Thank you for that kind introduction, Scott. I appreciate the invitation to deliver today’s keynote presentation. I want to thank the Georgia Institute of Continuing Legal Education and the Business Law Section of the Georgia State Bar for hosting this event. I am also excited to see so many familiar faces from the SEC here today.

Before I begin, I need to provide the standard disclaimer that the views I express today are my own and do not necessarily reflect those of the Commission or my fellow Commissioners.

I must confess that when I accepted your kind invitation to speak today, I was hoping I could do two things while in Atlanta. First, I was looking forward to speaking with you during our lunch. Second, I was hoping tonight to attend the World Series to see your Atlanta Braves play my Cleveland Indians. Unfortunately, the Braves and the Indians did not make it to the series this year, and, to distract me from that reality, I am delighted to be here with you today to discuss the SEC’s enforcement program.

Last spring, I gave a speech in Denver about SEC enforcement.[1] I discussed how I approach the enforcement issues that come before me and what role I believe the Enforcement Division should play at the SEC. As the title of that speech—“The Why Behind the No”—suggests, I have not been shy about voting no on enforcement recommendations when I believe it necessary.[2] That said, most of the SEC’s enforcement cases are not controversial. In the months since I gave that speech, I have had the privilege of continuing to review and vote on enforcement recommendations, many of which came before us as we completed our Fiscal Year 2018. It is with this additional six months of experience that I would like to share my thoughts, and I look forward to hearing your feedback.

I. SEC Enforcement Should Never Be A Game of Statistics

From the outset of my tenure as a Commissioner, I have thought a lot about the SEC’s enforcement program. A strong enforcement program contributes to the health of our capital markets. By contrast, a wrong approach to enforcement cheapens the program, weakens the rest of the agency, and takes a toll on the reputation of our capital markets. We have limited resources, so using them wisely is the key to a successful program. Bad actors should expect to hear from our enforcement lawyers. They should know that the Commission is committed to shutting down their bad activity, imposing appropriate sanctions, and putting measures in place to prevent them from engaging in new violations. Our enforcement efforts must concentrate on serious violations of the securities laws. If we instead spend our resources pursuing perpetrators of minor infractions, bad actors will have less fear of getting caught, and good actors will stay away from the securities industry. In short, investors will suffer.

Were the SEC focused on obtaining lots of flashy settlements without any sense of proportionality to the violations at issue, it would drive the people we want in the industry to the sidelines. Legitimate market participants would conclude that enforcement numbers and penalty tallies alone drive the Commission’s decision-making. Moreover, if careful critiques by people who share the Commission’s commitment to well-functioning capital markets are brushed off as uninformed vitriol, well-intentioned market participants might start to think the Commission does not care. They might even imagine the Commission, as it imposes penalty after penalty, humming along with the Beatles: “Your loving gives me a thrill, But your loving don’t pay my bills, Now give me money (that’s what I want). . . Well, now give me money (that’s what I want), Whole lot of money (that’s what I want), Whoah yeah … Oh, money. . . ”[3] In other words, misperceptions on both sides can build if we fail to invite frank conversations about our enforcement program.

Rest assured, the current Commission is not humming happily about heaping up penalties or belting out bad ballads about burgeoning enforcement statistics. I commend Chairman Clayton and our co-directors of the Enforcement Division, Stephanie Avakian and Steven Peikin, for trying to lead the enforcement program in a direction that focuses on serious violations and deemphasizes penalties and case counts. It was not as simple, of course, as snapping our fingers to change the enforcement program’s direction. In the aftermath of the painful and devastating financial crisis, the Commission found itself drawn into a game of numbers unbounded by the exercise of reasonable discretion. Political, academic, and journalistic observers of the agency egged it on. To the Chairman’s credit, the SEC is now focused on a meaningful enforcement agenda that focuses on the quality and not quantity of cases. This shift is good for the Commission, but more importantly, it is good for investors and the capital markets.

I am going to anticipate your next question: the fiscal year ended just about a month ago, so what are the fiscal 2018 numbers?[4] Nice try. The Commission’s enforcement program is not a television show with a season-end cliffhanger. So why are we all standing around talking about it as if it is? Our enforcement attorneys work hard every day, all-year-round, often on nights and weekends. Their cases do not neatly stop or start at the turn of the fiscal year. Quite simply, the number of enforcement cases initiated or settled in any particular twelve-month period doesn’t matter. It is a meaningless measure of the effectiveness of the enforcement program. It is an overly simplified metric that tells nothing about the quality or nature of our enforcement recommendations. The old saying of which Mark Twain was fond—“There are three kinds of lies: lies, d—d lies, and statistics”[5]—reminds us of the mischief we can cause with numbers.

Part of the problem with looking to raw numbers is the diversity of cases. We would not, for example, commend a prosecutor for bringing twice as many cases in 2018 as she did in 2017 if we found out that her 2018 caseload was composed entirely of illegal jaywalking cases, whereas her 2017 cases were all homicides. In the Commission context, the distinctions among cases also can be stark. Consider four of the enforcement recommendations approved by the Commission in Fiscal Year 2018:

• Four entities were ordered to refund $97 million to retail clients for misconduct involving faulty investment models;[6]
• A large financial firm paid a $1 million fine to settle charges after customer funds were compromised as a result of lax cyber-security measures;[7]
• A $1.2 billion Ponzi scheme – the victims of which included many elderly investors – was shut down;[8] and
• A large company and two former top executives were charged after a multi-billion dollar asset overvaluation.[9]

In contrast, in Fiscal Year 2017, the SEC brought 112 enforcement actions to deregister public companies that were delinquent in their Commission filings.[10] These cases are certainly important, especially in our continuing effort to combat fraud in the microcap industry, and I am sure our Fiscal Year 2018 numbers will include many similar enforcement actions. However, to argue that a delinquent filing enforcement action should be viewed as comparable to any of the above examples I just cited is ridiculous. Yet, that is exactly what focusing on numbers alone does.

Instead, I would posit that, to get a real sense of our enforcement program, a better exercise is to delve into the kinds of cases the SEC is bringing. Such an undertaking would be time-consuming, but it would present a more accurate snapshot of the agency’s enforcement work. To complement such an analysis, we would want to look at how quickly we are bringing enforcement actions and at more qualitative measures, such as the degree to which our enforcement program contributes to the attractiveness of our capital markets to investors and companies raising capital.

II. SEC Enforcement Should Never Be About A “Whole Lot of Money”

Now I am going to anticipate another of your questions. How much did the SEC collect in penalties in fiscal year 2018? Even if the raw numbers do not tell us anything, surely the amount of penalties the SEC collects in a fiscal year is relevant to assessing how meaningful the cases were, right? Again, not so fast. This second aspect of the annual spectacle—to borrow again from the Beatles—a “whole lot of money”—is also meaningless as a measure of how effective the Commission’s enforcement program is.

Some quick math shows that the size of a given year’s cumulative penalty number usually turns on a handful of cases. For example, in Fiscal Year 2017, the SEC brought 754 enforcement actions resulting in payment of $832 million in penalties.[11] However, 38 of these enforcement actions constituted $514 million of the received penalties.[12] In other words, 62 percent of the penalties received by the SEC for Fiscal Year 2017 were due to five percent of the enforcement actions brought by the Commission. In Fiscal Year 2016, the SEC brought 868 enforcement actions resulting in payment approximately of $1.3 billion in penalties.[13] However, 43 of these enforcement actions constituted $954 million of the received penalties.[14] Here again, 75 percent of the penalties received by the SEC for Fiscal Year 2016 were due to five percent of the enforcement actions brought by the Commission. In short, an assessment of the SEC’s penalties for a given year is not an analysis of the effectiveness of our enforcement program but simply tells us whether we settled or concluded litigation in a handful of large-penalty cases.

A few large penalties can skew the results dramatically. Let us hope that the pressure from outside the industry to increase our penalties year-over-year does not color our judgment as we consider what size penalty, if any, is appropriate in any particular case. Just as we should worry about conflicts in the financial industry resulting from poorly designed sales contests, so should we worry that an SEC, whose external observers reward it for obtaining large penalties, will have its judgment colored as well.

The fact that an enforcement action might result in the Commission obtaining a large penalty should not drive how the Commission uses its resources. Sometimes large penalties are a reflection of large or persistent violations. Take the enforcement action we recently brought against a broker-dealer for misleading customers about where millions of orders over a five-year period were being executed.[15] The penalty in that case was $42 million.

In other instances, a case with a very serious violation might not be accompanied by a large penalty. Perhaps the violator cannot pay. Or perhaps the violator’s subsequent remedial efforts and cooperation obviate the need for a penalty. As noted by Steve Peikin in a speech he gave earlier this month, “not every case warrants a penalty,” especially when parties engage in remedial efforts and show cooperation during the SEC’s investigation.[16]

In yet other cases, we levy large penalties and those penalties reflect serious violations, but I would argue that we should not have imposed any penalty at all given who ends up paying the penalty. Consider the case we brought earlier this year against the successor company to Yahoo! for failing to disclose to its shareholders a large hack of user information.[17] Withholding material information like that is a serious violation, but the $35 million penalty we imposed was borne by the deceived shareholders. In fact, often we give the money right back to the shareholders through a fair fund. Corporations are all too willing to pay large civil penalties in exchange for no or lighter sanctions for individuals. I agree with the critics of this practice, who rightly note that it is usually not right for shareholders to pay for the bad actions of corporate executives.[18] Even more frustrating is the justifying logic for these mega-penalties: on one hand, they are too small to hurt shareholders, but on the other hand, they will send a message to the public. I am left to wonder “Well, which is it?” Either the penalty is indeed so small that shareholders will not feel the pain, or it is large enough to send a message to the public.

In still other instances, a large penalty can simply reflect the fact that institutional transactions involving large dollar figures were at issue in a case. Behind the sensational headlines, the conduct at issue might at its core be a business dispute between two sophisticated parties. Consider the $5 million penalty we imposed recently against a broker-dealer for misrepresentations it allegedly made to sophisticated customers buying complex products, who were not particularly inclined to put much weight on the sales pitch they were getting anyway.[19]

A case with a small penalty might well be more important than a large institutionally oriented case. Halting a Ponzi scheme or an affinity fraud that touched the lives of retail investors might be more meaningful than halting a practice in which one large financial institution gives a bad deal to another. For a number of reasons, including inability to pay, we often do not get large penalties in retail fraud cases, but their import in protecting investors is undeniable. For example, one of the unregistered brokers involved in the massive Woodbridge fraud recently agreed to a proportionately modest $100,000 penalty, but she also paid disgorgement and was barred from the industry.[20] In another recent case against the so-called “Frack Master,” there was no penalty, but the disgorgement amount was nearly $25 million.[21] Chairman Clayton’s focus on the retail investor has correctly, in my view, directed enforcement resources to cases that may involve smaller penalty numbers, but really affect Main Street investors’ lives.

The bottom line is that analyzing our enforcement program by counting up penalties is no more enlightening than is analyzing the program by counting up numbers. Instead, we have to look at the cases to assess their merits. Of course, we might not all come to identical conclusions about what types of cases are important, but moving beyond the superficial analysis would at least enable us to have more meaningful discussions about how effective our enforcement program is and what we can do to make it better.

III. The SEC Should Be Open to Asking for and Receiving Help

As we consider how we can better protect our investors and capital markets, we need to think carefully about how we are enforcing the securities laws. Process matters. Legal theories matter. Discretion matters. All of these involve judgment, and that judgment must be informed by the wise and experienced minds of staff inside the agency as well as people outside the agency who care about our mission. Here again I turn for help to the Beatles, who sang “When I was younger, so much younger than today, I never needed anybody’s help in any way, but now these days are gone, I’m not so self-assured, Now I find, I’ve changed my mind, I’ve opened up the doors. . . Won’t you please, please help me?”[22] The securities law, administrative law, and constitutional law present lots of thorny issues in their daily application, and we need the best minds at the SEC and on the outside helping us to grapple with them. I will discuss briefly a few issues for which such deep thought could be useful, but I look forward to hearing the issues that are on your minds as well.

The securities law framework classifies many acts as fraud that the man or woman on the street would not regard as fraud. Mere failures to comply with complex rules can earn a person or firm the fraudster label. Open-ended antifraud statutes implemented through prescriptive rules lead to lots of sloppy, but not ill-intentioned activities getting classified as fraud.

For example, the SEC recently brought an enforcement recommendation involving an investment adviser’s and its president’s alleged violations of the Advisers Act, including Section 206(4), one of the Act’s antifraud provisions.[23] The investment adviser, among other actions, was faulted for allowing radio advertisements that contained client testimonials to air. These radio ads apparently were similar to the ones I regularly hear on my local station. Making the ads up on the fly, the host reveals how his visit to a local sedation dentist put an end to a lifelong fear of the dental chair or how his penchant for spilling wine on the carpet is no match for a local carpet cleaner. Such spots—pun intended—of this sort may be fine for dentists and carpet cleaners, but a rule under the Advisers Act classifies such client testimonials as a fraudulent, deceptive, or manipulative act, practice, or course of business for any investment adviser. The firm agreed to settle the SEC’s charges, which included a censure, a cease-and-desist, and a penalty. Maybe it is time for us to reconsider our rules regarding client testimonials. More broadly, it might be time to take an inventory of our rules implementing our antifraud statutes to see if they are targeting the right conduct. By using the label “fraud” on actions that are not fraudulent in the normal lexicon, we and investors might lose sight of the real fraudsters – the ones stealing money from investors.

Our recent enforcement actions involving a firm’s failure to file Suspicious Activity Reports (“SARs”) have raised some other issues for me. Earlier this year, for example, a firm paid almost $3 million to settle with the SEC for not filing SARs in certain instances when we concluded it should have filed them.[24] In a more recent instance, we fined a firm $800,000 and secured from it a commitment not to sell penny stocks.[25] Its SAR omissions related primarily to the sale of penny stocks. I have been skeptical of these types of enforcement actions in instances when a firm has an operational SARs program in place, but did not file a SAR in every instance we think it ought to have done so. I fear that news of our enforcement actions will inspire a spike in the quantity, but not the quality of SAR filings. Perhaps we ought to provide firms better guidance about when they need to file and what information those filings should contain. Another concern that comes out of the most recent action is that if we drive legitimate firms out of the microcap space, investors will be left to deal with unsavory firms. Working with well-intentioned firms to help them operate carefully and safely in the microcap sector may be better than securing agreements from them that they will drop out of the space altogether.

The enforcement actions I see also inspire me to think about areas in which we need better rules. To address some of the issues we see in the microcap space, for example, the Commission could consider a rulemaking to amend the transfer agent rules and reporting requirements. This is not a new idea, as the Commission published a concept release in December 2015 regarding transfer agents.[26] Former Commissioner Luis Aguilar, of whom the Atlanta bar can proudly boast, was a great champion of those rules.[27] Another rulemaking reform that I have suggested is a regime for “finders” that assist companies in fundraising. The SEC’s Advisory Committee on Small and Emerging Companies noted in 2017 that “[t]here is significant uncertainty [among finders] in the marketplace about what activities require broker-dealer registration.”[28] As a result of this uncertainty, some individuals are unknowingly acting illegally because the SEC has not provided the necessary rules or guidance for them to act legally. A second issue though is that even if an individual concludes her activities require registration, the only framework that exists to register is the broker-dealer framework, which is unduly onerous for the limited activities of finders.[29]

Another subject that has been on my mind is the Foreign Corrupt Practices Act (“FCPA”). Companies face massive penalties for violating the FCPA, even if they had a program in place to prevent such violations. FCPA defense bills are probably the source of college money for some of you in this room. Companies pay you to track down violations in far-flung corners of the globe and write up reports on which the government’s cases against the companies are based. Are there more productive ways for us to help public companies build effective FCPA programs?[30]

Companies and the executives featured in FCPA cases might not draw much sympathy from this crowd, or any other, since they tend to be deep-pocketed. However, the words of Roberta Karmel, a former SEC Commissioner, are worth remembering as we approach cases involving wealthy, well-represented individuals and corporations:

When I became a commissioner, I took an oath to uphold the Constitution, which protects the powerful as well as the weak. Even the biggest and most influential businessman is one small human being against the giant machinery of government when his government turns against him. A person should not lose his rights because he becomes an employee or officer of a corporation. . . If the government can capriciously deal with the powerful and respected, consider how easily it can tyrannize the weak and the scorned.[31]

Our enforcement staff is committed to dealing appropriately and carefully with the individuals and corporations they investigate and those against whom they recommend that the Commission take enforcement action. It is nevertheless important to keep reminding ourselves of the importance of former Commissioner Karmel’s admonition and thus to continue to build a strong, effective, respected enforcement program.

Those of you in the private bar have to help too. Our recent enforcement action against Elon Musk and Tesla Inc. shows that the SEC can move at lightning-speed when necessary.[32] It is important that the SEC investigate and bring cases as quickly as possible, as aged cases are difficult to bring and less meaningful for investor protection. For this reason, statutes of limitation serve a valuable purpose in requiring us to target our resources and to make decisions about which cases to investigate. However, if the SEC has a responsibility to investigate and make timely charging decisions, we should and do expect those in the private bar to move quickly with us. Defending complex matters is difficult and representing your clients well is your job, but intentional delays and gamesmanship with document productions and witness testimony will not be viewed kindly by those of us on the Commission who are responsible for voting on enforcement recommendations. We welcome your input about how we can improve our processes, but we count on you to work with us in good faith, even as you vigorously represent your clients.

IV. Conclusion

Thank you for the opportunity to speak with you today. My closing message is simple: people outside of the Commission who are pushing us to meet numerical and penalty targets are unwittingly distracting us from protecting investors and the markets. We should resist this distraction and concentrate our resources in areas in which we can make a real difference. Ultimately, we all care about whether the SEC is doing a good job in protecting investors and maintaining the integrity of the capital markets, but there are different views about how to get there. I hope I have given you some insights about how I continue to approach the enforcement issues that come before me and I hope that I did not say anything that spoiled your lunch. I wish you a productive and enjoyable remainder of the conference. In the remaining time we have left, I am happy to answer some questions.