SEC Facing Damaging Data Destruction Allegations

US regulator questioned over files on Madoff and Lehman Brothers

The Securities and Exchange Commission (SEC), the US financial regulator, has been accused of destroying thousands of data files on high profile inquiries including an early-stage investigation into convicted Ponzi scheme fraudster Bernard Madoff.

The allegations, raised by former SEC employee Darcy Flynn, have prompted the US Senate Judiciary Committee to write to SEC chairwoman Mary Schapiro to demand an immediate explanation.

The SEC, the US equivalent to Britain's Financial Services Authority, exists to set a tough example on corporate governance, and it fines banks heavily for both lax practice and deliberate malpractice. Questions over any involvement it may have in sensitive document destruction are not likely to sit comfortably with some in the industry.

The regulator, which has won much-publicised multimillion dollar cases against malpractice at banks, has also been heavily criticised for missing numerous warning signs in its investigations, particularly around Madoff, and any destruction of files could be viewed unfavourably.

Senator Chuck Grassley, the senior Republican on the Senate Judiciary committee, said the data that the SEC is alleged to have destroyed - between 1993 and 2010 - also concerned investigations into alleged insider trading at Deutsche Bank, SAC Capital and collapsed bank Lehman Brothers; as well as into corporate practices during Goldman Sachs' trading of complex products with insurer AIG.

In the Goldman Sachs case, the bank was this month made the subject of an $11 billion lawsuit from the insurer over the products, which it says were fraudulently missold.

The SEC insists it has a record of investigations where required by law, including relevant emails and data it has received. However, it acknowledges it has deleted a certain amount of case data.

The allegations concern investigations at an early, informal stage, known as 'matters under inquiry'. As Flynn raised his concerns, he said any data destruction, even at the preliminary investigation stage, would be "unlawful".

The committee said the data destruction might also "have compromised enforcement" in the key cases concerning major banks and hedge funds.

"From what I've seen, it looks as if the SEC might have sanctioned some level of case-related document destruction," Grassley said.

"It doesn't make sense that an agency responsible for investigations would want to get rid of potential evidence. If these charges are true, the agency needs to explain why it destroyed documents, how many documents it destroyed over what timeframe, and to what extent its actions were consistent with the law."

Nevertheless, the allegations centre around highly complex definitions of types of record, and what is seen as correct practice by the US National Archives. Each type of record has specific requirements, and if different people handle a record it can lead to new requirements on storage.

These complex technicalities are likely to affect the outcome of the committee's inquiry into the SEC, which is preparing its own response.

But the committee has made clear its position. In his letter to the regulator, Grassley wrote that any data destruction "would appear to greatly handicap the SEC's ability to create patterns in complex cases and calls into question the SEC's ability to properly retain and catalogue documents".

He also asked the SEC to explain if it was concerned about the destruction of data, if it can retrieve any of the information, and if it understands its legal obligations.

The SEC has said that records were deleted during the period of the allegations. sources said the regulator's change of policy last year - to insist on the storage of the data - was a move that came in response to the whistleblower allegations. While the agency is not said to believe it was breaking the rules, it wanted to be sure it was taking the right steps in every situation.

No official explanation has been given, however, for the change of practice.

A spokesperson at the regulator said there was "no requirement" that "every document the SEC is sent", amounting to terabytes of data every month, must be retained. The regulator has full records of case notes on the preliminary investigations where it is deemed in keeping with national policy, it said, and retains all full investigation details for 25 years.

Copyright © 2011 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022