Skip to main content

Enforcement Internet Program

Jan. 13, 2003

This document is an HTML formatted version of a printed document. The printed document may contain agency comments, charts, photographs, appendices, footnotes and page numbers which may not be reproduced in this electronic version. If you require a printed version of this document contact the United States Securities and Exchange Commission, Office of Inspector General, Mail Stop 11-7, 450 Fifth Street N.W., Washington, D.C. 20549 or call (202) 942-4460.


Audit No. 352
January 13, 2003


Our audit of the Enforcement Internet Program found that it is generally functioning effectively and efficiently. However, we are making several recommendations to improve the program. These include enhancing communication regarding the quality of referrals, opening preliminary investigations timely, and improving the consistency of Litigation Releases.

Enforcement management generally concurred with our recommendations.


Our audit objectives were to evaluate the effectiveness and efficiency of the Enforcement Internet Program's (EIP) intelligence analysis process, and its deterrence and educational efforts.

During the audit, we interviewed staff from the Commission, the National Association of Security Dealers (NASD), and the Federal Trade Commission. We also reviewed Internet referrals, Litigation Releases, Notices and Orders concerning the institution and/or settlement of Administrative Proceedings, and Initial Decisions by Administrative Law Judges for the period of April 1, 2001 to March 31, 2002. Lastly, we reviewed supporting documentation and performed other procedures.

The Office of Internet Enforcement (OIE) will soon implement a new computer system (Chart) to automate the processing of initial Internet complaints from investors. Accordingly, we limited our review of the current processing procedures. Also, an issue initially identified during this audit (recurrent securities frauds by the same individual) is being evaluated in a separate audit (Audit No. 360) on recidivism.

The audit was performed from February 2002 to July 2002 in accordance with generally accepted government auditing standards, except we did not evaluate the reliability of computer generated data. However, we are unaware of any material errors in the data we used.


The EIP consists of the OIE in the Division of Enforcement and the Internet Branches (comprised of two branches in the home office and branches located in most field offices). OIE has approximately fourteen staff, while the branches generally have four to five staff each. The branches also investigate traditional cases. According to the branches, the extent of their traditional work has increased lately, in part due to the recent focus on financial reporting investigations.

OIE was established in July 1998. It has six major responsibilities related to securities fraud on the Internet:

  • Identifying surveillance areas,

  • Formulating investigative procedures,

  • Providing strategic and legal guidance to Enforcement staff nationwide,

  • Conducting Internet investigations and prosecutions,

  • Training Commission staff and outside agencies, and

  • Serving as a resource on Internet matters for the entire Commission.

The following graph (based on OIE data) depicts the number of Internet actions filed and entities1 named since fiscal year 1995 regardless of the source (origin) of the investigation. The graph shows a general pattern of growth in the number of actions and entities.


Some Internet Branches rely heavily on referrals from OIE, while others rely more on non-OIE sources. Complaints from the public to the OIE or an Internet Branch are the primary source of most Internet investigations. The complainant may have been victimized by a fraud, or merely solicited through spam email. The number of emails (including spam emails) sent by the public grew from approximately 9,000 in fiscal year 1997 to approximately 146,000 in fiscal year 2002.

The Internet Branches also search for potential fraudulent schemes, particularly on "Surf Days." For one or two days, OIE asks the Branches to search certain web sites for specific types of violations. Surf Days help identify potential fraudulent schemes, provide technical training to EIP staff, and offer insight into new types of fraud.

An OIE contractor searches portions of the Internet using a custom Web Crawler. The search employs key words and phrases commonly used in fraudulent securities schemes. When a possible fraud is identified, the contractor conducts further analysis (e.g., it obtains price and volume movements for the security, identifies the entities involved and their relationships to each other). Each month, the contractor provides a referral package to OIE. While the public identifies most apparent violations more quickly, the contractor's work helps build the case. Also, when fraud is not apparent (see the description below of the Early Intervention Program), investors might not detect some violations.


OIE and the Internet Branches perform several steps (known as Triage) when they receive information about an alleged fraud. The objective of these steps is to determine whether to make a referral and to whom (e.g., to an Internet Branch, a Self-Regulatory Organization, or a state regulator). Triage includes:

  • Reviewing the Commission's Name Relationship Search Index (NRSI) and the National Association of Security Dealers Regulation's Central Registration Depository (CRD) computer system to determine if any of the entities have a disciplinary history,

  • Reviewing NRSI to determine whether an investigation involving any of the entities is ongoing,

  • Determining the market impact (e.g., price and volume movement) of the alleged fraud,2

  • Reviewing public databases (e.g., Lexis/Nexis) for information about the entities (e.g., to determine the validity of the information in a press release), and

  • Reviewing information on message boards.

When making a referral to an Internet Branch, OIE staff considers several factors to determine which Branch is appropriate, including:3

  • The geographic location of the entities involved in the alleged fraud,

  • Whether an investigation involving any of the entities is ongoing,

  • Staffing resources, and

  • Preferences of the Branches for certain types of fraud (e.g., Ponzi schemes).

Because of resource constraints, Enforcement cannot investigate every alleged fraud. EIP staff exercise discretion in deciding whether to make a referral and whether to conduct an investigation.


The Divisions of Market Regulation (MR) and Corporation Finance (CF) participate in an Early Intervention Program. Under this program, the appropriate division sends warning letters to entities when a violation of the securities laws occurs or appears to be occurring, but there is no evidence of fraud. This procedure allows an entity to correct the violation without the need of an Enforcement investigation.4 However, if the violation is not corrected, MR or CF can refer the matter back to Enforcement.


OIE coordinates with the Office of Investor Education and Assistance (OIEA) to educate investors so they can protect themselves. Educating investors also deters potential violators from committing fraudulent schemes. To help achieve this objective, OIEA has created numerous investor education materials and sponsored investor town meetings.

The EIP also attempts to publicize Internet related Enforcement actions to achieve its education and deterrence objectives.

OIEA and OIE recently created fake web sites similar to some actual fraudulent Internet schemes. Anyone accessing these sites (to invest or request additional materials) is shown a warning stating that they could be victimized. The individual is also provided relevant educational materials. The initial fake web site was widely reported and was generally viewed favorably.


We found that the EIP is generally functioning effectively and efficiently. However, we are making several recommendations to improve the program.


Currently, the Internet Branches are not required to inform OIE of their decisions (e.g., why they decided not to investigate) on OIE referrals. Some Branches do occasionally provide this information to OIE. As discussed below, requiring timely information could help improve the quality of referrals and improve tracking of referrals.

The information could further improve the quality of OIE's referrals (some Branches indicated that the quality of referrals has already improved since OIE's creation). For example, we analyzed 226 OIE Internet related referrals to the Branches from April 1, 2001 to March 31, 2002. We found that approximately 67% of the referrals that were rejected (i.e., an investigation was not opened or an investigation was closed without any action being filed) were rejected at least in part because of substantive reasons. Reasons for rejection included no evidence of fraud, fraud would be difficult to prove, the violations appeared to be technical, there was little investor harm (e.g., little price and/or volume movement), or the conduct was old.

We found that approximately 31% of the referrals that were rejected at least in part because of a lack of resources. Timely feedback to OIE would allow it to refer these cases to another Internet Branch (or another regulator), before the matter becomes old. As the violations become older, it is less likely that another Internet Branch will investigate the matter in part, because it would be more difficult for the subsequent Internet Branch to implement the Commission's "Real Time Enforcement" objective (announced in October 2001).

Lastly, some Internet Branches had no record of ever receiving some of the referrals in our sample (OIE maintains comprehensive records of the referrals made). Providing OIE with referral information would enhance tracking and record keeping for referrals.

According to OIE, the new Chart system will track referrals (e.g., whether a referral is being investigated). Thus, we are not making any recommendations involving improving communications regarding the status of referrals.

Recommendation A

The Division of Enforcement should encourage the Internet Branches to improve communication between OIE and the Internet Branches regarding the quality of referrals.


Matters Under Inquiry (MUI) are an important means of preventing duplication of investigative efforts and monitoring the staff's work. According to the Division,

It is important to open a MUI as soon as possible to provide notice to the rest of the Division and the Commission (through NRSI) that an inquiry is being conducted.

Before a referral is made, OIE performs its Triage review (see above), which takes approximately 10-20 days on average. However, some emails are flagged upon receipt and assigned to "expedited triage" which takes only a few days or less. This investigative review, though it delays the opening of MUIs, enhances the ultimate quality of referrals. The Internet Branches are responsible for opening a MUI after receiving a referral, if they decide to investigate the matter. During the audit, we analyzed all OIE Internet related referrals from April 1, 2001 to March 31, 2002. We found that approximately 56% of the subsequent MUIs or investigations were opened within 15 days after the referral was made (we selected 15 days as a measure of timeliness).5

One option to open MUIs more timely would be for OIE to open a MUI on behalf of the Branch to whom the matter is being referred prior to sending the referral. The Internet Branch receiving the referral would then have the option to either investigate the matter or close the MUI. This procedure is currently used for referrals from the Division of Enforcement's Office of Market Surveillance.

Recommendation B

The Division of Enforcement, in consultation with OIE and the Internet Branches, should ensure that MUIs for Internet cases are opened timely.

During the audit, Enforcement implemented this recommendation.



We reviewed all Internet related Litigation Releases (LR) issued from April 1, 2001 to March 31, 2002. We found that some LRs did not:

    • Include an education reference,6

    • Inform investors that they should notify the EIP, if they identify a potential fraudulent scheme, or

    • Provide the number of prior LRs regarding the same investigation.

Providing the above information in LR, where appropriate, could help investors better understand the case and protect themselves, and increase the likelihood of publicizing the EIP.

Recommendation C

The Division of Enforcement should encourage the staff to include the information discussed above, if appropriate.

Timeliness and Timing

We noted that approximately 19% of the LRs were not prepared within 7 days of the event occurrence (we selected 7 days as a measure of timeliness).

We found that many LRs were posted on the Commission web site) after 12 noon or on a Friday.7 This timing decreases the likelihood of publicizing the EIP (which can be an important means of educating investors). Commission management stated that it tries to avoid posting LRs at these times. However, certain internal procedures affect when LRs are posted. We are considering performing additional audit work on this matter.

1 The term entities include defendants, respondents, issuers, and firms.

2 EIP staff expressed difficulty in sometimes determining whether investors have been harmed without subpoena authority (e.g., whether individuals invested, and to what extent, in the alleged fraudulent scheme).

3 As a result of fewer Internet referrals being investigated and the results of this audit, OIE is now conducting more investigations themselves and making fewer referrals.

4 After completing our audit fieldwork, CF began using warning letters even when there is some evidence of fraud; however, the fraudulent scheme does not appear to be worthy of an Enforcement investigation.

5 Prior audits (e.g., No. 331, CATS 2000 Data, dated January 30, 2002) found that Enforcement staff was not opening MUIs timely. In audit No. 331, we identified referrals from OIE to the Internet Branches as a source of delay in opening MUIs timely.

6 A typical message is "For tips on how to avoid Internet "pump-and-dump" stock manipulation schemes, visit".

7 We found similar timing with Notices and Orders concerning the institution and/or settlement of Administrative Proceedings.

Return to Top