Chairman Huizenga, Ranking Member Maloney, and Members of the Subcommittee:  

Thank you for inviting us to testify today on behalf of the Division of Enforcement (“Enforcement” or the “Division”) of the U.S. Securities and Exchange Commission (“SEC” or the “Commission”).

The Division of Enforcement plays an essential role in carrying out the SEC’s mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.  The Division primarily supports the SEC’s mission by investigating and bringing actions against those who violate the federal securities laws.  By vigorously enforcing these laws, the Division furthers the Commission’s efforts to deter, detect, and punish wrongdoing in the financial markets, compensate harmed investors, and—critically—maintain investor confidence in the integrity and fairness of our markets.

Since our appointment as Co-Directors in June 2017, the Division has remained focused on its core mission and will continue its efforts to protect investors and markets through strong and effective enforcement.  Chairman Clayton charged us to root out fraud, market manipulation, and other violations of the federal securities laws with conviction and energy.  The Division has taken that charge to heart, and our successes are due to the professionalism and expertise of the staff, not only in Washington but also in our eleven regional offices.  The staff in our home and regional offices—under the leadership of former prosecutors and other dedicated public servants—works each day to protect our capital markets and to punish wrongdoers.

Each year, the Commission brings hundreds of civil enforcement actions against individuals and entities for fraud and other misconduct and obtains important, meaningful remedies—including disgorgement of ill-gotten gains and monetary penalties, which are frequently returned to harmed investors—as well as industry bars, injunctions, and orders prohibiting unlawful conduct.  Last year, the Division remained focused on our core mission of protecting investors and markets through the robust enforcement of the federal securities laws.  To that end, the Division investigated and recommended a diverse mix of cases targeting fraud and other wrongdoing.  In Fiscal Year (“FY”) 2017, the Commission brought 754 enforcement actions and obtained $3.8 billion in penalties and disgorgement, while returning a record $1.07 billion to harmed investors, and awarding nearly $50 million in payments to whistleblowers.[1]  The Commission’s enforcement actions covered a broad range of subject areas, including investment management, securities offerings, issuer reporting and accounting, market manipulation, insider trading, broker-dealer activities, cyber-related conduct, and the Foreign Corrupt Practices Act (“FCPA”), among many others.

While the Division’s responsibilities necessarily require that we police a broad landscape and have numerous areas of focus, at a high level, our decision making is guided by five core principles:  (1) focus on the interests of Main Street investors; (2) focus on individual accountability; (3) keep pace with technological change; (4) impose sanctions that most effectively further enforcement goals; and (5) constantly assess the allocation of our resources.  We appreciate the opportunity to provide you with an overview of our enforcement efforts and to share the principles, priorities, and initiatives that will guide Enforcement’s work going forward.

Enforcement Priorities

Protecting the Interests of Main Street Investors

Protecting retail investors has always been at the heart of the Enforcement Division’s mission and is a first principle for us.  Retail investors depend on fair, orderly, and efficient markets to build savings to buy homes, pay for college, or plan for retirement, among other things.  They are not only often the most prevalent participants in our markets, but, in many cases, also the most vulnerable and least able to weather financial loss.

The Division continued its commitment to protecting the interests of retail investors in FY 2017, both by building on successes of the past and through new initiatives, including the formation of a new Retail Strategy Task Force.[2]  The Task Force combines the Division’s significant experience with the knowledge and expertise of other key Commission divisions and offices, such as the Office of Compliance Inspections and Examinations (“OCIE”), the Division of Economic and Risk Analysis (“DERA”), and the Office of Investor Education and Advocacy.[3]  Its mission is straightforward:  to develop effective strategies and techniques to identify, punish, and deter misconduct that most affects everyday investors.[4]  The Division will continue to focus its enforcement efforts on the kinds of misconduct that traditionally have affected retail investors, such as accounting fraud, charging inappropriate or excessive fees, “pump-and-dump” frauds, and Ponzi schemes, to name just a few.[5]  For example, we recently announced an initiative to encourage self-reporting and remediation by investment advisers who have received compensation for recommending or selecting more-expensive mutual fund share classes for their clients when identical and less-expensive share classes were available, without disclosing this conflict of interest.[6]  This initiative reflects our commitment to leverage our resources to identify and expose widespread undisclosed practices that have the potential to harm investors.  In short, vigorous enforcement efforts across our markets that are aimed at protecting Main Street investors have been—and will remain—a priority for the Enforcement Division. 

And, to emphasize a key point, even as we enhance our focus on protecting retail investors, we will continue to actively pursue cases against large corporations, financial institutions, and other market participants who violate our federal securities laws.  We do not face a binary choice between protecting Main Street and policing Wall Street.  The Commission has recently brought a number of cases against Wall Street firms and large corporations for a wide variety of misconduct, and we expect that the Commission will continue to be vigilant in our oversight of these and other key market participants.

Holding Individuals Accountable

Another core pillar of a strong and effective enforcement program is individual accountability.  To have a strong deterrent effect on market participants, it is critical to hold individuals responsible in appropriate cases and to pursue wrongdoing at the highest corporate levels supported by the evidence.

Individual accountability has long been a priority of the Enforcement program, and recent efforts show that our commitment to this key concept has not flagged.  Since May 2017, a significant number of the Commission’s enforcement actions have also involved charges against one or more individuals.  These actions have involved charges against the senior-most executives of large companies and firms, including CEOs, CFOs, presidents, and senior partners.[7]  The Commission also has charged individuals in several cyber-related matters.[8]

To be sure, our focus on individual accountability consumes more of our limited resources; with much to lose, individuals may be more likely to litigate with the Commission.  But that price is worth paying.  We will continue to hold individuals accountable where warranted by the facts and the law. 

Keeping Pace with Technological Change:  Combatting Emerging Cyber-Related Threats

One important area where we are focusing the Division’s enforcement efforts and resources is combatting emerging cyber-related threats to investors and the financial markets.  These threats are among the greatest risks facing investors and our securities markets today, and the Division has been working to further develop its already substantial expertise and proficiency in the tools and investigative techniques needed to address these issues.  We remain committed to ensuring that the Division continues to keep pace with the technological changes that continually transform our markets. 

We formalized our work in this area in FY 2017 by forming a Cyber Unit.[9]  The creation of the Cyber Unit, which is the first new unit that the Division has created since specialized units were first formed in 2010, demonstrates the priority that we place on combatting cyber-related threats to investors and our markets.[10]  The Cyber Unit focuses its efforts on the following key areas: 

• Market manipulation schemes involving false information spread through electronic and social media;
• Hacking to obtain material, nonpublic information and trading on that information;
• Violations involving distributed ledger technology and initial coin offerings (“ICOs”);
• Misconduct perpetrated using the dark web;
• Intrusions into online retail brokerage accounts; and
• Cyber-related threats to trading platforms and other critical market infrastructure.[11]

Enforcement has been focused on many of these issues for some time, and the Cyber Unit centralizes, leverages, and builds upon the considerable expertise that the Commission has developed in this rapidly developing area.

Cyber-related matters are an area where we have sought to utilize the full range of tools and remedies available to the Commission.  Our work in this field reflects a careful balancing of the need to protect investors from risks inherent in new technologies against the need to allow innovation to take place.  For instance, the Commission has provided clarity for market participants in new or developing areas, starting with a Section 21(a) report (the “Report”) regarding ICOs issued last July.[12]  The Report concerns the application of the federal securities laws to the offer and sale of virtual tokens that were created and distributed on a blockchain by an entity called “The DAO.”  In the Report, the Commission applied longstanding securities law principles to conclude that this virtual token constituted an investment contract and therefore was a security, and to reiterate the fundamental principal that the federal securities laws apply—including to those relating to offers, sales, and trading—regardless of whether the security is certificated or issued on a blockchain. 

The Division has continued to take other actions to address ICOs and cryptocurrencies following publication of the Report.  For example, in November 2017, the Division, along with OCIE, issued a joint statement regarding the potentially unlawful promotion of ICOs by celebrities and others.[13]  In January 2018, we issued a joint statement with the Director of the Commodity Futures Trading Commission’s (“CFTC”) Division of Enforcement regarding virtual currency actions.[14]  We advised market participants that when they engage in fraud under the guise of offering digital instruments—whether characterized as virtual currencies, coins, tokens, or the like—the SEC and the CFTC will look beyond form, examine the substance of the activity, and prosecute violations of the federal securities and commodities laws.[15]  In March, the Division of Enforcement and the Division of Trading and Markets issued a joint statement alerting investors that if they use online trading platforms for trading digital assets they may not have the protections provided by the federal securities laws and SEC oversight.[16]  And, we continue to encourage parties to contact Commission staff who specialize in these issues for assistance.   

And, since the issuance of the Report, the Commission has brought a number of enforcement actions for alleged ICO-related violations of the registration requirements of the federal securities laws.  In one case, after being contacted by the Division, a company halted its ICO to raise capital for a blockchain-based food review service, and then settled proceedings in which we determined that the company’s ICO was an unregistered offering and sale of securities in violation of the federal securities laws.[17]  As a result of the SEC’s intervention, the company refunded investor proceeds before any tokens were distributed.[18]

Finally, in cases where the technology is merely a veneer for an alleged fraud, we have recommended enforcement actions.  To take one example, the Commission recently charged the co-founders of a purported financial services start-up with orchestrating a fraudulent ICO that raised more than $32 million from thousands of investors.[19]  In another recent case, the Commission obtained a court order freezing more than $27 million in trading proceeds from allegedly illegal distributions and insider sales of restricted shares of a NASDAQ-listed company purporting to be in the cryptocurrency business.[20]  Since the beginning of 2017, the Commission has also sought to protect investors by utilizing its authority to suspend trading in the stock of 13 publicly traded issuers because of questions concerning, among other things, the accuracy of assertions regarding their investments in ICOs and operation of cryptocurrency platforms.[21]  As these cases show, the Division will not hesitate to take appropriate action where technology is used to defraud investors.  

Beyond ICOs and cryptocurrencies, the Commission has prioritized the adequacy of companies’ cyber-related disclosures.  In February, the Commission issued a Statement and Guidance on Public Company Cybersecurity Disclosures to assist public companies in preparing their disclosures about cybersecurity.  This guidance provides the Commission’s views about the public companies’ obligations under our laws and regulations with respect to matters involving cybersecurity risk and incidents and describes the importance of comprehensive policies and procedures related to cybersecurity events, including appropriate disclosure controls, and the need to have policies and procedures in place to guard against corporate insiders trading on the basis of material nonpublic information about cybersecurity risk and incidents.[22]  The Commission also recently announced settled charges against a major technology company for misleading investors by failing to disclose what was, at the time, the world’s largest known data breach.[23]  The case is the first that the Commission has brought against a company for failing to adequately disclose a cyber incident.  We are aware of the challenges companies face when it comes to disclosing cyber attacks, and we will not seek to second-guess good-faith disclosure decisions.  But, as this recent case reflects, there will be circumstances in which a company’s procedures, controls, and response to a cyber incident warrant an enforcement action.

Imposing Effective Sanctions

The sanctions the Division seeks in its enforcement actions are critical to influencing the behavior of market participants, and we have a wide array of tools available to further our objectives.  Possible remedies and sanctions include:  obtaining monetary relief from wrongdoers in the form of disgorgement and penalties; barring wrongdoers from working in the securities industry or serving as directors and officers of public companies; and, when appropriate, more tailored relief and sanctions, such as specific undertakings, admissions of wrongdoing, and monitoring or other compliance requirements.  The Division does not take a formulaic or statistics-oriented approach to determining what sanctions we will recommend in a particular matter.  In every case, we consider the facts and circumstances.  We often work with DERA to provide critical analysis in recommending appropriate sanctions.  This allows the Commission to pursue the package of available remedies that is most appropriate in the matter at hand.

Compensating Harmed Investors

The Division is also focused on compensating harmed investors for losses stemming from violations of the federal securities laws.  In many of our actions, funds paid by defendants or respondents are distributed to harmed investors.  We place significant importance on putting money back in the pockets of victims when we are able to do so.  In FY 2017, the Division’s efforts enabled the Commission to return a substantial amount of money—a record $1.07 billion—to harmed investors.[24]

Despite our successes in returning funds to harmed investors, a recent development threatens our ability to continue doing so for long-running frauds.  In the Supreme Court’s decision in Kokesh v. SEC,[25] the Court held that Commission claims for disgorgement are subject to a five-year statute of limitations.  The Kokesh decision has already had a significant impact across many parts of the Division.  Many securities frauds are complex and can take significant time to uncover and investigate.  Some egregious fraud schemes—including, for example, the one perpetrated by Charles Kokesh himself—are well concealed and are not discovered until investors have been victimized over many years.  In certain cases, Kokesh threatens to severely limit the recovery available to harmed investors.  Wrongdoers should not benefit because they succeeded in concealing their misconduct.  While we appreciate the need for clear statutes of limitations, we are concerned with an outcome where some investors must shoulder additional losses—and the fraudulent actor is able to keep those ill-gotten gains—because those investors were tricked early in a scheme rather than later.

The ultimate impact of Kokesh on SEC enforcement remains to be seen.  However, some of the decision’s effects are already clear.  For example, because of the Court’s ruling, Mr. Kokesh, who was found liable for defrauding his firm’s advisory clients out of approximately $35 million in client funds over many years, kept more than 80 percent of the money he stole, and his victims will get no recovery of those funds.

We are redoubling our efforts to uncover, investigate, and bring cases as quickly as possible.  Our enforcement actions have the highest impact, and our litigation efforts are most effective, when we bring our cases close in time to the alleged wrongful conduct.  But no matter how quickly we work, it is likely that Kokesh will have a significant impact on our ability to enforce the federal securities laws and obtain recovery for harmed investors in long-running frauds.  

FY 2019 Budget Request

The achievements and initiatives we have outlined come against the backdrop of significant challenges that the Division faces.  These challenges are described in more detail in the FY 2019 budget request that the SEC submitted to Congress earlier this year.[26]  Some of these challenges are obvious, such as the broad spectrum of securities law violations that occur across the United States each year and emerging cyber-related threats to investors and markets.  Others are less obvious, such as the challenges that increasingly fragmented and complex equity markets pose to our enforcement efforts, as well as the massive volume of data that we need to obtain, process, and analyze each year in order to satisfy our investigative responsibilities.  There is also an ever-increasing volume of tips, complaints, and referrals to be reviewed and assessed by Enforcement staff; last year alone, the SEC received approximately 16,500 such tips.[27]  These challenges require us to constantly assess and re-assess whether we are allocating the Division’s limited resources in the most effective manner to address the most significant risks to investors and the markets.

To enable Enforcement to meet these challenges, and maintain an effective investigative capacity and deterrent presence, the SEC’s FY 2019 budget seeks to restore several positions for Enforcement that were lost due to attrition and the SEC’s inability to fill those positions with new staff as a result of the hiring freeze.  Some of the requested positions will be used to support two key priorities of the Division:  protecting retail investors and combatting cyber-related threats. 

Thank you for inviting us here today to discuss the Division of Enforcement.  We are happy to answer any questions you may have.