INTRODUCTION

Good Morning.  Thank you for the kind introduction and the opportunity to be with you, virtually, this year at SEC Speaks.  It is my sincere hope that we will be able to meet in person soon.  Expressing my personal wishes always reminds me that I should issue the standard disclaimer that the views I share are my own and do not necessarily reflect those of the Securities and Exchange Commission, my fellow Commissioners, or members of the staff.

Before I get into the main topic of my remarks today, I wanted to take a few minutes to discuss something that has been top of mind for me these past several months.  This year may go down in our lifetimes as one of the most difficult and trying years.  To name just a few things, we have a pandemic, fires, floods, social unrest, economic uncertainty, heightened distrust in government, and for many—if not most—personal challenges and losses.  What makes matters worse is that we cannot convene in person and collectively engage and learn from each other as we were able to just a few months ago.  

The new distance between us all has also heightened the sadness we felt when we lost colleagues.  In that vein, I want to acknowledge that the Commission has lost many close members of our community this year, including some who were serving at the Commission as well as several incredible alumni.  I mention this because I wish to recognize their important contributions to the agency and to the investing public.  We will continue to think of them and benefit from their contributions for years to come.

THE TIMES THAT BIND

In this year of discord and social distance, what has impressed me the most is how well this agency has continued to do its job—and do it well.  The staff of the SEC adapted to the changing circumstances in the markets, the world, and their lives all in real time.  Countless staff worked around the clock during the market turbulence earlier this year and coordinated closely with fellow regulators to ensure that markets could function and relief was granted when necessary.  They continued to examine registrants, bring cases, write rules, convene panels, and educate the public.  In short, they ensured that we were able to carry out our mission. 

During these times, I heard many colleagues talk about how fortunate they felt to work at a place that does such important and good work.  I feel the same way.  This common connection and purpose has been a balm during much of these past few months, and it motivates me every day. 

Today, I will focus my remarks on a topic that brings together so many of my SEC colleagues: enforcement of the securities laws and regulations.  As you probably know, each week, the Commission gathers in closed session, where we are presented with recommendations from staff in the agency’s Division of Enforcement (“Enforcement”).  Generally, Enforcement recommends that the Commission institute or settle a lawsuit under the securities laws, either in federal court or in the agency’s administrative forum.  Recommendations may have multiple charged violations, multiple defendants or respondents, and various remedies and, as a result, Commissioners may vote to approve the entire recommendation or select parts of it.  And, in order for a recommendation to move forward, a majority of the Commission must vote in favor of it.

Since I joined the Commission a little over two years ago, I have participated in the decisions of over 2,000 individual enforcement recommendations.  I have always recognized that the enforcement of our securities laws is one of the SEC’s most important responsibilities.  It is how we protect and compensate harmed investors; hold wrongdoers accountable; and deter would-be wrongdoers from harming investors in the future.  Our actions have far-reaching effects on the well-being of the individuals or companies involved in every case.  The weight of this responsibility never lets up.  As a consequence, I spend most of my days each week reading and thinking about new enforcement cases, and have lost sleep reflecting on pending and prior ones.

Enforcement is not a partisan matter.  The vast majority of the Commission’s votes on enforcement matters are unanimous, bringing together those of us who may have stark disagreements on particular policy issues.  Yet, each Commissioner approaches consideration of enforcement cases differently, and we do not always agree on every aspect of every case.  So I thought that this year at SEC Speaks, I would share with you how I deliberate about the cases I review and how I envision the responsibilities of our Enforcement Division.

BEGINNING WITH THE END

When I review a recommendation from our Enforcement staff, I begin at the end.  No, it is not a riddle: I focus my attention first on the outcome.  Specifically, does the recommended outcome of the case meaningfully support the SEC’s mission?  Everyone here should be familiar with the SEC’s tri-partite mission:  To protect investors; to maintain fair, orderly, and efficient markets; and to facilitate capital formation.  All three of these tenets are important to ensuring that our capital markets remain healthy and robust, so that they can create wealth and improve the well-being of everyone in society.

Enforcement of the federal securities laws is essential to all three parts of the SEC’s mission.  First and foremost, enforcement protects investors by identifying, stopping, and penalizing those who take advantage of them.  Second, enforcement promotes market integrity by removing these bad actors from our markets.  Third, I believe that the vigorous enforcement of securities laws, by remedying violations, and by publicizing how we have remedied violations, increases trust and confidence in our markets.  Trust and confidence are prerequisites of capital formation; without them, companies and investors would be reluctant to enter our markets. 

I always start with the mission, because circumstances sometimes conspire to divert our attention away from these fundamental objectives.  For example, around the end of the SEC’s fiscal year, which was just about a week ago, the press often focuses on the number of cases we have brought and the number and amounts of penalties we have imposed.[1]  A frequent implication is that rising numbers reflect more effective enforcement, and falling numbers reflect less effective enforcement.  The number of cases, and the aggregate penalty amounts, and other statistics can be informative, and I think many of us are attracted to the idea of measuring our success in an objective, quantitative way.  However, in the SEC’s enforcement program, I do not equate high numbers with success.  In fact, when I review an enforcement recommendation, I want to be sure that it is not just a number.  I want to be sure that it is advancing our mission in a meaningful way and that, as much as possible, the proposed remedies address the wrongdoing and make harmed investors whole.

ENFORCING LAW OR FORCING POLICY?

Another consideration for me as I review enforcement recommendations is whether the alleged violation is based on a novel interpretation of a rule or law.  The vast majority of enforcement recommendations I receive are based on straightforward interpretations of our laws and rules.  But, because markets evolve, new business practices can arise that implicate our rules in new ways.  Sometimes, these are nefarious and clearly bad for investors or markets; other times the intent, outcomes, and future policy implications are not so clear. 

I am wary of the Commission addressing these matters of first impression through enforcement actions.  When I am presented with such a recommendation that is based on and sets forth a new interpretation of existing rules—particularly a recommended settlement where the Commission itself acts as prosecutor and final arbiter—I believe it is my responsibility to question whether the matter would be better handled in a different way. 

The Commission has both a regulatory and an enforcement role.  So while our enforcement job is to pursue violations of the laws that already exist, our job as regulators is to be clear in our expectations of market participants.  I believe all market participants deserve to know what the law is before they are informed that they are breaking it.  We have plenty of tools at our disposal to make this happen. If we see practices that concern us, but are not clear violations of our rules, we can launch examinations to better understand the practices and publicly explain our concerns, such as through OCIE’s Priorities, Risk Alerts to registrants, or bulletins for investors.[2]  We can issue guidance, addressing how a specific rule should be interpreted in a particular novel context.  Of course, we can promulgate new rules too. 

I believe that, despite our understandable desire to stop conduct we view as improper, we should not use our enforcement powers to promulgate and set new legal standards.  This has been called “regulation by enforcement” and I believe wholeheartedly that it should be avoided.  Not only is it unfair to market participants, but it also subverts the rulemaking process Congress established in the Administrative Procedure Act, which generally requires public notice and comment before the Commission can issue rules that carry the force of law.[3]  While that process surely is less efficient and more time consuming than a single-respondent settlement, it has certain benefits.  It ensures that market participants and others with a stake in changes to the law have a chance to comment, and it gives us an opportunity to learn from those comments to improve our own rules.  Commenters often identify nuances we may not have considered or market realities we may not have discerned on our own, and this input can be enormously helpful in improving the effectiveness of our rules.  Even the act of proposing a rule can be helpful—alerting market participants—and compliance departments—to issues that may require additional attention.

Enforcement can and does still play an important role in matters that concern new or novel interpretations of law, even in the absence of rulemaking.  If an Enforcement investigation identifies practices that are problematic, but there is understandable uncertainty about how the law applies to the facts at hand, Enforcement can recommend that the Commission resolve the investigation by issuing a Report of Investigation pursuant to Section 21(a) of the Exchange Act.[4]  Section 21(a) reports allow the Commission to set forth its views on the practices at issue without sanctioning the actor.  The most memorable recent example of such a report is the 2017 DAO report, which set forth the Commission’s view on how the securities laws apply to Initial Coin Offerings.[5]  The Commission has exercised its authority to issue 21(a) reports somewhat infrequently—less than once a year—but I think this is a missed opportunity to put marketplace actors on notice of how the Commission believes the law should be understood and applied. 

COMPLIANCE IS THE GOAL

While I have been primarily discussing enforcement, I do want to note the efforts of the divisions and offices at the SEC that often address issues with non-compliant registrants before and sometimes without the help of Enforcement.  Where market participants are making a good faith effort to comply with our myriad requirements—which, given the complexity of the securities landscape, can indeed be unclear, confusing, and overwhelming—enforcement should be the last resort, not a first resort.  

Fortunately, there are indeed some “first resorts” at the Commission, and as I mentioned, these are the traditional divisions and offices that handle such issues when they first arise. As just a few examples, the Division of Corporation Finance engages with potential and existing issuers with the goal of ensuring that these businesses provide materially complete and accurate disclosure.  The Office of Compliance Inspections and Examinations regularly inspects broker, dealer, and investment adviser registrants.  The SEC also has an Office of Credit Ratings, which, among other things, examines nationally recognized statistical rating organizations.  Our lawyers, accountants, and experts in all of these (and other relevant) divisions and offices are eminently qualified to identify compliance issues, explain regulatory requirements, and guide market participants toward compliance.  And, where conduct appears harmful to investors or driven by a desire to defraud, referrals from these divisions and offices to our Enforcement attorneys are invaluable.

Now, none of this is to say that we should be “light” on enforcement.  The Commission plays a critical role in identifying, stopping, deterring, and punishing wrongdoers.  I am merely stating that we need to use our agency’s resources wisely and pick the right tool for each job, aiming in instances to improve compliance amongst our registrants—a goal which will benefit all investors.

DIFFERENTIATING CULTURE AND COMPLIANCE

Before I go on, I want to draw briefly a distinction between my belief that we should use agency resources (including enforcement tools) to improve compliance versus the idea that the SEC should define and set a “culture” of compliance at the firms we regulate. 

“Culture” has been a topic of increasing focus for registrants and regulators.  I have seen cases regarding registrants where inadequate controls or oversight in place enabled violations of our rules.  Sometimes, these entities have been previously sanctioned by us for similar or other violations.  In these instances, one of the things I think about is whether this bad conduct is limited to a few bad apples or whether it reflects a more widespread breakdown in compliance and supervision within a firm.  I am not alone in asking such questions, and the scenarios I just set forth have appropriately led to greater scrutiny of registrants’ controls, procedures, and practices, including whether employees understand and follow internal rules.  However, some say that the SEC should go further and work to define and set a “culture of compliance” within such firms, as though an unsatisfactory “culture” itself is a securities law violation.  Although interconnected, I see a distinction between the SEC’s role in making rules and enforcing compliance with those rules, on the one hand, and dictating culture, on the other hand.

To me, direct attempts to define and fix a registrant’s culture could go too far, and I worry about the potential for overreach.  Changing an organization’s culture is not straightforward. Regulators are not experts in day-to-day business operations, and every organization has its own incentives, personalities, ideals, and idiosyncrasies.  Setting and maintaining an organization’s culture seems to me to be squarely in the remit of the management and leadership of the organization itself.  If the leadership and individuals fail to have an effective compliance system, rest assured we will find out and address violations that occur.  But we should focus more on remedying concrete problems like that, rather than on vaguer notions of “culture.” 

I worry about the Commission, or any regulator, trying to define the appropriate culture of an organization, including how and what is sufficient to stress compliance in the day-to-day operation of its business.  Questions about how much training is needed, what topics must be stressed over others, and what constitutes sufficient employee engagement or incentives are different for each market, registrant, and workforce.  If we were to set such bright lines on an ad hoc basis, through enforcement cases, for example, I do not see how the agency (over time) could be consistent and clear in our actions as they are perceived by the marketplace and even by our own staff who is charged with overseeing and regulating registrants or bringing enforcement actions. 

In sum, I am generally hesitant to state that there has been a failure in a firm’s culture in the enforcement setting and impose remedies aimed at improving the firm’s culture.  I would prefer that we focus our attention on the specific statutes or rules that have been violated.

SHAREHOLDER-FUNDED CIVIL PENALTIES

Finally, I would be remiss if I did not address another area often of interest to people both on the inside and on the outside of the SEC: civil penalties—particularly corporate civil penalties.  I will not break too much new ground in this area, because many have already articulated the same principles and reasons I share regarding why I do not always view such penalties as being appropriate. I will note that I view penalties against publicly-traded companies differently from penalties against closely-held regulated entities.  My greatest concern is that civil penalties against corporate entities—especially public companies—penalize innocent shareholders for the conduct of others whose actions they could not foresee or control.  And those innocent shareholders are often the victims of fraud by corporate insiders, meaning that shareholders are harmed twice over—once by the fraud, and again by the penalty.  In such cases, and particularly where the individual wrongdoers somehow manage to escape accountability, civil penalties add insult to injury.

I am not dogmatic, however.  I always analyze recommended civil penalties on a “facts and circumstances” basis, with investor welfare as my North Star.  In this, I am informed by the framework set forth in the Commission’s 2006 Statement Concerning Financial Penalties (the 2006 Statement).^[6]  This unanimous statement lists several factors to consider when determining whether to levy a civil penalty against a corporation, giving primacy to “the presence or absence of a direct benefit to the corporation as a result of the violation,” or “corporate benefit” for short.  While the 2006 Statement cannot be used to determine a particular outcome in every case, I do find it to be persuasive and to be a useful starting place. 

Accordingly, my review of corporate civil penalties brings corporate benefit to the fore.  And fortunately, our colleagues in the Department of Economic Risk and Analysis (DERA) have become experts at quantifying the benefit a corporate entity has derived from violative conduct such as disclosure violations.  In cases where they are able to provide me with the supportive analysis, I typically approve a proposed penalty that is commensurate with the corporate benefit. 

Where there is little or no corporate benefit, I have a harder time seeing a shareholder-funded penalty as an appropriate remedy.  Yet, there are times when, despite the lack of a quantifiable corporate benefit, I (have been and) may nevertheless be persuaded by particular facts or circumstances to support a civil penalty against a public company.   For example, there are cases in which the corporate benefit of the violation is clear—and clearly large—even if not precisely quantifiable.  As another example, if a company has repeatedly committed the same securities violations, I generally believe that investors are on notice about the potential for violations at the company, and can determine whether they want to bear that risk by continuing to hold the stock.  A third example is if the resulting penalty can be used to reimburse harmed investors (one of the factors in the 2006 Statement) by, for instance, using a Fair Fund,[7] I will be more likely to support it. 

Speaking of Fair Funds, whether a case involves disgorgement of ill-gotten gains or the imposition of a civil penalty, I will always prefer the money we collect to go back to harmed individuals rather than the Department of the Treasury.

CONCLUSION

I will conclude by saying that I am immensely proud of the SEC Enforcement staff and the incredibly challenging, complex, and impactful cases that they enable this agency to bring.  My goal in giving these remarks today is to provide some transparency into my thought process when evaluating enforcement matters, both for the public and the members of the staff with whom I do not have the occasion to speak regularly.  Thank you for the opportunity to join you this year.  I hope that you enjoy listening to the rest of the SEC speaking.