On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).
The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.
This is the second in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. Part I of this blog, which outlined Chair Clayton’s statement on cybersecurity and the EDGAR
In early February 2017, acting SEC Chair Michael Piwowar revoked the subpoena authority from approximately 20 senior SEC enforcement staff. The change leaves the Director of the Division of Enforcement as the sole person with the authority to approve a formal order of investigation and issue subpoenas. Historically, the staff did not have subpoena power; however, in 2009 then Chair Mary Shapiro granted the staff the power, in the wake of the Bernie Madoff scandal. Chair Shapiro deemed the policy to relate solely to internal SEC procedures and, as such, passed the delegation of power without formal notice or opportunity for public comment.
This is the beginning of what I expect will be many, many changes within the SEC as the new administration changes the focus of the agency from Mary Jo White’s broken windows policies to supporting capital formation. The mission of the SEC is to protect investors, maintain fair, orderly and efficient markets and facilitate capital formation. Although