On January 7, 2021, the Securities & Exchange Commission (“SEC”) issued an unusual
statement inviting comments on a proposal to create a fraud-detection program that had previously been considered internally. Under the contemplated program, initially conceived in 2011, members of a new unit within the SEC, called the Fraud Surveillance Team (“FST”), would pose as prospective investors and contact individuals suspected of engaging in criminal violations of securities laws in an undercover capacity. In the event that such investigation suggested criminal conduct, the FST would then refer the violations to the DOJ. While the SEC provided no indication as to how likely it is to enact such a program (and the time that has passed since its initial conception makes it seem far from imminent), even the suggestion raises significant questions as to the role of the SEC as a civil regulatory and enforcement agency.
The SEC’s statement notes that in 2012 the Office of Legal Counsel (“OLC”) issued an unpublished legal
opinion stating that this program would qualify for an exemption from the Privacy Act of 1974. Section 522a(e)(3) of the Privacy Act requires the SEC to inform individuals from whom it seeks information of: (i) the authority authorizing the solicitation of the information and whether disclosure of such information is mandatory or voluntary; (ii) the principal purpose of the information; (iii) the routine uses that the information may be used for; and (iv) the consequences of not providing the sought-after information. The Privacy Act, however, permits an agency to promulgate an exemption from these requirements for agencies or components of agencies whose principal function is an activity pertaining to the enforcement of criminal laws and whose records consist of information compiled for the purpose of criminal investigation and associated with an identifiable individual. 5 U.S.C. § 522a(j)(2).
As the OLC opinion acknowledges, the SEC cannot prosecute criminal violations. But the SEC is permitted to investigate conduct that it suspects is criminal and every “willful” violation of securities laws constitutes a criminal offense. Accordingly, the OLC reasoned that because the FST’s principal function would be an “activity pertaining to the enforcement of criminal laws”—the identification of potential criminals and the development of evidence in support of criminal prosecution—the program would meet the Section 522a(j)(2) exemption provided that there is an agency rule. To add further support, the OLC identified similar agencies, including the inspector general’s office of the State Department and the IRS’s Criminal Investigation Division, whose activities were similar to the proposed FST and qualified for the exemption. While acknowledging that FST records could be accessed in certain situations by other staff members in the SEC for civil purposes, the OLC concluded that the FST records as a whole could be compiled for criminal investigation and associated with identifiable individuals whom the FST contacts in the course of its criminal investigations. Therefore, the SEC’s proposed program would ostensibly meet all requirements for an exemption from the Privacy Act and be permitted.
It is unclear what significance to attach to the fact that the SEC chose to seek public comment now on a prospective program it has privately considered since 2011. The SEC’s statement came with little fanfare and appears to have been prompted by the public disclosure of a volume of selected DOJ opinions in early January 2020, which included the OLC’s opinion on whether the program qualified for an exemption to the Privacy Act.
If the SEC chooses to move forward in implementing this undercover program, it would likely be quite controversial. While it would almost certainly lead to an increase in prosecutions and enforcement actions, such a program may be seen as an inappropriate effort by a civil enforcement agency to undertake investigative work typically reserved for criminal prosecutors. On some level, the proposed program would fall into a pattern of the SEC expanding its role in the investigation of potentially criminal conduct and strengthening its ties to the DOJ. For instance, beginning in 2010, the SEC expanded its toolset of remedies to securities violations by adopting the use of cooperation agreements, deferred prosecution agreements, and non-prosecution agreements as intermediate steps between an admission of liability and declining to bring a civil complaint—analogues to criminal prosecution that have less of an obvious place in civil enforcement. But the FST initiative, if pursued, may be seen as going a step too far in disrupting the balance the SEC is tasked with maintaining as a civil regulator with enforcement capabilities. Of course wrongdoers should be pursued, but the question will be who should do it and how. In general, regulated entities strive to have transparent and cooperative relationships with the SEC; they may feel less able to do so if fearful that the SEC may cause undercover investigators to seek information about them.
