SEC Makes the Rules; Doesn't Follow Them

By Dan Elam posted 07-29-2010 21:47



The Securities and Exchange Commission (SEC) plays a major role in the regulation of America’s financial system – a business based on content.  It’s no surprise that the SEC has been instrumental in some of the regulations that affect the content and records management industry.  Regulations like SEC 17a and 17b have forced organizations to spend billions of dollars to comply.  The rules have even influenced other standards like DoD 5015.2.

The SEC has had their own well-documented content management problems.  Freedom of Information Act (FOIA) requests have forced the SEC to spend significant efforts to take financial information from those they regulate and make it available to the public.  The information must be searched and then often redacted to protect sensitive financial information.  It’s a time-consuming process that is made worse by for-profit companies selling the information collected.  (Over 90% of requests typically were from these handful of commercial firms.)  The result has been a government-high number of FOIA requests – more than 15,000 in 2008 alone – and a dismal response time.  Congress has been a frequent critic and the SEC’s own Office of the Inspector General (OIG) found that the SEC median response time was 66 days and complex requests were 570 days.  Federal agencies are allowed 20 days.  Moreover, the OIG found the staff was unaware of records and FOIA policies and procedures, “lacked formal training, did not understand the legal exemptions and did not believe FOIA was a commission priority.”  Experienced ECRM and records management professionals will be familiar with the problems.  In 2007 a judge ruled against the SEC and compelled them to produce the requested records in a particular lawsuit.  A former SEC staff attorney-turned-whistleblower won a $755,000 settlement from his own lawsuit over records related to a thwarted investigation by the attorney.  (Ironically, the SEC later won a $28M insider-trading settlement from the company the attorney had wanted to investigate.)

As recently as 2009, the SEC did examine the use of ECRM-based FOIA solutions to improve operations and reduce costs, but the SEC apparently decided that the political criticism couldn’t wait for a new system and instead use a low-tech approach of adding more clerks to reduce the backlog.

AIG and other financial firms under the regulation of SEC have only made the problem worse as reporters and others have aggressively looked for SEC documents.  FOX Business Network was one example.  Their made FOIA requests seeking information related to various investment frauds such as Bernie Madoff and Allen Stanford.  Later the TARP Congressional Oversight Panel would make use of the documents from FOX Business in their investigation into AIG.

Last week President Obama signed into law sweeping financial reform regulation in the form of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  One provision that got almost no notice was that the SEC no longer has to disclose “records or information derived from surveillance, risk assessments, or other regulatory and oversight activities.”  Since that is basically what the SEC does, it instantly becomes exempt from almost all public records disclosure.  Mere days after the law took effect with almost no one knowing of the provision, the SEC promptly set off a firestorm by rejecting another FOIA action by FOX Business Network.  The SEC could have chosen to administratively comply while it took time to decide how to interpret the rules and slowly tighten the screws, but instead the response came across as quick and confrontational.

No one in Washington has said who put the language into the bill; both parties have reacted with shock.  As written, the SEC has more exemptions than the CIA or National Security Agency (NSA).  As Congress and the Obama Administration deal with fallout from the Afghanistan papers on WikiLeaks, virtually no politicians want to be on record as trying to hide information about wrong-doing in the financial services industry, but the prospects for a change are not clear.

Bills often make it into law with provisions that are not well understood, but they rarely have some sweeping records management implications.  Rep. Darrell Issa – one of more knowledgeable members of Congress for records management issues - serves on the House Oversight and Government Committee and today introduced H.R. 5924 to repeal the specific section of the bill which exempts the FOIA requests.  Given the highly political climate these days the fate of the bill is uncertain, even with support from non-profits associated with FOIA.  Issa (R-CA) is one of Obama’s harshest critics and has other pet issues that are far more important politically.  Democrats may be less likely to support a bill just before the mid-term elections when it is sponsored by such a prominent critic.

Nevertheless, if the provisions are not overturned it won’t be the first time that a bill had unintended consequences.  Lame-duck President Clinton led the HIPPA regulations in part to help Democrats prior to the upcoming elections (a common practice by both parties).  Virtually everyone in Washington ignored the proposed bill because of their certainty that the bill would get overhauled with the next administration.  Criminal fines and near-draconian records management issues were never expected to make it into law.  But when Bush was elected, the timing of bill to become law was while the administration had their hands full with other issues like tax cuts.  The result:  HIPPA became law with no modifications – to the surprise of stunned industry observers.  Cynics will note that records management sometimes isn’t a priority for end-users, but even for those who make the laws.

FOIA requests for the SEC won’t go away:  neither party is willing to risk another AIG/Madoff/etc failure.  But if the rules don’t change, look for more agencies to have changes to what they have to comply with in terms of records management and FOIA.  But for now, the SEC is “do as I say, not as I do”.

#Management #SEC #FOIA #ElectronicRecordsManagement #records