Monday, October 30, 2017

SEC Enforcement co-director touts new retail investor, cybersecurity initiatives

By Amanda Maine, J.D.

Stephanie Avakian, co-director of the SEC’s Division of Enforcement, outlined the Division’s recent initiatives on protecting retail investors and strengthening the SEC’s cybersecurity efforts. Avakian’s remarks were delivered at a keynote speech at the Securities Docket’s annual enforcement forum in Washington, D.C.

Priorities identified. Avakian stressed that although the SEC, under the direction of new Chairman Jay Clayton, has made retail investors and cybersecurity priorities for the Division, the SEC’s broad mission of protecting investors has not changed. Avakian emphatically rejected the notion that the prioritization of these issues would direct resources away from other Commission enforcement activities, such as combatting financial fraud and policing Wall Street.

Retail investors. Chairman Clayton has emphasized the importance of the “Main Street investor.” In particular, the Commission should always take into account the long-term interests of “Mr. and Mrs. 401(k).” The SEC’s priorities under Clayton reflect this belief with the Enforcement Division establishing a Retail Strategy Task Force. The task force will employ the use of data analytics and technology to help detect widespread misconduct, Avakian said. While the task force does not have dedicated staff to conduct investigations themselves, it will refer possible targets for investigation across the Division, according to Avakian.

Avakian gave some examples about what kind of conduct would be targeted under the prioritization of misconduct against retail investors. The SEC will look at firms that charge undisclosed fees to investors, as well as practices such as “churning” that generate large commissions to advisers at the expense of investors. The SEC will also scrutinize incidents where financial industry professionals recommend risky investment vehicles to investors, such as those saving for retirement, for whom such investments are unsuitable.

She also stressed that enforcement alone is not enough to protect retail investors. The task force will be engaged in investor outreach as well, Avakian said.

Cybersecurity. Chairman Clayton issued a statement on cybersecurity last month emphasizing the importance of evaluating cyber risks. The cybersecurity issue hit closer to home with the Commission’s revelation of a cybersecurity breach of its EDGAR system last year. In the wake of cybersecurity incidents, Avakian outlined three main issues that the Division hopes to tackle with respect to cybersecurity. The first is targeting those engaging in activity such as hacking to gain an unlawful market advantage. As an example, she cited individuals who, through illegal hacking, obtain material, nonpublic information such as an upcoming merger and trade on that information prior to a public announcement of the transaction.

The Division will also focus on registered entities’ failures to take appropriate steps to ensure system integrity, Avakian said. The SEC has in recent years adopted several regulations aimed at the protection of systems that are risk-based and flexible. The Enforcement Division also coordinates with the Office of Compliance Inspections and Examinations (OCIE) regarding cyber concerns. OCIE has issued a Risk Alert detailing observations gained from inspections of SEC-registered broker-dealers, investment advisers, and investment companies about their cybersecurity preparedness.

A third issue regarding cybersecurity, according to Avakian, involves cyber-related disclosure failure. While the SEC has not yet brought a case on this issue, Avakian indicated that the increased scrutiny on cybersecurity could result in actions against companies that do not disclose cyber-related issues. She pointed to the Division of Corporation Finance’s guidance from 2011 about “meaningful and timely disclosures” about cybersecurity concerns. However, she assured that the Division has no intention of second-guessing decisions regarding cybersecurity disclosures if they are reasonable and well-informed.

Technology issues will be a priority for the Division, Akavian said. These include blockchain technology and initial coin offerings (ICOs). The SEC issued a statement in July indicating that ICOs can be treated like securities under the federal securities laws. Blockchain technology and ICOs have gained attention recently, and it makes sense to consolidate enforcement efforts to evaluate them, Avakian said.