The Why Behind the No: Remarks at the 50th Annual Rocky Mountain Securities Conference

Thank you for that kind introduction, Julie. I appreciate the invitation to deliver remarks this morning. It is a special honor to be part of your 50^th annual conference.

Before I begin, I need to provide the standard disclaimer that the views I express today are my own and do not necessarily reflect those of the Commission or my fellow Commissioners.

I am especially pleased to be making my first visit to Denver while serving as an SEC Commissioner. One of the benefits of being here is that I will have the chance to meet with staff from the SEC’s Denver office later today. Our regional offices play a critical role in carrying out the SEC’s mission. Having talented and dedicated enforcement, inspection, and examination staff on the ground throughout the country is essential to our ability to fulfill our responsibilities. Our regional staff gets to know the areas they serve, the local securities bar, their fellow regulators in the region, and local law enforcement. They also get to know the types of problems that are unique to, or concentrated in, the area they serve. Our enforcement program, the topic of my remarks today, would not be what it is today without the tireless work of our regional staff.

It is an interesting time to be discussing enforcement at the SEC. A week ago, we celebrated the one-year anniversary of Chairman Clayton’s arrival at the SEC. While at the SEC, Chairman Clayton has prioritized facilitating capital formation and expanding the ability of investors to participate in investment opportunities.[1] He understands the importance of vigorous enforcement in protecting investors and building the environment in which capital formation can take place. He does not, however, view enforcement statistics as the measure of the agency’s success.[2] I share the Chairman’s commitment to strong enforcement of our securities laws, without making raw numbers the measure of our success.

The SEC is not an enforcement agency, but enforcement is an important tool for the SEC. Today, the Division of Enforcement is the largest of the divisions and offices of the SEC, with more than 1,100 personnel.[3] It is an unfortunate reality of our human condition that bad actors exist in our capital markets, as they do in every other corner of our lives. Because of this reality, enforcement is vital to protect investors and the integrity of the markets.

The vast majority of SEC enforcement actions are straightforward — Ponzi schemes, offering frauds, elder frauds, affinity frauds, and accounting frauds.[4] Although the facts of these standard fare cases can be complex, most matters that come before us are legally straightforward. Thanks to the persistent hard work of the Enforcement staff, aided by colleagues in other Divisions and Offices, there is a steady stream of enforcement actions on the Commission’s docket. The Commission unanimously approves the vast majority of staff enforcement recommendations. The bulk of our enforcement work is simply not controversial.

I am here today, though, to talk about the small part of our enforcement work that is controversial. Some of you may have read an article earlier this week that suggested that I have “a penchant for saying, ‘No,’ when it comes to [the Commission’s] enforcement work.”[5] The article noted that my “yes” votes are above 85 percent, but my 15 percent no rate is higher than the rate at which any other Commissioner votes against recommendations from the Enforcement Division.[6] Without touching on any particular enforcement matter, I hope today’s remarks will help to explain the why behind my no’s.

I will discuss the overarching philosophy for our enforcement program, some factors that guide my consideration of enforcement recommendations, and several practices that give me pause when I am reviewing enforcement actions. At the conclusion of my remarks, I will be happy to take some questions if time permits.

I. The Danger of Playing to the Numbers

Enforcement is not an end goal for the Commission; it is a last resort in getting to that goal. Of course, this begs the question, “What is the end goal?” The end goal is fulfilling our mission—protecting investors, facilitating capital formation, and maintaining fair, orderly, and efficient markets.[7] As a regulatory agency, the Commission sets rules that are intended to achieve these objectives. We work with the industry to help people comply with the rules.

In carrying out our mission, our Office of Compliance Inspections and Examinations (“OCIE”) is one of our most valuable tools. You heard about OCIE’s important work from Pete this morning. OCIE helps firms determine how the rules apply to a particular situation or to their unique circumstances and identifies areas of firms’ compliance programs in need of improvement. There are instances when it is right for OCIE to refer examination findings to the Enforcement Division, but OCIE is not an investigative arm of the Enforcement Division. To the contrary, under the SEC’s traditional structure, examiners used to be part of the rulemaking divisions. This structure helped to ensure that rules were made, interpreted, and applied to different factual scenarios with a singleness of mind and purpose.

When the link between OCIE and Enforcement is closer than the link between OCIE and the SEC’s policy divisions, firms and individuals change the way they interact with OCIE. Private parties should feel comfortable that OCIE’s presence in their office means that an SEC inspection — and not an investigation — is underway. Our enforcement program backstops the regulatory program; when people intentionally do not comply, or persist in noncompliance, with our rules, enforcement may be the right tool to use. In most instances, however, OCIE should be able to handle matters without drawing on Enforcement.

The Division of Enforcement, of course, should be integrated into the fabric of the agency. As former Commissioner Dan Gallagher put it: “[T]he Division of Enforcement shouldn’t be viewed — and certainly shouldn’t view itself — as a separate and independent entity from the rest of the Commission. Rather, the enforcement staff should, and indeed I believe most do, view themselves as equal partners with the regulatory staff, sharing a common mission.”[8] Rulemaking divisions should be open to hearing from Enforcement about how well rules are working and whether there are gaps that need to be filled. Enforcement attorneys, knowing that their concerns are taken seriously throughout the agency, will feel comfortable in deferring to the rule writers when rulemaking would be the more appropriate tool to address a problem.

A properly calibrated enforcement program is, therefore, part of the regulatory framework within which our capital markets operate. It is within this framework that investors and other market participants interact with one another in a mutually beneficial way. Well-functioning capital markets facilitate the development of new technologies, the discovery and testing of new pharmaceuticals, and the entry of new competitors to lower the costs and improve the quality of existing products and services. So all of us have a stake in how well our enforcement program, along with the rest of the regulatory framework, operates.

To appropriately calibrate our enforcement program, we must spend our limited enforcement resources wisely. We cannot bring an enforcement action every time we discover a violation, nor should we. The current hiring freeze makes the need for careful use of resources even more pressing than it normally is. We cannot bring every case under the sun, but must focus on the cases that will actually make a difference. This careful approach to enforcement is what we owe taxpayers, investors, and all of the participants in our capital markets.

In the past, we sometimes have taken a less resource-conscious approach — a more-is-always-better approach. From 2013 to 2016, for example, the SEC embraced a “broken windows” philosophy of enforcement.[9] This philosophy was well-intentioned — punish the small violations to make sure that people are always on their toes and to demonstrate that the SEC is serious about enforcement. Punishing every small violation, however, means casting discretion aside in favor of making the SEC look tough. Violations are not all equally serious. I agree with Commissioner Michael Piwowar, who notes: “If every rule is a priority, then no rule is a priority.”[10]

An enforcement program that pursues every minor violation might appear, at first glance, to be a successful one. Under such an approach, the raw number of enforcement actions is likely to be high. A key metric to gauge success becomes the number of enforcement actions.[11] By holding up raw numbers as the measure of success, the broken- windows-era SEC felt pressure to exceed its previous year’s enforcement actions.[12] It was an arms race as our lawyers rushed to settle a case or sprint to the courthouse — or the administrative law judge — to file the next action, especially as the SEC’s fiscal year end neared: our own version of earnings management.

The numbers did climb. In 2013, the SEC brought 686 enforcement actions with monetary sanctions of $3.4 billion.[13] Of these actions, 132 involved simple filing matters, in which a company was deregistered for being delinquent in their Commission filings.[14] Deregistering delinquent filers is important, but giving these types of matters the same weight as a complex accounting fraud in a count of enforcement actions is misleading. As former SEC Commissioner Dan Gallagher observed at this same conference five years ago, “Numbers alone don’t tell the full story of the Enforcement Division’s work, let alone put it into its proper context.”[15] Fast forward to 2016 — the final year of the SEC’s “broken windows” era. That year, the SEC brought 868 enforcement actions with monetary sanctions of $4 billion.[16] Again though, we have to delve deeper into the numbers to understand what happened. Of these 868 enforcement actions, 404 actions — 47 percent — resulted from the following: first, “follow-on” administrative proceedings seeking bars based on the outcome of Commission actions or actions by criminal authorities; second, proceedings to deregister public companies that were delinquent in their Commission filings; and third, actions brought as part of the Commission’s voluntary, self-reporting program that targeted misstatements and omissions in municipal bond offering documents.[17] Again, the goal is not to suggest that any particular matter was not important, but that the numbers do not necessarily tell much of a story on their own.

While following the “broken windows” approach, perhaps the SEC should have changed its name to the “Sanctions” and Exchange Commission, because it acted like a branch of the U.S. Attorney’s Office for the Southern District of New York. Maybe this approach is natural for a prosecutor, although in the criminal context, discretion is important too. In any event, in contrast to prosecutors, the SEC has a range of tools — some of which are easier, less disruptive, cheaper, and faster to use than enforcement — to address problems it identifies. These other tools include OCIE and various investor education and advocacy initiatives,[18] our PAUSE program,[19] guidance, and, of course, rulemaking.

An enforcement philosophy that pursues minor violations with the same vigor as it does major violations causes major problems. First, it diverts resources from high priority issues. The unsurprising result of the broken windows approach — one that aligned perfectly with our metrics of choice — was that the SEC brought a lot of enforcement actions with lots of penalties. But the end goal is better functioning markets and investor protection, and I worry that, for fear of depressing the numbers, we might have avoided important matters that would have been time-consuming to pursue.

Second, an enforcement-first approach sends the message to regulated entities and others that picking up the telephone to ask the SEC a question about how to comply is risky; why draw attention to yourself by asking a compliance question of an agency that thinks every foot fault is enforcement-worthy?

Third, a broken windows approach provides bad incentives for Commission staff. It rewards enforcement staff for the number, rather than the quality of cases. It nudges staff to recommend charging some violation — even a minor one — rather than closing an investigation without bringing an enforcement action. It encourages compliance personnel to measure themselves by the number of enforcement referrals they make.

Fourth, such an approach contributes to an unhealthy capital formation environment. Companies considering an initial public offering (“IPO”) have one more reason not to conduct an IPO. Why should companies expose themselves to a potential enforcement action based on a slight misstep in complying with the extensive public company ruleset?

Fifth, an enforcement program that insists on pursuing minor violations imposes unwarranted costs on companies and individuals. The effects of an investigation or proceeding on a private party can be devastating.[20] Boards and managers of companies under investigation are distracted from company business, and company funds go to attorneys, rather than to productive uses. For the individual under investigation, professional careers, reputations, and personal relationships can suffer.[21] As the SEC’s canons of ethics put it: “The power to investigate carries with it the power to defame and destroy.”[22] This price is too high for violations that are minor. The SEC must do its job, but we should save our enforcement program — with the great weight it carries — for violations of a sufficiently serious nature to warrant the expense to us and to those whom we pursue.

Today, the SEC, no longer measuring its success by tallying up enforcement statistics, is making a more concerted effort to bring only meaningful enforcement actions. Under the careful leadership of Chairman Jay Clayton, and our Enforcement Co-Directors Stephanie Avakian and Steven Peikin, the Commission is focusing its resources on key areas of concern, such as the protection of retail investors and cybersecurity.[23] To this end, the Commission formed a Cyber Unit and a retail strategy task force.[24] Steve and Steph — a formidable duo — take securities violations very seriously — so seriously that they are working to ensure that a misplaced focus on punishing every technical violation does not distract our attention from bigger issues.[25]

The Commission should give our enforcement staff the institutional support they need to make judicious decisions about dropping investigations that prove to be fruitless. Our goal is not to investigate for the sake of investigating, but to protect the capital markets by focusing our efforts on the enforcement actions with the biggest impact.

The Commission also should encourage staff efforts to investigate potential violations that matter to investors, even if they will not generate headlines or large penalties. A low dollar matter can have a big impact. For example, a Ponzi scheme or affinity fraud that has attracted small investments from many investors is an important case — likely more important than a large-dollar violation that occurs in the context of a transaction between two sophisticated financial institutions.

Helpful in reorienting the focus of the enforcement program has been a change in how formal orders of investigation are initiated. Today, the approval of the Enforcement Co-Directors — and not lower Enforcement senior staff, as was previously the case — is needed for a formal order request to issue subpoenas. This change is helping to bring consistency by centralizing formal order decision-making. Even starting the investigation process can have severe consequences for private parties. The responsibility for these consequences of our investigations appropriately sits on the Commission’s shoulders, so the authority for formal orders also should rest with the Commission, as it did in the past.

Another way to conserve resources for matters most in need of our enforcement attention is to work with other regulators and the criminal authorities. In deciding whether to pursue a matter, the Enforcement Division — especially now that it is freed from an excessive focus on numbers — can take into consideration whether other regulatory or criminal authorities are looking at the same conduct. If the Department of Justice, a state, a foreign authority, the Financial Industry Regulatory Authority (“FINRA”),[26] a self-regulatory organization, the Public Company Accounting Oversight Board, or another regulatory agency is addressing conduct, the SEC might step aside and apply its resources elsewhere. Sure, it might be nice to have our name on the press release, but if investors and markets are no better off for our being there, we can forgo the limelight.

As I consider enforcement matters before the Commission, one of the things I think about is whether we are using our enforcement resources wisely. Was there a meaningful violation? Is this a matter that could have been handled by OCIE or that another foreign or domestic authority is already handling? Would a rulemaking, an interpretive release, or an investor alert be a more appropriate response to an issue?

When I believe that we ought not to have spent our Enforcement Division’s time and effort on a matter, I am likely to vote against it. The Commission — which is better positioned than the staff to dispassionately consider resource allocation on a Commission-wide basis — generally is asked to weigh in only once the staff has a recommended settlement in hand or when the staff is recommending litigation. Votes at this late stage can nevertheless serve as guidance for future staff decisions.

II. Taking the High Road, Even if It Is the Hard Road

Due process considerations also play an important role in informing how I vote on enforcement recommendations. I have had the privilege of serving as an SEC Commissioner now for four months, and in that time, have focused on a number of areas in which the Commission needs to be vigilant. I want to ensure that the Commission is known for taking a vigorous, but careful enforcement approach.

The Constitution states that “[n]o person shall…. be deprived of life, liberty, or property, without due process of law.”[27] Given the power and reach of the Commission, due process is of paramount importance. The rules should be clear, so that individuals know in advance the actions that constitute violations. In enforcing the rules, the SEC should be even-handed and sensible. An unwavering commitment to due process is particularly important in light of the continued growth in the volume and complexity of the securities rulebook.[28]

Following due process principles is rarely costless, comfortable, or convenient for a regulator, but doing so speaks volumes of the agency’s integrity and helps to bolster the agency’s standing in the markets, the courts, and the minds of the American people. In short, an agency that adheres to basic principles of due process will be more effective at carrying out its mission. For this reason and because I took an oath to uphold the Constitution, due process considerations weigh heavily in my determinations about how to vote on enforcement matters.

The first issue I am watching is rulemaking by enforcement. Due process starts with telling individuals in advance what actions constitute violations of the law.[29] Enforcement is a faster and more convenient approach to establishing obligations than rulemaking given how cumbersome and time-consuming the rulemaking process is under the Administrative Procedure Act (“APA”).[30] However, the APA’s obstacles to rulemaking are intentional; before imposing a new regulatory burden, an agency must take a set of steps designed to ensure that there is a problem that needs fixing and that the agency’s solution is appropriate. As tempting as it can be, it is wrong to try to do an end run around the APA by using the enforcement process to make policy. Instead, the Enforcement Division only should bring actions based on established legal obligations.

A related issue to which I am paying attention is the degree to which our enforcement process is being used to push the bounds of our authority.[31] Congress sets the parameters within which we may operate, and we ought not to stray outside those boundaries through, for example, overly broad interpretations of “security” or extraterritorial impositions of the law. Our canons of ethics specifically caution us against exceeding “the proper limits of the law” [32] and argue for us remaining “consistent with the statutory purposes expressed by the Congress.”[33] The practice of attempting to stretch the law is a particular concern when it occurs in settled enforcement actions. Often, given the time and costs of enforcement investigations, it is easier for a private party just to settle than to litigate a matter. The private party likely is motivated by its own circumstances, rather than concern about whether the SEC is creating new legal precedent. However, the decision made by that party about whether to accede to an SEC’s proposed order can have far-reaching effects. Settlements — whether appropriately or not — become precedent for future enforcement actions and are cited within and outside the Commission as a purported basis for the state of the law. Quite simply, a settlement negotiated by someone desperate to end an investigation that is disrupting or destroying her life should not form the basis on which the law applicable to others is based.[34]

The third issue I am watching is the length of SEC investigations. It is harder for people to defend themselves against older charges, and the psychological toll of prolonged investigations can be heavy. The Commission is sometimes asked to vote on matters that involve conduct a decade or more in the past. Granted, there are many factors contributing to the age of investigations, including many factors beyond the SEC’s control. The SEC might not learn of bad conduct for years, especially if the violators are actively trying to hide it. It can take years to conduct investigations, which often involve many documents and complex facts. Also, as I previously noted, the SEC has limited resources and unlimited potential demand for those resources. At times an important investigation gets pushed to the back burner to make room so an even more pressing enforcement action can move to the front burner. Sometimes, however, Commission staff have been reluctant to close investigations because of an understandable fear of missing something or appearing to have too light of an enforcement touch.[35] Closing an investigation that does not uncover a substantial violation without bringing an enforcement action is sometimes viewed as a failure instead of the right result. In the meantime, individuals and entities under SEC investigation endure years of uncertainty. While I am pleased that thanks to the leadership of Steve and Stephanie, the Commission is making great strides at shortening the enforcement timeline, there is more progress to be made.

Another issue I am watching is how we handle attorney-client privilege, a key protection in our legal system.[36] Encouraging people to seek the advice of an attorney helps to foster understanding of and compliance with the law. The protection of attorney-client privilege makes our investigations harder. It is, therefore, tempting to reward private parties for waiving the privilege. Nevertheless, the SEC should not request, encourage, or incentivize people to waive privilege. The Seaboard Report[37] should never be viewed as a basis for rewarding companies with cooperation credit for waiving privilege, because allowing a permissive approach to waiver is essentially the same thing as waiver becoming mandatory in practice.[38] Concerns about how we have handled privilege can affect my votes on enforcement matters.

These are some of the process issues to which I pay attention. More generally, it is important that we ensure that the parties against whom we are bringing enforcement actions have had a full and fair opportunity to present their side of the story. In this vein, it is helpful to read the Wells submissions and white papers that parties in enforcement actions generally have the opportunity to submit.

III. Ensuring That Our Enforcement Program Does Not Cause Harm

Another consideration underlying some of my no votes is whether our enforcement action will have unintended consequences. Choices about which remedies to impose or which individuals to pursue can have ramifications that the Commission needs to take into account.

For example, the Commission must take great care in imposing liability on chief compliance officers (“CCOs”).[39] CCOs advocate for compliance at registered entities. They implement and update compliance programs. They monitor for violations. We need to empower them, not dissuade them from taking the jobs in the first place. It is all too easy for a firm that has not taken compliance seriously to attempt to lay blame at the feet of a CCO who was trying her best to get the firm to pay attention to compliance. I am willing to hold CCOs who are bad actors accountable; the mere fact that a fraudster wears a CCO badge does not get her off the hook. However, it is not the job of the SEC to second-guess the good faith decisions of CCOs. Otherwise, who will want to serve in these jobs? We want firms to hire good CCOs.

Civil penalties against corporations are another area of concern and a reason that I have voted against some enforcement recommendations. I can best explain my concerns on this issue by telling you a quick story, which as you can guess, has happened many times in real life. In our story, employees of a U.S. publicly-listed company commit accounting fraud. At first, the fraud goes undetected and raises the company’s share price, but then, the fraud is exposed and the share price tumbles down. The SEC opens an investigation. The SEC charges the company, but the responsible individuals at the company are not charged, because the evidence is difficult to marshal in support of individual liability. The investigation leads instead to a recommendation that the SEC enter into a settlement with the company, which will pay a hefty corporate penalty. Of course, the company’s shareholders are the ones who will actually pay the penalty. After being the victims of the fraud that has led to an SEC investigation, shareholders are now paying a corporate penalty to resolve the matter.[40] The responsible individuals have twice forced the shareholders to pay for their wrongdoing. The SEC needs to be extremely careful in how and when it imposes corporate penalties to avoid making an already bad situation worse for shareholders.

IV. Conclusion

Thank you for the opportunity to speak with you today. I hope I have given you some insights into how I approach the enforcement issues that come before me. My active engagement on enforcement matters reflects my commitment to a strong, properly focused enforcement program. Having heard from Joe Brenner this morning, you have a window into the high caliber of our enforcement staff. I would like to recognize their hard work on this last day of Public Service Recognition Week. I hope that you have a productive and enjoyable time while in Denver. In the remaining time we have during our lunch, I am happy to answer any questions from the audience.