SEC's Clayton Criticized by Both Parties Over Hack Response

Updated on
  • Senators Crapo and Brown fault regulator over disclosure delay
  • Agency is under attack from ‘nefarious actors,’ chairman says

Jay Clayton speaks during a Senate Appropriations Subcommittee hearing in Washington, D.C., on June 27, 2017.

Photographer: Andrew Harrer/Bloomberg

U.S. Securities and Exchange Commission Chairman Jay Clayton faced criticism from both sides of the political aisle Tuesday over his agency’s handling of a 2016 cyberattack that may have allowed hackers to profit from trading on nonpublic information.

Senate Banking Committee Chairman Mike Crapo, an Idaho Republican, told Clayton that he was disturbed to learn that the SEC had suffered a breach of the Edgar system for corporate filings in 2016, but didn’t inform the public until last week. Crapo was followed by Senator Sherrod Brown of Ohio, the panel’s top Democrat, who questioned the agency’s ability to hold companies responsible in light of its own failings.

“How can you expect companies to do the right thing when you agency has not?” Brown asked Clayton at a Banking Committee oversight hearing that focused on the agency’s handling of the attack on its system and a massive breach disclosed by Equifax Inc. earlier this month.

Clayton, who’s been leading the SEC since May, told lawmakers that he only became aware last month of the seriousness of the intrusion involving a part of Edgar that lets firms fill out dummy forms to test their ability to use the system. The SEC announced Monday that it has started a cyber unit within its enforcement division.

The SEC is under constant attack from “nefarious actors,” Clayton told the lawmakers. He said he isn’t 100 percent certain that last year’s attack is the only time the agency has been breached.

Equifax Resignations

Senators also questioned Clayton about resignations of Equifax executives amid criticism of the credit-reporting company’s response to an attack that may have compromised personal information on 143 million Americans. Clayton declined to say whether it was proper for executives including Chief Executive Officer Richard Smith to step down while keeping past pay and benefits, but said that if company officials failed to properly disclose material information clawbacks should be on the table.

Brown said Smith, whose resignation was announced Tuesday, shouldn’t be allowed to walk away from Equifax with a “big payday.” And Senator Elizabeth Warren, the Banking Committee member who has been a leading critic of the company, released a statement calling on Smith to relinquish some of his compensation.

“It’s not real accountability if the CEO resigns without giving back a nickel in pay and without publicly answering questions,” the Massachusetts Democrat said in the statement. “The American public deserves answers about what went wrong at Equifax and what the company plans to do going forward.” Smith was scheduled to appear at a Banking Committee hearing next week.

Clayton repeatedly declined to comment on the Equifax case specifically. He said the SEC won’t stand for executives taking advantage of non-public information to profit.

Insider Trading

The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax violated insider-trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation. The SEC has been working with those prosecutors on the investigation, according to another person familiar with the matter.

At Tuesday’s hearing, Clayton faced multiple questions over how the SEC can ensure there won’t be a breach of the Consolidated Audit Trail, an enormous database of equity trades that is being built to give regulators better transparency into markets. He responded that the SEC is committed to ensuring the security of proprietary information, adding that the agency won’t ask firms to turn over more data than it needs.

Regarding the breach into the SEC’s Edgar system, Clayton said he’s ordered the agency’s inspector general to conduct an investigation of who at the agency knew what and when they knew it. Clayton said he has “no indication” that his predecessor, Mary Jo White, was aware of the incident.

— With assistance by Tom Schoenberg

    Before it's here, it's on the Bloomberg Terminal.