By Dennis Stubblefield, Esq. of Shustak Reynolds & Partners, P.C. posted on Friday, September 22, 2017.
Dennis Stubblefield, Esq.
619.696.9500
[email protected]
We just posted our overview of the SEC Hack. The agency has thus far specified just EDGAR as being compromised. However, the SEC should also quickly evaluate what accountability it should demonstrate to the varied constituents who get caught up in its enforcement apparatus, i.e., any and all companies and individuals---extending way beyond regulated entities like broker-dealers and investment advisers---who come within reach of the investigative powers of its Division of Enforcement.
Enforcement can command the production of documents and the furnishing of testimony from any “person,” (including entities) and it does so regularly and aggressively. Such information reflects and reveals a broad swath of data ranging from documents containing social security, bank, brokerage and telephone numbers to witnesses’ testimony about anything and everything relevant to investigations. Such investigations are “non-public,” and documents are routinely submitted by companies and persons with the clear notation, usually on each and every page, “Confidential Treatment Requested.”
It is true that the Commission has broad discretion to share and release information, even the most valuable and sensitive, and even when clearly flagged as confidential, consistent with its obligations under the Freedom of Information and Privacy Acts. Nonetheless, enforcement defense practitioners have long assumed that the SEC has a reasonably solid system and process underlying the exercise of such discretion. Perhaps this assumption should be reexamined in light of the hack. After all, what is the worth and sufficiency of an agency determination to release or not release information if the basic integrity of its own system and process surrounding that information is called into question?
It is already daunting enough for individuals and companies to deal with the fact that sensitive information is routinely shared with DOJ, its United States Attorneys, FINRA and other governmental and quasi-governmental agencies. This concern is particularly compelling for “Good Citizen Boy Scouts and Girls” who have done nothing wrong yet have had to discharge their legal obligation when commanded by the government, often at considerable burden to them in terms of lost productive time and significant attorneys’ fees.
But is it too much to ask that such good citizens -- and indeed each and every person and company cooperating with the Commission -- have some sort of decent comfort level that information furnished by them is at least reasonably safe from the prying eyes of predators ranging from identity thieves to market manipulators?
The answer of course is a resounding “No.”
Anyone who has furnished such information to the Enforcement Staff should consider asking the Staff Attorney assigned to the investigation whether such information has been compromised. You will very likely not get an answer, but, whatever the response, consider documenting it. That way you will have “made a record,” in case you need it later.
As of press time, the SEC’s website had no mention of the hack, much less any guidance on what affected parties may wish to consider doing about it.
Shustak Reynolds & Partners, P.C. regularly represents firms and individuals in SEC, FINRA, securities, investment, and financial services matters, including litigation, arbitration, enforcement and investigation matters. If you or your company require counsel in these areas, contact us today for a confidential, complimentary consultation.
Dennis Stubblefield, our Partner in charge of the firm’s Orange County office, was formerly an enforcement attorney with the SEC, and General Counsel of several AIG/SunAmerica broker-dealers. His practice focuses on enforcement defense in matters investigated and litigated by the SEC and FINRA. He also provides expert witness testimony and consultation on broker-dealer compliance and supervision, particularly in the context of customer-firm disputes in FINRA arbitration.