By Suzanne Cosgrove
The SEC said Friday it has completed an extensive review of what the agency described as “a control deficiency” related to the required separation of enforcement and adjudicatory functions within the agency’s system. Discovered in April 2022, SEC Chairman Gary Gensler has directed the implementation of enhanced data access controls to prevent further lapses, the Commission said.
While the data breach was not found to be deliberate, and the investigation failed to uncover evidence that the lapse resulted in harm to any respondent or affected the Commission’s adjudication in any proceeding, “we have nevertheless determined to dismiss, as a matter of discretion, all pending proceedings that the review team found to be connected to the control deficiency … and in which there is no final order against a respondent,” the SEC said.
The Commission’s initial order dated June 2 listed 42 respondents who had their proceedings dismissed. In a second June 2 filing, the SEC also issued an order vacating certain associational bars in additional proceedings.
Data snafu explained. As the SEC reported previously, certain databases in its General Counsel office maintained by the SEC’s Office of the Secretary were not configured to restrict access by staff from Enforcement. “As a result, in a number of adjudicatory matters, administrative support staff from Enforcement responsible for maintaining Enforcement’s case files accessed Adjudication memoranda via OS’s (Office of the Secretary) databases,” the SEC said in a release.
In addition, “in many instances, those administrative staff also emailed Adjudication memoranda to other administrative staff for potential upload to Enforcement databases; once uploaded, the memoranda became accessible more broadly to Enforcement staff,” the Commission said.
As noted last year by Securities Regulation Daily, the Commission has both investigatory and adjudicatory responsibilities. However, the Administrative Procedure Act (APA), which governs how federal administrative agencies make and issue regulations, and how they decide administrative litigation, calls for the separation of those functions among agency staff members.
As a result of the APA, employees who investigate or prosecute an adjudicatory matter before the Commission may not participate in the Commission’s decision-making in the same matter.
Review process and findings. The SEC said the agency initiated a comprehensive review to assess the scope and impact of the control deficiency. The review team interviewed more than 250 current and former staff members, including individuals from Enforcement, the Office of the Secretary, and the Office of the General Counsel (OGC), the Commission said. The team collected and reviewed documents from Enforcement, OS, and the OGC, including more than 500,000 pages of emails and attachments.
The team also reviewed hundreds of case files in Enforcement’s case management, including the electronic files of each of the cases discussed. Working with Berkeley Research Group, LLC, a consulting firm that includes investigators and forensic analysts, the team analyzed over 25 million rows of data from access logs for various systems.
The April 2022 SEC statement disclosed the review team’s findings regarding two matters arising from administrative adjudicatory proceedings that had challenges pending in federal courts: SEC v. Cochran and Jarkesy v. SEC. In both the Cochran and Jarkesy proceedings, Enforcement administrative staff accessed one or more Adjudication memoranda and emailed those documents to other administrative staff who, in some instances, uploaded them to Enforcement’s centralized database. As a result, certain Adjudication memoranda was accessible to all Enforcement staff, including attorneys investigating and prosecuting Cochran and Jarkesy.
In its June release, SEC said the review team found no evidence that Enforcement staff accessed any case-specific Adjudication memoranda relating to the Cochran matter. None of the individuals assigned to investigate and prosecute the Cochran matter accessed or took any action influenced by a November 29, 2017 (or any other) Omnibus Memorandum or communicated with the Adjudication staff advising the Commission in its decision-making.
Similarly, the team found no evidence that any of the individuals assigned to investigate and prosecute the Jarkesy matter accessed related Adjudication memoranda. It also found no evidence that the New York Regional Office enforcement supervisor or any of the individuals assigned to investigate and prosecute the Jarkesy matter were influenced by the memorandums.
SEC reviews of other pending adjudicatory matters included 28 proceedings in which one or more Adjudication memoranda were accessed by Enforcement administrative staff, as well as 61 additional matters in which one or more Adjudication memoranda applicable to pending matters were accessed by Enforcement administrative staff, the SEC said.
Safeguards are ensured. “We deeply regret that the agency’s internal systems lacked sufficient safeguards surrounding access to Adjudication memoranda,” the SEC said in a statement. “We are continuing our work to ensure that, going forward, work product from the Adjudication staff is appropriately safeguarded.”