I thank you for the opportunity to take part in today’s hearing entitled, “SEC Overreach: Examining the Need for Reform.”
It is often said that the U.S. financial markets are the largest, deepest and most liquid in the world. Regulatory decision-making by the Securities and Exchange Commission (SEC or Commission)—whether in the form of promulgating rules, providing guidance, or bringing enforcement actions—directly impacts those U.S. securities markets. The Commission’s reach is vast. It oversees the annual trading of approximately $118 trillion in U.S. equities markets, $2.8 trillion in exchange-traded options, and $237 trillion in fixed income markets. Disclosures and financial statements of more than 5,000 exchange-listed public companies with an aggregate market capitalization of $51 trillion are subject to SEC regulation and review. The SEC regulates the activities of more than 29,000 registered entities (including investment advisers, broker-dealers and investment companies), who employ at least one million individuals. And the SEC oversees twenty-four national securities exchanges, nine credit rating agencies, seven registered clearing agencies, the Public Company Accounting Oversight Board, and the Financial Industry Regulatory Authority, among other non-governmental organizations.1
The impact of the SEC’s regulation is felt by everyday Americans. As of 2022, 58% of American families held stock, an all-time high.2 And a wider range of Americans—younger, less wealthy, and more diverse—have been entering the markets in recent years.3 While the stock market and the economy are not one and the same, the ability of individuals and entities to raise capital to grow and support their businesses—and the ability of individuals and entities to invest in others’ businesses—is the backbone of American economic growth. Importantly, stability and predictability are important to the functioning of these capital markets.
This is all to say that the SEC is important. The regulation that it undertakes impacts entrepreneurs and investors and employers and employees, both at home and abroad.
The SEC describes its three-part mission as protecting investors, maintaining fair, orderly and efficient markets, and facilitating capital formation. This is a complicated mission, and it is one that cannot be—and is not intended to be—carried out without accountability to elected officials and input by members of the public, especially those who are impacted by the Commission’s regulatory decisions. Such accountability and corresponding transparency results in better public policy decisions and stands as a bulwark against the arbitrary or capricious actions of a regulator unbound to the people and their representatives. As SEC Commissioner Mark Uyeda recently opined: “[w]hen a regulator can, without practical limitation, promulgate, interpret, and enforce rules and guidance, including retroactively, the temptation to be arbitrary in the exercise of administrative power and enforcement can be great.”4
The SEC, however, falls short of this ideal. As described below, the Commission would benefit from reforms aimed at (i) increasing the accountability and transparency of the agency to lawmakers and the public, (ii) ensuring adequate input and analysis to improve agency rulemaking, and (iii) holding the agency to high standards in the exercise of its functions.
This discussion is not meant to be exhaustive. Undoubtedly, there are structural or procedural reforms that the SEC could undertake to increase its effectiveness or decrease its costs. And there are also reforms that I would recommend to the agency’s prioritization of resources, in addition to changes to substantive law or regulation, to better meet the Commission’s mission and support the choices of individuals using the securities markets.
Instead, this discussion focuses on highlighting specific areas for reform that will improve the Commission’s accountability, responsiveness, and competence, regardless of the substance of the policy agenda that the SEC’s Chairman pursues.
Increasing Accountability and Transparency of the SEC to Lawmakers and the Public
The SEC may be an “independent” agency, but that distinction does not grant it special privileges with respect to oversight by Congress or an exception to the basic constitutional protections that ensure governmental accountability to the people.
Congress’s ability to conduct oversight over the Executive Branch is inherent in its legislative powers enumerated in the U.S. Constitution. Such oversight is a critical mechanism to ensure transparency, accountability, and the proper functioning of the federal government within a system of checks and balances.
Regularizing certain aspects of Congressional oversight of the SEC, including by requiring periodic testimony of the SEC Chairman and Commissioners, has the potential to increase the agency’s accountability and transparency. As it currently stands, many SEC offices are required to submit periodic reporting to Congress, including the Office of the Advocate for Small Business Capital Formation, the Office of the Investor Advocate, and the Inspector General.5 The SEC is also required to report to Congress on a variety of subject-matter specific issues, including the public and internal use of machine-readable data for corporate disclosures and the modernization of the SEC’s website.6
Yet, there is no requirement that either the SEC Chairman or any of the other Commissioners appear to provide Congressional testimony on a regular basis. Such in-person testimony can be a valuable supplement to written reporting, but it also serves its own purpose in facilitating direct oversight by Members of Congress. These interactions would allow SEC officials to share information about the agency’s policy priorities and operations and allow members of Congress to share their views about the same. This direct conduit to question the Commission is even more important where the Commission, or its Chairman, is not responsive to written requests from Congress in its oversight capacity.7
Such a requirement may not be necessary where there is a strong custom in favor of regularly calling the SEC Chairman and Commissioners to appear to provide testimony to Congress. However, where regular periodic testimony is not customary—for whatever reason—a statutory mandate can serve to regularize, and depoliticize, the fact of Congressional oversight of the Commission.
Requiring an agency head to appear for regular testimony before Congress is hardly unheard of. In the context of financial regulation, the most obvious example is the bi-annual testimony of the Chairman of the Federal Reserve Board of Governors required by the Full Employment and Balanced Growth Act of 1978 (also known as the Humprey-Hawkins Act).8
Due to the Commission’s design as a five-member body, required by law to have no more than three Commissioners from the same political party, testimony that is not solely focused on the viewpoint of the Chairman may be useful in providing more robust oversight opportunities. The Chairman’s views are most often associated with the priorities and performance of the agency, even though he does not speak for the whole Commission. For example, the Chairman sets forth a strategic plan for the agency, but, as the plan discloses, it “sets forth the Chair’s vision for the next four years” and “may not necessarily represent the views of all of the Commissioners.”9 Hearing the viewpoints of the other Commissioners—particularly the minority Commissioners—can assist in ensuring that the Commission retains some of level of political balance, or political moderation, that was intended by requiring the Commission to be bipartisan.
In addition to the direct oversight opportunities created by periodic Congressional testimony by SEC Commissioners, there are several areas of additional institutional reform that would create conditions to increase the SEC’s accountability and transparency. Two such reforms relate to the SEC’s enforcement authority, which the agency exercises pursuant to its own practices that undermine the ability of both Congress and the public to evaluate the agency’s performance.
First, the Commission’s own policies prohibit those who settle enforcement actions with the Commission from criticizing the basis for the factual allegations made by the Commission in the settlement document.10 This lifetime gag order, which SEC Commissioner Hester Peirce describes as “unnecessary” and “undermin[ing] regulatory integrity,”11 is not just a problem for the First Amendment rights of those who are settling with the SEC.12 This practice of silencing critics also prohibits Congress and the public from holding the agency to account for enforcement settlements (which are, by far, the most likely result of an enforcement action brought by the Commission).
Second, the SEC’s use of administrative law courts similarly raises issues with the agency’s accountability. The ability of the SEC to bring actions in its own administrative courts, rather than in Article III judicial courts, has expanded over time.13 A host of constitutional issues raised by the SEC’s use of administrative courts is under consideration by the Supreme Court in SEC v. Jarkesy.14 In addition, the Supreme Court has already permitted targets of agency administrative action to raise collateral constitutional issues in federal court, instead requiring a full administrative adjudication before constitutional claims can be effectively heard.15 But setting aside the technicalities of the constitutional questions, the agency’s use of administrative courts denies defendants—and the public more generally—the accountability provided by independent judicial courts. Requiring the SEC to prove its case under the same standards that apply in other civil enforcement actions brought by the government in judicial courts brings the same level of accountability and transparency to agency actions. That accountability is sorely lacking when the SEC can bring enforcement actions by its own rules that unfairly favor the agency.16
Ensuring Adequate Input and Analysis to Improve SEC Rulemaking
As noted above, the rules that the SEC promulgates directly impact the economy, providing the rules by which entrepreneurs and investors exchange capital. Because rulemaking occurs outside of the legislative process—at the SEC and other administrative agencies—Congress provided the framework by which such rulemaking must occur in the Administrative Procedure Act (APA). Importantly, the APA, among other things, provides for public participation in the rulemaking process and sets forth the basic standards that a rule must meet to survive judicial review.
Although the SEC, as an independent agency, is not subject to certain Executive Orders regarding rulemaking, the agency is subject to the APA.17 The Commission, however, has a mixed record, at best, when complying with the requirements and spirit of the Act.
Within the past couple of years, the SEC has been found to have acted “arbitrarily and capriciously” within the meaning of the APA (or otherwise exceeded its statutory authority) in its administrative actions on multiple occasions, including in Chamber of Commerce v. SEC,18 Institutional Shareholder Services Inc. v. SEC,19 and Grayscale Investments, LLC v. SEC.20 Multiple recently finalized SEC rules are being challenged on the same grounds.21 When adding these challenges to the SEC’s long history of seeing rules overturned by courts (including in Business Roundtable v. SEC22 and Chamber of Commerce v. SEC23), it makes sense to consider whether the SEC rulemaking process is in need of reform.
Moreover, the Commission has often strayed from the preferred method of rulemaking for creating agency policy, relying inappropriately on agency guidance and enforcement actions to create new regulation. Staff Accounting Bulletin 12124—which the U.S. Government Accountability Office found constituted a rule for the purposes of the Congressional Review Act because it meets the definition of a rule under the APA25—is a prime example of relying on informal agency guidance to issue “definitive interpretative guidance” for a “very specific, very limited number of public companies.”26 SAB 121 is far from the only example, however, of the SEC using interpretative guidance to have the broad force of a regulation, without having gone through the notice-and-comment process.27
Similarly, on the enforcement front, the SEC routinely touts its success in charging “first-of their kind” cases and bringing significant actions “to protect investors in new and emerging areas, including cases charging misconduct involving cyber issues and crypto securities.”28 While not all first-of-their-kind cases are inappropriate, the Commission should not champion leading with enforcement when addressing novel applications of existing rules. This has been a particular problem with respect to the SEC’s treatment of digital assets,29 but the problem is not limited to crypto.30 And the problem is compounded by using the SEC’s limited enforcement resources—which are already strained—to carry a much heavier load by creating policy, rather than simply enforcing existing laws and regulations.31
Both informal guidance and enforcement produce less certain and less clear rules for market participants and can result in unfair treatment of such market participants, undermining public trust in the agency. Just as importantly, pursuing these pathways rather than notice-and-comment rulemaking decreases the quality of the regulation by preventing public input about the policy being advanced. While not all agency guidance must go through formal rulemaking, the Commission must more rigorously evaluate whether informal agency action—through guidance or enforcement—is creating de facto rules. And if so, the Commission should subject such rules to formal notice-and-comment rulemaking.
Quality rulemaking under the APA relies on two key tenets: public input and robust agency analysis. The Commission’s track record on both dimensions suggests that reform may be useful to improve the quality of the agency’s rulemaking.
Public Input Is Vital to Crafting Quality Regulation
Public input is at the heart of the APA’s design for federal agency rulemaking. The most well-known process for soliciting such public input is the APA’s notice-and-comment rulemaking process, through which an agency proposes a rule and provides an opportunity for public comment that must be considered in the agency’s decision to finalize the rule proposal.
The APA does not specify a minimum number of days that the rule proposal be available for public comment, but an agency must “provide a meaningful opportunity to comment.”32 Federal executive guidance generally considers 60 days to be the minimum time for public comment, although the SEC, as an independent agency, is not bound by this guidance.33 The SEC, however, prior to the current Chairman, by and large, allowed 60 days for public comment on rule proposals.34
In contrast, the current SEC has simultaneously advanced a more aggressive rulemaking agenda—putting forth more rule proposals, more quickly—and provided less opportunity for public comment on such rules.35 These rule proposals, running hundreds of pages long and often asking for public comment on hundreds of questions, have been complex and interconnected, increasing the burdens on public commenters to analyze and respond meaningfully to the proposals.36 This burden is only intensified for smaller market participants and those with fewer resources to devote to commenting on rule proposals. The extent of this issue was apparent with the package of four rules affecting equity market structure that were proposed simultaneously in December 2022.37 But the issue generally plagues this SEC’s policy-making agenda, which has failed to take into consideration rule complexity and overall rulemaking burden in setting the time period for public comment.38
Although the SEC’s comment periods for more recent rule proposals have returned to more historical norms after receiving bipartisan criticism of the shortened timeframes,39 Congress should consider setting a baseline for comment period length for SEC rule proposals. In light of the general complexity of SEC rules—including the length of proposals and the interconnectedness of proposals and existing rules—30-day time periods for public comment should be strongly disfavored.
The SEC’s limitations on receiving meaningful input from the public on its rulemaking are not limited to the initial notice and comment process, however. Several of the SEC’s finalized rules differ significantly from the proposals. While this could be seen as an encouraging sign that the agency is considering public feedback on the rule, where such rules substantially differ from the proposal, the public should be given another opportunity to comment on what should be viewed as a new proposal.40
Such a re-proposal would ensure that commentors are able to focus on salient issues with the current proposal—which may not have received attention due to the prioritization of issues with the prior proposal. The climate-risk disclosures rule provides a good example of this. The original proposal ran to more than 90 pages and sought comment on more than 200 individual questions;41 it is more than reasonable to expect that commentors would focus on particular issues. But because the final rule differed significantly from the proposal, comments made on the proposal may differ from comments that would have been made on what the Commission finalized. As Commissioner Mark Uyeda explained, the Commission “essentially admitted that the proposal did not get it right.”42 And under such circumstances, the rule should be reproposed for comment by the public.
Finally, the SEC fails to give due weight to public input through the APA’s petition for rulemaking process. The petition for rulemaking essentially restates the First Amendment right to petition the government.43 Under the APA, “[e]ach agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule.”44 The APA requires the petition to be acted on within a “reasonable time.”45 While agencies have different procedures for handling such petitions,46 the SEC’s publicly available procedures provide little guidance as to how the agency will handle a petition.47 And it is clear that the Commission adheres to no timetable in acting on such petitions. For example, the New Civil Liberties Alliance petitioned the SEC to revise Commission Rule of Practice 202.5(c), relating to the Commission’s policy on no admit/no deny settlements, on October 30, 2018.48 The petition was finally acted on more than five years later—on January 30, 2024, in the midst of relevant litigation relating to the underlying policy.49
The Commission displays petitions for rulemaking that it has received on its website, which shows 244 petitions going back to 2001.50 But there is no way to determine whether such petitions have been acted upon by the Commission, let alone the length of time that the petition was pending before action was taken.51 The Administrative Conference of the United States recommends that agencies adopt procedures that provide an expected length of time for the agency to respond, as well as provide an explanation for any agency delay.52 But, at a minimum, the SEC must do more to demonstrate that it is considering petitions for rulemaking in a timely manner.
The SEC Must Engage in Robust Analysis of a Rule’s Costs and Benefits
The APA requires the SEC to weigh, and where possible quantify, the costs and benefits of a proposed regulation.53 A series of court decisions more than a decade ago confirming that the SEC must undertake a quantitative cost-benefit analysis led to the Commission establishing its own guidance for economic analysis in SEC rulemakings.54 Despite this internal guidance, however, the Commission continues to have rules invalidated by courts on the basis of an inadequate assessment of a proposed regulation’s costs and benefits.55
Moreover, the SEC’s economic analyses often fail to account for costs associated with the rule, while weighing quantified costs against speculative benefits. This is particularly apparent where the SEC has made interconnected rule proposals but does not analyze the impact—of either costs or benefits—of each proposal on the other.56
Requiring a robust cost-benefit analysis forces the agency to “show its work” in determining that a regulation is justified. Weighing such costs and benefits is not foreign to the SEC, which is required to analyze, among other things, the impact of its rule proposals on the Commission’s mission to protect investors, promote efficiency, competition, and capital formation;57 the burden a rule proposal places on competition;58 and the proposed rule’s economic impact on small entities.59 A clear legislative requirement for the Commission to provide an evidence based-articulation of how and why the benefits of a proposed rule exceed the economic costs thereof, rather than reliance on the agency’s internal guidance (which has no legal force and can be changed) may assist in shoring up the duty that exists under the APA to quantify, to the extent possible, the costs and benefits of the rule.
It’s important to note that the Commission’s own aggressive rulemaking agenda may be contributing to an inability to perform robust analysis of proposed rules. The Commission requested ten new positions for fiscal year 2024 in its Division of Economic and Risk Analysis to “directly support the Commission’s rulemaking agenda.”60 This suggests that the Commission lacks adequate staff to conduct cost-benefit analyses, despite their own best efforts. The question of whether the Commission has adequate staff to address its aggressive rulemaking
agenda affects more than economic analysis. As the SEC’s Inspector General noted, the heavy rulemaking agenda can also increase the risk of errors because it “potentially (1) limits the time available for staff research and analysis,” and (2) increases litigation risk.”61
Finally, the SEC should also increase its use of retrospective rule reviews, particularly where the agency finalizes a rule based on benefits or costs that it has deemed difficult to quantify. A regularized process for revisiting some subset of the Commission’s rules—that, at a minimum, presents public findings—would ensure the Commission’s (as well as the public’s) evaluation of whether such rules are functioning as intended. It would also allow analysis as to whether the rule is justified by reviewing actual—rather than predicted—costs and benefits.62
Holding the SEC to High Standards in the Exercise of its Functions
Separate and apart from its rulemaking functions, the SEC has struggled with its own cybersecurity and information technology functions. As the SEC’s Inspector General has recognized,
cyber risks are growing, and cyberattacks targeting critical infrastructure—including financial services—could affect entire systems and result in catastrophic financial loss. Individuals or groups with malicious intentions attempt to intrude into agency systems to obtain sensitive information, commit fraud and identity theft, disrupt agency operations, or launch attacks against other systems and networks. Even in the absence of those intentions, inadequate safeguards can lead to the unauthorized disclosure, modification, use, or disruption of information that can compromise the integrity of agency operations. Therefore, the SEC must continue to take steps to safeguard the security, integrity, and availability of its information systems and sensitive data.63
Yet, the Commission continues to suffer from embarrassing cybersecurity incidents, which have market impacts and erode confidence in the agency.64
The first step in addressing such challenges is to right-size the information that the Commission is collecting in the first place. One such reform would be to prohibit the SEC from collecting personally identifiable information from investors through the Consolidated Audit Trail (CAT). Not only does the collection of such information raise serious constitutional concerns,65 it also presents a concern as to whether the SEC—or really any entity—can appropriately safeguard such information.66 As SEC Commissioner Peirce recognized, the “sheer value and size of the database will make the CAT an inviting target,” and it is not at all clear that any gains to the ability of the SEC to bring enforcement cases are outweighed by the risks to individuals of warehousing this information in the CAT.67
The next step is to ensure that the agency is identifying and promptly remedying cybersecurity and information technology weaknesses. Under the Federal Information Security Modernization Act of 2014 (FISMA), the SEC must undergo an annual independent evaluation of its information security program and practices, overseen by the SEC’s Office of Inspector General. The agency’s performance on such audits, however, has been lagging. The Inspector General’s most recent report to Congress identified a long list of recommendations relating to cybersecurity that had not yet been implemented, going back to 2018.68 And the most recent Inspector General report about the SEC’s management and performance challenges warns that “[f]ailure to timely and effectively implement government-wide zero trust cybersecurity principles may result in the SEC being more susceptible to threat campaigns that target the agency’s IT infrastructure, threaten privacy, damage the American economy, and weaken trust in government.”69 While it looks like the SEC finally may have implemented outstanding recommendations,70 such progress is hardly encouraging given the delay.
As the SEC recognizes for the entities that it regulates, “[m]anaging cyber and information risks is critical to the operation of the financial markets.”71 Yet, despite the FISMA auditing requirements, the SEC continues to encounter information technology and information security challenges at what seems like an alarming rate. Within the past two years alone, the SEC has suffered from a hack of its X account falsely announcing that the SEC had approved a Bitcoin exchange traded product, a problem with the SEC’s internet comment form that resulted in comments for at least eleven proposed rulemakings not being received by the agency,72 and a control deficiency that resulted Division of Enforcement staff being able to access documents created by the agency’s administrative law judge function.73 None of these was without consequence: the X hack moved the market price of Bitcoin, the comment letter form error required the SEC to reopen comment periods for 11 pending rulemakings, and the breach between enforcement and the administrative law judges resulted in the dismissal of 42 pending administrative actions.
Based on these problems, as well as issues identified by the SEC’s Inspector General, it does not appear that the agency holds itself to the same standards that it imposes on the entities that it regulates.74
* * *
Thank you for the opportunity to provide this information about the need for reform at the SEC to increase agency’s accountability and transparency, to ensure adequate input and analysis on agency rulemaking, and to hold the agency to high standards in the exercise of its functions. I welcome any questions that you may have.