September 26, 2017

Senate Banking Committee hearing with SEC Chairman Jay Clayton

Key Topics & Takeaways

  • EDGAR Breach: The recently disclosed breach of the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system for corporate filings was a frequent topic of discussion during the hearing, with numerous Senators from both parties weighing in on the seriousness of the breach. Clayton fielded numerous questions about the SEC’s response to the breach, the timing surrounding the Commission’s discovery of the breach, the affected files, whether or not trading occurred from information gathered through the breach, and the SEC’s plans to fix the breach.
  • Consolidated Audit Trail: Clayton fielded several questions from Senators about the implementation of the Consolidated Audit Trail (CAT) which will gather an enormous amount of information about trade orders and the people placing them. Several Senators expressed reservations about the ability of the SEC to protect this data in light of the EDGAR breach, with at least one Senator asking if a “time out” on implementation was necessary. Clayton ruled out a “full pause” of the CAT’s implementation.
  • Department of Labor Fiduciary Rule: Clayton also fielded several questions about the Department of Labor’s (DOL’s) Fiduciary Rule and the SEC’s recent request for comments on a unified best-interest standard. Clayton said he believes the DOL and the SEC should work together on a best-interest standard.

Witness

Sen. Mike Crapo (R-Idaho), Chairman, Senate Committee on Banking, Housing, and Urban Affairs

In his opening statement, Crapo discussed the importance of the Securities and Exchange Commission’s (SEC’s) mission to create fair and functional markets, and said the Commission’s work is critical to ensure investors can make informed decisions. Crapo addressed the SEC’s recently disclosed breach of its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system for corporate filings, saying that a data breach could create “severe consequences” for the markets and the public. Crapo added that once the Consolidated Audit Trail (CAT) system becomes operational, the SEC will have access to significant non-public market data in addition to the public information gathered by EDGAR. Crapo continued that data should be collected only when necessary for the SEC to carry out its mandates, and only if it can be properly secured. Crapo also addressed the Department of Labor (DOL) fiduciary rule, stating that it will “limit investor choice” and hurt Americans’ ability to save for retirement. Crapo declared that the SEC is best positioned to establish consistent standards of conduct for broker-dealers, and expressed his appreciation for the Chairman’s attention to the issue. Crapo closed by discussing capital formation, saying that the capital markets are “essential” to help companies grow and increase job growth.

Sen. Sherrod Brown (D-Ohio), Ranking Member, Senate Committee on Banking, Housing, and Urban Affairs

In his opening statement, Brown expressed concern about the SEC’s breach, noting that it occurred in 2016 but was not disclosed to the public until last week. Brown said that regulatory agencies must abide by the same, if not higher, standards than public companies regarding notifying the public of breaches. Brown questioned whether the SEC has other information at risk, pondered if there could be larger consequences of the breach, and whether the public has received sufficient information. Brown linked the EDGAR breach to the recently-disclosed breach of consumer data at Equifax and implored the SEC to ensure the companies it regulates do better on cybersecurity and disclosure, reminding the Chairman of the SEC’s investor protection mandate. Brown closed by discussing the role of the SEC in maintaining financial stability, including by setting rules for derivatives trading and executive compensation to “enhance the public trust in the markets” generally.

Testimony

The Honorable Jay Clayton, Chairman, U.S. Securities and Exchange Commission

In his testimony, Clayton addressed the steps the SEC has taken in the wake of the EDGAR breach. Clayton stated that in August 2017, he was notified of a possible intrusion, at which time he commenced an internal review. Clayton stated the breach did not include access to personally identifiable information (PII) nor did it expose the SEC to a major systemic risk. Clayton said the SEC is working to determine the scope of the breach and any related vulnerabilities in the system, and said that maintaining the security of EDGAR is a top priority. He explained that the SEC has requested that the Office of the Inspector General at the SEC review the breach and make recommendations for remediation, and confirmed that a major investigation is ongoing. Clayton stated that this is not the time for the SEC to pull back from its market oversight role by limiting its use of data, but the Commission must be “vigilant” about security. Clayton also addressed recent regulatory efforts by the Commission.

Question and Answer

EDGAR Data Breach

The recently disclosed breach of the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system for corporate filings was a frequent topic of discussion during the hearing, with numerous questions from Senators of both parties about the seriousness of the breach. Clayton fielded numerous questions about the SEC’s response to the breach, the timing surrounding the Commission’s discovery of the breach, the affected files, whether or not trading occurred from information gathered through the breach, and the SEC’s plans to fix the breach. For many questions, Clayton declined to provide specifics, noting that the SEC’s investigation is still ongoing and that the Commission does not want to publicize information that could be used to compromise EDGAR again. Clayton also declined to provide a timeline about the breach due to the ongoing investigation, but did highlight that the Commission’s Inspector General is involved and that the Commission has hired outside consultants to review the breach and conduct penetration testing to ensure that future attacks are thwarted. Clayton also declined to comment on whether former SEC Chair Mary Jo White had any knowledge of the breach.

Sen. Jack Reed (D-R.I.) noted that the Dodd-Frank Act includes a $50 million reserve fund for the SEC to use for cyber and other technology tools, and asked if Clayton has accessed the fund. Clayton replied that he “want[s] and need[s]” the $50 million, and that he will not be asking for a flat budget going forward, as additional money for cyber and information technology (IT) is needed.

Consolidated Audit Trail (CAT)

Crapo noted that the CAT will capture a large amount data about all orders in the equity markets, including the PII of the customer, and asked Clayton how the SEC will protect this data. Clayton said this data would be invaluable to the Commission’s oversight role, but that the Commission would not try to collect data it did not need to further this mission.

Senator Mike Rounds (R-S.D.) asked if it was time to say “time out” on CAT implementation to make sure that the CAT’s systems can protect the data it will gather. Clayton said he did not think a full pause in CAT implementation now “makes sense,” saying the first set of data that will be collected will help the SEC fulfill its market surveillance responsibilities. Clayton did discuss the possibility of phasing-in the CAT and said the SEC should do the “critical thinking” necessary to bring the CAT online responsibly.

Sen. David Perdue (R-Ga.) said that SEC employees with access to the CAT do not have to meet some of the “stringent requirements” that other individuals need to meet to access the system, and asked Clayton about this discrepancy. Clayton said he did not have enough information to answer the question.

Equifax

The recent Equifax breach was another frequent source of discussion during the hearing. Brown stated that Equifax waited six weeks to disclose their data breach, in which the personal information of 143 million Americans was compromised, and asked Clayton if regulators currently use if this shows that regulators are using the correct standard for “materiality” in disclosures. Clayton replied that materiality is the “core” of the disclosure system, but there are questions about whether companies are making the “right” materiality assessments. Clayton continued that companies should be disclosing more, and there should be better disclosure about risk profile, and quicker disclosure about data breaches that would affect market decisions. Clayton declined throughout the hearing to comment directly on Equifax.

Sen. Mark Warner (D-Va.) expressed concern that there is a “sloppiness” in cyber defenses, including “knowable vulnerabilities” that could have been addressed, and asked if there should be a review of materiality standards. Clayton agreed that there is generally not enough disclosure on cybersecurity issues, especially concerning where the risks are and regarding specific breaches.

Sen. John Kennedy (R-La.) asked if the sale of stock by executives after the breach constituted insider trading, and if the SEC is investigating. Clayton responded to both by stating he could not comment on whether there was an investigation into the trades.

Regulation Systems Compliance and Integrity (Reg SCI)

Warner noted that Regulation Systems Compliance and Integrity (Reg SCI) does not apply to all trading venues and has left out dark pools, some Alternative Trading Systems (ATSs), and other trading platforms. Warner said that if investors had more information about what trading venues are covered by Reg SCI, they could route orders to venues that are covered by the regulation. Warner asked if the SEC will look at expanding Reg SCI to other parts of the market, and Clayton replied that the SEC would look at those other trading venues to see if they should be covered by Reg SCI as well. Warner closed by saying the public needs information about what trading venues are covered by Reg SCI.

Department of Labor (DOL) Fiduciary Rule

Sen. Tim Scott (R-S.C.) stated that the DOL fiduciary rule has had a “negative impact” on many Americans, and that restricting access to financial professionals hurts the ability of the average American to save for retirement. Scott asked if the SEC will have more coordination with the Department of Labor (DOL) on this issue going forward. Clayton responded that he believes the SEC and DOL should work together on this issue, explaining that the SEC is currently reviewing feedback from investors and industry stakeholders on its impact. Clayton stated that investors need choice, clarity, and consistency in how they deal with financial advisors: that they are not “pushed into a narrow set of circumstances as a result of whatever steps we take,” that investors “know the type of person they’re dealing with and they know the obligations owed to them,” and if an investor has different types of accounts, a retirement account and a non-retirement account, that there is “consistency with respect to those accounts.” Clayton also stated there must be coordination with the SEC, DOL, and state regulators in how the rule is approached.

Sen. Jon Tester (D-Mont.) asked if the SEC was working with the DOL to “harmonize” the rule, and when it would be finalized. Clayton confirmed he is working with the DOL, and that the fiduciary rule is a priority at the “top of the list.”

Corporate Disclosures

Sen. Brian Schatz (D-Hawaii) asked if companies should be required to discuss the impact of climate change in their corporate disclosures. Clayton conceded that some companies may need to disclose the impact of weather events, and the regulatory responses to weather events, in their disclosures, but said he believed that the SEC’s 2010 guidance on the issue is sufficient.

Sen. Joe Donnelly (D-Ind.) asked if Clayton was willing to consider requiring companies to report country-by-country employment figures so investors can determine which companies are outsourcing business operations. Clayton demurred, saying he is willing to consider changes to Regulation S-K generally.

Perdue asked Clayton to explain how the SEC is reviewing the conflict minerals rule. Clayton said that a court determined the rule posed a first amendment issue, and that the agency is reviewing the rule considering the litigation and has issued no-action guidance on the rule in the interim.

Sen. Chris Van Hollen (D-Md.) asked Clayton for his thoughts on what constitutes “materiality” in corporate disclosures, and if there should be a prohibition on executives trading stock before material events are disclosed to the public. He cited a study that purported to find that executives do trade shares in the window before disclosure. Clayton said that internal controls to prevent that kind of trading is important and part of good “corporate hygiene.”

Sen. Tom Cotton (R-Ark). asked about the impact of “overregulation” relating to disclosures on smaller issuers and investors, noting that Wal-Mart’s IPO prospectus in 1976 was only 26 pages, while Snap Inc.’s 2017 prospectus was almost 250. Cotton said the complexity of disclosure could deter retail investors, and asked Clayton to describe the SEC’s recent steps to improve public capital markets. Clayton said the SEC is now allowing more companies to take advantage of confidential filing rules, reviewing regulation S-K, and generally trying to make corporate disclosures more effective while remaining informative.

Public Capital Markets

Sen. Elizabeth Warren (D-Mass.) launched a line of questioning about the premise that retail investors are disadvantaged by the recent decline in the total number of initial public offerings (IPOs).  She began by noting that the peak of publicly-listed companies in the U.S. in 1996-1997 occurred in the run-up to the dot-com bubble bursting, and questioned why that level of public companies would be thought of as optimal. Warren also noted that while the number of IPOs is down, the total amount raised in public offerings across the market in 2014 was triple the total amount raised in 1996, so more money is flowing into fewer offerings. Warren asked, if Clayton’s focus is on improving the opportunities to investors, why would it matter if there are fewer IPOs, so long as those IPOs are attracting more investor dollars? Clayton argued that today IPOs are generally undertaken by more mature companies, so investors miss out on the earlier possible gains from investment. Warren countered this claim by saying that the companies that have recently gone public are performing better (compared to older IPOs) for investors, and claimed that Clayton is using a decline in total IPOs to argue for reducing regulation, despite the increase in IPO size. Warren closed by saying that having more IPOs in total will lead to more money for “bankers and lawyers” due to increased deal making, but not necessarily for investors, as companies that go public earlier are less stable.

Perdue asked Clayton to describe the advantages of confidential filing for companies exploring IPOs. Clayton said that confidential filing helps companies make the transition to being public by allowing them to disclose their finances to the SEC without inviting unnecessary (or competitor) attention. Clayton said that the information is still made public before the IPO occurs and does not lessen investor protection.

Sen. Richard Shelby (R-Ala.) asked for Clayton’s thoughts on the current decline in the total number of public companies. Clayton said that it is very difficult for investors to purchase securities from private companies, and that if companies go public earlier, more investors will be able to share in their success.

Regulatory Reform

Shelby noted that in Clayton’s confirmation hearing, he agreed that conducting cost-benefit analysis for new rules is an appropriate step for regulators to take, and asked Clayton to describe the SEC’s steps towards ensuring that meaningful cost-benefit analysis is conducted on new rules. Clayton said he works with the Commission’s economists to determine the impact of rules, and agreed with Shelby that this is an important step.

Cotton asked specifically about auditing attestation requirements, and if it would be appropriate to exempt the smallest firms from them. Clayton replied that “one size fits all doesn’t work in many areas” and said the appropriate response would be to scale regulations based on size.

Enforcement and Market Confidence

Sen. Heidi Heitkamp (D-N.D.) said she does not believe that the equity markets should “get an A” for dealing with cheating and fraud and asked Clayton how he will convince retail investors that the equity markets are fair to all players. She specifically noted the trading by Equifax executives prior to that company’s disclosure about a major cybersecurity failure. Clayton said that he keeps retail investors in mind when making decisions, is concerned about retail fraud, and wants all investors to feel confident in the marketplace.

Arbitration

Brown asked if Clayton will continue to support the SEC practice that gives shareholders the right to go to court and reject mandatory arbitration, to which Clayton replied that he will not prejudge the issue, adding that it is also a state law issue.

For more information on this event, please click here.