay in compliance.
The Industry now has comfort with these new financing efficiencies – that now allow accredited and non-accredited investors to fund startup businesses. And, Internet criminals now understand that this has opened a ripe area to exploit.
“Anytime you have financial transactions with meaningful sums of money being transferred from individuals to small businesses, you will see an attraction by Internet criminals,” states RPost CEO Zafar Khan. RPost is a worldwide leader in cyber security for electronic communications. “We have seen Internet criminals lure closing funds in the midst of residential real estate transactions as both parties to the transaction err to far towards communications simplicity versus security. We see the same dynamic with SEC exempt offerings and individual investors.”
Today’s efficiencies are a big change from the past regulation, or Regulation A under the Securities Act of 1933, which only allowed those who made over $200,000 a year or who could verify $1 million in assets to invest in startup companies. The change has been great news for small businesses and investors alike. Accredited investors only make up a tiny fraction of the population and this obviously limited small businesses from growing capital or continuing research and development. The new Regulation A+ offering language allows startups to raise up to $20 million in the first tier and $50 million in Tier 2 from either kind of investor. This has created a sea change in the industry.
If you are a small business, a regulation A+ offering permits your core customers or fans to fund your business and functions more like a traditional fundraising practice. The rules have been described as a democratization of investing. However, there is another side to Regulation A+ that all offerors and investors need to be aware of: new cyber-security risk.
One dangerous avenue for risk here is the flow of personal information on contracts, documents and share purchase agreements; and the flow of investment funds using wire transfers. Many of the offers using Reg A+ are from small businesses and the principals of these businesses may not appreciate today’s sophistication in Internet crimes, particularly what the FBI calls “ Business Email Compromise” attacks, also referred to as “Whaling Attacks”. Here, the Internet criminal intercepts communications between offeror and investor and transposes wire funding instructions so the investor funds are routed to foreign accounts of the Internet criminal. Too often, however, it is not detected; until it is too late.
Whether the Internet criminals eavesdrop on un-encrypted email to gather personal information for use with identity theft, or for use to lure wire transfer funds, with so much personal information passing between offeror and investor by email, ending in a financial transaction, this is a ripe target area.
If an offeror does not comply with the securities rules, there are consequences and perhaps the investor has an opportunity to have their investment returned to them. If an Internet criminal siphons off the investor funds before they reach the offeror, there is no redemption possibility– there is consequence of lost investment for the offeror and lost money for the investor, with neither able to recover.
Offerors that do not use email encryption put their clients and business at risk. Investors who do not insist that the offerors encrypt these communications, put themselves at risk. Registered Investment Advisors (RIAs) that bring these opportunities to their investors put their clients at risk without adequate information protection.
What all need is simple-enough to use email encryption that can work for both small businesses and for individuals…services that can run within both Microsoft Outlook and Gmail alike.
Offerors, Investors, and RIAs should use an encrypted email system that does not store messages on third party servers and are not file sharing services masquerading as email encryption services that make recipients “register” to retrieve a document. Offerors, Investors, and RIAs need security with simplicity – they need email encryption that makes it easy – to use. If it is easy, people will use it, and investor transactions in the private markets can be protected.
RPost offers its RMail email encryption product that provides small businesses a simple-to-use secure way to send electronic messages and documents encrypted. RMail installs into Microsoft Outlook and Gmail in minutes, and the recipient never needs anything on their end. RMail is a simple, manageable, and cost-effective way to protect private investor correspondence. RPost is regarded as the leader in secure and certified electronic messaging.