Thank you, Jeff [Boujoukos], for that kind introduction. I am pleased to have the opportunity to speak with the SEC’s federal and state partners in my home town of Philadelphia. Thank you to the Philadelphia Regional Office for organizing this terrific event.[1]

Before I start, let me remind you that the views I express today are my own and do not necessarily reflect the views of my fellow Commissioners or the SEC staff.

Today I will focus on recent legal decisions impacting our enforcement efforts, and how the thoughtful and responsible use and collection of data from market participants can strengthen our enforcement and examination functions to benefit Main Street investors.

I would also like to highlight the SEC’s important relationships with you—our state and federal partners. I have previously identified regulatory coordination as a core principle to guide the work of the SEC.[2] Close regulatory coordination is particularly important to protect our Main Street investors. Many of you are the first calls Main Street investors will make when they have been harmed by unscrupulous actors. And you, our state and federal partners, may be one of the first calls we at the SEC make when identifying areas of risk for retail investors.

I am pleased to mention just a few of the successes resulting from close coordination between the Philadelphia Regional Office (PLRO) and our partners here today.

• PLRO worked with the U.S. Attorney’s Office in Maryland in a case involving an alleged Ponzi scheme that raised over $345 million from more than 230 investors across the country. The defendants allegedly misappropriated investor funds to purchase luxury cars, homes, and jewelry, among other things, and to make Ponzi-like payments to earlier investors to maintain the scheme.[3]
• PLRO worked with the U.S. Attorney’s Office in the Eastern District of Pennsylvania in an alleged insider trading case involving a former linebacker for the Philadelphia Eagles, and a former investment banker.[4]
• PLRO also worked with the U.S. Attorney’s Office for the District of New Jersey in charging dozens of defendants for allegedly taking part in a scheme to profit from stolen nonpublic information about corporate earnings announcements. The SEC moved quickly to seize funds and ultimately recovered over $50 million.[5]
• PLRO partnered with FINRA and the Pennsylvania Department of Banking and Securities for a well-attended senior outreach event last year in Chester County, Pennsylvania and will be holding a similar event next week in Montgomery County.

I hope we can continue to work with our state partners on investor education and outreach. More specifically, I hope we can work with our state partners in helping our nation’s teachers, veterans, and active duty military make informed financial decisions and keep their investments safe. Yesterday, the SEC announced the formation of two new initiatives aimed at protecting teachers, active duty military, and veterans.[6] I have spoken in depth with Michael Pieciak, President of the North American Securities Administrators Association (NASAA), about coordinating our efforts in these areas to maximum effect. Closer to home, I note that our Philadelphia Regional Office has a robust outreach program that has focused on our service members. I am certain they would be pleased to partner with local regulators on this new initiative.

Recent Legal Developments

Now let me turn to recent legal developments affecting the SEC.

In the past few years, there have been significant new court decisions relating to the SEC’s work. As we assess the long-term impact of these decisions, our Division of Enforcement will continue to diligently pursue cases to advance our mission and ensure that we are focused on the interests of our long-term Main Street investors.[7]

Kokesh v. SEC

Protecting retail investors is a multifaceted effort and includes putting money back in their pockets when they are harmed by violations of the federal securities laws. In the 2017 and 2018 fiscal years, the SEC returned over $1.8 billion to harmed investors. We remain committed to this important part of our work.

The recent Supreme Court decision in Kokesh v. SEC, however, has impacted our ability to return funds fraudulently taken from our Main Street investors.[8] In Kokesh, the SEC brought an enforcement action in late 2009, based on a fraud that began in the 1990s and continued until 2009. The defendant argued that the Commission was time-barred from seeking disgorgement, because the fraud began outside the five-year period under 18 U.S.C. § 2462. The Supreme Court held that our use of the disgorgement remedy was penal in nature (rather than equitable) and as such was subject to the five-year limitations period applicable to penalties.

The impact of the Kokesh decision was immediate. In that particular case, only about $5 million out of the $35 million sought in disgorgement fell within the five-year period.[9] The Division of Enforcement estimates that, for Fiscal Year (FY) 2018, the Court’s ruling in Kokesh may cause the Commission to forgo up to approximately $900 million in disgorgement in filed cases, of which a substantial amount potentially could have been returned to retail investors.

Of course, statutes of limitation serve many important functions in our legal system, and penalties should have limitations periods that are reasonable and reflect practical realities. Civil and criminal authorities should do everything in their power to bring appropriate actions swiftly.

But I am troubled by the substantial amount of losses that we may not be able to recover for retail investors as a result of Ponzi schemes and similar long-running, well-concealed frauds that are perpetrated by smooth talking “investment professionals.” I have testified to Congress about the impact of Kokesh on Main Street investors and welcome the opportunity to work with Congress to address this gap in investor protection.[10]

Lucia v. SEC

Lucia v. SEC was a constitutional challenge to the Administrative Law Judges (ALJs) in our administrative proceedings.[11] In short, the Supreme Court held that the SEC’s ALJs had not been appointed in a manner consistent with the Constitution. After Lucia, approximately 200 administrative proceedings had to be reassigned to new ALJs. Many of those proceedings have now been substantially resolved, but the remaining reassigned administrative proceedings may require substantial litigation resources going forward.[12] Thanks to the skilled work and dedication of our Enforcement staff, and the Office of General Counsel, this was a speed bump, not a long-term issue.

One additional thought on administrative proceedings. The SEC has the flexibility to bring many of its contested actions in district court or through administrative proceedings. As Chairman, I am committed to using the administrative process only for the cases that are most appropriate for that forum.

The Robare Group, Ltd. v. SEC

Last month, the D.C. Circuit issued an opinion involving misstatement liability for investment advisers. In The Robare Group, Ltd. et al. v. SEC,[13] the D.C. Circuit held that an investment adviser does not “willfully” omit material facts under Section 207 of the Investment Advisers Act if the adviser acted negligently. It is important to note that the Robare decision did not disturb the decades-old standard that has been adopted by most courts of appeals—that a willful violation of the securities laws means that the person intentionally committed the act that constitutes the violation, with no requirement that the person also be aware that they are violating the law. Nevertheless, the Robare decision requires us to carefully consider the appropriate standard for future Investment Advisers Act cases in light of the specific language found in Section 207 of the Act.

Lorenzo v. SEC

I want to end this discussion on a high note—the SEC’s victory in Lorenzo v. SEC.[14] In Lorenzo, the Court affirmed the SEC’s long-held position that a person could be liable under the anti-fraud provisions for the knowing dissemination of false or misleading statements, even if he or she did not make the statements. Lorenzo reinforces the SEC’s continued ability to bring charges against those involved in the dissemination of misstatements. This decision will help us to ensure that those who engage in deceptive conduct—particularly in private placements and schemes involving offshore actors—are held appropriately liable.

Despite some of the challenges I mentioned earlier, the Division of Enforcement—headed by Co-Directors Stephanie Avakian and Steve Peikin—have continued to achieve results. As described in the Enforcement Division’s FY 2018 report, Enforcement measures its success by asking themselves tough questions:

• “Are we deterring future harm by bringing meaningful cases that send clear and important messages to market participants?”
• “Are we protecting investors and markets by holding individuals accountable for wrongdoing and removing bad actors from the securities markets?”
• “Are we stripping wrongdoers of their ill-gotten gains and returning money to victims?”
• “Are we acting quickly to stop frauds, prevent future losses, and return ill-gotten gains to harmed investors?”[15]

This new legal landscape may frame some of our decision-making in pursuing new enforcement actions, but under Stephanie and Steve’s leadership, the answers to each of these questions will continue to be a resounding “Yes.”

The Use of Data Analytics to Support the SEC’s Mission

In addition to certain of the legal constraints I have discussed, the SEC faces operational constraints as well. For example, we were, until very recently, subject to an agency-wide hiring freeze. And this year’s government shutdown significantly affected our ability to continue non-emergency examinations and enforcement actions, among other areas.

These challenges, which we have faced head on with our eyes wide open, make our data analytics work more important than ever. Data analytics can help us use our existing resources more efficiently and effectively. I would like to highlight some specific issues around data collection and analytics that support our efforts to protect our markets and our Main Street investors.

Before I begin, however, I want to emphasize that at the SEC, our people—our human capital—are our most important resource. To be effective, data analytics needs smart people to support and advance the work of our experienced and dedicated staff.

As a threshold matter, it is important to note that data collection is not an end to itself, and the SEC must not be in the business of ill-defined and indefinite data warehousing. To remain a trusted, respected, and effective regulator, we must be mindful of the volume of data we collect, and its sensitive nature, and be principled and responsible users of data.

Office of Compliance Inspection and Examinations

The Office of Compliance Inspections and Examinations (OCIE), led by Pete Driscoll, conducts the National Examination Program—one of many examples in which the SEC has focused on doing more with our available resources.

OCIE completed over 3,150 examinations in FY 2018, a 10 percent increase over FY 2017.[16] The size of the securities industry precludes a comprehensive examination of each registrant by SEC examination staff each and every year. OCIE has made it a priority to channel its limited resources by implementing a risk-based strategy across the entire examination program. Data analytics is an increasingly important part of OCIE’s risk-based program, and OCIE has developed proprietary tools for analyzing data in support of the program:

• For example, OCIE’s National Exam Analytics Tool (or NEAT) allows examiners to collect and analyze large datasets of trading records to identify potentially problematic activity and better understand a firm’s business during examinations. NEAT initially focused on analysis of investment adviser trading records, but it was subsequently expanded to provide analysis of broker-dealer trading records and anti-money laundering (AML) practices.
• OCIE has also developed HAL—the High-Frequency Analytics Lab—to enhance the SEC’s capabilities in examinations and oversight of market microstructure including high-frequency trading. HAL produces reports on SEC registrant and market behavior at relevant time resolutions down to microseconds. These reports help to identify registrants engaging in potentially unfair market practices, and to shed light on major market events.

Division of Enforcement

The Division of Enforcement uses a number of tools to identify suspicious trading and abuses perpetrated on retail investors by financial professionals. In one recent case, we charged an investment banker with misusing his access to confidential information. This is a good example of the SEC’s use of trading pattern recognition (trading in front of deals advised by a single investment bank) to uncover a scheme.[17] This year, we also charged nine defendants—including a Ukrainian hacker—for their alleged roles in a scheme to hack into the SEC’s EDGAR system and extract nonpublic information for use in illegal trading. This case required careful analysis of trading in the window between when the material nonpublic information was extracted and when it was disseminated to the public.[18]

SEC staff also trace digital asset transactions on the blockchain. This tracing has been critical to several actions, including two cases in which the Commission obtained preliminary injunctions to stop alleged frauds.[19]

Another example of the Enforcement’s use of data analytics is the establishment of the Retail Strategy Task Force (Task Force).[20] The Task Force, headed by Charu Chandrasekhar who is here with us today, has two primary objectives: (1) to develop data-driven, analytical strategies for identifying practices in the securities markets that harm retail investors and generating enforcement matters in these areas; and (2) to collaborate within and beyond the SEC on retail investor advocacy and outreach. Although it has been in operation for less than two years, the Task Force has already undertaken a number of lead-generation initiatives built on the use of data analytics.

A final example of Enforcement’s use of data analytics is the ATLAS initiative, developed in the Philadelphia Regional Office by OCIE working with the Division of Enforcement. ATLAS is an example of how the Commission’s employees are collaborating to develop efficient and effective tools to identify misconduct in our markets. ATLAS allows our staff to harness multiple streams of data, including blue sheets, pricing, and public announcements. Typical use cases of ATLAS include:

• evaluating activity prior to a particular equity event for possible insider trading;
• researching historical securities prices for litigation; and
• assessing an entire blotter for serial insider trading.

The ATLAS team recently used advanced data analysis technology to identify firms that failed in their obligation to submit accurate blue sheet data to the SEC. ATLAS-generated leads led to the identification of over 80 million erroneous reports by three firms resulting in civil enforcement actions assessing over $6 million in penalties. ATLAS has also generated many other promising leads using sophisticated artificial intelligence software.

The Importance of Responsible Collection and Safeguarding of Data

These are just a few examples of how the SEC is successfully leveraging data analytics. But, as I mentioned earlier, it is very important to recognize the great responsibility we have with respect to the data entrusted to us by our registrants and the public. I would like to illustrate my approach to this issue by describing a few of our recent challenges.

One ongoing data analytics project highlights the complexities of handling sensitive data. When completed by the self-regulatory organizations (SROs), the Consolidated Audit Trail (CAT) will provide a single, comprehensive database enabling regulators to more efficiently and thoroughly track all trading activity in equities and options throughout the U.S. markets. However, given the nature of the data stored in the CAT, there have been substantial, and serious, concerns about the protection of investors’ personally identifiable information (PII). In order to reduce the PII footprint in the CAT, we support eliminating the requirement to maintain social security numbers in the CAT while still allowing regulators to track the activity of a single individual trading in multiple markets across multiple broker-dealers. We continue to monitor the SROs’ progress in this area. These are important issues. For that reason, I am pleased that Manisha Kimmel has recently joined the SEC to coordinate the SEC’s oversight of the SROs’ creation and implementation of the CAT, including with respect to the issues around PII and cybersecurity.[21]

We are also working to strengthen security safeguards on our systems. A few months after my arrival at the Commission, I learned about an intrusion into the SEC’s EDGAR system that occurred in 2016. As a result of this intrusion, we initiated a number of different work streams to look at, among other things, the areas where we could make enhancements. We have made progress to address these issues but work remains, and, to be sure, we are faced with the reality that no system can be 100 percent safe from a cyber intrusion.[22] We are fortunate, though, to be aided in our efforts by the addition of two key officials. We now have a Chief Risk Officer who helps coordinate our risk management efforts across the agency.[23] In addition, I have added a Senior Advisor for Cybersecurity Policy to my staff. [24]

We hope that our state and federal partners can benefit from our experiences in particular when thinking about your own data security. Every agency in this room is undoubtedly a target of cyber attacks. We must all devote substantial resources and attention to cybersecurity, including the protection of PII.

One area in which we can collaborate with you on data security is when we share with you, our state and federal partners, nonpublic information that we have collected.[25] For example, as part of any data sharing arrangement, we should ask:

• Are best efforts being used to safeguard the data?
• Have we carefully considered the extent to which PII is needed or whether a more tailored, narrow set of information could suffice?
• Are there safeguards in place to protect the confidentiality of the information?
• How can we work together if there is an unauthorized disclosure?

We look forward to working with you on these important data security issues.

Thank you all for coming here today and for your collaborative work on behalf of our markets and Main Street investors.

ENDNOTES