Skip to main content

Addressing Known Risks to Better Protect Investors

Commissioner Luis A. Aguilar

U.S. Securities and Exchange Commission

SEC Speaks, Washington, D.C.

Feb. 21, 2014

Thank you for that kind introduction.  I am honored to be here today.  Before I begin my remarks, let me issue the standard disclaimer that the views I express today are my own, and do not necessarily reflect the views of the U.S. Securities and Exchange Commission (the “SEC” or “Commission”), my fellow Commissioners, or members of the staff.

This is the sixth time that I have spoken at “SEC Speaks” as a Commissioner.  Much has changed since my first “SEC Speaks” in February 2009.  At that time, we were in the midst of the worst financial crisis since the Great Depression.  Among other things, Lehman Brothers had recently filed for Chapter 11 bankruptcy,[1] The Reserve Primary Money Market Fund had “broken the buck,” and the U.S. Government had just bailed out insurance giant AIG.  In addition, the Bernard Madoff Ponzi scheme had come to light just a few months earlier, further shaking investor confidence in the capital markets. 

These and other events made it clear that the SEC had much to do to become a more effective regulator and to enhance its protection of investors.  It was also clear that the agency itself had to undergo significant change.  As a result, in my 2009 remarks at SEC Speaks, I highlighted a number of steps that Congress and the SEC should take to close regulatory loopholes.  These regulatory gaps included a lack of appropriate regulation in the areas of over-the-counter derivatives, hedge funds, and municipal securities—areas that Congress subsequently addressed in the Dodd-Frank Act.[2]

In my 2009 remarks, I also discussed the need for the SEC to become a more aggressive regulator—and one that was more accountable to investors.[3]  Accordingly, I have been very supportive of the SEC’s efforts to enhance its ability to oversee the market, and to identify and address areas of regulatory weakness. 

As this group knows well, the last five years have been one of the most active periods in SEC history.  During my tenure, the Commission has considered more than 230 rulemaking releases (proposing and adopting final rules), and more than 15,000 Enforcement recommendations.[4]

Even before Dodd-Frank was enacted, we adopted or substantially amended a number of significant regulatory and disclosure rules—including, to name just a few examples, rules enhancing the custody practices of investment advisers,[5] rules to prohibit pay-to-play activity in the investment advisory industry,[6] improvements to the short-selling rules,[7] rules to enhance municipal securities disclosure,[8] and significant amendments to the rules governing nationally recognized statistical rating organizations.[9]  Of course, the Commission’s agenda became even more active after the passage of Dodd-Frank and the JOBS Act.[10]

In the wake of the financial crisis, the Commission also made a number of internal changes.  For example, we substantially restructured the Division of Enforcement and created specialized teams of lawyers and market experts to focus in the areas of Asset Management, Market Abuse, Complex Financial Instruments, Foreign Corrupt Practices, and Municipal Securities and Public Pensions.[11]  In addition, the Office of Market Intelligence was created to better manage and assess tips, complaints, and referrals.[12]  Moreover, we created the Division of Economic and Risk Analysis,[13] or “DERA,” to provide economic and statistical analysis to support the SEC’s rulemakings, and to assist with our examination and enforcement programs.[14]  As a result of these and other changes, the SEC is a stronger agency.  However, I would be the first to say that we still need to improve.  And, of course, critical to improving the agency is having an adequate budget.  We remain severely underfunded.  Until we have adequate funding, we will not be able to fulfill our mission to investors, markets, and issuers.

There have also been significant personnel changes at the Commission since my first SEC Speaks in 2009.  In particular, the composition of the Commission has changed several times.   As I stand here before you this morning, none of the Commissioners with whom I currently serve were members of the Commission when I was confirmed in 2008.  And, over my tenure, there have been four different chairs. 

The last five years have also seen significant turnover in SEC leadership—among other changes, there have been three different heads at each of the Division of Enforcement, the Division of Investment Management, the Division of Corporation Finance, the Division of Trading and Markets, and the Office of Compliance Inspections and Examinations (OCIE), and there have been five different General Counsels.  Moreover, the heads of all of our Regional Offices have changed.

One result of this turnover in senior staff has been a loss of institutional memory, which I have particularly noticed in our rulemaking efforts.  I often meet with the staff to discuss issues that were first raised years ago and, when I refer to prior discussions with the staff, I am often met with blank stares.  The reason for this is that, in genealogical terms, I had those prior discussions not with them but with their parents and grandparents (and, in some instances their great-grandparents).  While this lack of continuity can be frustrating at times, it is useful to be reminded just how much has changed at the SEC over the past five and a half years. 

There are a number of topics that I could address—like the recent JOBS Act or the remaining steps that need to be taken to fully implement many long-overdue requirements of the Dodd-Frank Act.  Today, however, I would like to focus my remarks on two other important topics that call out for the Commission’s attention:

  • addressing the growing cyber-threats faced by registrants, the capital markets and investors; and
  • revisiting the role and regulation of transfer agents.

Addressing the Growing Cyber-Threat to Registrants, the Capital Markets, and Investors

As many of you know, there has recently been a series of high-profile cyber-attacks on American companies and financial institutions.[15]  As a Commissioner, I have grown increasingly concerned with the potential of such attacks to harm market participants, public companies, and investors.  Accordingly, I believe that taking action to combat this cyber-threat should be a high priority in both the public and private sectors.[16]

I am particularly concerned about the growing incidence and risk of cyber-attacks on the financial markets.  Cyber-attacks on financial institutions have become both more frequent and more sophisticated.[17]  According to a 2012 global survey of securities exchanges, 89% identified cyber-crime as a potential systemic risk and 53% reported experiencing a cyber-attack in the previous year.[18]  Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm. 

The SEC’s efforts to address cyber-security threats have, to date, focused primarily on issuers and their disclosures regarding cyber-security risks and cyber incidents.[19]  However, the observed increase in cyber-security threats on businesses strongly suggests that the Commission needs to better understand the issues and challenges raised for market participants and public companies—so that the Commission can address potential vulnerabilities to the proper functioning of the capital markets.

Accordingly, I raised this issue with Chair White and recommended that the SEC convene a roundtable to explore these issues.  I am pleased to report that just last week the Commission announced that the roundtable will take place on March 26, 2014.  I am hoping that, among other things, the roundtable will focus and foster thoughtful discussions on how SEC-regulated entities and public companies can best prepare for, and respond to, the inevitable cyber-attack.  Clearly, both market participants and issuers need to consider and develop appropriate preventive safeguards and they need to have adequate plans in place that will make it easier to quickly repair the damage of an attack.[20]  The roundtable is an important step to develop a common understanding of the related issues, and I expect and look forward to a vigorous and well-informed discussion.  

Revisiting the Role and Regulation of Transfer Agents

A separate important topic that warrants our attention is the subject of transfer agents.  These critical gatekeepers have long played a vital role in the securities market by, among other things, acting as registrars and keeping track of changes in the record ownership of a company’s securities.[21]  When transfer agents act as registrars, they assume the issuer’s responsibility to maintain the official list of securityholder accounts and to monitor the issuance of securities with a view to preventing unauthorized issuances.[22]  In addition to serving as registrars, transfer agents also often act as intermediaries for companies, paying out interest, cash and stock dividends, and other distributions to the record holders of stocks and bonds.[23]

Currently, there are approximately 460 transfer agents registered with the Commission.[24]  As of the end of 2012, transfer agents maintained over 276 million shareholder accounts for approximately 1.5 million issuers, including equity, debt, and mutual fund securities.[25]  That year, transfer agents that provide paying agent services also distributed over $2.15 trillion in shareholder dividends and interest payments.[26]

Obviously, when trillions of dollars are involved, it is important that transfer agents fulfill their responsibilities with accuracy and professionalism.  And, fortunately, that is usually the case.

Another critical responsibility of transfer agents is to keep track of the restrictive legends and “stop transfer” orders that distinguish restricted securities and control shares from freely-tradable securities.  As such, transfer agents are often in a position to prevent unregistered securities from being distributed in violation of the Securities Act.  This gatekeeper role takes on particular importance with microcap securities because typically there is little, if any, meaningful disclosure or independent research regarding such companies.  The potential for fraud and abuse in the microcap markets is well-known.[27]  Indeed, violations of the registration provisions are often associated with microcap pump-and-dump schemes and other penny stock fraud.

In fact, the Commission has brought numerous cases against transfer agents who violate federal securities law in connection with fraudulent pump-and-dump schemes.[28]  You can expect the Commission to bring more cases since, as many of you know, the Division of Enforcement has created a Microcap Fraud Task Force that will, among other things, target gatekeepers such as transfer agents, attorneys, and auditors who participate in pump-and-dump schemes and penny stock fraud.[29]

Unfortunately, in addition to those transfer agents that are active participants in fraud, there are also those transfer agents that have been duped into removing restrictive legends from stock certificates; as a result, unregistered securities have been illegally sold in the public markets.  Frequently, this occurs on the basis of fraudulent attorney opinion letters[30]  Often, however, transfer agents have acted in the face of numerous red-flags warning of an illegal stock offering.[31]  This occurs with enough regularity that I believe the Commission should clarify the steps that could be taken by transfer agents and other gatekeepers to prevent violations in the microcap space.[32]

Moreover, a renewed focus on transfer agents is important because their gatekeeper function will become even more critical as a result of new rules adopted pursuant to the JOBS Act.  These new rules are likely to increase the number of companies whose shares are traded in the secondary market without the benefits of registration. 

For example, the Commission recently proposed rules that would increase the maximum offering amount under Regulation A from $5 million to $50 million in any 12-month period.[33]  Securities issued pursuant to the Regulation A exemption are not restricted, which means that purchasers may resell their shares without registration or a holding period.

In addition, now that general solicitation and advertising are permitted under Regulation D,[34] shares can be sold to an unlimited number of accredited investors, who can then resell them after a one-year holding period under Rule 144. 

Another JOBS Act initiative—the crowdfunding exemption—is also likely to raise challenges for company registrars, whether that function is kept “in-house” or delegated to transfer agents.[35] Under the Commission’s recent crowdfunding proposal,[36] shares issued in crowdfunding transactions, while initially restricted, will be freely tradable after a one-year holding period.

Any trading market that develops for these unregistered securities will almost certainly be less transparent and less liquid than the market for listed securities.  Thus, the role of transfer agents in monitoring the issuance of new shares and removing restrictions on restricted securities and control blocks may be critical in deterring and detecting fraud.

Importantly, these new rules—enhanced Regulation A, general solicitation under Regulation D, and crowdfunding—are being proposed at the same time that other rules enable companies to remain “private” (or at least unregistered) for longer periods, even as they rely on increasing numbers of outside investors for their capital needs.  In particular, the JOBS Act raised the shareholder thresholds for when companies are required to register under the Exchange Act.  In general, unless a company is listed on a national securities exchange, it does not need to register with the SEC unless it has a class of equity securities held of record by either:

  • 2,000 or more persons; or
  • 500 or more persons who are not accredited investors.[37]

Moreover, in calculating the number of record holders for purposes of the registration threshold, a company may exclude individuals who acquired their securities under certain employee compensation plans[38]—and can also exclude those holding securities issued in crowdfunding transactions, even if they acquired the securities in subsequent transactions.[39]

These changes, in the aggregate, will significantly impact companies and transfer agents, who in some cases may have to keep track not only of the record holders of a company’s securities, but also whether such securities were issued in a crowdfunding transaction or in a transaction exempt from the Securities Act pursuant to an employee compensation plan, and whether the record holder is an accredited investor.[40]  All of these changes add confusion and complication to the important task of determining whether a company is required to register with the SEC.  And, although the burden of getting it right remains with the issuer, any adverse effects will fall on investors—who may be denied the information and liquidity advantages provided by Exchange Act registration.

As I have previously stated,[41] the Commission must be proactive in addressing the foreseeable adverse consequences that may stem from increased trading in the securities of unlisted companies. 

Specifically, while I recognize that the issues go beyond transfer agents, the SEC needs to take a hard look at whether the current regulatory framework governing transfer agents appropriately addresses the risks associated with the anticipated increased trading in unlisted securities.[42]

Transfer Agents and Technology

Another reason that the Commission needs to re-visit the transfer agent rules is the significant advances in technology and increased automation in the clearance and settlement process.[43]  For the past several decades, the industry has been steadily substituting traditional paper certificates with so-called “book-entry” securities, a process known as “dematerialization.”[44]  However, many of our current transfer agent rules continue to assume the issuance and transfer of physical security certificates.[45]  As a result, the Commission needs to review these rules to assess whether they adequately reflect current market practices and the advances in technology and automation in the clearing and settlement process. 

Although the increased use of technology in the capital markets can be beneficial, the Commission should also consider how technology can also cause serious market disruption and investor harm.  A number of recent market disruptions are a testament to the damage that can occur in just a few minutes.[46]  To that end, when the Commission recently proposed Regulation SCI,[47] one of the questions asked is whether the requirements of Regulation SCI should be applied to transfer agents.[48]    

Although, as proposed, Regulation SCI would not apply to transfer agents, there is no doubt that transfer agents—like all market participants that rely on technology and automation—are subject to risk that their systems will be breached or that they will malfunction, which could harm investors and the markets.  A technological failure or processing “glitch” by a transfer agent could have serious consequences, including the loss of shareholder information, erroneous securities transfers, or the release of confidential shareholder information to unauthorized individuals.[49]  And, as I discussed earlier, there is also the omnipresent threat of a cyber-attack which, in the case of transfer agents, could result in the misappropriation of confidential shareholder information, the “hijacking” of public company shells and microcaps, or outright theft.[50]

All of these concerns warrant a re-assessment of the SEC’s transfer agent rules.  It is incumbent on the Commission to be proactive in making sure that our rules are keeping up with the changing landscape.


In conclusion, while much has changed at the Commission over the past five and a half years and while many members of the staff have come and gone, a few things have remained constant.  First and foremost, the dedication and hard work of the men and women who work at the SEC remains unparalleled. They have not wavered in the face of the overwhelming workload that the SEC has undertaken over the past few years.  What has also not changed is the SEC’s role as the capital markets regulator and our mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.  To that end, there is much work that remains to be done to protect investors and to continue to restore investor confidence in our capital markets.  I know that our committed and diligent staff will continue to work tirelessly to further the SEC’s mission.  

Thank you for your attention this morning, and for your continued support of the SEC.   


[1] SEC Press Release No. 2008-198, Statement Regarding Recent Market Events and Lehman Brothers (Updated), (Sept. 15, 2008), available at

[2] See, Commissioner Luis A. Aguilar, Increasing Accountability and Transparency to Investors (Feb. 6, 2009), available at

[3] See, id.

[4] These numbers are based on information received from the Commission’s Office of the Secretary through February 12, 2014.  The total number of enforcement recommendations was determined by counting each party in a single action as a separate recommendation.  Thus, an enforcement recommendation involving five parties would be counted as five recommendations under this calculation. 

[5] Custody of Funds or Securities of Clients by Investment Advisers, SEC Release No. IA-2968 (Dec. 30, 2009).  More recently, the SEC has passed rule amendments to strengthen the custody practices of broker-dealers, Broker-Dealer Reports, SEC Release No. 34-70073, (July 30, 2013).

[6] Political Contributions by Certain Investment Advisers, SEC Release No. IA-3043 (July 1, 2010).

[7] Amendments to Regulation SHO, SEC Release No. 34-60388 (July 27, 2009); Amendments to Regulation SHO, SEC Release No. 34-61595 (Feb. 26, 2010).

[8] Amendment to Municipal Securities Disclosure, SEC Release No. 34-62184A (May 27, 2010).

[9] Amendments to Rules for Nationally Recognized Statistical Rating Organizations, SEC Release No. 34-59342 (Feb. 2, 2009); Amendments to Rules for Nationally Recognized Statistical Rating Organizations, SEC Release No. 34-61050  (Nov. 23, 2009). 

Other rules and amendments adopted during this time period include, among others, an interim final rule requiring money market funds to report their portfolio holdings and valuation information to the Commission under certain circumstances, Disclosure of Certain Money Market Fund Portfolio Holdings, SEC Release No. IC-28903 (Sept. 18. 2009); amendments to enhance information provided in connection with proxy solicitations and in other reports filed with the Commission, Proxy Disclosure Enhancements, SEC Release No. 33-9089 (Dec. 16, 2009); rules requiring shareholder approval for the compensation of executives of TARP recipients, Shareholder Approval of Executive Compensation of TARP Recipients, SEC Release No. 34-61335 (Jan. 12, 2010); and Money Market Fund Reform, SEC Release No. IC-29132 (Feb. 23, 2010).

[10] Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203 (July 21, 2010); Jumpstart Our Business Startups Act, Pub. L. No. 112-106 (2012).

[11] See, SEC Press Release No. 2010-5, SEC Names New Specialized Unit Chiefs and Head of New Office of Market Intelligence (Jan. 13, 2010), available at

[12] Id.

[13] See, SEC Press Release No. 2009-199, SEC Announces New Division of Risk, Strategy, and Financial Innovation (Sept. 16, 2009), available at; SEC Press Release No. 2013-104, SEC Renames Division Focusing On Economic and Risk Analysis (June 6, 2013), available at

[14] See, supra note 13, SEC Press Release No. 2009-199.

[15] For example, on December 19, 2013, Target Corp. announced a data breach resulting from a cyber-attack on its systems.  The breach affected two types of data: payment card data, which affected approximately 40 million Target customers, and certain personal data, which affected up to 70 million Target customers.  See Testimony of John Mulligan, Executive Vice President and Chief Financial Officer of Target, before the Senate Judiciary Committee (Feb. 4, 2014), available at; Target Press Release, “Target Confirms Unauthorized Access to Payment Card Data in U.S. Stores” (Dec. 19, 2013),  available at .  In addition, over the past few years, the websites of several major U.S. banks have been repeatedly knocked offline for hours or days at a time by denial-of-service cyber-attacks.  See, e.g., Joseph Menn, “Cyber attacks against banks more severe than most realize,” Reuters (May 18, 2013), available at ; Bob Sullivan, “Bank Website Attacks Reach New Highs,” CNBC (Apr. 3, 2013), available at .

[16] For example, the Director of the Federal Bureau of Investigation (FBI), James Comey, put the gravity of this threat into sharp focus when he said last November that “resources devoted to cyber-based threats will equal or even eclipse the resources devoted to non-cyber based terrorist threats.”  See James B. Comey, Director, Federal Bureau of Investigation, Statement before the Senate Committee on Homeland Security and Governmental Affairs (Nov. 14, 2013), available at

[17] For example, on December 9, 2013, the Financial Stability Oversight Council held a meeting to discuss cyber-security threats to the financial system.  See, U.S. Department of the Treasury Press Release, “Financial Stability Oversight Council to Meet December 9” (Dec. 2, 2013), available at  During that meeting, Assistant Treasury Secretary Cyrus-Amir-Mokri said that “[o]ur experience of the last couple of years shows that cyber-threats to financial institutions and markets are growing in both frequency and sophistication.”  See, Remarks of Assistant Secretary Cyrus Amir-Mokri on Cybersecurity at a Meeting of the Financial Stability Oversight Council (Dec. 9, 2013), available at  In addition, in testimony before the House Financial Services Committee in 2011, the Assistant Director of the FBI’s Cyber Division stated that the number and sophistication of malicious incidents involving financial institutions has increased dramatically over the past several years and offered numerous examples of such attacks, which included fraudulent monetary transfers, unauthorized financial transactions from compromised bank and brokerage accounts, denial of service attacks on U.S. stock exchanges, and hacking incidents in which confidential information was misappropriated.  See Gordon M. Snow, Statement before the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit (Sept. 14, 2011), available at

[18] See, Rohini Tendulakar, Cyber-crime, securities markets and systemic risk, Joint Staff Working Paper of the IOSCO Research Department and World Federation of Exchanges (July 16, 2013), available at .  Forty-six securities exchanges responded to the survey. 

[19] On October 13, 2011, staff in the Commission’s Division of Corporation Finance (Corp Fin) issued guidance on issuers’ disclosure obligations relating to cyber-security risks and cyber incidents.  See, SEC’s Division of Corporation Finance CF Disclosure Guidance: Topic No. 2—Cybersecurity (“SEC Guidance”) (Oct. 31, 2011), available at  Among other things, this guidance notes that securities laws are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision, and cyber-security risks and events are not exempt from these requirements.  The guidance identifies six areas where cyber-security disclosures may be necessary under Regulation S-K: (1) Risk Factors; (2) Management’s Discussion and Analysis of Financial Condition and Results of Operation (MD&A); (3) Description of Business; (4) Legal Proceedings; (5) Financial Statement Disclosures; and (6) Disclosure Controls and Procedures.  The SEC Guidance further recommends that material cyber-security risks should be disclosed and adequately described as Risk Factors.  Where cyber-security risks and incidents that represent a material event, trend or uncertainty reasonably likely to have a material impact on the organization's operations, liquidity, or financial condition—it should be addressed in the MD&A.  If cyber-security risks materially affect the organization’s products, services, relationships with customers or suppliers, or competitive conditions, the organization should disclose such risks in its description of business.  Data breaches or other incidents can result in regulatory investigations or private actions that are material and should be discussed in the Legal Proceedings section.  Cyber-security risks and incidents that represent substantial costs in prevention or response should be included in Financial Statement Disclosures where the financial impact is material.  Finally, where a cyber-security risk or incident impairs the organization's ability to record or report information that must be disclosed, Disclosure Controls and Procedures that fail to address cyber-security concerns may be ineffective and subject to disclosure.  Some have suggested that such disclosures fail to fully inform investors about the true costs and benefits of companies’ cyber-security practices, and argue that the Commission (and not the staff) should issue further guidance regarding issuers’ disclosure obligations.  See, April 9, 2013 Letter from U.S. Senator Jay Rockefeller IV to Chair White, available at  The SEC’s National Exam Program has included cyber-security among its areas of focus in its National Examination Priorities for 2014.  See, SEC’s National Exam Priorities for 2014, available at   In addition, it was recently announced that SEC examiners will review whether asset managers have policies to prevent and detect cyber-attacks and are properly safeguarding against security risks that could arise from vendors having access to their systems. See, Sarah N. Lynch, “SEC examiners to review how asset managers fend off cyber attacks,” Reuters (Jan. 30, 2014), available at

[20] See, SEC Press Release No. 2014-32, SEC to Hold Cybersecurity Roundtable (Feb. 14, 2014), available at  Although the roundtable format remains to be decided, I expect that it will consist of two panels—one that focuses on the cyber-security issues facing public companies and one that focuses on cyber-threats to exchanges and other market participants.

[21] Private companies often perform the duties of registrar and/or transfer agent themselves, as do some smaller public companies, with or without the help of service providers that may not be registered transfer agents. 

Moreover, although transfer agents are responsible for processing changes in record ownership, they generally do not play a role in transactions with respect to securities held by banks and brokerage houses in “street name,” including most transactions effected on a national securities exchange.  When securities are held in street name, the security is registered on the books of the issuer in the name “Cede & Co.,” the nominee name used by the Depository Trust Company, or another registered clearing agency, and recorded on the depository’s securities position listing in the name of the bank or brokerage house in which the beneficial owner maintains an account (or in the name of a clearing broker, if the introducing broker is not a member of the depository).  The use of a depository facilitates clearing and settlement, as transactions can be netted multilaterally, greatly reducing the number of entries that must be recorded.  Since securities held in street name are “immobilized”—that is, registered permanently in the name of the depository, notwithstanding any changes in beneficial ownership from time to time—the role of the transfer agent is greatly limited. 

[22] See, Securities and Exchange Act of 1934, as amended, §3(a)(25).  In addition, transfer agents also issue and cancel physical certificates, validate transfers through electronic direct registration systems, and help shareholders and bondholders when a stock or bond certificate has been lost, destroyed, or stolen.  Information regarding transfer agent regulation is available on the SEC’s website at also the section on transfer agents prepared by the SEC’s Office of Investor Education and Advocacy at  (Websites last visited February 17, 2014).       

[23] When transfer agents have custody of funds or securities, they have a duty to safeguard that property.  See, Exchange Act Rule 17Ad-12.

[24] See, U.S. Securities and Exchange Commission FY 2014 Congressional Budget Justification, available at

[25] See, SEC National Examination Priorities for 2014, available at

[26] Id. Based on transfer agent reports.

[27] See, e.g., SEC Website, “Microcap Stock: A Guide for Investors,” available at (“accurate information about ‘microcap stocks’ – low-priced stocks issued by the smallest of companies – may be difficult to find . . . when publicly-available information is scarce, fraudsters can easily spread false information about microcap companies, making profits while creating losses for unsuspecting investors.”) (Website last visited February 17, 2014).

[28] See, e.g., SEC v. Bethke, Civ. Action No. 4:12-cv-01638 (S.D. Tex., June 1, 2012) (charging individual who controlled a transfer agent with violations of the antifraud and registration provisions for, among other things, misappropriating stock certificates and using them to secretly issue over one billion shares, which he then sold in exchange for payments into his personal account); SEC v. Charbit, et al., Civ. Action No. 1:10-cv-23604-CMA (S.D. Fla. Oct. 7, 2010) (charging a transfer agent with violating the antifraud provisions for, among other things, issuing a stock certificate in connection with a fraudulent kickback scheme involving an unlisted penny stock); SEC v. Lund, et al., Civ. Action No. 2:09-cv-1050 (D. Utah Nov. 30, 2009) (charging a registered transfer agent and its president with violations of the antifraud and registration provisions for improperly distributing stock certificates of Mosaic Nutraceuticals Corp. after the president fraudulently issued the securities to himself without the proper restrictive legends, in order to profit from the sale of Mosaic shares he owned and controlled); SEC v. Alliance Transcription Services, et al., Civ. Action No. 2:08-cv-1464-NVW (D. Ariz. Aug. 8, 2008) (charging transfer agent with violations of registration provisions for initiating and personally participating in the unregistered distribution of securities that were the subject of a manipulation scheme, and for selling the supposedly unrestricted stock into the market through a brokerage account).  

[29] SEC Press Release No. 2013- 121, SEC Announces Enforcement Initiatives to Combat Financial Reporting and Microcap Fraud and Enhance Risk Analysis (July 2, 2013), available at

[30] See, e.g., SEC v. Alternative Green Tech., Inc., et al., Civ. Action No. 11-cv-9056 (S.D.N.Y. Dec. 12, 2011) (charging a shell packaging firm, its CEO, and several others involved in a penny stock scheme in which fabricated and backdated documents were used to convince a transfer agent and an attorney writing an opinion letter to issue free-trading shares of Alternative Green Technology, Inc.); SEC v. Curshen, et al., Civ. Action No. 1:11-cv-20561 (S.D. Fla. Feb. 18, 2011) (charging an attorney and others involved in a fraudulent pump-and-dump scheme in which the attorney’s fraudulent opinion letter was used to have the transfer agent remove a restrictive legend from the securities of a sham company); SEC v. Luna, et al., Civ. Action No. 10-cv-2166 (D. Nev. Dec. 14, 2010) (charging an attorney and others in a fraudulent reverse merger in which the attorney issued a false legal opinion letter to a transfer agent to issue freely tradable securities); SEC v. Spongetech Delivery Systems, Inc., et al., Civ. Action No. 10-cv-2031 (E.D.N.Y. May 5, 2010)(alleging violations of the antifraud and registration provisions in connection with a pump-and-dump scheme in which false attorney opinion letters were provided to transfer agents to issue freely tradable shares). 

[31] The Commission has brought actions against transfer agents when they issue freely trading stock even though there are red flags indicating that there was an improper distribution ongoing.  See, SEC v. CIBC Mellon Trust Co., Civ. Action No. 1:05-cv-0333 (PLF) (D.D.C. Feb. 16, 2005) (charging transfer agent with participating in fraudulent stock promotion scheme where one of its senior managers accepted bribes in exchange for improperly issuing freely tradable stock and there were numerous red flags indicating that an illegal distribution was ongoing); In the Matter of Holladay Stock Transfer, Inc., SEC Release No. 33-7519 (March 25, 1998) (finding transfer agent caused and willfully aided and abetted the issuer’s violation of Section 5 because the transfer agent knew or was reckless in not knowing that a violation would occur when it removed a restrictive legend from and transferred a certificate representing 100,000 shares of stock less than one year after the shares were issued to an officer of one of its clients); but see, SEC v. CMKM Diamonds, Inc. 729 F.3d 1248 (9th Cir. 2013) (reversing district court’s granting of summary judgment for the Commission as to its Section 5 claims against a transfer agent because the fact that the transfer agent issued large quantities of shares without a restrictive legend after receiving two attorney opinion letters is insufficient, in and of itself, to establish that the transfer agent was a substantial factor in the illegal offering as a matter of law).   

[32] Requiring more explicit guidance regarding the obligations of transfer agents and other gatekeepers has been suggested by Steven Nelson, President and Chairman of Continental Stock Transfer and a board member of the Securities Transfer Association, and Susan Merrill, Partner at Sidley Austin LLP and former head of enforcement at FINRA, during the SEC’s 2011 Roundtable on Microcap Securities.  See, Transcript of U.S. Securities and Exchange Commission Roundtable on the Execution, Clearance, and Settlement of Microcap Securities, October 17, 2011.  R. Cromwell Coulson, CEO and director of OTC Markets Group, Inc., has called for increased licensing requirements, background checks, and inspections for transfer agents to root out those allowing fraudulent stock issuances.  He has also said that the SEC should require transfer agents to retain and provide to broker-dealers information on the issuance, ownership, and transfer history of shares; currently, broker-dealers receiving certificates from a customer have no indication whether the holder is an affiliate of the issuer and no information regarding the issuance and transfer history of the shares.  He argues that requiring transfer agents to provide such information would allow broker-dealers and regulators to more quickly identify promoters and prevent microcap fraud before investors are harmed.  See, Testimony of R. Cromwell Coulson before the U.S. House of Representatives Financial Services Committee (June 12, 2013), available at

[33] Proposed Rule Amendments for Small and Additional Issues Exemptions Under Section 3(b) of the Securities Act, SEC Release No. 33-9497 (Dec. 18, 2013)

[34] Eliminating the Prohibition Against General Solicitation and General Advertising in Rule 506 and Rule 144A Offerings, SEC Release No. 33-9415, 78 Fed. Reg. 44771 (July 10, 2013).

[35] As proposed, the exemption requires that a crowdfunding intermediary have a reasonable basis to believe that the issuer can keep accurate records of the holders of securities sold through the intermediary’s platform.  This requirement is necessary to protect investors who purchase securities issued in crowdfunding offerings, both as to the initial offering and as to any secondary transfers.  The proposed rules do not require crowdfunding issuers to engage transfer agents for this purpose, but an intermediary may be able to satisfy its “reasonable belief” obligation if the issuer has engaged a transfer agent or other third party qualified to provide the necessary recordkeeping.  Crowdfunding, SEC Release No. 33-9470, 78 Fed. Reg. 66427, 66462-63.  The proposing release requests comment on the potential benefits and costs associated with having a regulated transfer agent for small issuers, and asks if there other less costly means by which an issuer could rely on a qualified third party to assist with the recordkeeping related to its securities issued in a crowdfunding transaction.  Id. at 66464.

[36] Crowdfunding, SEC Release No. 33-9470, 78 Fed. Reg. 66427 (proposed Oct. 23, 2013).

[37] Jumpstart Our Business Startups Act, Pub. L. No. 112-106, § 501, 126 Stat. 306, 325 (2012).  For banks and bank holding companies, the threshold is 2,000 or more holders of record; the separate registration trigger for 500 or more non-accredited holders of record does not apply.  Id., § 601, 126 Stat. 306, 326.

[38] Id., § 502, 126 Stat. 306, 326.

[39] Id., § 303, 126 Stat. 306, 321.  Crowdfunding, SEC Release No. 33-9470, 78 Fed. Reg. 66427,  66498 (proposed Oct. 23, 2013).

[40] Another factor that may result in an increased burden on transfer agents and registrars in tracking record shareholders is the development of platforms on which private company shares can be traded.   For example, according to recent press reports, Nasdaq—spurred by the JOBS-Act-mandated increase in the number of shareholders a company may have before it is required to go public—announced that it intends to launch a new exchange for private company shares called Nasdaq Private Market, which is a joint venture between Nasdaq OMX and SharesPost, Inc.  See, Press Release, “NASDAQ OMX and SharesPost to Form Private Market” (Mar. 6, 2013), available at ; Sam Mamudi and Ari Levy, “Nasdaq Plans CEO Refuge as Private Share Market Nears Approval,” Bloomberg (Jan. 25, 2014), available at ; David Benoit, “Nasdaq to Launch Private-Share Exchange in JV with SharesPost,” Wall Street Journal (Mar. 6, 2013), available at .  Others have developed secondary markets for private company shares in the past, including Nasdaq partner SharesPost, though they have faced challenges resulting from a lack of liquidity and wavering interest from private companies.  See, Bradley Hope, et al., “Nasdaq Wants to Plant IPO Seeds with Private-Share Market,” Wall Street Journal (Jan. 24, 2014), available at .

[41] See, Commissioner Luis A. Aguilar, Promoting Investor Protection in Small Business Capital Formation (Dec. 18, 2013), available at

[42] I expect that we will continue to appropriately focus our transfer agent examinations on transfer agents that service private offerings and microcap securities.  See, SEC National Examination Priorities for 2014, available at  I also expect that we will continue to aggressively investigate and revoke the registration of transfer agents that fail to comply with their reporting and recordkeeping requirements or fail to remediate deficiencies identified by examiners. See, e.g., In the Matter of Securities Transfer Inc., SEC Litigation Release No. 34-70019 (July 23, 2013) (revoking registration of transfer agent that failed to file accurate annual transfer agent reports for three years and failed to file accurate transfer agent registration amendments regarding its ownership and control); In the Matter of National Stock Transfer, Inc., SEC Litigation Release No. 34-14840 (Apr. 11, 2012) (revoking registration of a transfer agent that for five years failed to report lost or stolen securities in a timely manner, failed to maintain certain records, failed to maintain control books for all of its issuers, and failed to file its annual report with the Commission); In the Matter of Global Sentry Equity Transfer, Inc., SEC Litigation Release No. 34-65302 (Sept. 8, 2011) (revoking registration of a transfer agent that failed to maintain cancelled stock certificates and other records, and refused to allow an on-site exam by Commission staff of its transfer agent records); In the Matter of Silverado Stock Transfer, Inc., et al., SEC Litigation Release No. 34-49680 (May 11, 2004) (revoking registration of a transfer agent that failed to adopt measures proposed by examination staff regarding the transfer agent’s compliance with recordkeeping rules).  Transfer agents that fail to fulfill even these basic and fundamental obligations are unlikely to be able to faithfully discharge their gatekeeping duties.  

[43] The industry itself has identified a need for the current rules governing transfer agents to be modernized to reflect advances in technology, and for several years has urged the Commission to take action in this area.  See, Petition of Securities Transfer Association, Inc. for the Commission to review and set aside DTC Rule SR-DTC-2006-16 relating to FAST and DRS limited participant requirements for transfer agents, 2009 LEXIS 3043 (Aug. 4, 2009) (“the transfer agent regulations in the United States may need to be modernized”). 

[44] See, DTCC White Paper, “Strengthening the U.S. Financial Markets: A Proposal to Fully Dematerialize Physical Securities, Eliminating the Costs and Risks They Incur,” (July 2012), available at .  In 2013, the Depository Trust Clearing Corporation proposed changes in security processing that will help eliminate existing physical certificates—as well as end the issuance of new physical certificates in the U.S.  See, Press Release, DTCC Proposes Steps to Move Ahead on Full Dematerialization of Physical Securities (Mar. 12, 2013), available at .

[45] See, e.g., Exchange Act Rule 17Ad-10 regarding the prompt posting of certificate detail to the master securityholder files; Rule 17Ad-12 regarding safeguarding of funds and securities and; Rule 17Ad-19 regarding the requirements for cancellation, processing, storage, transportation, and destruction or other disposition of securities certificates. 

[46] Some of the better-known examples of such incidents include:

  • The Flash Crash of May 6, 2010, during which, in just a matter of minutes, certain equities experienced severe price movements—both up and down—with more than 20,000 trades in over 300 securities executed at prices more than 60% away from their market values.  In just a few minutes, nearly $1 trillion in market value evaporated, before making a partial recovery.  See, Findings Regarding the Market Events of May 6, 2010, Report of the Staffs of the CFTC and SEC to Joint Advisory Committee on Emerging Regulatory Issues, available at  
  • Knight Capital Group Inc.’s $460 million trading loss in August 2012.  In just 45 minutes, Knight Capital’s computers rapidly bought and sold millions of shares.  Those trades pushed the value of many stocks up, and the company’s losses appear to have occurred when it had to sell the overvalued shares back into the market at a lower price. As a result, Knight Capital lost approximately $10 million per minute, almost had to go into bankruptcy, and subsequently agreed to be purchased.  See, In the Matter of Knight Capital Americas LLC, AP File No. 3-15570, Securities Exchange Act Release No. 34-70694(October 16, 2013), available at; Knight Capital Group Provides Update Regarding August 1st Disruption to Routing In NYSE-listed Securities” (Aug. 2, 2012), available at (last visited November 25, 2013).
  • The systems issues associated with the initial public offerings of BATS Global Markets, Inc., and Facebook, Inc., in March and May 2012, respectively.  The losses sustained as a result of the Facebook IPO may be as much as hundreds of millions of dollars.  See, Sarah N. Lynch, “Nasdaq says FINRA caps Facebook IPO claims at $41.6 million,” Reuters (Oct. 25, 2013), available at , estimating major market makers lost up to $500 million in the IPO. 
  • More recently, on August 22, 2013, the trading of more than 2,000 NASDAQ-listed stocks, with a total estimated market capitalization of $5.7 trillion, was halted for three hours because of a technology failure related to NASDAQ’s market data feed.  See, NASDAQ OMX Statement on the Securities Information Processor (Aug. 22, 2013), available at ; Tom Berris, “$5.7 Trillion Locked Up by Nasdaq Trading Halt,” MarketWatch (Aug. 22, 2013), available at Following this market disruption, SEC Chair Mary Jo White held a meeting with leaders of the equities and options exchanges, FINRA, the Depository Trust Clearing Corporation, and the Options Clearing Corporation, during which she requested action plans on five critical areas in an effort to strengthen critical market infrastructure.  The exchanges recently submitted action plans relating to the following five work streams: (1) enhance the resilience, performance, disaster recovery capability and governance of securities information processors, or SIPs; (2) assess the robustness and resilience of other critical infrastructure systems; (3) evaluate current rules, procedures, and expectations that stem from a system event or outage at one of the SIPs; (4) address rules regarding trade breaks in both the equities and options markets; and (5) coordinate common “kill switch” functionality to prevent risk and disruption to the equity markets.    An alarming number of technology-related market disruptions have occurred over the past several months.  On August 20, 2013, Goldman Sachs executed a large number of erroneous options trades when one of its automated trading systems malfunctioned.  See, Arash Masoudi, “Goldman Faces Losses on Erroneous Trades,” Financial Times, (Aug. 21, 2013), available at ; on September 16, 2013, options trading was halted for more than a half-hour due to a failure of the data feed that supplied options prices to the market.  See, Jacob Bunge, “Stock-Options Trading Halted After Data Feed Problem,” Wall Street Journal (Sept. 16, 2013), available at ; on October 29, 2013, a data feed interruption prevented prices for NASDAQ’s benchmark U.S. stock indexes from disseminated for almost an hour.  See, Sam Mamudi and Nikolaj Gammeltoft, “Nasdaq Says Human Error Caused Hourlong Halt in Data Feed,” Bloomberg (Oct. 29, 2013), available at ; on November 1, 2013, NASDAQ halted trading on one of its three options markets for most of the day when its systems encountered problems processing an increase of orders and could not disseminate quotes for a subset of securities. See, Dina ElBoghdady, “Another Nasdaq Malfunction Shuts Down Options Market,” Washington Post (Nov. 1, 2013), available at ; on November 7, 2013, a network failure at OTC Markets Group Inc. prevented trading in thousands of unlisted shares for more than five hours.  See Jacob Bunge, et al., “Glitch at OTC Markets Halts Trading of Unlisted Shares,” Wall Street Journal (Nov. 7, 2013), available at .

[47] Regulation SCI would require SROs and other entities to, among other things, establish, maintain, and enforce written policies and procedures reasonably designed to ensure that technology systems have sufficient capacity, integrity, resiliency, availability, and security. Regulation Systems Compliance and Integrity, SEC Release No. 34-69077 (Mar. 8, 2013), available at .

[48] Regulation Systems Compliance and Integrity, SEC Release No. 34-69077 (Mar. 8, 2013), available at .  Some commenters have argued that transfer agents should not be included within the entities to which Regulation SCI will apply because, among other things, the clearance and settlement process are not reliant upon transfer agents and therefore the proper functioning of transfer agents’ systems do not pose systemic risks.  See April 3, 2013 comment letter from the Securities Transfer Association to proposed Regulation SCI, available at; see also September 9, 2013 Comment Letter from Oppenheimer Funds (“transfer agents should be excluded from reach of Regulation SCI because their activities are too remote from activities in the markets”), available at; July 12, 2013 Comment Letter from the Investment Company Institute (“transfer agents raise fewer risks to the markets than proposed SCI entities” and therefore transfer agents should not be included in Regulation SCI), available at;  July 1, 2013 Comment Letter from Fidelity, available at

[49] See, Chris Kentouris, “A Day In the Back Office: Eliminating Operational Risk at a Transfer Agency, Securities Technology Monitor (May 4, 2011), available at .

[50]  Fraudsters may attempt to usurp the identity of a dormant or thinly-traded public company, by falsely presenting themselves as duly authorized officers, directors or agents, in a process known as corporate hijacking.  The hijacked entity may then be used to facilitate a pump-and-dump or other fraudulent scheme.


Return to Top