Both the volume of SEC enforcement activity and the level of financial recoveries increased in the fiscal year that ended September 30, 2018, according to the agency’s annual enforcement activity report. The increases came after activity had been down in the prior year, the first year under the current presidential administration. However, the agency’s enforcement chiefs cautioned against placing too much weight on the numbers alone. The report contains some interesting signs of what we might expect in the current fiscal year. The SEC’s enforcement report can be found here. The agency’s November 2, 2018 press release about the report can be found here.
In their forward to the report, the SEC enforcement division chiefs stated that quantitative metrics “cannot adequately measure the effectiveness of an enforcement program,” adding that a “singular focus on such metrics can result in a misalignment of incentives and objectives.” The division’s co-directors instead tried to emphasize the five principles they said guide their assessment of the division’s effectiveness. (I discuss the five principles below.)
Though the enforcement division’s co-directors may not like it, the fact is that the enforcement numbers are very closely followed. As the Wall Street Journal noted in its November 3, 2018 article about the agency’s enforcement report, the SEC’s annual enforcement statistics “are a closely watched indicator of its oversight of public companies, financial institutions, and stockbrokers. The figures tend to be used, particularly by Congress, as a barometer of how aggressively the SEC is policing misconduct.”
The Number of Enforcement Actions
The report shows that in the 2018 fiscal year, the agency brought 821 enforcement actions, compared to 754 in FY 2017, representing an increase of almost nine percent. Of the 821 enforcement actions in FY 2018, 490 were stand-alone actions, representing an increase of about 10% over the 446 stand-alone actions brought in the prior fiscal year.
Indeed if the cases that were brought in the 2015 and 2016 fiscal years as part of the Commission’s initiative focused on municipalities disclosures (which the report says “skew the results” for those fiscal years), the 490 enforcement actions in FY 2018 is the highest number in the past four fiscal years.
Of the 490 stand-alone actions in FY 2018, almost half either concerned securities offerings (25%) or investment advisor issues (21%).
The Agency’s Monetary Recoveries
During FY 2018, the agency’s monetary recoveries totaled $3.945 billion, of which $1.439 represented penalties and $2.506 billion represented disgorgements. The monetary recoveries in FY 208 represented an increase of about 4 percent over FY 2017 ($3.7 billion), although it also represented a slight decrease compared to FY 2016 ($4.083 billion) and FYI 2015 ($4.194 billion).
Of the $3.945 billion in monetary recoveries, $1.786 billion (about 45%) represented the amount from a single case, the Petrobras bribery enforcement action. The SEC actually recovered very little of the penalties and disgorgements in the Petrobras case, as the agency credited amounts the company paid in connection with a related securities class action lawsuit and penalties paid to Brazilian authorities. Of the penalties and disgorgements against Petobras, only $85 million was not offset by credits. The Journal article about the agency’s enforcement report quoted one commentator as stating that “If you look at the numbers on penalties, it’s the lowest number since 2009 if you back out Petrobras.”
The amount the agency recovered by way of disgorgements ($2.506 billion) was down compared to prior FY 2017 disgorgement recoveries of $2.957 billion. The agency attributed the decline to the U.S. Supreme Court’s 2017 ruling in the Kokesh case, in which the Court said that the agency’s disgorgement actions are subject to a five-year statute of limitation. The enforcement report noted that with respect to matters that have already been filed, the Kokesh decision may “cause the Commission to forgo up to approximately $900 million in disgorgement, of which a substantial amount likely could have been returned to investors.”
The Agency’s Assessment
The five principles by which the enforcement division’s co-directors would prefer the division’s effectiveness to be assessed, rather than the numeric figures alone are: (1) focus on the main street investor; (2) focus on individual accountability; (3) keeping pace with Technological Change; (4) impose remedies that most effectively further enforcement goals; and (5) constantly assess the allocation of our resources.
With respect to the agency’s focus on main street investors, the report notes that the agency brought “hundreds of cases alleging misconduct perpetrated against retail investors” that resulted in the return of “substantial sums to harmed investors” — $794 million in the 2018 FY.
With respect to individual accountability, the report highlights the agency’s commitment to holding culpable individuals responsible for wrongdoing. The report notes that in the 2018 FY, the agency charged individuals in about 72% of the standalone enforcement actions, about the same percentage as in FY 2017 (73%). Among the senior officials charged were the CEO of Theranos, the CEO of Tesla, the former CEO of Seaworld Entertainment, and a U.S. Congressman.
As for the agency’s focus on technological change, the report notes that as of the end of the 2018 fiscal year, the agency had brought over a dozen stand-alone enforcement actions involving digital assets and ICOs. The report also notes that the agency has formed a Cyber Unit, that cyber-related disclosure represents a significant priority at the agency, and that the agency also brought its first enforcement action (against Yahoo’s successor in interest) against a public company for failing to properly inform investors about a data breach. Somewhat ominously, the report also notes that as of the end of the 2018 fiscal year, the enforcement division had more than 225 cyber-related investigations ongoing.
With respect to the Commission’s aim to impose remedies consistent with the agency’s overall goals, the report highlights the enforcement action settlements with Theranos and Tesla, emphasizing that in connection with the resolution of both actions, the company and their senior officials agreed to a number of governance changes and diminutions of the CEOs’ authority
The slight increase in the SEC’s enforcement activity and monetary recoveries arguably is a little surprising. The reduction of the enforcement activity in the 2017 FY was widely viewed as consistent with the current administration’s overall hostility to regulation and governmental action. The expectation among at least some commentators was that the agency would again report a reduction in activity in the 2018 FY.
However, one particular focus of agency observers has been the agency’s enforcement activity with respect to publicly traded companies. As I noted in a post earlier this year, at the half-way point of the 2018 fiscal year, the agency’s reporting activity involving publicly traded companies was down compared to prior years. The agency’s report does not break down its enforcement activity between public companies and all other types of entities, but given the agency’s priority to focus on main street investors, I suspect a deeper analysis will show that the agency’s enforcement activity against public companies remained down throughout the year. Indeed, among other things, the report does show that more than half of the stand-alone enforcement actions in the 2018 FY involved alleged wrongdoing against retail investors.
Obviously, one of the reasons the report on the agency’s enforcement activity is so closely followed is because of what the report may tell about the agency’s likely future priorities and enforcement activity. On that point, by far the most important item in the whole report is the oblique but nonetheless ominous statement that as of the end of the fiscal year the agency had over 225 cyber-related investigations ongoing.
I don’t think I am going out on a limb to predict that we will see a significant number of cyber-related enforcement actions in the 2018. In that regards the report emphasized that cyber-related disclosure is a “significant priority.” The agency brought only one cyber-disclosure related enforcement action in the 2018 fiscal year, but the report makes a point of giving that one action significant prominence. Call it a hunch, but among the likely increase in cyber-related enforcement activity in 2019, there will be a number of significant actions related to cyber disclosure.
The agency’s focus on individual accountability is noteworthy and obviously of significant concern to executives at organizations that attract the attention of the agency’s enforcement division. The agency’s emphasis on individual accountability could have practical consequences; among other things, it increases the likelihood that individual executives would seek to retain separate counsel in connection with agency investigations and enforcement actions, increased overall defense expenses. The agency’s focus on individual accountability clearly is a significant factor in the potential liabilities that corporate executives face.