recommended reading

Technology limitations hamper SEC enforcement efforts

A lack of information technology support and resources has hampered the Securities and Exchange Commission's efforts to purse legal action against companies and individuals for financial fraud, according to the Government Accountability Office.

A GAO report released this week concluded that outdated information technology systems at the SEC limited the effectiveness of the agency's enforcement division. Attorneys in the division told GAO auditors that a lack of resources for staff and IT meant several promising cases were closed prematurely and many leads could not be pursued. Neither GAO nor SEC responded to a request for comment on Friday.

"A number of investigative attorneys said information technology support of enforcement actions is inefficient and outdated," the report stated. "[The] Concordance system for managing documents is a particular area of concern. Some attorneys told us it takes weeks, or even months, for case records to be sent to headquarters and loaded onto the system to become available for use."

GAO found that Concordance lacks basic functionalities available on systems private law firms use, such as some search functions and the ability to reconstruct chains of e-mails. Some defense attorneys said it was not uncommon for SEC enforcement attorneys to call them to request information because the staff was unable to search for it themselves.

Another cause of delays is the downloading of information from computer hard drives seized during SEC probes. Investigative attorneys told GAO that there can be lengthy delays while IT employees retrieve the contents of the drives.

"For example, one attorney told us about a case in active litigation in which [the] enforcement [division] had to seek an extension of time for discovery because after six months, only two of a number of hard drives had been downloaded."

Attorneys also complained that the agency uses an antiquated taping system to transcribe testimony, leading to delays and errors. Private parties often use technology that allows for real-time transcription of testimony.

Some SEC attorneys suggested that implementing a divisionwide system for sharing information such as legal documents or analyses, similar to those private law firms use, would make attorneys more productive. Enforcement attorneys also said they were unable to access information collected by other branches of the SEC that might be useful during an investigation.

In a written response to the report, newly appointed Commissioner Mary Schapiro said she would work with Robert Khuzami, SEC's new director of enforcement, to reform the division. Reforms, she said, would include "harnessing technology, improving risk assessment, and improving training and supervision for our line law enforcement personnel."

In testimony Thursday before a Senate Banking subcommittee, Khuzami said cuts to the agency's IT budget have limited investments in new technology.

"Our budget for new technology investments is still more than 50 percent lower than the 2005 level. If the SEC were to receive additional enforcement resources, we would be able to continue rebuilding our staff and technology investments, which would reinvigorate the enforcement division and help restore investor confidence," Khuzami said.

He said the agency is "working on a number of technology initiatives designed to bolster its ability to detect, investigate and prosecute wrongdoing." That may include creating a system to help the agency handle tips, complaints and referrals. SEC has retained the nonprofit research firm MITRE Corp. to advise them on how they can better track tips and complaints.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.