A Stronger Enforcement Program to Enhance Investor Protection
Commissioner Luis A. Aguilar
20th Annual Securities Litigation and Regulatory Enforcement Seminar, Atlanta, Georgia
Oct. 25, 2013
Thank you for that kind introduction. I am honored to be here today. Before I begin my remarks, let me issue the standard disclaimer that the views I express today are my own, and do not necessarily reflect the views of the U.S. Securities and Exchange Commission (the “SEC” or “Commission”), my fellow Commissioners, or members of the staff.
As some of you know, my first ever speech as an SEC Commissioner was at your Annual Seminar on October 31, 2008. I gave that speech only 93 days after being sworn in as a Commissioner, and only 47 days after Lehman Brothers filed for Chapter 11 bankruptcy protection. The events of 2008 – which also included the Reserve Primary Money Market Fund “breaking the buck,” the massive volume of short-selling of financial company stock, and the government bailout of insurance giant AIG – marked the beginning of the worst financial crisis since the Great Depression. In addition, the Bernard Madoff Ponzi scheme came to light in December 2008, further shaking investor confidence in the capital markets. These and other events presented extraordinary challenges to the SEC and caused many to question the SEC’s continued existence.
All of these events highlighted that the SEC had much to do to become a more effective regulator and fulfill its mission to protect investors. In response, the Commission had no choice but to take a number of steps to strengthen our internal capabilities and address various regulatory weaknesses. For example, the Division of Enforcement was substantially restructured and specialized teams of lawyers and market experts were created to focus in the areas of Asset Management, Market Abuse, Complex Financial Instruments (formerly called Structured and New Products), Foreign Corrupt Practices, and Municipal Securities and Public Pensions. In addition, the Office of Market Intelligence was created to better manage and assess tips, complaints, and referrals concerning potential misconduct. Moreover, we created the Division of Economic and Risk Analysis, or “DERA,” to provide economic and statistical analysis to support the SEC’s rulemakings, and to assist with our examination and enforcement programs.
In addition to these internal changes, the Commission entered into one of the most active rulemaking periods in SEC history – and this started even before the passage of the Dodd-Frank Act and, of course, it’s been even more pronounced after the passage of the Dodd-Frank Act and the JOBS Act. We adopted and/or substantially amended a number of regulatory and disclosure rules – including, just to name a few, rules enhancing the custody practices of investment advisers and rules to prohibit pay-to-play activity in the investment advisory industry, and we amended the short-selling rules, revised the rules regarding municipal securities disclosure, and substantially amended the rules governing nationally recognized statistical rating organizations.
Clearly, the SEC has been active in both rulemaking and enforcement matters. According to the SEC’s Office of the Secretary, during my tenure, the Commission has considered over 225 proposed and final releases and rules, and over 14,000 Enforcement recommendations.
There have also been significant personnel changes at the Commission since I spoke at this seminar in October 2008. In particular, the composition of the Commission has changed several times. In fact, as I stand here before you this afternoon, none of the Commissioners with whom I currently serve were members of the Commission when I started. And, in the interim, there have been four different chairs. The last five years have also seen a revolving door in SEC leadership – among other changes, there have been three different heads of the Division of Enforcement, the Division of Investment Management, the Division of Corporation Finance, and the Office of Compliance Inspections and Examinations (OCIE), and there have been five different General Counsels. Moreover, the heads of all of our Regional Offices have changed.
Without a doubt, much has changed at the Commission. What has not changed is the SEC’s role as the capital markets’ regulator and, in particular, our duty to enforce the federal securities laws.
It is no exaggeration to say that the SEC’s reputation is largely based on how well, or poorly, the Division of Enforcement performs. I was aware of that fact when I first came to the SEC, and from the day that I took office as a Commissioner, I have had a keen focus on the Enforcement program. Starting just a few months after I took office, I publicly outlined a number of reforms that I thought important. I was glad to see many of them adopted, including the establishment of an infrastructure to handle tips and complaints and the delegation of formal order authority to the staff. As many of you know, because of my focus on the SEC's Enforcement program, I have been referred to as “The Enforcement Commissioner.”
Today, I want to continue the focus on enforcement and discuss some of the recent steps taken to strengthen the SEC’s Enforcement program and provide some thoughts on additional measures that are needed. There are a number of matters that I could discuss – such as the need to focus more on bringing charges against individuals and not just corporate entities, the benefits of providing the SEC with the ability to seek stronger remedies through the passage of the Stronger Enforcement of Civil Penalties Act of 2012, or putting more focus on obtaining permanent rather than time-limited bars. These are all important topics. However, today, I will discuss:
- The factors that should drive the imposition of corporate penalties;
- The importance of holding self-regulatory organizations (SROs) accountable when they fail to meet their regulatory obligations;
- The benefit of requiring admissions of fault in some of our settlements; and
- The ways that we can better use data and risk-based analytics to combat fraud.
The Penalty Guidelines
Let me start with a few words about the SEC’s 2006 Statement Concerning Financial Penalties (“Penalty Statement”). By now, it should be clear that the Penalty Statement constituted a fatally flawed approach to assessing the appropriateness of corporate penalties. As I said more than 4½ years ago, the focus of the Penalty Statement was misplaced because, in deciding whether to impose a corporate penalty, it prioritized two factors that took the focus away from the actual misconduct – and instead put the focus on whether there was a benefit to the corporation or whether there was actual shareholder harm. By re-directing the focus of the inquiry away from the egregiousness of the conduct, the misconduct itself becomes less important and the Commission fails to appropriately focus on deterring inappropriate conduct.
The Commission’s power to impose civil penalties under the Remedies Act of 1990 is designed to punish misconduct and deter future violations, not simply to deprive a company of any benefit it may have received from misconduct. As noted in the House Report on the Remedies Act, “[d]isgorgement merely requires the return of wrongfully obtained profits; it does not result in any actual economic penalty or act as a financial disincentive to engaging in securities fraud.” Therefore, “[the Commission’s] authority to seek or impose substantial money penalties, in addition to the disgorgement of profits, is necessary for the deterrence of securities law violations that otherwise may provide great financial returns to the violator.” The fallacy of focusing on corporate benefit as a dominant factor in assessing penalties was laid bare by a number of cases during the financial crisis where a company’s fraudulent misrepresentations resulted in relatively small benefits to a company but caused enormous losses to investors. I have been consistent in highlighting the flaws in the Penalty Statement and in working to have the focus properly put on deterring misconduct.
Accordingly, I am pleased that recently it has been made clear that the 2006 Penalty Statement “was not then, and is not now, binding policy for the Commission or the staff.” Moreover, there are now notable examples of cases where corporate penalties have been imposed even though the benefits to the corporation could not be readily quantified. This is a step in the right direction. The next step is to publish a new Penalty Statement that appropriately focuses on deterring misconduct.
The factors that should be included in determining the appropriateness of corporate penalties are the following:
- The nature of the misconduct and the violation. This factor involves assessing the degree of harm to investors, the markets, and innocent parties, as well as the level of intent of the wrongdoer and the difficulty in detecting the type of violation involved;
- The nature of the defendant, its governance, and its other conduct prior to the violation. This inquiry turns on, among other things, whether the company previously engaged in misconduct, and whether it had appropriate policies and procedures in place;
- Self-reporting, cooperation, and remediation. As many of you know, the Commission’s Seaboard report addresses these factors and the degree to which they should be considered in determining whether a penalty is appropriate. I am generally supportive of the approach taken in the Seaboard report, although I want to emphasize the importance of self-reporting; and
- Equitable concerns and effects on parties other than the corporation. This requires consideration of the fairness and equity of penalties in light of the particular facts and circumstances in each case. This factor would include, among other things, whether the penalty is going to a Fair Fund to compensate harmed investors, and also whether the company benefited from the misconduct, and whether shareholders previously harmed by that misconduct would be harmed by a penalty – but these last two factors should not be given automatic priority.
I expect that these factors, which place appropriate focus on the conduct at issue, will guide the staff in assessing recommendations that involve corporate penalties.
Enforcement of SRO Responsibilities
As to future enforcement priorities, I expect that the Commission will continue to take a tougher stance against SROs that do not faithfully discharge their primary duties as regulators of the marketplace. SROs play a vital role in our markets, but it has been well-recognized that SROs have had inherent conflicts of interest between their regulatory responsibilities and their business functions – and, over the years, we have seen too many instances of SROs favoring their business interests over their regulatory obligations.
The Commission must be prepared to exercise fully its oversight over SROs. To that end, I have been supportive of the Commission’s renewed focus on holding SROs accountable for failing to fulfill their legal and regulatory obligations – that is particularly true of stock and option exchanges.  It may surprise you to know that prior to September 2012, when we imposed a $5 million penalty against the New York Stock Exchange, the Commission had never imposed a financial penalty against an exchange. Since then, we have imposed a $10 million penalty against NASDAQ and a $6 million penalty against the Chicago Board Options Exchange.
Exchanges fulfill an important role in our capital markets, and their failures undermine investor confidence in our markets and regulatory structure. As such, the Commission must continue to hold them accountable when they do not live up to their primary duties as regulators.
For far too long, the Commission could have done more in its oversight of exchanges and other SROs. I am hopeful that those days are over.
The need for the SEC to oversee SROs extends to our responsibility to make sure that the technology that increasingly runs the capital markets functions properly. It is no secret that SROs have been involved in numerous technology-related market disruptions over the past several years, an alarming number of which have occurred in just the last few months. For example, the Facebook IPO fiasco resulted, in part, from a systems failure at NASDAQ that caused perhaps as much as hundreds of millions of dollars in losses. More recently, the trading of all 2,700 NASDAQ-listed stocks was halted for three hours because of a technology failure related to NASDAQ’s market data feed.
The need for the Commission to take proactive steps to prevent unacceptable market disruptions is abundantly clear and long overdue. As you may know, earlier this year the SEC proposed Regulation SCI, which would require SROs and other entities to, among other things, establish, maintain, and enforce written policies and procedures reasonably designed to ensure that their systems have sufficient capacity, integrity, resiliency, availability, and security. You would think that such regulations would already be in place, but the fact is that currently the SROs need only to consider, on a purely voluntary basis, whether to establish programs to determine systems capacity and vulnerability. The recent market events underscore that a voluntary system is woefully insufficient to protect investors and the integrity of our markets.
Regulation SCI will move beyond this voluntary regime and is intended to prevent systems errors that could lead to future market disruptions. The Commission must adopt a strong and enforceable final rule that allows us to hold firms and individuals accountable when they fail to take adequate steps to comply with the rule. To that end, the final rule should require an entity’s senior officers to certify in writing that the entity has processes in place and adequate resources and staffing to achieve compliance with the rule. Such certifications would allow the Commission to hold senior management responsible for the entity’s representations, and will serve to ensure compliance with the rule.
More importantly, the final rule should also do away with the so-called “safe harbor,” which in this instance may allow entities and individuals to escape liability merely by demonstrating that they have established loosely-defined policies and procedures that are reasonably designed to comply with Regulation SCI. As I noted when the rule was proposed, senior staff informed me that the Commission has never previously included an explicit safe harbor in a Commission rule requiring that regulated entities maintain policies and procedures designed to achieve a particular objective. Such a vague and unprecedented carve-out would water down the rule and make it more difficult to enforce. If those who violate Regulation SCI cannot be held accountable, the rule will fail to improve upon the current voluntary regime.
The Commission needs to move quickly to adopt a strong and enforceable Regulation SCI, and must stand ready, willing, and able to take action against those who fail to comply with it.
Admissions in SEC Settlements
A robust Enforcement program also requires that defendants be held accountable for their actions and that they be required to admit publicly to their wrongdoing whenever appropriate. In the past, I have expressed concerns about the SEC’s “neither admit nor deny” policy, and have had particular concerns about the practice of defendants entering into such settlements and subsequently issuing a press release disclaiming the alleged misconduct and/or claiming that regulators had overreached. A month after I first publicly expressed these concerns, Judge Rakoff cited to my speech in an opinion in which he questioned the SEC’s “neither admit nor deny” policy.
While we frequently obtain through settlement all the monetary and injunctive relief we are likely to obtain in litigation, when we settle on a “neither admit nor deny” basis, the public is denied a finding, either by a fact finder or by the defendant’s own admission, that the defendant engaged in bad conduct.
After many years of settling cases on a “neither admit nor deny” basis, the SEC will now require admissions in certain of its settlements. This is a positive change – which, among other things, brings our settlement policy more in line with the policies of our criminal counterparts.
Under the new approach, the SEC will require admissions when it is in the public interest to do so. In particular, admissions may be appropriate in cases where a large number of investors were harmed or put at risk, or where defendants engage in egregious misconduct or unlawfully obstruct the Commission’s investigative process. Requiring admissions in these cases will appropriately sanction defendants for their misconduct, and will go a long way toward enhancing the deterrence message of our settlements.
In just the past few months, we have already seen this new approach being applied at the SEC. I expect that as we continue to develop experience under the new policy, the admissions that we will require in the future will be stronger. For example, the focus should go beyond having defendants only admitting facts, but also accepting fault for their misconduct, and admitting to having violated specific provisions of the law.
Requiring defendants to make strong admissions of misconduct may make it more difficult to settle certain cases, and, as a result, for this approach to be effective we must be ready, willing, and able to go to trial.
While going to trial is always an option, it remains infrequent at the SEC. The SEC currently settles approximately 98% of its Enforcement cases and, in 2012, we went to trial in only 22 out of the 734 cases we brought. However, a robust and effective Enforcement program requires us to take risks, especially in programmatically important cases. If necessary, the SEC must be willing to litigate and go to trial. A legitimate threat of litigation should also serve to increase the SEC’s ability to obtain stronger settlements.
Enforcement Initiatives to Combat Fraud
Finally, I would like to spend a few moments to discuss initiatives that focus on using available data to combat fraud and protect investors: (1) risk-based initiatives to identify fraud; and (2) an enhanced approach to detect financial fraud.
Our Enforcement program has undertaken several important initiatives to identify and concentrate our resources on high fraud-risk areas and transactions. Many of these initiatives rely on risk-based data analytics to proactively identify fraud. As I have said for years, the SEC must make better use of technology to support its Enforcement program.
In particular, there has been progress in the use of data analytics. Working together, the Division of Economic and Risk Analysis (DERA), the Office of Compliance Inspections and Examinations (OCIE),  and the Division of Enforcement have developed several risk-based initiatives that use sophisticated models to identify potential misconduct. One of the first initiatives was the Aberrational Performance Inquiry (API), which focuses on suspicious performance returns posted by hedge fund advisors. Working with DERA and OCIE, the Enforcement Division’s Asset Management Unit developed risk-based analytics to analyze performance data of thousands of hedge fund advisers to identify suspicious candidates for examination and/or investigation. This initiative has resulted in several enforcement actions since its inception in 2009, and every Regional Office has worked on examinations or investigations arising from this initiative.
DERA is also continuing to develop additional risk-based initiatives, including the “Accounting Quality Model,” which will be used to assess the degree to which financial statements filed by issuers appear anomalous. I look forward to these additional initiatives being fully operational in the short-term.
Finally, the Commission recently announced the creation of the Center for Risk and Quantitative Analytics, which will be part of the Division of Enforcement. This Center will employ quantitative analysis to profile high-risk market behavior and will otherwise support and coordinate the Division’s risk analytic initiatives.
Clearly, our ability to conduct data analytics and risk-based initiatives will be further enhanced once the Commission begins receiving uniform and timely market data on quotes, orders, and executed trades after the adoption of the Consolidated Audit Trail (“CAT”). I was a vocal advocate for developing CAT and, although the final rule was lacking in several important respects, it will be a definite improvement over the current state of things. Because of the benefits that CAT will provide to the Commission’s oversight of the market, I am concerned by the recent delays in the building of CAT, and urge those involved to act with greater urgency.
The protection of investors requires proactive steps to detect misconduct. Consequently, the SEC staff has to think creatively about ways in which data analytics can be used to uncover fraud across a wide array of market activities.
Financial Reporting and Audit Task Force
One additional initiative by the Division of Enforcement that deserves mention is the new Financial Reporting and Audit Task Force – a renewed effort to combat financial fraud. This is a welcome and overdue development, as the number of enforcement matters involving financial fraud and issuer disclosures have been steadily declining over the past decade, from a high of 199 cases in 2003, to just 79 cases in 2012. The Task Force will focus its efforts on identifying violations relating to the preparation of financial statements, issuer reporting and disclosure, and audit failures. This renewed focus is a critical component of investor protection.
As you can appreciate from my remarks, the SEC has undergone enormous changes over the past several years, and we have taken important steps to strengthen our Enforcement program. However, there is more that can, and should, be done to enhance our Enforcement program.
To that end, I also want to discuss one of the most important aspects of a robust Enforcement program – and that is for the Commission to have the willingness to use all of the tools at our disposal and the willingness to fight for strong sanctions. As illustrated by some of the changes I have discussed, the current Commission is taking a tougher stance on enforcement matters – whether it is forcing admissions, fixing flawed policies on penalties, or developing new techniques to uncover fraud. In addition, the Commission has begun to use more of the tools at its disposal. For example, we have recently brought charges under long-overlooked provisions of the Federal securities laws. Just last month, we brought an action alleging – for the first time – issuer violations of Section 10A, which was enacted into law in 1995, and in separate cases brought the first ever charges under Section 10A’s audit partner rotation provision, audit committee communication provision, and the provision requiring audit procedures to identify related party transactions.
While it is customary for Commission representatives to talk the tough talk about enforcement, I am optimistic that the current Commission will walk the walk.
As I end my remarks, I want to acknowledge the many SEC alumni in attendance today. I want you to know that, while much has changed at the SEC, what does remain is the fact that the men and women at the SEC continue to work tirelessly in their mission to protect investors. Our staff remains among the finest public servants you will ever meet. Accordingly, it is incumbent on the SEC’s leadership to provide them with the resources, tools, and effective policies that they need to carry out the agency’s mission. The Commission must consistently strive to keep up with the growth and complexity of the capital markets – both as to our regulatory requirements and our Enforcement program. A robust, well-funded, and appropriately staffed SEC is critical to investor protection and for maintaining confidence in our markets.
Thank you for inviting me to this year’s seminar.
 Commissioner Luis A. Aguilar, Remarks Before the 14th Annual Securities Litigation and Regulatory Practice Seminar, (Oct. 31, 2008), available at http://www.sec.gov/news/speech/2008/spch103108laa.htm.
 See, SEC Press Release No. 2009-199, SEC Announces New Division of Risk, Strategy, and Financial Innovation (Sept. 16, 2009), available at http://www.sec.gov/news/press/2009/2009-199.htm.; SEC Press Release No. 2013-104, SEC Renames Division Focusing On Economic and Risk Analysis (June 6, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171575272.
 See, supra note 5, SEC Press Release No. 2009-199.
 Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203 (July 21, 2010); Jumpstart Our Business Startups Act, Pub. L. No. 112-106 (2012).
 Release No. IA-2968, Custody of Funds or Securities of Clients by Investment Advisers (Dec. 30, 2009), available at http://www.sec.gov/rules/final/2009/ia-2968.pdf. More recently, the SEC has passed rule amendments to strengthen the custody practices of broker-dealers, Release No. 34-70073, Broker-Dealer Reports (July 30, 2013), available at http://www.sec.gov/rules/final/2013/34-70073.pdf. As Commissioner Aguilar stated when these amendments were adopted, the investment adviser custody rules were not the Madoff fix since Madoff was registered solely as a broker-dealer for much of the fraud. Commissioner Aguilar, Strengthening Oversight of Broker-Dealers by Instituting a Framework to Prevent Another Madoff, (July 31, 2013), available at http://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1370539742041.
 Release No. 34-59342, Amendments to Rules for Nationally Recognized Statistical Rating Organizations (Feb. 2, 2009), available at http://www.sec.gov/rules/final/2009/34-59342.pdf. Other rules and amendments adopted during this time period include an interim final rule requiring money market funds to report their portfolio holdings and valuation information to the Commission under certain circumstances, Release No. IC-28903, Disclosure of Certain Money Market Fund Portfolio Holdings (Sept. 18. 2009), available at http://www.sec.gov/rules/final/2009/ic-28903.pdf; rules requiring shareholder approval for the compensation of executives of TARP recipients, Release No. 34-61335, Shareholder Approval of Executive Compensation of TARP Recipients (Jan. 12, 2010), available at http://www.sec.gov/rules/final/2010/34-61335.pdf; amendments to Form ADV, Release No. IA-3060, Amendments to Form ADV (July 28, 2010), available at http://www.sec.gov/rules/final/2010/ia-3060.pdf; rules removing the Regulation FD exemption for credit rating agencies, Release No. 33-9146, Removal from Regulation FD of the Exemption for Credit Rating Agencies (Sept. 29, 2010), available at http://www.sec.gov/rules/final/2010/33-9146.pdf; and amendments increasing Commission oversight of hedge funds and other private funds, Release No. IA-3221, Rules Implementing Amendments to the Investment Advisers Act of 1940 (June 22, 2011), available at http://www.sec.gov/rules/final/2011/ia-3221.pdf. More recently, the SEC proposed money market fund reform. Release No. 33-9408, Money Market Fund Reform; Amendments to Form PF (June 5, 2013), available at http://www.sec.gov/rules/proposed/2013/33-9408.pdf.
 These numbers are based on information received from the Commission’s Office of the Secretary. The total number of enforcement recommendations was determined by counting each party in a single action as a separate recommendation. Thus, an enforcement recommendation involving five parties would be counted as five recommendations under this calculation.
 The “third” head of the Division of Enforcement is in fact two people who serve as co-directors of the Division.
 See Commissioner Aguilar, NASAA Members and the SEC – United in the Public Interest and Making Investors a Priority, (Apr. 18, 2009), available at http://www.sec.gov/news/speech/2009/spch042809laa.htm; Commissioner Aguilar, Empowering the Markets Watchdog to Effect Real Results, (Jan. 10, 2009), available at http://www.sec.gov/news/speech/2009/spch011009laa.htm; Commissioner Aguilar, Increasing Accountability and Transparency to Investors, (Feb 6, 2009), available at http://www.sec.gov/news/speech/2009/spch020609laa.htm; Commissioner Aguilar, Reinvigorating the Enforcement Program to Restore Investor Confidence, (Mar. 18, 2009), available at http://www.sec.gov/news/speech/2009/spch031809laa.htm; Commissioner Aguilar, Combating Securities Fraud at Home and Abroad (May 28, 2009), available at http://www.sec.gov/news/speech/2009/spch052809laa.htm.
 See Bruce Carton, Luis Aguilar: The Enforcement Commissioner, Compliance Week, March 19, 2009, available at.
 S-3416, Stronger Enforcement of Civil Penalties Act of 2012 (the “SEC Penalties Act”), available at. The SEC Penalties Act was introduced by Senators Reed and Grassley as a bi-partisan acknowledgement that the penalties imposed by the Commission in several enforcement actions were inadequate. Grassley, Reed Seek Tougher Penalties for Wall Street Fraud, Office of United States Senator Chuck Grassley of Iowa (July 23, 2012), available at http://www.grassley.senate.gov/news/Article.cfm?customel_dataPageID_1502=41925. The SEC Penalties Act would authorize the SEC to issue penalties for each violation up to the greater of (i) $1 million for individuals or $10 million for entities, (ii) three times the gross pecuniary gain, or (iii) the losses incurred by investors as a result of the violation. It would also triple the penalty cap for recidivists. This bill was re-introduced and was referred to the Senate Banking, Housing, and Urban Affairs Committee on February 12, 2013. See . I urge Congress to pass the SEC Penalties Act, which will provide the SEC with more tools to hold individuals and entities accountable for their misconduct.
 Commissioner Luis A. Aguilar, Reinvigorating the Enforcement Program to Restore Investor Confidence (Mar. 18, 2009), available at http://www.sec.gov/news/speech/2009/spch031809laa.htm; Commissioner Aguilar, Sustainable Reform Prioritizing Long-Term Investors Requires the Right Orientation (Feb. 5, 2010), available at http://www.sec.gov/news/speech/2010/spch020510laa.htm.
 SEC Press Release, Statement of the Securities and Exchange Commission Concerning Financial Penalties (Jan. 4, 2006), available at http://www.sec.gov/news/press/2006-4.htm. The Penalty Statement states that the appropriateness of a penalty on a corporation “turns principally on two considerations:” (1) the presence or absence of a direct benefit to the corporation as a result of the violation; and (2) the degree to which a penalty will recompense or further harm the injured shareholders. The Penalty Statement also identified seven additional factors: (1) the need to deter the particular type of offense; (2) the extent of the injury to innocent parties; (3) whether complicity in the violation is widespread throughout the corporation; (4) the level of intent on the part of the perpetrators; (5) the degree of difficulty in detecting the particular type of offense; (6) the presence or lack of remedial steps by the corporation; and (7) the extent of cooperation with Commission and other law enforcement agencies.
 Congress granted the Commission the authority to impose civil penalties in 1990 through the passage of The Securities Enforcement Remedies and Penny Stock Reform Act of 1990 (the “Remedies Act”). Courts have acknowledged that the Commission’s power to impose penalties is designed to punish misconduct and deter future violations. See Official Committee of Unsecured Creditors of World Com, Inc. v. SEC, 467 F.3d 73, 81 (2d Cir. 2006). A penalty “is a form of punishment imposed by the government for unlawful or proscribed conduct, which goes beyond remedying the damage caused to the harmed parties by the defendant’s action.” Johnson v. SEC, 87 F.3d 484, 488 (D.C. Cir. 1996).
 The legislative history of the Remedies Act notes that “because the costs of [corporate] penalties may be passed on to shareholders, the Committee intends that a penalty be sought when the violation results in an improper benefit to shareholders.” S. Rep. No. 101-337 (1990). However, this language does not impose special requirements on the Commission or the courts in all cases where penalties are imposed on corporations, but rather is directed to the limited category of cases in which the current shareholders of a corporate issuer are identical to those directly victimized by the misconduct and would be harmed by a money penalty. A corporation and each of its shareholders generally are considered separate “persons” under the law. Everything that affects a corporation's financial performance is, at least in theory, reflected in its share price, and thus may have an indirect economic impact on shareholders. At the same time, corporations incur liabilities in their own names, and shareholders are at risk only to the extent of their investment in a company’s shares. Accordingly, it is unlikely that Congress meant to change the basic characteristic of share ownership to insulate shareholders from the indirect economic consequences of corporate penalties, while leaving shareholders susceptible to economic loss arising from every other liability that might be incurred by a corporation.
 H.R. Rep. No. 101-616 (1990), reprinted in 1990 U.S.C.C.A.N. 1379.
 For example, in SEC v. Citigroup Global Capital Markets, Inc., investors lost almost $700 million, but Citigroup made net profits of $160 million, and in fact, the SEC settled to only a $95 million penalty. Case No. 1:11-cv-7387-JSR (S.D.N.Y. Oct. 19, 2011). See also Commissioner Luis A. Aguilar, Taking a No-Nonsense Approach to Enforcing the Federal Securities Laws, (Oct. 18, 2012), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171491510.
 Chair Mary Jo White, Deploying the Full Enforcement Arsenal, (Sept. 26, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1370539841202.
 In a settlement with JPMorgan last month, the Commission charged the bank with misstating its financial results, and for its failure to maintain effective controls to prevent its traders from overvaluing investments that resulted in large trading losses. See SEC Press Release No. 2013-187, JPMorgan Chase Agrees to Pay $200 Million and Admits Wrongdoing to Settle SEC Charges: Firm Must Pay $920 Million in Total Penalties in Global Settlement (Sept. 19, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539819965. JPMorgan’s settlement with the Commission did not include any disgorgement of ill-gotten gains; disgorgement is often used as a proxy for “benefits” derived by a wrongdoer. Despite the absence of any disgorgement, the settlement with JPMorgan required the bank to pay $200 million in corporate penalties. See id. Indeed, the bank paid total penalties of $920 million in connection with its global settlement with regulators on both sides of the pond. See id. The Commission imposed a penalty in this case because there was a great need to deter JPMorgan’s misconduct. See SEC Files Fraud Charges Against Universal Travel Group, Its Former CEO and Chair, Jiangping Jiang, and Its Former Director, Secretary and Interim CFO, Jing Xie, Lit. Rels. No. 22823 (Sept. 27, 2013), available at http://www.sec.gov/litigation/litreleases/2013/lr22823.htm; In the Matter of Medifast, Inc., Admin. Proceeding File No. 3-15502, (Sept. 18, 2013), available at http://www.sec.gov/litigation/admin/2013/34-70448.pdf.
 Release No. 34-44969, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions (Oct. 23, 2001), available at http://www.sec.gov/litigation/investreport/34-44969.htm.
 Commissioner Luis A. Aguilar, Reinvigorating the Enforcement Program to Restore Investor Confidence, (Mar. 18, 2009), available at http://www.sec.gov/news/speech/2009/spch031809laa.htm.
 Commissioner Aguilar, The Need for Robust Oversight of SROs (May 8, 2013), available at http://www.sec.gov/News/PublicStmt/Detail/PublicStmt/1365171515546.
 In September 2012, the Commission charged the New York Stock Exchange (NYSE) for the third time for compliance failures that gave some of its customers an improper advantage on trading information by sending data to some customers through its proprietary feeds before sending the data to the publicly available consolidated feeds. The $5 million penalty imposed against NYSE marked the first time the Commission has ever imposed a financial penalty against an exchange. See In the Matter of New York Stock Exchange LLC, and NYSE Euronext, Admin. Proceeding File No. 3-15023 (Sept. 14, 2012), available at http://www.sec.gov/litigation/admin/2012/34-67857.pdf; SEC Press Release No. 2012-189, SEC Charges New York Stock Exchange for Improper Distribution of Market Data (Sept. 14, 2012), available at https://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171484740.
 In May 2013, the Commission charged NASDAQ with securities law violations resulting from its poor systems and decision-making during the initial public offering and secondary market trading of Facebook, Inc. NASDAQ agreed to settle the Commission’s charges by paying a $10 million penalty. This marks the second time the Commission imposed a penalty against an exchange for favoring its business interests over its regulatory obligations. See In the Matter of The NASDAQ Stock Market, LLC and NASDAQ Execution Services, LLC, Admin. Proceeding File No. 3-15339 (May 29, 2013), available at http://www.sec.gov/litigation/admin/2013/34-69655.pdf; SEC Press Release No. 2013-95, SEC Charges NASDAQ for Failures During Facebook IPO (May 29, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171575032.
 In June 2013, the Commission charged the Chicago Board Options Exchange (CBOE) for systemic breakdowns in its regulatory and compliance functions, and for failing to enforce rules against abusive short selling. The $6 million penalty paid by CBOE was the first penalty ever assessed against an exchange for failing its regulatory oversight functions. In this case, CBOE engaged in egregious misconduct by going as far as to interfere with the Commission’s investigation of a CBOE-member firm. See In the Matter of Chicago Board Options Exchange, Incorporated and C2 Options Exchange, Incorporated, Admin. Proceeding File No. 3-15353, available at http://www.sec.gov/litigation/admin/2013/34-69726.pdf; SEC Press Release No. 2013-107, SEC Charges CBOE for Regulatory Failures (June 11, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171575348. CBOE had previously been charged by the Commission, but it continued to adopt a culture of lax regulation over many years. In the Matter of Certain Activities of Options Exchanges, Exchange Act Release No. 43268 (Sept. 11, 2000), available at http://www.sec.gov/litigation/admin/34-43268.htm; In the Matter of the Chicago Board Options Exchange, Inc., Exchange Act Release No. 26809 (May 11, 1989).
 Some of the more well-known events include the May 6, 2010 “Flash Crash,” the October 2011 system errors at Direct Edge, the $440 million trading loss at Knight Capital Group, Inc. in August 2012, and the issues associated with BATS Global Market Inc.’s initial public offering in March 2012. Supra note 29.
 See NASDAQ OMX Statement on the Securities Information Processor (Aug. 22, 2013), available at. In addition, on August 20, 2013, Goldman Sachs executed a large number of erroneous options trades when one of its automated trading systems malfunctioned. See Goldman Faces Losses on Erroneous Trades, Financial Times, (Aug. 21, 2013). On September 16, 2013, options trading were halted for more than a half-hour due to a failure of the data feed that supplied options prices to the market. See Stock-Options Trading Halted After Data Feed Problem, Wall Street Journal (Sept. 16, 2013).
 See Sarah N. Lynch, Nasdaq says FINRA caps Facebook IPO claims at $41.6 million, Reuters (Oct. 25, 2013), available at, estimating major market makers lost up to $500 million in the IPO.
 See NASDAQ OMX Statement on the Securities Information Processor (Aug. 22, 2013), available at; see NASDAQ OMX Statement on the Securities Information Processor (Sept. 4, 2013), available at .
 Release No. 34-69077, Regulation Systems Compliance and Integrity (Mar. 8, 2013), available at http://www.sec.gov/rules/proposed/2013/34-69077.pdf .
 Commissioner Luis A. Aguilar, Developing Solutions to Ensure that the Automated Systems of Our Marketplace are Secure, Robust, and Reliable, (Mar. 7, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171515056.
 Proposed Rule 1000(b)(2)(i) would require each entity covered by Regulation SCI to establish, maintain, and enforce written policies and procedures reasonably designed to ensure that its systems operate in the manner intended, including a manner that complies with the federal securities laws and rules and regulations thereunder and the entity’s rules and governing documents, as applicable. However, proposed Rules 1000(b)(2)(ii) and (iii) would provide a “safe harbor” from liability under Rule 1000(b)(2)(i) for SCI entities and persons employed by SCI entities under the following circumstances: (A) the SCI entity has established and maintained policies and procedures reasonably designed to provide for (1) testing of all SCI systems and changes to such systems prior to implementation, (2) periodic testing of all such systems and any changes to such systems after their implementation, (3) a system of internal controls over changes to such systems, (4) ongoing monitoring of the functionality of such systems, (5) assessments of SCI systems compliance performed by personnel familiar with applicable laws and rules, and (6) review by regulatory personnel of SCI systems design, changes, testing, and controls to prevent, detect, and address actions that do not comply with applicable laws; (B) the SCI entity has established and maintained a system for applying such policies and procedures which would reasonably be expected to prevent and detect, insofar as practicable, any violations of such policies and procedures; and (C) the SCI entity has reasonably discharged the duties and obligations incumbent upon the SCI entity by such policies and procedures, and was without reasonable cause to believe that such policies and procedures were not being complied with in any material respect. Release No. 34-69077, Regulation Systems Compliance and Integrity (March 8, 2013), available at http://www.sec.gov/rules/proposed/2013/34-69077.pdf.
 Commissioner Luis A. Aguilar, Developing Solutions to Ensure that the Automated Systems of Our Marketplace are Secure, Robust, and Reliable, (Mar. 7, 2013), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171515056.
 See Commissioner Aguilar, Setting Forth Aspirations for 2011: Address to Practising Law Institute’s SEC Speaks in 2011 Program, (Feb. 4, 2011), available at http://www.sec.gov/news/speech/2011/spch020411laa.htm.
 See, SEC v. Vitesse Semiconductor Corporation, 10 Civ. 9239 (JSR) (Mar. 3, 2011).
 See, e.g., Dina ElBoghdady, SEC to require admissions of guilt in some settlements, Wash. Post(June 18, 2013), available at.
 See, e.g., Department of Justice, United States Attorneys’ Manual, Title 9, section 9-27.500, Offers to Plead Nolo Contendere – Opposition Except in Unusual Circumstances, available at http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/27mcrm.htm#9-27.500.
 Law360, SEC To Seek More Admissions Of Guilt In Settlements (June 18, 2013), available at.
 In August 2013, the SEC required Philip Falcone and his hedge fund Harbinger Capital Partners LLC to admit fault as part of an $18 million settlement with the agency. By improperly using fund assets, secretly favoring certain customers in redemption requests, and conducting an improper “short squeeze,” Falcone engaged in serious misconduct that harmed many investors. SEC Press Release No. 2013-159, Philip Falcone and Harbinger Capital Agree to Settlement (Aug. 19, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539780222. More recently, in September 2013, the SEC required JPMorgan Chase & Co., the largest U.S. bank by assets, to admit fault and pay a $200 million penalty. JPMorgan’s misconduct was egregious – the bank misstated its financial results and lacked effective internal controls – and requiring admissions from the bank served to advance the goals of investor protection. SEC Press Release No. 2013-187, JPMorgan Chase Agrees to Pay $200 Million and Admits Wrongdoing to Settle SEC Charges: Firm Must Pay $920 Million in Total Penalties in Global Settlement (Sept. 19, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370539819965.
 See SEC Press Release No. 2012-277, SEC’s Enforcement Program Continues to Show Strong Results in Safeguarding Investors and Markets (Nov. 14, 2012), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171485830.
 See, e.g., supra note 28.
 For example, OCIE staff works with DERA to develop models to identify registrants with anomalous characteristics, registrants that do not meet certain thresholds for established financial metrics, and registrants that exhibit high-risk sales practices and other risk factors. OCIE has established an Office of Risk Assessment and Surveillance (“ORAS”) to evaluate risks across all of the markets and registrant classes that are examined by the National Exam Program, and this office now plays a central role in determining which registrants to examine, as well as the scope of examinations. See Examinations by the Securities and Exchange Commission’s Office of Compliance, Inspections and Examinations (Feb. 2012), available at http://www.sec.gov/about/offices/ocie/ocieoverview.pdf. In addition, OCIE is working with DERA to develop periodic reports that analyze data across a wide spectrum of filers to help identify trends and possible emerging risks in the private fund industry, and is working to develop a series of analytics and metrics that will allow the staff to identify possible red flags at firms, which could trigger examinations. See SEC Annual Staff Report Relating to the Use of Data Collected from Private Fund Systemic Risk Reports, available at http://www.sec.gov/news/studies/2013/im-annualreport-072513.pdf.
 Craig M. Lewis, Chief Economist and Director, Division of Risk, Strategy, and Financial Innovation, Risk Modeling at the SEC: The Accounting Quality Model (Dec. 13, 2012), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171491988.
 See, SEC Press Release No. 2013- 121, SEC Announces Enforcement Initiatives to Combat Financial Reporting and Microcap Fraud and Enhance Risk Analysis (July 2, 2013), available at http://www.sec.gov/News/PressRelease/Detail/PressRelease/1365171624975.
 See Release No. 34-67457, Consolidated Audit Trail (Jul 18, 2012), available at http://www.sec.gov/rules/final/2012/34-67457.pdf. The SEC has recently deployed the Market Information Data Analytics System, or MIDAS, which allows us to see all orders posted on the exchanges, all cancellations and executions of those orders, and all off-exchange executions. See SEC Market Structure, available at http://www.sec.gov/marketstructure/.
 See Commissioner Aguilar, “Smart Regulation: Keeping the Door Open for Effective Ideas” (July 11, 2012), available at http://www.sec.gov/News/Speech/Detail/Speech/1365171564352.
 Supra note 52.
 See Year-by-Year SEC Enforcement Statistics, available at http://www.sec.gov/news/newsroom/images/enfstats.pdf.
 Supra note 54.
 See In the Matter of China Ruitai International Holdings Co., Ltd., et al., Release No. 34-70579 (Sept. 30, 2013) (charging issuer with violations of Section 10A(b)(3) for failing to make required disclosure to the Commission after its auditor reported that it had information indicating an illegal act had occurred and that the issuer’s failure to take remedial action warranted the auditor’s resignation).
 See In the Matter of John Kinross-Kennedy, CPA, Release No. 34-70566 (Sept. 30, 2013) (alleging audit partner provided auditing services for an issuer in each of that issuer’s previous five fiscal years in violation of Section 10A(j), and alleging violations against the auditor under Section 10A(k) for failing to report certain matters to the audit committee of the issuer).
 See id. (alleging audit partner provided auditing services for an issuer in each of that issuer’s previous five fiscal years in violation of Section 10A(j), and alleging violations against the auditor under Section 10A(k) for failing to report certain matters to the audit committee of the issuer).
 See In the Matter of Patrizio & Zhao LLC, et al., Release No. 34-70562 (Sept. 30, 2013) (alleging that auditor and audit engagement partner violated Exchange Act Section 10A(a)(2) for failing to include auditing procedures designed to identify material related party transactions).