In a speech given this past Friday by SEC Commissioner Luis A. Aguilar, the most senior of the SEC’s current batch of commissioners discusses the importance of SEC enforcement and their mandate for investor protection. Aguilar has been known as the “Enforcement Commissioner”. He expresses his opinion that the current commission make up will not only “talk the talk” but “walk the walk” in regards to strong and pro-active enforcement. The speech was given at the 20th Annual Securities Litigation and Regulatory Enforcement Seminar in Atlanta, Georgia.
___________________
A Stronger Enforcement Program to Enhance Investor Protection
Thank you for that kind introduction. I am honored to be here today. Before I begin my remarks, let me issue the standard disclaimer that the views I express today are my own, and do not necessarily reflect the views of the U.S. Securities and Exchange Commission (the “SEC” or “Commission”), my fellow Commissioners, or members of the staff.
As some of you know, my first ever speech as an SEC Commissioner was at your Annual Seminar on October 31, 2008.[1] I gave that speech only 93 days after being sworn in as a Commissioner, and only 47 days after Lehman Brothers filed for Chapter 11 bankruptcy protection.[2] The events of 2008 – which also included the Reserve Primary Money Market Fund “breaking the buck,” the massive volume of short-selling of financial company stock, and the government bailout of insurance giant AIG – marked the beginning of the worst financial crisis since the Great Depression. In addition, the Bernard Madoff Ponzi scheme came to light in December 2008, further shaking investor confidence in the capital markets. These and other events presented extraordinary challenges to the SEC and caused many to question the SEC’s continued existence.
All of these events highlighted that the SEC had much to do to become a more effective regulator and fulfill its mission to protect investors. In response, the Commission had no choice but to take a number of steps to strengthen our internal capabilities and address various regulatory weaknesses. For example, the Division of Enforcement was substantially restructured and specialized teams of lawyers and market experts were created to focus in the areas of Asset Management, Market Abuse, Complex Financial Instruments (formerly called Structured and New Products), Foreign Corrupt Practices, and Municipal Securities and Public Pensions.[3] In addition, the Office of Market Intelligence was created to better manage and assess tips, complaints, and referrals concerning potential misconduct.[4] Moreover, we created the Division of Economic and Risk Analysis,[5] or “DERA,” to provide economic and statistical analysis to support the SEC’s rulemakings, and to assist with our examination and enforcement programs.[6]
In addition to these internal changes, the Commission entered into one of the most active rulemaking periods in SEC history – and this started even before the passage of the Dodd-Frank Act and, of course, it’s been even more pronounced after the passage of the Dodd-Frank Act and the JOBS Act.[7] We adopted and/or substantially amended a number of regulatory and disclosure rules – including, just to name a few, rules enhancing the custody practices of investment advisers[8] and rules to prohibit pay-to-play activity in the investment advisory industry,[9] and we amended the short-selling rules,[10] revised the rules regarding municipal securities disclosure,[11] and substantially amended the rules governing nationally recognized statistical rating organizations.[12]
Clearly, the SEC has been active in both rulemaking and enforcement matters. According to the SEC’s Office of the Secretary, during my tenure, the Commission has considered over 225 proposed and final releases and rules, and over 14,000 Enforcement recommendations.[13]
There have also been significant personnel changes at the Commission since I spoke at this seminar in October 2008. In particular, the composition of the Commission has changed several times. In fact, as I stand here before you this afternoon, none of the Commissioners with whom I currently serve were members of the Commission when I started. And, in the interim, there have been four different chairs. The last five years have also seen a revolving door in SEC leadership – among other changes, there have been three different heads of the Division of Enforcement,[14] the Division of Investment Management, the Division of Corporation Finance, and the Office of Compliance Inspections and Examinations (OCIE), and there have been five different General Counsels. Moreover, the heads of all of our Regional Offices have changed.
Without a doubt, much has changed at the Commission. What has not changed is the SEC’s role as the capital markets’ regulator and, in particular, our duty to enforce the federal securities laws.
It is no exaggeration to say that the SEC’s reputation is largely based on how well, or poorly, the Division of Enforcement performs. I was aware of that fact when I first came to the SEC, and from the day that I took office as a Commissioner, I have had a keen focus on the Enforcement program. Starting just a few months after I took office, I publicly outlined a number of reforms that I thought important. I was glad to see many of them adopted, including the establishment of an infrastructure to handle tips and complaints and the delegation of formal order authority to the staff.[15] As many of you know, because of my focus on the SEC’s Enforcement program, I have been referred to as “The Enforcement Commissioner.”[16]
Today, I want to continue the focus on enforcement and discuss some of the recent steps taken to strengthen the SEC’s Enforcement program and provide some thoughts on additional measures that are needed. There are a number of matters that I could discuss – such as the need to focus more on bringing charges against individuals and not just corporate entities, the benefits of providing the SEC with the ability to seek stronger remedies through the passage of the Stronger Enforcement of Civil Penalties Act of 2012,[17] or putting more focus on obtaining permanent rather than time-limited bars. These are all important topics. However, today, I will discuss:
- The factors that should drive the imposition of corporate penalties;
- The importance of holding self-regulatory organizations (SROs) accountable when they fail to meet their regulatory obligations;
- The benefit of requiring admissions of fault in some of our settlements; and
- The ways that we can better use data and risk-based analytics to combat fraud.
The Penalty Guidelines
Let me start with a few words about the SEC’s 2006 Statement Concerning Financial Penalties (“Penalty Statement”). By now, it should be clear that the Penalty Statement constituted a fatally flawed approach to assessing the appropriateness of corporate penalties. As I said more than 4½ years ago,[18] the focus of the Penalty Statement was misplaced because, in deciding whether to impose a corporate penalty, it prioritized two factors that took the focus away from the actual misconduct – and instead put the focus on whether there was a benefit to the corporation or whether there was actual shareholder harm.[19] By re-directing the focus of the inquiry away from the egregiousness of the conduct, the misconduct itself becomes less important and the Commission fails to appropriately focus on deterring inappropriate conduct.
The Commission’s power to impose civil penalties under the Remedies Act of 1990[20] is designed to punish misconduct and deter future violations, not simply to deprive a company of any benefit it may have received from misconduct.[21] As noted in the House Report on the Remedies Act, “[d]isgorgement merely requires the return of wrongfully obtained profits; it does not result in any actual economic penalty or act as a financial disincentive to engaging in securities fraud.”[22] Therefore, “[the Commission’s] authority to seek or impose substantial money penalties, in addition to the disgorgement of profits, is necessary for the deterrence of securities law violations that otherwise may provide great financial returns to the violator.”[23] The fallacy of focusing on corporate benefit as a dominant factor in assessing penalties was laid bare by a number of cases during the financial crisis where a company’s fraudulent misrepresentations resulted in relatively small benefits to a company but caused enormous losses to investors.[24] I have been consistent in highlighting the flaws in the Penalty Statement and in working to have the focus properly put on deterring misconduct.
Accordingly, I am pleased that recently it has been made clear that the 2006 Penalty Statement “was not then, and is not now, binding policy for the Commission or the staff.”[25] Moreover, there are now notable examples of cases where corporate penalties have been imposed even though the benefits to the corporation could not be readily quantified.[26] This is a step in the right direction. The next step is to publish a new Penalty Statement that appropriately focuses on deterring misconduct.
The factors that should be included in determining the appropriateness of corporate penalties are the following:
- The nature of the misconduct and the violation. This factor involves assessing the degree of harm to investors, the markets, and innocent parties, as well as the level of intent of the wrongdoer and the difficulty in detecting the type of violation involved;
- The nature of the defendant, its governance, and its other conduct prior to the violation. This inquiry turns on, among other things, whether the company previously engaged in misconduct, and whether it had appropriate policies and procedures in place;
- Self-reporting, cooperation, and remediation. As many of you know, the Commission’s Seaboard report addresses these factors and the degree to which they should be considered in determining whether a penalty is appropriate.[27] I am generally supportive of the approach taken in the Seaboard report, although I want to emphasize the importance of self-reporting; and
- Equitable concerns and effects on parties other than the corporation. This requires consideration of the fairness and equity of penalties in light of the particular facts and circumstances in each case. This factor would include, among other things, whether the penalty is going to a Fair Fund to compensate harmed investors, and also whether the company benefited from the misconduct, and whether shareholders previously harmed by that misconduct would be harmed by a penalty – but these last two factors should not be given automatic priority.[28]
I expect that these factors, which place appropriate focus on the conduct at issue, will guide the staff in assessing recommendations that involve corporate penalties.
Enforcement of SRO Responsibilities
As to future enforcement priorities, I expect that the Commission will continue to take a tougher stance against SROs that do not faithfully discharge their primary duties as regulators of the marketplace. SROs play a vital role in our markets, but it has been well-recognized that SROs have had inherent conflicts of interest between their regulatory responsibilities and their business functions – and, over the years, we have seen too many instances of SROs favoring their business interests over their regulatory obligations.
The Commission must be prepared to exercise fully its oversight over SROs. To that end, I have been supportive of the Commission’s renewed focus on holding SROs accountable for failing to fulfill their legal and regulatory obligations – that is particularly true of stock and option exchanges. [29] It may surprise you to know that prior to September 2012, when we imposed a $5 million penalty against the New York Stock Exchange,[30] the Commission had never imposed a financial penalty against an exchange. Since then, we have imposed a $10 million penalty against NASDAQ[31] and a $6 million penalty against the Chicago Board Options Exchange.[32]
Exchanges fulfill an important role in our capital markets, and their failures undermine investor confidence in our markets and regulatory structure. As such, the Commission must continue to hold them accountable when they do not live up to their primary duties as regulators.
For far too long, the Commission could have done more in its oversight of exchanges and other SROs. I am hopeful that those days are over.
Market Disruptions
The need for the SEC to oversee SROs extends to our responsibility to make sure that the technology that increasingly runs the capital markets functions properly. It is no secret that SROs have been involved in numerous technology-related market disruptions over the past several years,[33] an alarming number of which have occurred in just the last few months.[34] For example, the Facebook IPO fiasco resulted, in part, from a systems failure at NASDAQ that caused perhaps as much as hundreds of millions of dollars in losses.[35] More recently, the trading of all 2,700 NASDAQ-listed stocks was halted for three hours because of a technology failure related to NASDAQ’s market data feed.[36]
The need for the Commission to take proactive steps to prevent unacceptable market disruptions is abundantly clear and long overdue. As you may know, earlier this year the SEC proposed Regulation SCI, which would require SROs and other entities to, among other things, establish, maintain, and enforce written policies and procedures reasonably designed to ensure that their systems have sufficient capacity, integrity, resiliency, availability, and security.[37] You would think that such regulations would already be in place, but the fact is that currently the SROs need only to consider, on a purely voluntary basis, whether to establish programs to determine systems capacity and vulnerability. The recent market events underscore that a voluntary system is woefully insufficient to protect investors and the integrity of our markets.
Regulation SCI will move beyond this voluntary regime and is intended to prevent systems errors that could lead to future market disruptions. The Commission must adopt a strong and enforceable final rule that allows us to hold firms and individuals accountable when they fail to take adequate steps to comply with the rule. To that end, the final rule should require an entity’s senior officers to certify in writing that the entity has processes in place and adequate resources and staffing to achieve compliance with the rule.[38]Such certifications would allow the Commission to hold senior management responsible for the entity’s representations, and will serve to ensure compliance with the rule.
More importantly, the final rule should also do away with the so-called “safe harbor,” which in this instance may allow entities and individuals to escape liability merely by demonstrating that they have established loosely-defined policies and procedures that are reasonably designed to comply with Regulation SCI.[39] As I noted when the rule was proposed,[40] senior staff informed me that the Commission has never previously included an explicit safe harbor in a Commission rule requiring that regulated entities maintain policies and procedures designed to achieve a particular objective. Such a vague and unprecedented carve-out would water down the rule and make it more difficult to enforce. If those who violate Regulation SCI cannot be held accountable, the rule will fail to improve upon the current voluntary regime.
The Commission needs to move quickly to adopt a strong and enforceable Regulation SCI, and must stand ready, willing, and able to take action against those who fail to comply with it.
Admissions in SEC Settlements
A robust Enforcement program also requires that defendants be held accountable for their actions and that they be required to admit publicly to their wrongdoing whenever appropriate. In the past, I have expressed concerns about the SEC’s “neither admit nor deny” policy, and have had particular concerns about the practice of defendants entering into such settlements and subsequently issuing a press release disclaiming the alleged misconduct and/or claiming that regulators had overreached.[41] A month after I first publicly expressed these concerns, Judge Rakoff cited to my speech in an opinion in which he questioned the SEC’s “neither admit nor deny” policy.[42]
While we frequently obtain through settlement all the monetary and injunctive relief we are likely to obtain in litigation, when we settle on a “neither admit nor deny” basis, the public is denied a finding, either by a fact finder or by the defendant’s own admission, that the defendant engaged in bad conduct.
After many years of settling cases on a “neither admit nor deny” basis, the SEC will now require admissions in certain of its settlements.[43] This is a positive change – which, among other things, brings our settlement policy more in line with the policies of our criminal counterparts.[44]
Under the new approach,[45] the SEC will require admissions when it is in the public interest to do so. In particular, admissions may be appropriate in cases where a large number of investors were harmed or put at risk, or where defendants engage in egregious misconduct or unlawfully obstruct the Commission’s investigative process. Requiring admissions in these cases will appropriately sanction defendants for their misconduct, and will go a long way toward enhancing the deterrence message of our settlements.
In just the past few months, we have already seen this new approach being applied at the SEC.[46] I expect that as we continue to develop experience under the new policy, the admissions that we will require in the future will be stronger. For example, the focus should go beyond having defendants only admitting facts, but also accepting fault for their misconduct, and admitting to having violated specific provisions of the law.
Requiring defendants to make strong admissions of misconduct may make it more difficult to settle certain cases, and, as a result, for this approach to be effective we must be ready, willing, and able to go to trial.
While going to trial is always an option, it remains infrequent at the SEC. The SEC currently settles approximately 98% of its Enforcement cases and, in 2012, we went to trial in only 22 out of the 734 cases we brought.[47] However, a robust and effective Enforcement program requires us to take risks, especially in programmatically important cases. If necessary, the SEC must be willing to litigate and go to trial. A legitimate threat of litigation should also serve to increase the SEC’s ability to obtain stronger settlements.
Enforcement Initiatives to Combat Fraud
Finally, I would like to spend a few moments to discuss initiatives that focus on using available data to combat fraud and protect investors: (1) risk-based initiatives to identify fraud; and (2) an enhanced approach to detect financial fraud.
Risk-Based Initiatives
Our Enforcement program has undertaken several important initiatives to identify and concentrate our resources on high fraud-risk areas and transactions. Many of these initiatives rely on risk-based data analytics to proactively identify fraud. As I have said for years, the SEC must make better use of technology to support its Enforcement program.[48]
In particular, there has been progress in the use of data analytics. Working together, the Division of Economic and Risk Analysis (DERA), the Office of Compliance Inspections and Examinations (OCIE), [49] and the Division of Enforcement have developed several risk-based initiatives that use sophisticated models to identify potential misconduct. One of the first initiatives was the Aberrational Performance Inquiry (API), which focuses on suspicious performance returns posted by hedge fund advisors. Working with DERA and OCIE, the Enforcement Division’s Asset Management Unit developed risk-based analytics to analyze performance data of thousands of hedge fund advisers to identify suspicious candidates for examination and/or investigation. This initiative has resulted in several enforcement actions since its inception in 2009,[50] and every Regional Office has worked on examinations or investigations arising from this initiative.
DERA is also continuing to develop additional risk-based initiatives, including the “Accounting Quality Model,” which will be used to assess the degree to which financial statements filed by issuers appear anomalous.[51] I look forward to these additional initiatives being fully operational in the short-term.
Finally, the Commission recently announced the creation of the Center for Risk and Quantitative Analytics,[52] which will be part of the Division of Enforcement. This Center will employ quantitative analysis to profile high-risk market behavior and will otherwise support and coordinate the Division’s risk analytic initiatives.[53]
Clearly, our ability to conduct data analytics and risk-based initiatives will be further enhanced once the Commission begins receiving uniform and timely market data on quotes, orders, and executed trades after the adoption of the Consolidated Audit Trail (“CAT”).[54] I was a vocal advocate for developing CAT and, although the final rule was lacking in several important respects,[55] it will be a definite improvement over the current state of things. Because of the benefits that CAT will provide to the Commission’s oversight of the market, I am concerned by the recent delays in the building of CAT, and urge those involved to act with greater urgency.
The protection of investors requires proactive steps to detect misconduct. Consequently, the SEC staff has to think creatively about ways in which data analytics can be used to uncover fraud across a wide array of market activities.
Financial Reporting and Audit Task Force
One additional initiative by the Division of Enforcement that deserves mention is the new Financial Reporting and Audit Task Force – a renewed effort to combat financial fraud.[56]This is a welcome and overdue development, as the number of enforcement matters involving financial fraud and issuer disclosures have been steadily declining over the past decade, from a high of 199 cases in 2003, to just 79 cases in 2012.[57] The Task Force will focus its efforts on identifying violations relating to the preparation of financial statements, issuer reporting and disclosure, and audit failures.[58] This renewed focus is a critical component of investor protection.
Enforcement Attitude
As you can appreciate from my remarks, the SEC has undergone enormous changes over the past several years, and we have taken important steps to strengthen our Enforcement program. However, there is more that can, and should, be done to enhance our Enforcement program.
To that end, I also want to discuss one of the most important aspects of a robust Enforcement program – and that is for the Commission to have the willingness to use all of the tools at our disposal and the willingness to fight for strong sanctions. As illustrated by some of the changes I have discussed, the current Commission is taking a tougher stance on enforcement matters – whether it is forcing admissions, fixing flawed policies on penalties, or developing new techniques to uncover fraud. In addition, the Commission has begun to use more of the tools at its disposal. For example, we have recently brought charges under long-overlooked provisions of the Federal securities laws. Just last month, we brought an action alleging – for the first time – issuer violations of Section 10A,[59]which was enacted into law in 1995, and in separate cases brought the first ever charges under Section 10A’s audit partner rotation provision,[60] audit committee communication provision,[61] and the provision requiring audit procedures to identify related party transactions.[62]
While it is customary for Commission representatives to talk the tough talk about enforcement, I am optimistic that the current Commission will walk the walk.
Conclusion
As I end my remarks, I want to acknowledge the many SEC alumni in attendance today. I want you to know that, while much has changed at the SEC, what does remain is the fact that the men and women at the SEC continue to work tirelessly in their mission to protect investors. Our staff remains among the finest public servants you will ever meet. Accordingly, it is incumbent on the SEC’s leadership to provide them with the resources, tools, and effective policies that they need to carry out the agency’s mission. The Commission must consistently strive to keep up with the growth and complexity of the capital markets – both as to our regulatory requirements and our Enforcement program. A robust, well-funded, and appropriately staffed SEC is critical to investor protection and for maintaining confidence in our markets.
Thank you for inviting me to this year’s seminar.