Crown image Columbia Law School

SEC Commissioner Talks Old Law and New Frontiers at RegTech Summit

Questions of FinTech and RegTech have been paramount in my mind and, I think it is safe to say, the minds of my fellow Commissioners in recent months.[1]

Old Fields and New Corn

On the paneled walls of the rare books room of Harvard Law School’s library are painted the words, “Out of the ould fields must spring and grow the new Corne.”[2] A paraphrase from a lesser-known work of Chaucer,[3] the line reminds us that even dusty old fields may yield new corn—or “grain,” as we would say today. Chaucer expresses something very civilized here. Deprived of the nutrients drawn from the old field, new corn will wilt away. Without giving life to new corn, an old field remains a fallow patch of barren land.[4]

There are echoes of Chaucer in many areas of our life and history. Consider, for example, the Renaissance man’s contemplation of the masterpieces of antiquity. For all their innovation, Michelangelo’s greatest works owe a debt to the great sculptors of Greece and Rome. Newton famously expressed the humility of scientific progress when he remarked that “if I have seen further, it is by standing on the shoulders of giants.” Old fields and new corn are central to the 17th-century querelle des Anciens et des Modernes at the Académie française, the debates of Edmund Burke and Thomas Paine, the works of Matthew Arnold and Allan Bloom, and the contemporary political, legal, and cultural struggles of progressives and conservatives. The interplay of old fields and new corn is perhaps nowhere more apparent than in the development of the Common Law. Indeed, Harvard decorated its law library with this quotation from Chaucer because of its pedagogical value for lawyers-in-training: Dusty precedents have something important to teach us about new and evolving circumstances, even when such circumstances go far beyond the wildest dreams of our predecessors.

A case in point arises in our field of securities law. The Commission’s Division of Enforcement issued a report this past summer on the subject of the application of the federal securities laws to “decentralized autonomous organizations,” commonly known as the “DAO Report.”[5] The DAO Report described a virtual organization, embodied entirely in computer code and whose transactions were executed on a “distributed ledger,” or “blockchain.” The organization sold certain “tokens” to investors in exchange for hard assets, which assets were intended to be used to fund certain joint “projects.” Token holders would share in the anticipated earnings of these projects and would also have the ability to trade their tokens on a “web-based secondary market platform.” After the initial sale and distribution of the DAO tokens, however, approximately one-third were stolen by hackers, provoking the Commission’s enforcement staff to take a closer look.[6]

Those of you reading this speech on the Commission’s website will notice a number of words in the preceding paragraph are surrounded with quotation marks. I’m sure those of you in the room could hear me struggle to enunciate all those recently introduced buzzwords: “decentralized autonomous organizations,” “distributed ledgers,” “blockchains,” “tokens,” “web-based platforms.” Several of these terms would have been indecipherable when I started my term as Commissioner just four short years ago, let alone in 1934, when the Commission was established, in the era of Joseph Kennedy and Ferdinand Pecora.

What, if anything, can statutes, regulations, and precedents issued decades ago teach us about the new frontiers of FinTech and RegTech? Quite a lot, it turns out. Undeterred by technological jargon, our Enforcement Division concluded—quite rightly, in my judgment—that the fundamental principles of our federal securities laws apply equally to the “new paradigm” of “virtual organizations or capital raising entities that use distributed ledger or blockchain technology to facilitate capital raising and/or investment and the related offer and sale of securities.”[7] In so doing, the DAO Report relied heavily on the famous 1946 Supreme Court precedent of SEC v. W.J. Howey Co.,[8] which—believe it or not—dealt with the offer and sale to investors of units of a citrus grove development in Florida. Old fields, indeed! Why should this surprise us? After all, any first-year student of property law—or any economist who has worked with lawyers for an extended period of time—can trace the development of the rule of capture from the late-18th– and early 19thcentury foxhunters of Pierson v. Post,[9] to the harpoons of Nantucket whalers of the 19th-century,[10] to wildcatters drilling for oil and natural gas in the 20th century,[11] to baseball fans catching a Barry Bonds homer in the 21st-century.[12] Why shouldn’t we expect our own sturdy federal securities law precedents of eighty-five years’ vintage to help us confront new technologies?

From Geoffrey Chaucer to our very own SEC Chairman, Jay Clayton:

A change in the structure of a securities offering does not change the fundamental point that when a security is being offered, our securities laws must be followed. Said another way, replacing a traditional corporate interest recorded in a central ledger with an enterprise interest recorded through a blockchain entry on a distributed ledger may change the form of the transaction, but it does not change the substance.[13]

Chairman Clayton is correct: We must not elevate form over substance. As regulators, we should have confidence that our precedents provide an analytical framework within which to assess new technologies. To be sure, common law-style reasoning is not a license to contort our precedents to cover any conceivable situation. In fact, on occasion new regulatory action may be justified to address changes in our markets. But hastily promulgating new rules whenever we are confronted with new facts is the very definition of imprudence. Sometimes, the collected wisdom of the past helps us to recognize that “there is no new thing under the sun.”[14]

Fertilizing the Old Fields

To extend Chaucer’s metaphor, sometimes the old fields must be fertilized by regulators in order to maximize their fruitfulness.

“RegTech” remains a somewhat ill-defined term. Hudson [Hollister] just mentioned that it is a “buzzword,” and Craig [Clay] said it “lacks context.” In part, RegTech covers the use of technology by regulators to fulfill their duties in a more thorough and efficient manner, as is the case when our Market Abuse Unit Analysis and Detection Center deploys technological tools to detect insider trading and market manipulation activities. One such tool is our Advanced Relational Trading Enforcement Metric Investigation System, or “ARTEMIS,” which was designed by the Commission’s staff to combine historical trading and account holder data with other data sources to enable longitudinal, multi-issuer, and multi-trader data analyses.

In part, RegTech also refers to the use of technology by regulated entities to streamline their compliance efforts and reduce legal and regulatory costs. For instance, some have suggested that using blockchain technology and artificial intelligence tools would allow the easy and secure transferal of critical regulatory data to multiple federal agencies.

Most importantly, the term covers collaboration between private and public actors to take advantage of existing technologies to make everyone’s lives easier.

A case in point is the use of “eXtensible Business Reporting Language,” or “XBRL,” data in regulatory filings. I know that XBRL reporting is near and dear to the hearts of many in attendance today, and we have Hudson [Hollister] and the Data Coalition to thank for their many efforts in this regard. For those of you less familiar, in 2009, the Commission adopted requirements that certain financial statement and risk/return summary information be submitted in this structured, electronic format. Operating companies are required to submit financial statements in XBRL as exhibits and to post these exhibits on their websites. Similarly, mutual funds are required to submit XBRL exhibits containing risk/return summary information from registration statements and prospectuses and to post these XBRL exhibits on their websites. The 2009 XBRL requirements were intended to improve the usefulness of financial statement and risk/return summary information to investors, analysts, third-party information providers, filers, the Commission staff, and other data users. In general, information standards like XBRL allow machine reading of data and enhance the reusability, quality, and timeliness of information processing for producers and consumers of information, as well as regulators.

The Commission makes a number of data sets extracted from XBRL filings available to the public on our website, updated on a quarterly basis.[15] Detailed text and numeric information from all corporate financial reports filed with the Commission since the first quarter of 2009 is available for download. Detailed text and numeric information from the risk/return summary section of all mutual fund prospectuses since the fourth quarter of 2010 is also available for download. Since 2016, we have made crowdfunding offering data sets available, extracting information from XML-based filings such as offering statements, updates, annual reports, and terminations.

When I served as Acting Chairman of the Commission in early 2017, I was very pleased to have the opportunity to vote with my fellow Commissioner, Kara Stein, to introduce proposed rules to require the use of inline XBRL for certain financial statement information and mutual fund risk/return summary information.[16] As I stated at the time, almost exactly one year ago today:

[S]tructuring financial disclosures so that they are machine readable facilitates easier and faster analysis that can improve investor decision-making. Structuring financial information can also assist in automating regulatory filings and business information processing. In particular, by tagging the numeric and narrative-based disclosure elements of financial statements and risk/return summaries in XBRL, those disclosure items are standardized and can be immediately processed by software for analysis. This standardization allows for aggregation, comparison, and large-scale statistical analysis that is less costly and more timely for data users than if the information were reported in an unstructured format.[17]

The direct benefits of XBRL to issuers, fund complexes, investors, and regulators are clear. In addition, there are benefits to third parties, such as academics, who now regularly rely on the structured data format in preparing scholarly studies of our financial markets and disclosure regimes. In turn, these scholarly studies provide more information to help market participants, investors, and regulators make better decisions.

The very same day, Commissioner Stein and I were also delighted to adopt new rules requiring registrants to include an HTML hyperlink to each exhibit listed in the exhibit index of certain filings.[18] I realize that this change may seem minor, even trivial, but you would be amazed at how many people—political appointees, civil servants, securities lawyers, compliance professionals, investors—approached me last year to extend their thanks for this rulemaking. As I noted at the time, “for any person using the internet, it is nearly unthinkable for a web page to indicate that more information is available and not to include a hyperlink to such information.”[19] Yet that was precisely how our critically important Electronic Data Gathering, Analysis, and Retrieval or “EDGAR” system functioned as of 2017. I would encourage both my colleagues at the Commission and our friends in the private sector to think carefully about other changes we might make in this vein. Surely there are other areas, like HTML, where we can enhance the effectiveness of our disclosure system at minimal, or even reduced, cost.

Sowing the Seeds of a RegTech Harvest

As we leave winter behind, it’s time for us to consider what to sow in RegTech and what we hope to reap in due course. I’d like to survey a few of those items here today.

One RegTech item that has been in the news in the past year is the Commission’s very own EDGAR system. I like to think of EDGAR as part of the Commission’s hipster culture: quaint, retro, and RegTech before it was cool. Those of you old enough to recall the pre-EDGAR days may remember trips to the Commission’s “Reading Room” to review paper filings or to your local law library to review microfilm or microfiche images. By making filings truly accessible to the whole Internet-wired world, EDGAR greatly enhanced and democratized the power of our disclosure-based regulatory system. The Commission is currently engaged in an EDGAR Redesign Program, a multi-year cross-Commission initiative to develop and deliver a “next-generation” electronic disclosure system.

Another area where the Commission has been at the forefront of RegTech is equity market structure. Specifically, in 2013, the Commission introduced the Market Information Data Analytics System or “MIDAS” system to analyze “big data” generated by our equity markets.[20] Every day, MIDAS collects and processes about 4 billion records from the proprietary feeds of the national equity exchanges and the consolidated tape. MIDAS time-stamps every one of the messages it tracks with microsecond granularity. This system allows our Division of Trading and Markets to monitor market behavior, understand market events, and test hypotheses about the equity markets with a high level of precision. In addition to the Commission’s internal use of MIDAS, we have made a number of data series freely available to the public on an analytical platform that supports powerful research tools such as Python and Jupyter Notebook. Data scientists and economists can harvest MIDAS data particular to their area of interest and conduct their own analyses. The hope is that these empirical findings will be shared with the Commission, thereby increasing the bounty of insight we are able to reap about our equity markets.[21]

Of course, I cannot discuss data aggregation in the equity markets without also mentioning ongoing efforts related to the Consolidated Audit Trail or “CAT.”[22] When completed, the CAT will provide a comprehensive consolidated audit trail of all activity throughout U.S. markets in National Market System securities, from order inception through routing, cancellation, modification, and execution. From a regulatory perspective, the CAT will represent a major advancement in the ability of the Commission and the national securities exchanges and FINRA to surveil the markets and protect investors. Not surprisingly, as a technological matter the CAT is exceedingly complex. Despite the many years spent on this project thus far, challenges remain across many areas, from the creation of the system itself to the protection of any personally identifiable information that will be contained within that system. Unfortunately, there are no easy answers for how to best address these challenges. I encourage the self-regulatory organizations working to develop the CAT to persevere in their efforts and I appreciate the time, attention, and expertise they have invested in the system thus far.

One area of RegTech where we continue to sow and reap tangible rewards is in the technological capabilities of our Division of Enforcement. I previously mentioned the use of RegTech by our Division of Enforcement through technologies such as ARTEMIS. But that system is just one of many advanced technologies, both internally developed and in partnerships with the private sector, that we are deploying in our efforts to root out fraud in the securities markets and protect investors. These investments in cutting-edge data analytics are allowing our enforcement staff to be more efficient in their investigations and more aggressive in uncovering fraud in hard to detect areas.

The relatively short time between sowing and harvesting in the enforcement context should not prevent us from investing time and effort in RegTech and FinTech that may take years to fully develop. Let us not forget that EDGAR, the centerpiece of the SEC’s online presence today, was actually created before widespread adoption of the Internet. In a similar way, we may find that current efforts to understand and accommodate advancements in technology could pay untold dividends in the future. There are many exciting potential uses for distributed ledger and other technologies, from streamlined regulatory reporting, to more efficient trading, and lower cost capital formation. Each of these potential solutions will require an openness to change at the Commission and a willingness to engage with market participants. I am encouraged by the way the Commission’s staff in particular has shown an eagerness to meet these challenges head on, and I hope that we will continue to foster innovation while at the same time ensuring compliance with our rules and regulations.

Although I am excited about the potential for RegTech and FinTech I cannot end this discussion without admitting that they also give me a certain level of trepidation. With each technological advancement that occurs, the Commission must confront a new opportunity for cyber threats to develop. These threats are just as pressing for the latest evolution in technology as they are for our legacy EDGAR system. As you are aware, in August 2017, the Commission learned for the first time that an incident that occurred in 2016 may have provided the basis for illicit gain through trading.[23] Under the direction of Chairman Clayton, the Commission staff took swift action to patch the security breach, and its investigation of the matter remains ongoing in coordination with the appropriate authorities. Because he is too modest to claim the credit himself, allow me to boast a little about Chairman Clayton’s role in this area, as he has been an unsung hero on the cybersecurity front. Not only has Chairman Clayton’s continuous and intense focus on cybersecurity since his first days in office contributed greatly to improving risk management practices across our financial markets, he is also intent on improving the Commission’s own risk management culture. I’m sure that I speak for all of my fellow Commissioners when I applaud him for his efforts in this regard.[24]

Conclusion

Thank you very much for your kind attention. It has been a great pleasure addressing the inaugural RegTech Data Summit, which I hope grows into a new tradition. I also believe that this is the perfect time to be engaging in these discussions. Rapid advancements in technology are occurring at the same time that there is a renewed focus by this administration on capital formation and the competitiveness of our economy. Senior officials in the White House, Treasury, and the financial regulatory agencies, including the Commission, understand the potential for technological developments to improve our markets, grow our economy, and create jobs. Years from now, may we look back at this event as sowing the seeds in an old field of good soil and bearing much fruit.

ENDNOTES

[1] The views I express today are my own and do not necessarily reflect those of the Commission or my fellow Commissioners.

[2] See Charles Donahue, The Harvard Law School Shield: Royall, Chaucer, and Coke (Mar. 3, 2018, 9:39 AM), https://exhibits.law.harvard.edu/harvard-law-school-shield-royall-chaucer-and-coke .

[3] See Geoffrey Chaucer, The Parlament of Foules (T.R. Lounsbury ed., Ginn, Heath, & Co., 1883) (ca. 1382) (“For out of olde feldys, as men sey, / Comyth al this newe corn from yer to yere; / And out of olde bokis, in good fey, / Comyth al this newe science that men lere.”).

[4] Chaucer frequently linked cultivation to procreation. See, e.g., Geoffrey Chaucer, The Reeve’s Tale (“I tell you, by St James, / Three times the neet, from midnight into morn, / The miller’s daughter helped me grind my corn. . . .”).

[5] Division of Enforcement, Securities and Exchange Commission, Release No. 81207, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: The DAO (July 25, 2017), https://www.sec.gov/litigation/investreport/34-81207.pdf.

[6] See id., at 1.

[7] Id., at 2.

[8] 328 U.S. 293 (1946).

[9] 3 Cai. R. 175 (1805).

[10] See, e.g., Ghen v. Rich, 8 F. 159 (D. Mass. 1881).

[11] See, e.g., Elliff v. Texon Drilling Co., 210 S.W.2d 558 (Tex. 1948).

[12] Popov v. Hayashi, WL 31833731 (Cal. Sup. Ct. 2002).

[13] Chairman Jay Clayton, Securities and Exchange Commission, Statement on Cryptocurrencies and Initial Coin Offerings (December 11, 2017), https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11.

[14] Ecclesiastes 1:9.

[15] See DERA Data Library (Mar. 5, 2018, 3:35 PM), https://www.sec.gov/dera/data.

[16] Inline XBRL Filing of Tagged Data, 82 Fed. Reg. 14,282 (Mar. 17, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-03-17/pdf/2017-04366.pdf.

[17] Michael S. Piwowar, Opening Statement on Inline XBRL Filing of Tagged Data (Mar. 1, 2017), https://www.sec.gov/news/statement/opening-statement-on-inline-xbrl-filing-of-tagged-data.html.

[18] Exhibit Hyperlinks and HTML Format, 82 Fed. Reg. 14,130 (Mar. 17, 2017), https://www.gpo.gov/fdsys/pkg/FR-2017-03-17/pdf/2017-04365.pdf.

[19] Michael S. Piwowar, Opening Statement on Hyperlinks and HTML Adopting Release (Mar. 1, 2017), https://www.sec.gov/news/statement/opening-statement-on-hyperlinks-and-html-adopting-release.html.

[20] Division of Trading and Markets, Securities and Exchange Commission, MIDAS Market Information Data Analytics System, https://www.sec.gov/marketstructure/midas.html#.Wp2L_mrwapo.

[21] Michael S. Piwowar, Remarks at the University of Notre Dame, Mendoza College of Business, Center for the Study of Financial Regulation (March 13, 2015), https://www.sec.gov/news/speech/remarks-at-university-of-notre-dame.html.

[22] Division of Trading and Markets, Securities and Exchange Commission, Rule 613 (Consolidated Audit Trail), https://www.sec.gov/divisions/marketreg/rule613-info.htm.

[23] Jay Clayton, Statement on Cybersecurity (Sept. 20, 2017), https://www.sec.gov/news/public-statement/statement-clayton-2017-09-20; see also Michael S. Piwowar, Statement on Cybersecurity (Sept. 20, 2017), https://www.sec.gov/news/public-statement/statement-piwowar-2017-09-20.

[24] See, e.g., Kara M. Stein, ‘Mutualism: Reimagining the Role of Shareholders in Modern Corporate Governance’ Remarks at Stanford University (Feb. 13, 2018), https://www.sec.gov/news/speech/speech-stein-021318.

This post is based on remarks delivered by Michael S. Piwowar, a commissioner of the U.S. Securities and Exchange Commission, on March 7, 2018, in Washington, D.C., at the 2018 RegTech Data Summit. A copy of the remarks is available here.