Clayton is Questioned on EDGAR Hack and Cybersecurity; consolidated audit trail; data breach standards; IPO market; equity market structure; proxy advisory firms

The House Financial Services Committee on October 4, held a hearing to examine "The SEC's Agenda, Operations, and Budget." The only witness was SEC Chairman Jay Clayton. Testimony from the hearing is posted here.

In his opening statement, Chairman Jeb Hensarling (R-TX) said he was "extremely encouraged by the SEC's renewed commitment … to facilitate capital formation to help small businesses access capital." Hensarling said he appreciated Clayton's public comments on the need to reverse the trend of declining initial public offerings, and the SEC's announcement that confidential IPO filings would be open to all companies. He said the SEC should also "continue to explore ways to simplify its disclosure regime and return to the concept of materiality," and that securities laws "are not the appropriate avenue to pursue ideological and political agendas." Hensarling said that under the Obama administration, the SEC "dropped the ball on the fiduciary rule" by allowing the Department of Labor to insert itself into the SEC's jurisdiction. "Surely, this must be reversed." Referring to the SEC's disclosure that its EDGAR filing system had been compromised by hackers in 2016, Hensarling said the committee has "serious questions" regarding cybersecurity controls at the agency: "Even more troubling is that Congress and the public were not informed until September 2017." He urged Clayton to delay the November 15 implementation date for the Consolidated Audit Trail "until the Commission can ensure that the appropriate safeguards and internal controls are in place to protect this data."

In her statement, Carolyn Maloney (D-NY), ranking member on the Capital Markets Subcommittee, said that while she is deeply concerned about the cyber-attack on EDGAR, she appreciated the SEC's transparency about the breach. She said that if EDGAR's "reliability is called into question, it needs to be fixed immediately."

SEC Chairman Jay Clayton's prepared statement was largely the same as the one he submitted to the Senate Banking Committee last week. In his oral statement, Clayton highlighted four areas where the agency needs "additional focus": 1) cybersecurity; 2) retail investor protection; 3) market integrity, including structure, risk and resiliency; and 4) capital formation. On cybersecurity, he recited a timeline of when the EDGAR hack was discovered and how the SEC had addressed it. He outlined five "work streams" prompted by the attack, including an investigation by the agency's Inspector General; an effort by the Enforcement Division to focus on any illicit trading rising from the hack; and efforts to improve the EDGAR system. On the SEC's regulatory agenda, Clayton said his written testimony discussed the Commission's regulatory efforts in detail, including its "Reg Flex Act" agenda. He announced that the Commission will hold an open meeting on October 11 to consider a rule proposal required by the 2015 FAST Act (a highway bill that included some securities provisions) "to modernize and simply the disclosure requirements in Regulation SK in a manner that reduces costs and burdens on companies, with no reduction in the disclosure of all required material information."

Questions

Chairman Hensarling asked Clayton to list some of the "chilling effects" of regulation on the IPO market; Clayton said the choices available to retail investors, and options for retirement savings, "are diminishing because the number of public companies is diminishing … I want to increase the opportunity set for our Main Street investors." He said there are now fewer public companies because "we have a one-size-fits-all model" in that the regime that applies to a very large company is the same for a medium-size or smaller company. "I question whether that continues to be appropriate." Clayton said the JOBS Act "demonstrates that the scaled system is something we should be looking at." He noted that alternative forms of capital are available today that weren't around 20 years ago. Later, Hensarling said the House-passed Financial CHOICE Act includes a number of capital formation provisions, such as creating venture exchanges and modernizing the definition of an accredited investor. He asked what the SEC is doing to make it easier for smaller companies and entrepreneurs to go public. Clayton said he had asked the agency's Corporate Finance Division to "look across the landscape of regulations — crowd-funding, Reg A, Reg D — and ask if there is a consistency we can bring to this, removing complexity while maintaining the same investor protections."

Hensarling noted that the Consolidated Audit Trail (CAT) is set to "go live" soon, and asked how Clayton could ensure that it was ready. Clayton said the CAT is being developed by self-regulated organizations like FINRA and the stock exchanges, working with a contractor. "The questions I've been asking are: 'What information are we taking in, do we need it, and can we protect it?' I don't want information unless we need it." He said his questions "have not yet been answered to my satisfaction," and the SEC "won't take" the CAT until they are answered.

Rep. Maloney said the EDGAR hack indicated that the SEC needs to improve its cyber-defenses, and asked if Clayton is creating any new positions, policies or procedures in response. (Later, she said it seemed unusual that previous chairman Mary Jo White or other commissioners had not been notified of the hack when it was discovered.) Clayton said the SEC isn't waiting until the five work streams he outlined in his statement had been completed. He said he had the support of both Commissioners Michael Piwowar and Kara Stein to improve the agency's incident response plan. On new positions, he said he also had the commissioners' support to create a position of chief risk officer, "not just for cybersecurity but for general risk." Maloney then asked him about a draft bill she has sponsored that would prohibit senior executives from trading in their own company's stock during the four-day period between when a material change has been discovered and it is publicly disclosed. Clayton said, "I believe it's good corporate hygiene that once a determination has been made about a material event, that a control would prevent senior executives from trading … I like this concept."

Pilot program on exchange's access fees. Maloney noted that the SEC is "examining a pilot program on the access fees charged by the exchanges — many market participants have told me this pilot program really needs a bucket with zero rebates in order to accurately test the effectiveness of different access fee levels." She asked if their pilot program would include such an option. Clayton said the question of tiers in that program has been "on my mind … There's been nothing definitive decided, but a zero-rebate or zero-fee bucket is something that I've discussed with the staff."

Bill Huizenga (R-MI) said he also had serious concerns about the forthcoming CAT, and worried that there was a "chicken or the egg" situation in which "you're awaiting for the SROs to declare the system isn't ready, and they're waiting for you to say we're not ready to take this." Clayton said the SROs "have an obligation to get the system up and running, and … I won't take [the data] until I'm comfortable." Huizenga then said he was concerned about the European Union's Markets in Financial Instruments Directive (MiFID II), which requires banks to unbundle payments for research (soft dollars), charging for them separately from brokerage services, and limiting commissions from being used to pay for research. Huizenga said the directive "directly contradicts the U.S. regime," and that last month, Blackrock had announced it would pay for external research out of its own pocket, following similar announcements by Vanguard and JPMorgan. He asked if the SEC plans to provide any guidance on complying with this regime and managing conflicts with the U.S. system. Clayton told him, "Our aim is to allow them to do that in their market, but not either directly or indirectly force the importation of that system. If our brokers want to take a different approach from the past, they are free to do so, but we want to provide a structure that allows the current model to continue. We can then assess, as things go on, what the best way forward is."

Market structure. Huizenga noted that his Capital Markets Subcommittee is holding a series of hearings on equity market structure, and asked if their review should be focused on Regulation NMS or "much broader." Clayton said, "A focus on Reg NMS principally make sense. But the broader question is, are we driving efficiency in our markets? Do we have sufficient liquidity, and are the people who are providing it being appropriately compensated? Is it real liquidity?"

Blaine Luetkemeyer (R-MO) said the Financial Institutions Subcommittee will hold a hearing soon on legislative approaches to managing data breaches, and is considering "new forms of notification" and identification protocols. Clayton said a main question is whether the SEC really needs to take personally identifiable information, and if it does, "should we take it in a different, disaggregated form from the other information that we take?"

Full committee Ranking Member Maxine Waters (D-CA) said she was surprised to see that the SEC had not requested a budget increase for fiscal 2018 — a fact that Republican members praised during the hearing — and asked if the agency would need a bigger budget next year. Clayton said that in fiscal 2019, "We're asking for a 7% increase, with most of that going toward cybersecurity and market integrity. I would like to put more money into retail fraud" enforcement.

Sean Duffy (R-WI) and Ed Royce (R-CA) both asked about proxy advisory firms, with Duffy suggesting that two such firms "own the market" with no competition or transparency. He asked if there is "a need for reform here." Clayton said such firms "provide a service that has value, amalgamating data … With the increase in indexing and passive money, it increases their influence." Duffy compared proxy advisory firms to gangster "protection rackets" because they offer consulting services to companies who are the subject of a bad report: "This is ripe for the SEC to look at."

David Scott (R-GA) said he had sent Clayton a letter about HR 3555, the Exchange Regulatory Improvement Act, a bill he has sponsored with Barry Loudermilk (R-GA), which would clarify the definition of the word "facility" owned by a securities exchange, "so that companies like the New York Stock Exchange are not hamstrung when trying to diversify the lines of business they provide to members and investors." He cautioned that the bill would not carve anything out of the SEC's jurisdiction or otherwise limit its regulatory powers: "We're just trying to allow the necessary breathing room for the New York Stock Exchange to operate in a more fluid situation." Clayton told him, "In our regulatory approach to the [NYSE] or other exchanges, are we going beyond our bread and butter and getting into regulating businesses that are tangential to our entities … ? We should be asking ourselves that question."

Scott also mentioned that he, Keith Rothfus (R-PA) and others have sponsored a bill (HR 2319) that addresses concerns they have about the SEC's 2014 rule requiring certain money market funds used by institutional investors to have a floating net asset value (NAV). "I know the SEC went through a rigorous process on this, but sometimes regulators get it wrong, and this is an example. Since the SEC finalized the rule, we've seen a massive flight from prime and tax-exempt money funds because the costs of a floating NAV are so high." Clayton said he is "aware of the shift … from commercial assets to government assets in the institutional money market space. There are other considerations here, but I am looking at it. The [SEC's] Department of Economic Research is looking at it. It's too early to say we are wrong or 100% right."

Fiduciary rule. In her questions, Ann Wagner (R-MO) said one study has suggested the Labor Department's fiduciary rule for retirement plan advisers could cause 13 million accounts to lose access to investment advice, and that she has reintroduced her bill repealing the DoL rule and requiring SEC to develop a uniform fiduciary standard for brokers. "How important is it to fix this?" Clayton told her that this issue, in addition to cybersecurity, was his main initial focus upon becoming chairman earlier this year. "Investors should have a choice of what type of account they have, what type of relationship they have, what type of assets they invest in. There should be clarity and consistency between us and the DoL — we can't have asymmetric standards, it makes no sense. And then we have to cooperate — our mandates are different but we can cooperate and get there … The next step would be a rule proposal. We're working on such a proposal and we want to work with the DoL … If this were easy, it would already be fixed. I'm confident that we'll put forward something that addresses those four issues and is something investors understand."

If you have questions, or need additional information, please feel free to contact Will Heyniger or Bob Schellhas at (202) 293-7474.

———————————————