Have we sufficiently protected our proprietary source codes?
That is the question chief compliance officers, general counsel, and technology directors at Wall Street powerhouses should know how to answer if they want to avoid the fate of Headlands Technologies LLC (HT) , a global quantitative trading firm in the midst of civil and criminal litigation involving a former employee. In 2021 HT’s research developer and quantitative trader Cheuk Fung Richard Ho, otherwise known as Richard Ho, allegedly misappropriated that company’s secret algorithmic trading sauce costing over US$1 billion to start a competing firm called One R Squared (ORS), say court records in a criminal case pending in the Attorney’s Office for the Southern District of New York (SDNY).
Ho and two of his former colleagues at HT– Wai Jia Liu and Hai-Son Le –who joined him at ORS, allegedly used HT’s formulas to conduct fraudulent trading and financially harm HT through ORS. The criminal case, started in January 2025, follows a civil suit filed by HT against Ho in June 2023 by HT in Chicago for breach of contract and misappropriation of trade secrets. Both cases are pending. HT also accuses Tower Research Capital (TRC) of colluding with Ho. However, so far no charges have been brought against TRC. Wai Jia Liu is a voluntary witness for HT in the civil case, while Hai-Son Le is a co-defendant in the criminal litigation.
Accused of one count of theft and attempted theft of trade secrets, Ho could spend up to 10 years in jail if convicted of the criminal charges. The criminal case is being handled by the Office’s Complex Fraud and Cybercrime Unit with Assistant US Attorneys Richard Bhaskaran and Ni Quan as the lead prosecutors. That case is winning greater industry attention than the civil case, because it bucks the trend of trade secret theft being addressed strictly as a civil matter. While prosecutors likely hope that a conviction against Ho will deter future perpetrators, they won’t have an easy time winning their case. Despite all the evidence against Ho, the highly technical nature of the crime might be hard to break down in layman’s terms.
Ho’s defense team could also argue that Ho was already well-versed in advanced quantitative equations prior to joining HT and that the formulas he used at ORC were the not the direct cause of any financial losses HT incurred.
The following represents the timeline of Ho’s activities: Ho joined HT in 2019; registered the domain name of One R Squared (ORS) on 2021-03-13 as OneRSq.com; and incorporated his new firm in the State of Delaware on May 6, 2021. He resigned from HT on July 6, 2021 and became a consultant to TRC in September 2021. Liu, a software developer who resigned from HT in March 2021, secretly began working for ORC the April of 2021.
In 2022 ORS was approved for an E-3 Australian visa for a software developer earning US$200,000 annually. At that time Ho listed his business address as 180 East Pearson Street, Apt 5701 in Chicago. The position was located in New York at ORS’s office on 7 World Trade Center on the 46th Floor.
On ORS’ website Ho lists “integrity, commitment to quality, and willingness to experiment” as his motto. Whether he had integrity is for a jury to decide, but he certainly had the commitment and willingness to capitalize on HT’s formulas. ORS, according to the prosecution, used the “Atoms” and “Alphas” Ho created at HT on a trade execution platform operated by TRC. The “Atoms” and “Alphas” were the formulas that make price predictions based on real-time market data to ensure best execution. Those “Atoms” and “Alphas” were predominantly written in C++ and Java programming languages which Ho translated into the C++ and Python coding languages while preserving, the structure, logic, trading insights and functionality of HT’s source code. Ho, say prosecutors, reclassified HT Atoms as “nodes” and implemented copycat versions of them throughout ORS’ code.
Prosecutors in the US Attorney’s Office for the Southern District of New York have compared HT’s intellectual property stolen to the priceless secret formula for Coca-Cola, while Ho counters that the IP is no better than a Coke bottle whose value declines over time. Therefore, by Ho’s reasoning, HT’s IP does not rise to the level of trade secrets. Whether HT’s competitor TRC, colluded with Ho in his alleged theft of HT’s trade secrets is unclear. Through ORS, Ho used TRC’s automated trading system to enhance the speed of his “pirated source code,” say prosecutors, and he was also a consultant.
Ho’s relationship with TRC didn’t begin in 2021. Ho had worked for TRC before resigning in 2015 to start his own firm called Telo Technologies, which HT declined to purchase. Instead, HT decided to hire Ho, who allegedly used the formulas he created at HT on TRC’s trading platform to front-run HT’s trades on the Chicago Mercantile Exchange (CME), Intercontinental Exchange (ICE) and other markets. The actual value of the financial damage HT incurred by Ho’s actions, by HT’s account, was in the “tens of millions of dollars monthly.”
A footnote in the civil case against Ho indicates that because TRC and HT are members of the CME, they are required to iron out any disputes through the CME’s arbitration process. The CME wouldn’t answer e-mailed questions sent by FinOps Report about the status of the arbitration, when the CME caught wind of Ho’s illegal activities, or whether Ho had shown his formulas to anyone at the CME. TRC did not respond to e-mailed questions from FinOps Report asking about the status of the CME’s arbitration and how TRC tried to prevent the receipt of HT’s trade secrets.
TRC’s tussle with HT wouldn’t be the first time TRC found itself in legal hot water. In 2021 five Korean citizens sued TRC and its Chief Executive Officer Mark Gordon alleging TRC reaped US$14 million in illegal profits by manipulating the market for Korean stock futures using a tactic called “spoofing.” The case was dismissed.
None of the courts’ documentaiton explains how HT caught wind of Ho’s alleged illegal conduct. One way the theft of trade secrets is typically discovered is through a forensic analysis of an individual’s computer after his or her departure from a firm. Another is if someone blows the whistle for either financial gain or to avoid being charged as an accomplice. The most likely scenario was for HT to have been tipped off by one of Ho’s colleagues. HT would then have contacted the Federal Bureau of Investigation (FBi), which found enough evidence to proceed with criminal charges based on possible racketeering.
HT insists it took steps to protect the confidentiality of its proprietary source code by limiting access to the code and requiring employees to sign confidentiality and non-compete agreements before they started working for the firm. HT also claims it implemented physical and network security protocols. Nonetheless, Ho was allegedly able to steal the code. It appears that a key reason he failed at permanently concealing his crime is that his employees refused to follow his order to delete their internal communications and audit trail about the origin of Ho’s source code.
The court documentation in the criminal case against Ho lists three unnamed individuals, “Engineer 1, Engineer 2, and Engineer 3” as Ho’s former colleagues who left HT for ORS. At press time, FinOps Report could not definitively identify any of them. Liu’s cooperation with HT suggest that he could be the “Engineer 1” listed in the criminal case’s documentation,but that supposition could not be independently verified. The court filing states that a someone identified as “Engineer 1” confronted Ho after realizing that a piece of code being developed at ORS resembled code from HT. “Engineer-1” also noticed the name of an Atom that he or she had written at HT. In both cases, Ho tried to cover his tracks. He changed the name of the code and implemented a different version of the code than that which was publicly available. When grilled by Engineer-1 about the similar name of an Atom, Ho claimed he took notes of ideas at HT and was good at remembering names.
The last straw for all three of Ho’s employees occurred in June 2023 after Engineer-2 shared with Engineer-1, a directory that Ho had previously refused to share with Engineer-1. There was good reason for Ho’s hesitancy. Upon reviewing an index in the directory Engineer-1 noticed the names of numerous Atoms which were previously developed at HT. That’s when all three employees– Engineer-1, Engineer-2, and Engineer-3 quit working for Ho.
Realizing that Ho might have taken trade secrets, the three engineers might have attempted to mitigate any appearance of wrongdoing.
They had good reason. As a type of intellectual property (IP) trade secrets represent a step above confidential information. Trade secrets are the hidden crown jewels of IP, which can constitute anywhere from 65 percent to as much as 90 percent of a firm’s valuation with the remainder being tangible assets. The other forms of IP include patents, trademarks and copyrights. The criteria for what can be protected under trade secret law is far broader than what can be safeguarded under a patent which requires the United States Patent and Trademark Office (USPTO) to receive detailed information about the invention in exchange for excluding others from developing it. Unlike patents which can expire in about 20 years, trade secrets have no expiration dates.
Because of the large number of patents that are invalidated, many firms decide to safeguard commercially viable information by relying on federal and state trade secret protection laws. The definition of a trade secret is outlined in the federal Defend Trade Secrets Act of 2016 (DSTA), which amended the Economic Espionage Act (EEA) of 1996 to allow a firm to file a civil action against theft of its intellectual property.
All U.S states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, also follow a version of the Uniform Trade Secrets Act (UTSA), with the exception of New York which relies on case law. Published by the Uniform Law Commission in 1979, the UTSA was amended in 1985. To receive protection under US federal and state trade secret laws, a trade secret’s owner must take “reasonable” measures to keep the information secret and must prove the data derives independent economic value from not being publicly known. The European Union’s Trade Secrets Directive, adopted in 2016, has similar provisions to U.S. federal and state regulations.
Algorithmic trading is one of numerous functions at a Wall Street firm where trade secrets might reside. Others are database designs, blueprints of inventions, tools or processes, organizational plans, business strategies, legal information and crypto-related codes. The fact that Ho was able to misappropriate HT’s trade secrets is a clear sign that HT might have failed to protect them. Unfortunately, as one trade operations manager at a Wall Street powerhouse tells FinOps Report only the largest financial firms have developed a comprehensive trade secret management program to prevent misappropriation. “Most firms operate under the premise that employees will abide by their contractual obligations which stipulate that they are obligated to safeguard confidential information,” bemoans one manager at a human resource department of a Wall Street firm. “Such contracts do not even detail the penalties involved for trade secret theft.”
It remains to be seen whether Ho’s case will affect how Wall Street protects its trade secrets. None of the chief compliance officers at the ten East Coast financial firms who spoke with FinOps Report were willing to predict. However, prominent legal experts in trade secrets law who spoke with FinOps Report, without commenting on the cases against Ho, were only too eager to point out just how an ideal trade secrets protection program should work. Deciding what constitutes a trade secret is the first critical element. “The responsibility for protecting trade secrets starts with the legal department, in consultation with IT and business groups, to understand the technology being developed,” explains Gregory Ewing, a member at the law firm of Dickinson Wright in Washington, DC. “Once that process is completed, a centralized record must be maintained and updated at least on an annual basis to avoid omitting any new developments as formulas, software and hardware applications are upgraded.” Legal departments, Ewing believes, are the best suited to make decisions on whether to classify a firm’s IP as a trade secret, patent, copyright, or trademark because they have the clearest understanding of the various litmus tests. Legal groups can subsequently oversee putting in place comprehensive protection for trade secrets. “Ideally, companies create an innovative culture that also understands that everyone must work together to protect the company’s trade secrets and other assets,” says Ewing.
Even if a firm were to categorize its trade secrets appropriately it must still have the right technological safeguards to prevent their theft. Court documentation in the criminal case against Ho indicates that on or before June 8, 2021 about a month before Ho resigned from HT, he asked one of his new colleagues to work out of Ho’s apartment in Chicago. In July 2021 while Ho still maintained access to the source code at HT, he remotely accessed HT’s systems in his colleague’s presence and launched a feature that visualizes market data. Ho, according to the court documentation, was aware that Visualizer was a specific example of HT’s confidential information. Ho told “Employee-1” that he wanted to create a similar product to the Visualizer at his new firm.
Ho’s ability to access HT’s proprietary source code from his personal home office in Chicago shows that HT may not have effectively monitored when an employee downloaded data to a personal computer. It could have been this lapse in trade secrets protection which allowed Ho to perpetrate his crime. “It is essential for financial firms to not only limit access to sensitive information, but to also proactively prevent the possibility of the data’s theft by implementing robust technology placing the right safeguards to alert the IT and compliance departments of when information is being downloaded,” says Lisa Chiarini, a partner at the law firm of Reed Smith in Princeton, NJ specializing in IP litigation. “Those alerts should be highly specific to indicate when a thumb drive on an external storage device such as a USB drive, external hard drive, and other removable media is being used, when data is transferred to any device or location outside of the firm’s secure environment, and when an excessive amount of data is being downloaded or printed. Another highly effective safeguard, says Chiarini who focuses on trade secret protection in the financial industry, is to configure a company’s computers so that the use of such external storage devices is disabled by default.
Ultimately, an ideal trade secrets management program should rely on a multi-layered line of defense, according to Michael Wexler, chair of the National Trade Secrets, Computer Fraud and Non-Compete Practice Group at Seyfarth Shaw in Chicago. “The first line of defense is the human resources department which presents the contractual agreements for an employee to sign before working,” he explains. “The next lines of defense, include policies and procedures, the technological alerts for unauthorized access, and the continuous monitoring of information protection and disclosure.” The buck would stop with a single or group of individuals responsible for trade secret protection.
None of the ten financial services companies contacted by FInOps Report for this article have a single dedicated trade secrets officer. Three of them include the task of mitigating trade secret theft to their chief compliance officer or chief legal officer who may already be overwhelmed with other work. For the remaining seven the task is divided among multiple parties, with the chief data and analytics officer taking the lead. Mr Magique, a global consultant in New York and Washington D.C, specializing in trading strategy, technology and risk management, cautions that relying on a single trade secrets officer to mitigate trade secrets theft is too risky. The reason: it gives one individual too much oversight — and power. “Compliance, technology and data analytics, and forensic accounting departments should have a seat at the table overseeing a trade secrets management program with all representatives ultimately reporting to the chief compliance officer or equivalent,” recommends Mr Magique.
Hopefully, the saga of just how “Richard Ho,” was able to get away with starting a competing firm on HT’s time clock will provide a valuable lesson for Wall Street firms. Trade secrets should be treated with the utmost reverence. A single breach or incident can potentially wipe out years of work. Proper trade secret management can reduce the costs of litigation, financial loss, and most of all reputational risk which can never be salvaged. Whether Headlands has changed its trade secrets management program to prevent future theft could not be determined at press time.
The firm declined to respond to FinOps Report’s e-mailed question on the matter.
#Trading #Intellectual Property #TradeSecrets #BusinessLaw #ConfidentalInformation #Patents #Trademarks #Copywrights #LegalProtection #BusinessStrategy #CompetitiveAdvantage #NonDisclosureAgreement #LegalAdvice #Entrepreneurship #BusinessSuccess #CorporateLaw #CME #QuantTrading #DataTheft #Market Data #Algorithms #Brokerage Operations #Trade Operations #Regulators #Compliance #Standards #USPTO # Fund Operations #Regulations #CME #Technology
#FinancialOperations #FinOperations #FinOps
Chris Kentouris
New York City
KentourisC@gmail.com
1.917.510.3226
Leave a Comment
You must be logged in to post a comment.