Looking Out for Main Street: SEC Focuses on Retail, Cybersecurity and Cryptocurrency

The Commissioners and senior officials of the Securities and Exchange Commission (“SEC” or “Commission”) addressed the public on February 23-24 at the annual “SEC Speaks” conference in Washington, D.C. Throughout the conference, many speakers referred to the new energy that SEC Chairman Jay Clayton had brought to the Commission since his confirmation in May 2017. The speakers also seemed relieved that the SEC was finally operating with a full set of commissioners since the recent additions of Robert J. Jackson, Jr. and Hester M. Peirce. Clayton’s address introduced the main refrain of the conference: that the SEC under his leadership is focused on the long-term interests of Main Street investors. Other oft-repeated themes included the challenges presented by cybersecurity and the fast-paced developments in cryptocurrency and blockchain. To address these shifts in focus, the Enforcement division plans to add more resources to the retail, cybersecurity and cryptocurrency spaces.

Following are the key litigation and enforcement takeaways.

Main Street Investors

Commissioner Kara Stein picked up on Clayton’s Main Street investors focus when she asked whether increasingly complex and esoteric investments, such as product strategies and structures that utilize derivatives, were appropriate for retail investors. She explained that it was not a question whether the financial industry could develop and sell these products, but whether it should. She said it was not clear that financial professionals fully understood the products they were selling, and that even if brokers and advisers made disclosures regarding the potential outcomes and risks to investors, complete disclosures might not even be possible due to the products’ complexity. Both SEC and FINRA Enforcement have brought actions related to the sales practices of inverse and leveraged ETFs, as well as the purchase and sale of complex products. Stein opined that gatekeepers needed to remember the real people behind every account number when they were advising clients on how to handle these types of products.

Steven Peikin, Co-Director of the Division of Enforcement, described the SEC’s Share Class Selection Disclosure Initiative as one way in which Enforcement was trying to help Main Street investors. The Initiative was created to address the problem of investment advisers putting their clients into higher fee share classes when no fee or lower fee classes were available. The SEC is incentivizing advisers to self-report this issue by promising not to impose any penalties, and only requiring them to disgorge their profits to investors. Peikin encouraged investment advisers to take advantage of this opportunity, indicating that if the Commission learned that an adviser had engaged in this conduct and did not self-report, it would be subject to significant penalties. The Chief of the SEC’s Broker-Dealer Task Force shared that AML programs and SAR-filing obligations are also a priority for the Enforcement division and OCIE exams.


The Corporate Finance panel addressed the Commission’s recently published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The panel suggested that in order to generate timely disclosures of cybersecurity incidents, corporate controls and policies should require significant issues to be escalated up the corporate chain. Companies need to be thoughtful in how they accomplish this, and a process that only includes the IT department or is done on an ad hoc basis is not sufficient. These disclosures should not be static, and even if there are ongoing internal or external investigations about the incident, the company needs to inform the market when issues become known.

The Corporate Finance panel also encouraged companies to develop thoughtful insider trading policies that incorporate cyber events that might be considered material events that affect the ability of insiders to trade. If the company is trying to decide whether it has a material issue, any insider who is presumed to know the information should take a hiatus on trading. The panel added that these policies could be prophylactic, similar to what companies have in place to prevent trading at the end of a quarter.

The Enforcement division formed a new Cyber Unit in the fall of 2017 to deal with these types of risks, among others. The unit includes thirty people in five different offices. The Enforcement panel made clear that firms regulated by the SEC should have cybersecurity controls and that those controls should be publicly disclosed.

Cryptocurrency and Blockchain

As expected, recent developments in cryptocurrency and blockchain are top concerns for the SEC. The Corporate Finance and Enforcement divisions are working together to enforce securities laws against companies that seem to be deliberately trying to avoid them. Speakers explained that when the SEC staff review a hybrid token to determine if it is a security, they look at the economic substance of what is being offered to investors and also review the relevant marketing materials. The SEC believes that the factors described in Howey are key to answering this question. If the token at issue includes a financial interest in a company, the SEC will consider it a security. The Enforcement panel emphasized that merely calling something a “token” is not sufficient to take it outside the scope of the federal securities laws. The Commission made clear it had high expectations of gatekeepers, especially lawyers, in this process and expected them to be thoughtful in recognizing when they were dealing with a security and not try to circumvent the issue with clever terminology. The Enforcement panel expressed disappointment that some “genuine law firms” had disingenuously opined that certain tokens were not securities, and that they expected more from the gatekeeper community.

Rob Cohen, Chief of the SEC’s recently formed Cyber Unit, told the audience that there are two types of Initial Coin Offering (“ICO”) cases in which the SEC is interested. The first is garden variety fraud in which a company puts “blockchain” or “crypto” in its name, allegedly changes the nature of its business, and then the stock price skyrockets. The second is more subtle and involves investigating ICOs to see whether there were material misrepresentations or registration concerns. Cohen stressed that ICOs need to be either registered or genuinely qualify for a registration exemption. Cohen said that in the last year at least a dozen ICOs had been voluntarily put on hold after the companies received a call from the SEC asking the companies to look more closely at certain legal issues. Cohen believed that since the market was now on notice, he expected the Commission to use more stringent remedies going forward.

Effective Client Advocacy

The Enforcement panel warned counsel not to engage in a broad discussion of scheme liability under the antifraud provisions of the federal securities laws (Rule 10b-5 or Securities Act § 17(a)) in white papers or Wells notices. The SEC explained that this line of argument was neither helpful to the SEC nor effective for counsel, since it painted the issue with too broad a brush as those provisions do not always require the SEC to prove a scheme. The panel pointed to Lorenzo v. SEC in the D.C. Circuit as a good analysis of the issue. In this case, Lorenzo allegedly knowingly sent misleading emails to investors that included misstatements copied and pasted from emails written by Lorenzo’s boss. While the D.C. Circuit agreed with the defendant that he could not be found liable under Rule 10b-5(b) as the maker of false and misleading statements, he had nevertheless perpetrated a fraud in violation of the securities laws by including these statements in his emails. While the SEC recognized that decisions in other circuits may be read to require the SEC to prove conduct beyond misstatements, the SEC said counsel should consider whether this actually allows their clients to avoid the broad spectrum of conduct that falls under the antifraud provisions. The panel added that the SEC typically prevails on motions to dismiss, even in circuits where the case law initially appears more favorable to the defense.

With respect to cooperation credit, the Enforcement panel emphasized that a company needs to do more than respond to subpoenas on time and bring in witnesses for interviews and testimony. Rather, companies and individuals need to take affirmative action to allow the staff to reach a resolution, either in a shorter period of time or by using fewer resources. It would also constitute cooperation if a company returned money to investors or enhanced its controls and policies. The panel cited the SEC settlement In re Munchee, Inc. as a good example of the type of cooperation that the Commission finds helpful.

High Profile Litigation

The Enforcement panel also discussed some of its recent high profile cases. It cautioned that last year’s Supreme Court decision in Kokesh v. SEC, which found that any claim for disgorgement in an SEC enforcement action was a penalty to which a five-year statute of limitations applies, was a limited ruling and that courts had not been applying the decision to remedies other than disgorgement, such as injunctions. Kokesh, however, has affected the investigative process, in that the SEC is trying to reduce the time taken to complete an investigation and to be more judicious about its use of tolling agreements. The Commission said it is also no longer routinely tacking a tolling agreement onto every case when it serves a subpoena. Moreover, in cases where conduct has aged by the time the SEC learns of it, it may elect not to open an investigation.

The SEC addressed the constitutional challenges to its use of administrative proceedings, and confirmed that since the Supreme Court granted certiorari on this issue, the number of contested administrative hearings it is bringing has decreased. In a significant revelation, the Commission informed the group that it is now bringing administrative proceedings exclusively when the primary remedy is available only in the administrative forum, such as failure to supervise cases or cases involving a 102(e) bar for people who practice before the Commission.

The Appellate Division said (citing its Supreme Court amicus brief in Leidos, Inc. v. Indiana Public Retirement System) that despite the clear language in Basic, Inc. v. Levinson, companies cannot stay silent, and have a duty to disclose material nonpublic information under Item 303 and virtually all the SEC’s other reporting regulations.