The SEC charged a large quantitative-analytics-based hedge fund manager that uses models when making investment decisions for its clients for breaching their fiduciary duties by failing to reasonably address known vulnerabilities in their computer-based algorithmic investment models and for related compliance and supervisory failures. The vulnerabilities persisted from 2019 through 2023 despite being raised by multiple parties, shared with senior management, and reinforced by a live incident that resulted from such vulnerability. In addition, the SEC found that the firm violated the Rule 21F-17 whistleblower protection rule under Section 21F of the Securities Exchange Act by requiring departing individuals, in separation agreements, to state as fact that they had not filed a complaint with any governmental agency. Investment models are particularly critical in quantitative trading firms, and there have been multiple SEC cases where firms did not promptly address errors or vulnerabilities identified in such models. While such vulnerabilities are more difficult for compliance staff to identify through typical compliance monitoring and testing, it is important that such firms engage with and empower technical experts and modelers to identify vulnerabilities and take prompt steps to remediate issues when identified.