- Welcome.
I'm Ed Rock.
Director of the Institute for Corporate
Governance and Finance.
And on behalf of Jennifer Arlen, myself
welcome to really our
first program of the year.
It's very early in the year.
And this is a program that is organized
by our two centers.
Jennifer's program in Corporate Compliance
and Enforcement as well
as the Pollick Center.
I see David Yermick, co-director
of the Pollick Center here.
And welcome to our panelists.
And welcome especially to...
This on?
Welcome especially to Rob Jackson.
My newest colleague here
on the NYU Law Faculty.
Having just switched over from Colombia
and as you know, nominated
to the Commission.
So with the advice and
consent of the Senate.
I hope your new...
Let me briefly introduce the panel.
You have the brochure so you have all
of their biographical details.
But I want you to know who you're
going to be listening to.
To my immediate right is Jay Clayton.
Who you all know is the
Chair of the Commission.
Stephanie Avakian and Steve Peikin are the
co-directors of the
Division of Enforcement.
And Peter Driscoll is the acting director
of the Office of Compliance.
It's a particular pleasure for me
to have Jay Clayton here because
it's always wonderful
to see a former student
go onto such a high degree of success.
We were both a lot younger when Jay was in
my anti-trust class years
ago at Penn Law School.
He's gone on as you all know
to a spectacular career.
A leading partner at Solomon and Cromwell
and now at the Commission.
But what you may not
know is that he co-taught
for many years a M and A class at Penn
with Joe Gatto and Joe Frumpkin.
Which but for the fact
that I figured out a way
to make it complimentary
with my M and A class.
Would have been competitive
and would have left
me in the dust without any students.
So together we figured out a way
to have the students take both.
But he was spectacularly successful
and an enormously popular teacher among
the students in the years, the eight
or nine years or so that
Jay taught that course.
But now it seems to be too busy to do it.
Let me, let's open with
a few remarks from Jay
and then we're gonna go
to a panel discussion.
Jay?
- Well, thank you and I'll
call you Professor Rock.
(laughing)
And thanks to NYU and
Jennifer for inviting us.
I actually feel very
comfortable in the student form.
I know we're gonna get
to questions and answers
and I'm looking forward
to that because I found
during my teaching days that I learned
a lot more from the students than they
probably learned form me.
And given the people in this room
and the experience that is in this room
we may learn more from you.
And I look forward to your questions.
I see a number of people who had the jobs
that we currently have before.
And its nice to seem them here today.
I think you asked me to say a few words
in the the area of
enforcement and compliance.
How I see the commission.
And say it's early days.
I get to use that excuse
for awhile longer.
But a couple of things that
I just want to point out.
One, and I mention this
about everywhere I go.
The quality of the
people at the Commission
and that doesn't include
Steve 'cause he's new.
(laughs)
But Pete and Stephanie and the others in
the enforcement division and OC...
Have welcomed me.
And educated me and
made me very comfortable
with the work they do.
That's a nice segway
into where are we going
from an enforcement perspective.
And I'm not going to step on Stephanie
or Steve's territory other than to say
that I'm very comfortable with
the approach of the staff.
Do our job in this regard.
Times change, markets change.
You know, different philosophies.
And there's some things that are
of particular interest to me.
I've made those clear.
I think that individual accountability
is something that is extremely important.
I come at this from the perspective that
it's a privilege to work
in the securities industry.
Securities industry has rewarded
many people who work in it.
It's an important industry that links
our industrial sector for
the everyday investor.
And people should behave.
And if they don't behave, it is important
and it's important to focus
on individual accountability.
You know, it's a privilege.
And I think that we should recognize that
in the way that we pursue enforcements.
That's individual accountability
and I'm happy to talk more about that.
The other area that's important to me
and is a new development.
I know it's been on Pete's
radar screen for some time.
Stephanie as well.
And Steve and I looked at these issues
in the private sector is cyber
security and cyber crime.
The enablement of cyber violation,
cyber fraud by new technologies.
It's an area that I believe needs focus.
These focus on several levels.
I'll briefly talk about that
but we can talk more about it in Q and A.
On the disclosure level.
And I don't mean this in the sense of
if your disclosure is less than perfect
that you should have liability.
I mean this in the sense
that I'm not comfortable
that the American investing
public understands
the substantial risks we face systemically
from cyber issues and I'd like
to see better disclosure around that.
And then secondly, at the
sort of market abuse level
and some of the things that you see
in the initial coin offering space
and areas like that are of
particular interest to me.
With that as some opening remarks,
may I turn it back to Jennifer?
I think you'll take us forward.
- Thank you very much.
So echoing what you said
and in prior remarks,
you talked about the
importance of focusing
enforcement actions on the retail investor
on concerns of Mister and Missus 401K.
And in particular, actions aimed at
unscrupulous people who sell worthless
securities to retail investors.
And these scams obviously
impose genuine cost.
On the other hand, so
do materially misleading
statements and FCPA
violations by multinationals.
So I'm interested in a
world of limited resources
where more focus on one side
and inevitably will mean less on another.
Is this new focus going to lead to less
enforcement actions in
the materially misleading
statement space and FCPA
or some other adjustment
to all of the three of you?
- I'll start off.
Actually, before I get started
let me just on behalf of all of us
sort of give this standard disclaimer
that the remarks we
give tonight are our own
and do not necessarily reflect the views
of the Commission or the Commission staff.
You okay with that?
(audience laughs)
- It's really good to have good lawyers.
- And so with that, look I wouldn't expect
to see any pendulum swing.
But I do think it's fair to say
we are very focused on retail investors
and things that affect retail investors
as I think the Commission's always been.
But you know, when we
say we're more vigilant
about protecting main street investors,
I think you know it's pretty simple.
These often are our most vulnerable.
Often our most unsophisticated
market participants.
And so they deserve a really
focused level of protection.
But I really wouldn't expect to see
a large pendulum shift and I also don't
really think there's as strict
of a trade off as folks think about.
I mean, fraud is always bad for investors.
So when we think about it in terms
of whether it's disclosure fraud
or whether it's some
other kind of misconduct.
It all affects retail
investors in different ways.
And I also wouldn't make the mistake
of thinking about it solely in the context
of microcap fraud or ponzi schemes.
I mean, you can think about things that
affect retail investors
in lots of different ways.
And so, you can think about the sale
of structured products to retail investors
without appropriate disclosures.
Hidden fees.
Share class issues.
I mean, I could think of all kinds
of things that directly
affect retail investors
and that I would not put in
you know the bucket shop space.
And so, I think we think
about it fairly broadly.
- Yeah, I mean you know having returned
to government for the
first time in 15 years
and really been focused
for most of that time
on Wall Street type cases instead
of Main Street type cases.
I would say one thing
that struck me very hard
is the amount of just dramatic purposeful,
intentional misconduct in fraud
that makes up the steady diet
of the Commission's work.
And so, you come into this job
and you may have your own priorities
but there is a ever ceasing
flow of real misconduct.
Ponzi schemes, offering frauds, ripoffs.
And everybody from wherever
part of the political
of the spectrum or whoever they are,
they're going to prosecute those cases.
And so that's the vast majority
of I think what consumes,
you know, our business.
And you know, we can
then, you know, discuss
where around what are we going
to do with the rest of that 20%.
So I think you're gonna see in the main,
you know, as history
shows less differences
between the work of any
particular commission.
And I think that's likely to be true
of what lies ahead in the next few years.
- If I could just follow up on that,
I'm lucky that David Yermack here
is chair of the finance department.
And I think David would probably
of the view that individual investor
the Mister and Missus 401k have absolutely
no business picking individual stocks.
And should be invested in broad gauge
mutual funds in index funds.
Is there a place for the SCC
in assuming that is David's view?
Assuming that's the view
of the finance community.
In pushing investors away from the sort
of investments that make them vulnerable
to that sort of fraud and towards
collective investment vehicles?
- Well, I'm not sure that I'm qualified
to be an investment advisor but...
You know, we have a system.
Our system is based on disclosure
and education, not paternalism, right?
So, the professor may well be right.
That for most people,
those are more appropriate,
unsuitable investments.
But you know, we live in a free country
and you know, our job is not to dictate
how investors allocate capital.
So, I mean that's sort of my view on this.
Whether investors would be better suited
to be in the broad band index fund.
You know, that's fair debate.
But you know, that doesn't mean that
we shouldn't be policing the market
for investors and individual securities.
- There's a long distance
between index funds
and there are different
types of index funds.
There's a long distance
between what I would say
are broad based, well
understood index funds.
And people who are
doing self directed IRAs
and promissory notes that may
or may not have anything backing them.
And we see a lot at that
end of the spectrum.
And we see too much of it.
And we see too much of it in an era
where people have access to the internet.
Have the ability to check
out who they're dealing with.
And part of what we're trying to do
is help Mister and Miss 401k do some
of that research on who
they're dealing with.
Now if you move into the
registered investment
advisor world, the broker dealer world
you're eliminating a substantial portion
of that type of fraud.
In fact, probably much
more harm than picking
an actively managed fund
versus an index fund.
No matter how you run the numbers.
- So I also had a follow up in thinking
about your priorities
and the focus between
Mister and Missus 401k,
I share Ed's thoughts
on the index fund.
Versus going after larger companies
and also FCPA which is part of it.
And I know there isn't
necessarily a trade off
but inevitably there
will be some trade offs.
I was wondering to what
degree has the rise
of international enforcement.
Enforcement by other
countries in the FCPA space.
Entered into the calculus
of it used to be the FCC
and the DOJ were the main
players in that area.
And now there are other players
who are taking a very active roll.
- Yeah, I mean I think that's, you know,
in large part by the
work of our predecessors
who have led the international community
to more vigorous anti
corruption enforcement.
Look, I mean, for people
who are wondering whether
the FCPA program is gonna
continue into the future.
It's pretty simple, it's going to.
There is a dedicated
group of investigators
at the FCC and the Department of Justice
and increasingly in
countries around the world
who are focused on this issue.
The Chairman spoke earlier
at the economic club
this year talking about the importance
of anti corruption
enforcement and the dangers
that come from corrupt behavior.
So you know, I think the FCPA program
is going to continue.
You're gonna continue to
see, you know, vigorous
investigations and
enforcement of that statute.
- I'll just echo Steve's comments
and thanks to a number of
people in this audience.
Our pursuit of international corruption
is no longer a unilateral exercise.
Which changes the dynamics substantially.
- One last question
relating to enforcement
before we turn to Peter.
In the last little while,
the SCC enforcement
division has focused on a number of issues
relating to enforcement.
Individual liability which
you've already talked about.
And my favorite topic which is incentive
to induce self reporting.
And you know, the SCC
brought in DPAs and NPAs.
And Andrew Soresny who's here had
a speech saying those would be reserved
for firms that self reported.
And I'm wondering if we can expect
a similar approach to
both individual liability
and self reporting going forward.
- I mean, taking them in turns, certainly
on individual liability I think you can
expect a similar approach in the sense
that as the chairman said
in his opening remarks
we're incredibly focused
on individual liability.
We always have been.
I think roughly over the
last five plus years or so,
more than 70% of our cases involve charges
against individuals and we
expect that to continue.
And frankly, that's a
critical focus of ours.
In large part because individual liability
and holding individuals accountable really
is among the most, if not the
most, effective deterrent.
And so we've got a strong record
but we're quite focused
on continuing that.
In terms of self reporting...
Do you wanna?
- Yeah, I think self reporting remains
an important factor in an assessment
of you know, corporate cooperation
and how a company has
responded to a problem.
You can read those C board report
that articulates the factors that
we have assessed and
will continue to assess
in deciding what credit and how to assess
a company's response to discovery
or an identification
of an issue or problem.
And self reporting is obviously
an important part of that and one that
I think will continue to have prominence
in our evaluation of how to resolve
or charge matters against institutions.
- Either practice that no DPAs
and MPAs if you don't self report?
- I think, I mean Andrew I
think can speak for himself
but I think he was
limiting his discussions
to the FCPA context.
(laughing)
And so I don't know that he's articulated
and whatever he said is not binding on us.
(audience laughing)
You're so 2016 Andrew.
(laughing continues)
So I'm not sure, you
know, we're articulating
any broad gating issues.
But obviously, a difficult and I've been
on the other side of the table for this.
Whether to bring something
to the Commission's
attention or to law
enforcement's attention
is obviously a very difficult decision.
But one that when
corporations step up and do it
is one that I think has
to weigh very seriously
in the decision about what kind
of creditor benefit to afford.
- I think that's...
The one thing I would
add to that is we think
about cooperation and how to assess it in
any given case.
We really are looking
at the total package.
Self reporting is absolutely critical.
But there are times when a company doesn't
have the opportunity to self report
for a variety of reasons.
They didn't know about the conduct,
someone came to us first.
Any number of reasons.
And it really is critical
I think for companies
to be thinking about all of it.
And we really are looking at all of it
Including with cooperation with the staff
throughout the investigation but also
how did the company respond to this
when they did learn about it?
What did the audit committee do?
What did the board do?
You know, what was done
in terms of remediation?
It really is the entire
package and we really
are trying to look at
each case individually
and think about what is
the right remedy here.
And we're, you know, also cognizant that
folks here in this audience and elsewhere
are really looking closely at that.
And analyzing how we treat those cases.
You know, we're going to try
to be thoughtful in how we message that.
- But I wanna try to
drill down a little bit.
We have a lot of students in the room who
are familiar in a sense with the SEC
and completely unfamiliar with it.
And in particular I think for many people
who have never been to your office
in DC connected to Union Station
and seeing how long the hallways are,
the sheer scale of the SEC is a daunting.
Is a daunting scale.
So as sort of a way of
filling in some of the
knowledge gaps here, can
you talk just a little bit
about in enforcement and in compliance,
does the scale of
operation, how you organize
things to do your jobs.
And then to the extent
that there's gonna be
any shift in terms of a new priority
on looking after the
interests of retail investors.
How does that shift how you
go about doing your jobs?
- Let me do the two things in that regard.
The first is to talk
about the scale of the SEC
versus the scale of the
environment that we regulate.
While the numbers sound large.
You know, 4,500 people,
a $1.602 billion budget.
When you compare it to
the scope of transactions
and activities that the SEC regulates,
I'm actually astonished at how much those
people are able to cover.
Now, the enforcement
and examination division
is roughly half the
size of the overall SEC.
So you're talking around
2,200 people more or less.
Probably half the budget and
less than half the IT budget.
Think about that.
As compared to just one
or two large financial
institutions that are US based.
Not just financial
institutions around the world
that have, you know, 100,000 people.
And an annual IT budget that is six times
the IT budget of the Commission.
So what we cover is really quite amazing.
On this shift, I want to
make one thing very clear.
There's not some dramatic shift
in priorities at the SEC.
I'm a very...
I'm a picture person and
you probably remember this
from graphs I draw on the
board and things like that.
And perspective is important to me.
And when I talk about
Mister and Miss 401k,
it's not shifting everything
to what transactions
are they engaged in or not.
It's more, and I don't think
this is new to the Commission.
I think it's been there for awhile.
How would they want us to spend our time?
They want market integrity.
They want to know that
high frequency traders
are not, you know, adversely affecting the
way the marketplace functions.
They want to know that, you know, there's
not public corruption or
public corruption offshore
conducted by US registrants.
They want to know these things.
And when you talk to the men and women
of the Commission,
particularly the career stuff.
That's the way they look at the world.
And I think it's the right
way to look at the world.
So, let me preface what you're
about to say Pete with that
but hopefully it's consistent
with what I just said.
(laughing)
Otherwise, I haven't learned anything
in the first four months.
- No, no absolutely.
- Be consistent with what he just said.
- I will.
(audience laughs)
Noted.
You know it's funny, OC
publishes its priorities
for the last five six
years we've published them.
Historically, we hadn't.
If you look at the three buckets
which we organized our
priorities in for 2017,
the first bucket is
protecting retail investors.
So that has a number of sub
themes that I'll go through.
The second two are seniors.
And the third one is
assessing risk, market risk.
And so when you look at retail investors,
I'm a former examiner
and so there was nothing
more fun for me on an exam
as to get the client files
and to dig into the client files.
And see what the clients are being billed
and what investments are being
recommended to those clients.
And does it make sense for
their investor risk profile?
And you know, do the fees equal what's
in the disclosure documents?
Are the fees in what's in the
investment contract with the client?
I mean, digging into that stuff
and I'll give you a good example.
You know, one of the things we're focused
on this year for retail investors
is electronic investment advice.
Robo advisers.
And so, about two months ago I was talking
to my dad right before
I was giving a talk.
And this is my seventy year old father
who's not a sophisticated investor.
And he asked me he said "have you heard
of these robot advisers?"
And to me, if the market's reaching him,
it's hitting retail and it's
hitting a lot of people.
So for us, you know, looking
at electronic investment
advice was very important for
us to get our hands around.
And particularly, here
in this space you have
the main stay firms who
have robust compliance,
risk, and legal departments
getting into this space.
But you also have start up firms who don't
have a background with
regulatory risk and compliance
that the larger firms typically do.
And so, just seeing
the range of compliance
among those different participants I think
has been very interesting
for us to work on
and to focus on in 2017.
You know, I think other areas in this,
I think goes with what Jay's saying.
You know looking at
recidivus representatives.
Bad actors that are in the industry
that hop from firm to firm to firm.
And looking to see one,
what firm procedures
are in place to protect investors as they
hire new firms that may
have disciplinary histories.
But two, also tracking those registered
reps from firm to firm.
So we know where they're going.
To ensure that they don't
harm future investors.
Retail investors.
You know, we're also looking
at exchange traded funds.
Sure, those are investment companies.
Typically, sponsored and
advised by large firms.
However, you know, looking
at the sales practice
doesn't make sense to put this particular
senior citizen in a particularly leveraged
ETF that resets daily.
And looking at that, that
decision making on an exam.
That's something that we
feel is very important
to protect the retail investor.
And so, those are areas
from OC's perspective
that we're focused on that I think
do hit that retail investor.
And I will say that, you know note that
our priorities went out in January.
Jay started in May.
So, OC was ahead.
(laughing)
- I was...
You trained me well.
- So Peter, I wanted
to pick up on something
that the chairman had said earlier.
And ask about what your office is doing
in the cyber security area.
Because we've talked about how your office
is in a position to put firms on notice
about what's expected and I was interested
in what you've been doing in that area.
And also what are the recurring problems
that's you're finding with organizations
who might think they
have good cyber security
systems and you're
finding they don't, maybe?
- Right so...
Three years ago 2014, we were looking,
you know, cyber security was a huge risk
when we would go in to do exams.
We'd ask the top leadership in each firm
that we went into you know,
what keeps you up at night?
What are your biggest risks?
Cyber was the number one.
That and the SEC coming to see them.
(audience laughs)
But cyber you know for
us so we had to determine
what is the SEC's, the exam program's role
in the cyber space.
And so, we initiated 100
exam, I guess sweep where
we looked at around 50
broker dealers, 50 advisors.
We weren't out there
looking to play gotcha.
What we were looking for is to
do a baseline for the industry.
So we put out a risk alert telling
the industry we were gonna do it.
We included our request list which we
typically don't do because we thought
it would be helpful for
firms as a checklist
to look in their own firm to see
do I have that, do I have
that, does this apply?
And so we thought it would be very helpful
to publish it which we did.
After Cyber One was
completed, we published
our findings 'cause we
thought it was helpful
for everybody to know the baseline
of what small firms
were doing, medium firms
were doing, large firms were doing.
What we saw were weaknesses.
What we saw were best practices.
So then we ended up fast forward to 2015,
we initiated Cyber Security
Two the second initiative.
And there we dug a little
bit deeper on the IA side.
We looked at some mutual
funds, a few fun TAs.
And then again, we had some findings
which we recently published.
I think it was August
seventh so a few weeks ago.
Where we thought it would be very helpful
to put that out to the industry
of what we were finding.
And in this, we found
things that were problematic
which we said what they were.
And some examples of that were firms would
do testing and they'd have exceptions,
but then they wouldn't
anything with the exceptions.
Or they'd run exception reports
and they wouldn't follow up on them.
So that was a weakness that we saw.
You know, in terms of terminated employees
and access controls if someone terminated
we noticed that sometimes they
never shut off their service.
And we felt that was a weakness.
And there were others that we included
in the published document.
But we also published
the positives as well.
The best practices.
'Cause we thought that that was helpful
for the industry to look to see what
other firms are doing
particularly with their size
or the different demographics
that we looked at.
And you know, some of
the best practices were
robust policies and procedures.
Real testing.
With mandatory training, we had seen
that a lot of firms had mandatory training
which we thought was great.
We noticed some though when folks
didn't take the training,
they didn't follow up.
And so, we thought all
that information was
helpful from cyber perspective.
And then what we've also done is we have
the technologies controls program which
is one of our five program areas.
And that team is devoted.
It's a team of ex-SOs and cyber folks
that's devoted to doing reg SCI testing
and internal control testing with regard
to cyber and other access controls.
In the exchanges as
well as reg SCI entities
which include some ATSs.
In that team we have been able to leverage
on IA and broker dealer exams 'cause
those truly are the cyber experts.
And we've been fortunate enough to have
that skillset in our program that we've
been able to utilize them to help educate
and work with our baseline examiner.
Particularly those that are tech savvy
to work in this space.
So, I do think you'll see
some more work from us.
Cyber One and Cyber Two have
been very well received.
You know, we get a lot of discussions
with industry folks saying "we want more
because this is helping move the industry
to help comply with cyber which
is a difficult issue for us."
And it's a difficult
issue for everyone here.
Personally and professionally.
Because a lot of times, firms are victims.
- Do you have your own hackers who test
directly the quality of
the cyber protections?
Or feel free not to answer this
if it's a sensitive question.
- You know, I think that
there's some risks with,
and you can read into this for the answer,
but there's some risks
with the federal government
hacking into certain firms.
And so, I'll stop there.
(audience laughs)
- We have no Ed Rock data.
(laughing)
- You know, but the question obviously is
you can look at procedures
in place all you want
and there's some 19
year old kid in wherever
who can find his or her way around it.
And that's the ultimate vulnerability.
The question is how one's
able to test for that?
- You know, firms employ a number of tools
and technologies that they can use.
And we found this in
our sweep that I think
all the firms that particularly Cyber Two
had some sort of tools
in place and technology
in place to help them
avoid being penetrated.
But it is something
that we focus a lot on.
The results of their testing.
You know the work they do in the space.
Yeah, I'll stop there.
- So Stephanie and Steve, cyber is also
a hot enforcement side issue.
And I was interested if
you could share about
what's the enforcement
division doing in this area.
- Sure.
We're doing a lot in the area.
I think, you know, we spend a lot of time
thinking about this
area for all the reasons
really Pete's talked about.
I think about the enforcement interest
roughly I've been saying in three buckets
but I actually think now I'd open
it up to four buckets.
And I split 'em up this
way first is the case
you know where there's a
failure of a registered
entity to take appropriate
steps to safeguard information.
That's really what Pete is talking about.
So there I'm thinking about compliance
with rules like reg SP, reg SID,
market access rule and things like that.
We have brought some cases in this space
in the last couple of years.
I do think, you know, for the most part
we think about this as
in the first instance
and depending on the
facts and circumstances
is very appropriate for OC to be focused
on and to be looking at.
But there are cases,
circumstances that rise
to the level of enforcement action.
So that's an area where we're active.
The second is the bucket that I would say
takes out by far the
largest piece of our time.
And that is cases where,
you know, material
non-public information is stolen because
it's been hacked or through
some other cyber means.
And it's taken in order to gain
some sort of market advantage.
Manipulate the market,
insider trade on it.
I would put into that
bucket account intrusions
which we're seeing more and more of.
And so, you know, circumstances where
an account is being hacked in order
to use it to trade.
To trade against another account
for manipulative purposes.
Or to trade in order to
generate some sort of a profit.
And we've brought a number
of cases in this space.
Particularly in the inside
trading space using hacked
information but also in the
account intrusion space.
And that's an area where we really
do continue to see a rise in conduct.
And we are really, you
know, just continuing
to put more resources into this.
And then third, would be cases where
there's a cyber related
disclosure failure.
And that's a space where
we've not brought a case.
You know, but that is obviously
an area of focus for us.
Could envision a circumstance where
a case would be appropriate
but not one where
we focused, where we've
brought a case so far.
And then, you know, when I say there's
a fourth bucket, I sort of I think we're
opening up and including within cyber
at least the way we think about it
our focus on initial coin offerings
and what I'd call loosely
the Bitcoin space.
You wanna address that?
- Yeah.
I mean, so we've spent a lot time
and attention focusing on the distributive
ledger technology space
and if you don't know
what distributed ledger technology is,
you should go home tonight and google it.
'Cause it's gonna be important.
These cases and they've present mostly
in the context of initial coin offerings
or ICOs, they call into two categories.
The first category is people who are
they're basically
scammers who are claiming
to have businesses that are in the ICO
or distributive ledger technology space.
And as with any kind of newsworthy event,
you know roaches kind of crawl out from
the woodwork and try to
scam money off investors.
And you know, when I was
a prosecutor 15 year ago
was fake cures of AIDs and next week
it's gonna be Harvey relief scams.
So whatever the kind of current news is.
And we've seen a lot
of it in the ICO space.
And we've had some trading suspensions
and we have a number of investigations
that have been opened of companies
and individuals that
claim to be in the space
that really are just trying
to take people's money.
I think more interestingly
though are the actual
ICOs and other businesses that are engaged
in using distributive ledger technology.
And as you may know, the Commission issued
a 21(a) report addressing ICOs
I guess just last month.
The subject of this report was an offering
by an organization called the DAO.
D-A-O not D-O-W.
Which is a decentralized
autonomous organization.
A virtual organization that exists
only in computer code.
And executed on a block
chain or distributed ledger.
And the objective of
this DAO was to create
and hold a pool of assets through
the sale of so-called DAO tokens
to investors which would then be used
to fund various projects which were
to be suggested by participants
in the organization.
In a one month period last year,
the DAO offered and sold
1.15 billion DAO tokens
and raised in a block
chain currency called
ether the equivalent of
$150 million in value.
And these DAO tokens granted their holders
certain voting and ownership rights.
And the report which
you can read basically
considered the facts and
circumstances presented
and concluded that these
DAO tokens were securities
that you know issuers
of these kinds of tokens
and their equivalent had to register
if those securities were going
to be sold in the United States.
And platforms that
provided for the exchange
of these tokens were broker dealers
that had to be registered and regulated.
And I think in the space
and distributed ledger space
there's been a lot of attention
focused on that report.
We didn't bring an
enforcement action against
the entity or any of its participants.
But the report sort of sends a signal
as to how the Commission's gonna think
about these issues going forward.
We have a distributed ledger
technology working group.
They're about 90 people
across the Commission's
divisions and offices
who participate in this.
And some of them are actually really,
really smart about this space.
And it's one illustration of an area
that I've been particularly impressed by
in the short time that
I've been on the staff.
Of the staff's ability
to try to keep out ahead
of emerging products and
developing technologies.
So, I expect that this
is a space in the cyber
space that we're gonna
see a lot more activity .
- Yeah.
You know, we live in a time of big data.
And I'm sure big data has
found it's way to the SEC
and given that, maybe start with Peter.
Talk a little bit about how data analytics
have changed what you've been doing.
- Thanks.
I would say that data analytics, I started
in the exam program in 2004.
And it is been a revolution in the last
five years compared to where we were then.
I would say that in almost every facet
of our exam process we are trying
to digitalize what we do
to be more efficient and more effective.
You know, a number of
projects that we've had
and have developed successfully.
Probably the most significant
is our national exam analytics tool.
Which we finally refer to as N.E.A.T.
And that has, I mean I used to analyze
trade blotters using Excel and access.
And the spreadsheets would, you know,
the trading forex out exceeded what
a typical spreadsheet would allow.
And now we have a system in place,
that every examiner has access to.
It runs over 50 reports.
It ingests trade blotters
from, you can do one firm,
you can do multiple firms.
It automates all the
analysis for cross trading,
principal training, settlement.
You know in terms of it has a newsfeed
that allows us to look at new events
to determine whether or not there's
a signification trading leading up
to a particular news event.
It really has revolutionized
the way we look at trading.
You know, we're working on
text analytics projects.
Two of the projects we're working on now
is trying to develop a script that
we would ingest a firm's
compliance manual.
And it would kick out, you know, what's
in the compliance manual.
What's typically seen
in a compliance manual.
It would compare it to other
firms' compliance manuals.
And then we would be able to identify
what's missing or what's in addition.
What piece of business did they have
that they have policies and procedures on.
You know, from a risk
scoping stand point while
we're on an exam, that will
be a pretty handy tool.
Rule 204A1, you know, code of ethics
in terms there's mandatory requirements
of what's included in your code.
And we can automate that and we're
working to do that with text analytics.
We also are looking at, you know,
scraping tools for firms' websites
where we can use a tool to look for
sentiment language and
the words guaranteed
and risk free and things like that
that you know we know are highly unlikely.
And so that for us, that's a trigger.
We also have automated ADV part twos.
And can run those types of
searches on ADV part twos.
We can look at 12,000 just
through a series of inquiries.
And so, you know, that's something that
we spent a lot of time with.
We also are doing some work our ray team
which is a small team that basically they
look at the trading of
clearing broker dealers.
They get that trading and they can analyze
three, four hundred firms
and all the transactions
that go through that trading firm.
The clearing firm.
And that leads to exams, it leads to
potential enforcement referrals.
It's a tremendous tool
and what that they do
on a large scale basis
and it's seven people.
And so, you know we're
really trying to leverage
our staff using technology to get
the biggest bang for our buck
and get the best coverage.
All the while helping investors.
- Steve or Stephanie, do you want to jump
in on the enforcement side?
How big data's changing what you're doing?
- What he said.
He's really summed up a lot
of the technology we use.
We leverage a lot of what it is OC does.
But we also use a lot of the same tools
and strategies in enforcement.
We have a group of Quant's
house with an enforcement
who are thinking up different ways
to do all these sorts of
things that Pete's described.
Different ways to problem solve,
different ways to leverage resources,
and really use data and
analytics proactively
in order to identify
cases but also to really
use those tools to investigate.
You know, smarter,
faster, more efficiently.
There are lots of different
places where we use it.
One of the best and
sort of easiest to grasp
examples that often point
to are the different
ways were using data in
insider trading investigations.
In particular, it's been
incredibly successful.
All the tools have been
developed in house.
Been incredibly successful at developing
a variety of tools that
really do, you know,
merge and analyze volumes
of trading records
and other data to identify patterns...
to identify patterns both among
traders, among accounts to
identify and tie together
sources and traders.
And we've been incredibly successful
at bringing all kinds of
different cases in that regard.
And then I point to a bunch of other cases
our asset management
unit has used these sorts
of tools in different ways.
Our complex financial instruments units
has used the tool in different ways.
You know, think about cases we've brought
involving sales of structured
product to retail investors.
Some of those cases have been
sourced using data analytics.
Churning cases we've brought a couple
and have some other in the pipeline.
Think about cases like
cherry picking schemes
and other things like that.
Those are all identified
or are often identified
through the use of data analytics.
So it really does do the
work as Pete described.
You know, does the work
of just many people
that would normally would take eons to do
in a very short, compressed timeframe.
And the cases are very
compelling on the data.
And often times, what we've been doing
in enforcement when we have this sort
of data pulled together is taking it
out to firms and laying it out.
And rather than doing
investigations regular way
and send subpoenas for
all kinds of documents,
we will often sort of do what
we call a day one reverse proffer
and sit down and say this
is what the data shows.
You know help me understand it.
And sometimes we're not
understanding it right
and sometimes we're
understanding it exactly right.
And so it's really short
cut our investigations.
- Okay, I would add this.
And it's been an impressive
thing for me to see
how the Commission is using this.
Markets are supposed to make sense.
And when you see anomalies in the market,
it's probably in place where
we should look further.
Whether it's in the way a firm operates
or a particular type of trading.
And the use of big data to identify those
anomalies has really helped us.
Because we can say hey,
and I get the reports.
There is is a one in one billion chance
that these five people would have traded
together in those seven
stocks on these six days.
That tells you something and you really
don't need to look much farther.
And you know, ten years
from ago, you wouldn't
have had that type of analytics.
Same thing in the inspection space.
And if I can just go back to the cyber.
The four buckets that
Stephanie talked about
and Pete talking about
our proactive efforts
with exchanges,
custodians, broker dealers,
investment advisors, people at the heart
of the day to day activities
in the securities markets.
I think that's what, at
least I hope that's what,
the person on the street would want us
to be doing in the cyber area.
