Addressing Known Risks to Better Protect Investors

I am honored to be here today [February 21, 2014]. This is the sixth time that I have spoken at “SEC Speaks” as a Commissioner. Much has changed since my first “SEC Speaks” in February 2009. At that time, we were in the midst of the worst financial crisis since the Great Depression. Among other things, Lehman Brothers had recently filed for Chapter 11 bankruptcy, The Reserve Primary Money Market Fund had “broken the buck,” and the U.S. Government had just bailed out insurance giant AIG. In addition, the Bernard Madoff Ponzi scheme had come to light just a few months earlier, further shaking investor confidence in the capital markets.

These and other events made it clear that the SEC had much to do to become a more effective regulator and to enhance its protection of investors. It was also clear that the agency itself had to undergo significant change. As a result, in my 2009 remarks at “SEC Speaks,” I highlighted a number of steps that Congress and the SEC should take to close regulatory loopholes. These regulatory gaps included a lack of appropriate regulation in the areas of over-the-counter derivatives, hedge funds, and municipal securities—areas that Congress subsequently addressed in the Dodd-Frank Act.

In my 2009 remarks, I also discussed the need for the SEC to become a more aggressive regulator—and one that was more accountable to investors. Accordingly, I have been very supportive of the SEC’s efforts to enhance its ability to oversee the market, and to identify and address areas of regulatory weakness.

As this group knows well, the last five years have been one of the most active periods in SEC history. During my tenure, the Commission has considered more than 230 rulemaking releases (proposing and adopting final rules), and more than 15,000 Enforcement recommendations.

Even before Dodd-Frank was enacted, we adopted or substantially amended a number of significant regulatory and disclosure rules—including, to name just a few examples, rules enhancing the custody practices of investment advisers, rules to prohibit pay-to-play activity in the investment advisory industry, improvements to the short-selling rules, rules to enhance municipal securities disclosure, and significant amendments to the rules governing nationally recognized statistical rating organizations. Of course, the Commission’s agenda became even more active after the passage of Dodd-Frank and the JOBS Act.

In the wake of the financial crisis, the Commission also made a number of internal changes. For example, we substantially restructured the Division of Enforcement and created specialized teams of lawyers and market experts to focus in the areas of Asset Management, Market Abuse, Complex Financial Instruments, Foreign Corrupt Practices, and Municipal Securities and Public Pensions. In addition, the Office of Market Intelligence was created to better manage and assess tips, complaints, and referrals. Moreover, we created the Division of Economic and Risk Analysis, or “DERA,” to provide economic and statistical analysis to support the SEC’s rulemakings, and to assist with our examination and enforcement programs. As a result of these and other changes, the SEC is a stronger agency. However, I would be the first to say that we still need to improve. And, of course, critical to improving the agency is having an adequate budget. We remain severely underfunded. Until we have adequate funding, we will not be able to fulfill our mission to investors, markets, and issuers.

There have also been significant personnel changes at the Commission since my first “SEC Speaks” in 2009. In particular, the composition of the Commission has changed several times. As I stand here before you this morning, none of the Commissioners with whom I currently serve were members of the Commission when I was confirmed in 2008. And, over my tenure, there have been four different chairs.

The last five years have also seen significant turnover in SEC leadership—among other changes, there have been three different heads at each of the Division of Enforcement, the Division of Investment Management, the Division of Corporation Finance, the Division of Trading and Markets, and the Office of Compliance Inspections and Examinations (OCIE), and there have been five different General Counsels. Moreover, the heads of all of our Regional Offices have changed.

One result of this turnover in senior staff has been a loss of institutional memory, which I have particularly noticed in our rulemaking efforts. I often meet with the staff to discuss issues that were first raised years ago and, when I refer to prior discussions with the staff, I am often met with blank stares. The reason for this is that, in genealogical terms, I had those prior discussions not with them but with their parents and grandparents (and, in some instances their great-grandparents). While this lack of continuity can be frustrating at times, it is useful to be reminded just how much has changed at the SEC over the past five and a half years.

There are a number of topics that I could address—like the recent JOBS Act or the remaining steps that need to be taken to fully implement many long-overdue requirements of the Dodd-Frank Act. Today, however, I would like to focus my remarks on two other important topics that call out for the Commission’s attention:

• addressing the growing cyber-threats faced by registrants, the capital markets and investors; and
• revisiting the role and regulation of transfer agents.

Addressing the Growing Cyber-Threat to Registrants, the Capital Markets, and Investors

As many of you know, there has recently been a series of high-profile cyber-attacks on American companies and financial institutions. As a Commissioner, I have grown increasingly concerned with the potential of such attacks to harm market participants, public companies, and investors. Accordingly, I believe that taking action to combat this cyber-threat should be a high priority in both the public and private sectors.

I am particularly concerned about the growing incidence and risk of cyber-attacks on the financial markets. Cyber-attacks on financial institutions have become both more frequent and more sophisticated. According to a 2012 global survey of securities exchanges, 89% identified cyber-crime as a potential systemic risk and 53% reported experiencing a cyber-attack in the previous year. Given the extent to which the capital markets have become increasingly dependent upon sophisticated and interconnected technological systems, there is a substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.

The SEC’s efforts to address cyber-security threats have, to date, focused primarily on issuers and their disclosures regarding cyber-security risks and cyber incidents. However, the observed increase in cyber-security threats on businesses strongly suggests that the Commission needs to better understand the issues and challenges raised for market participants and public companies—so that the Commission can address potential vulnerabilities to the proper functioning of the capital markets.

Accordingly, I raised this issue with Chair White and recommended that the SEC convene a roundtable to explore these issues. I am pleased to report that just last week the Commission announced that the roundtable will take place on March 26, 2014. I am hoping that, among other things, the roundtable will focus and foster thoughtful discussions on how SEC-regulated entities and public companies can best prepare for, and respond to, the inevitable cyber-attack. Clearly, both market participants and issuers need to consider and develop appropriate preventive safeguards and they need to have adequate plans in place that will make it easier to quickly repair the damage of an attack. The roundtable is an important step to develop a common understanding of the related issues, and I expect and look forward to a vigorous and well-informed discussion.

Revisiting the Role and Regulation of Transfer Agents

A separate important topic that warrants our attention is the subject of transfer agents. These critical gatekeepers have long played a vital role in the securities market by, among other things, acting as registrars and keeping track of changes in the record ownership of a company’s securities. When transfer agents act as registrars, they assume the issuer’s responsibility to maintain the official list of securityholder accounts and to monitor the issuance of securities with a view to preventing unauthorized issuances. In addition to serving as registrars, transfer agents also often act as intermediaries for companies, paying out interest, cash and stock dividends, and other distributions to the record holders of stocks and bonds.

Currently, there are approximately 460 transfer agents registered with the Commission. As of the end of 2012, transfer agents maintained over 276 million shareholder accounts for approximately 1.5 million issuers, including equity, debt, and mutual fund securities. That year, transfer agents that provide paying agent services also distributed over $2.15 trillion in shareholder dividends and interest payments.

Obviously, when trillions of dollars are involved, it is important that transfer agents fulfill their responsibilities with accuracy and professionalism. And, fortunately, that is usually the case.

Another critical responsibility of transfer agents is to keep track of the restrictive legends and “stop transfer” orders that distinguish restricted securities and control shares from freely-tradable securities. As such, transfer agents are often in a position to prevent unregistered securities from being distributed in violation of the Securities Act. This gatekeeper role takes on particular importance with microcap securities because typically there is little, if any, meaningful disclosure or independent research regarding such companies. The potential for fraud and abuse in the microcap markets is well-known. Indeed, violations of the registration provisions are often associated with microcap pump-and-dump schemes and other penny stock fraud.

In fact, the Commission has brought numerous cases against transfer agents who violate federal securities law in connection with fraudulent pump-and-dump schemes. You can expect the Commission to bring more cases since, as many of you know, the Division of Enforcement has created a Microcap Fraud Task Force that will, among other things, target gatekeepers such as transfer agents, attorneys, and auditors who participate in pump-and-dump schemes and penny stock fraud.

Unfortunately, in addition to those transfer agents that are active participants in fraud, there are also those transfer agents that have been duped into removing restrictive legends from stock certificates; as a result, unregistered securities have been illegally sold in the public markets. Frequently, this occurs on the basis of fraudulent attorney opinion letters Often, however, transfer agents have acted in the face of numerous red-flags warning of an illegal stock offering. This occurs with enough regularity that I believe the Commission should clarify the steps that could be taken by transfer agents and other gatekeepers to prevent violations in the microcap space.

Moreover, a renewed focus on transfer agents is important because their gatekeeper function will become even more critical as a result of new rules adopted pursuant to the JOBS Act. These new rules are likely to increase the number of companies whose shares are traded in the secondary market without the benefits of registration.

For example, the Commission recently proposed rules that would increase the maximum offering amount under Regulation A from $5 million to $50 million in any 12-month period. Securities issued pursuant to the Regulation A exemption are not restricted, which means that purchasers may resell their shares without registration or a holding period.

In addition, now that general solicitation and advertising are permitted under Regulation D, shares can be sold to an unlimited number of accredited investors, who can then resell them after a one-year holding period under Rule 144.

Another JOBS Act initiative—the crowdfunding exemption—is also likely to raise challenges for company registrars, whether that function is kept “in-house” or delegated to transfer agents. Under the Commission’s recent crowdfunding proposal, shares issued in crowdfunding transactions, while initially restricted, will be freely tradable after a one-year holding period.

Any trading market that develops for these unregistered securities will almost certainly be less transparent and less liquid than the market for listed securities. Thus, the role of transfer agents in monitoring the issuance of new shares and removing restrictions on restricted securities and control blocks may be critical in deterring and detecting fraud.

Importantly, these new rules—enhanced Regulation A, general solicitation under Regulation D, and crowdfunding—are being proposed at the same time that other rules enable companies to remain “private” (or at least unregistered) for longer periods, even as they rely on increasing numbers of outside investors for their capital needs. In particular, the JOBS Act raised the shareholder thresholds for when companies are required to register under the Exchange Act. In general, unless a company is listed on a national securities exchange, it does not need to register with the SEC unless it has a class of equity securities held of record by either:

• 2,000 or more persons; or
• 500 or more persons who are not accredited investors.

Moreover, in calculating the number of record holders for purposes of the registration threshold, a company may exclude individuals who acquired their securities under certain employee compensation plans—and can also exclude those holding securities issued in crowdfunding transactions, even if they acquired the securities in subsequent transactions.

These changes, in the aggregate, will significantly impact companies and transfer agents, who in some cases may have to keep track not only of the record holders of a company’s securities, but also whether such securities were issued in a crowdfunding transaction or in a transaction exempt from the Securities Act pursuant to an employee compensation plan, and whether the record holder is an accredited investor. All of these changes add confusion and complication to the important task of determining whether a company is required to register with the SEC. And, although the burden of getting it right remains with the issuer, any adverse effects will fall on investors—who may be denied the information and liquidity advantages provided by Exchange Act registration.

As I have previously stated, the Commission must be proactive in addressing the foreseeable adverse consequences that may stem from increased trading in the securities of unlisted companies.

Specifically, while I recognize that the issues go beyond transfer agents, the SEC needs to take a hard look at whether the current regulatory framework governing transfer agents appropriately addresses the risks associated with the anticipated increased trading in unlisted securities.

Transfer Agents and Technology

Another reason that the Commission needs to re-visit the transfer agent rules is the significant advances in technology and increased automation in the clearance and settlement process. For the past several decades, the industry has been steadily substituting traditional paper certificates with so-called “book-entry” securities, a process known as “dematerialization.” However, many of our current transfer agent rules continue to assume the issuance and transfer of physical security certificates. As a result, the Commission needs to review these rules to assess whether they adequately reflect current market practices and the advances in technology and automation in the clearing and settlement process.

Although the increased use of technology in the capital markets can be beneficial, the Commission should also consider how technology can also cause serious market disruption and investor harm. A number of recent market disruptions are a testament to the damage that can occur in just a few minutes. To that end, when the Commission recently proposed Regulation SCI, one of the questions asked is whether the requirements of Regulation SCI should be applied to transfer agents.

Although, as proposed, Regulation SCI would not apply to transfer agents, there is no doubt that transfer agents—like all market participants that rely on technology and automation—are subject to risk that their systems will be breached or that they will malfunction, which could harm investors and the markets. A technological failure or processing “glitch” by a transfer agent could have serious consequences, including the loss of shareholder information, erroneous securities transfers, or the release of confidential shareholder information to unauthorized individuals. And, as I discussed earlier, there is also the omnipresent threat of a cyber-attack which, in the case of transfer agents, could result in the misappropriation of confidential shareholder information, the “hijacking” of public company shells and microcaps, or outright theft.

All of these concerns warrant a re-assessment of the SEC’s transfer agent rules. It is incumbent on the Commission to be proactive in making sure that our rules are keeping up with the changing landscape.

Conclusion

In conclusion, while much has changed at the Commission over the past five and a half years and while many members of the staff have come and gone, a few things have remained constant. First and foremost, the dedication and hard work of the men and women who work at the SEC remains unparalleled. They have not wavered in the face of the overwhelming workload that the SEC has undertaken over the past few years. What has also not changed is the SEC’s role as the capital markets regulator and our mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. To that end, there is much work that remains to be done to protect investors and to continue to restore investor confidence in our capital markets. I know that our committed and diligent staff will continue to work tirelessly to further the SEC’s mission.

Thank you for your attention this morning, and for your continued support of the SEC.