SEC and CFTC Fines Follow-Up: Collection Programs Are Improving, but Further Steps Are Warranted

SEC Enforcement Division staff are working with SEC's Office of Information Technology staff to extract a listing of cases that are eligible to be transferred to Treasury for subsequent collection activities. Once they are able to determine how many cases there actually are, they will determine what the appropriate strategy for proceeding with processing them for this transfer.

Since we made this recommendation in 2003, SEC's planned solutions to address the deficiencies in its tracking of investigations and enforcement actions have continued to evolve. In 2004, as reported in GAO-05-670, SEC discontinued its use of the Disgorgement and Penalties Tracking System and modified its existing Case Activity Tracking System (CATS) to capture financial data. Since 2004 SEC has continued to upgrade CATS to improve the system's capabilities. Despite these efforts, CATS remains severely limited and virtually unusable as a management tool. Therefore, as reported in GAO-07-830, SEC is developing a new investigation information management system, known as the Hub, which is scheduled to be in use by the Enforcement Division by the end of fiscal year 2007. According to Enforcement officials, the Hub will significantly enhance the division's capacity to manage the investigative process and it is designed to be generally accessible to all division staff, user-friendly, searchable, and allows for new data fields to be added. Although SEC has deviated from implementing the action plan noted in this recommendation, the agency has taken steps to address the intent of the recommendation. As such, we determined that SEC has implemented the recommendation.

SEC's Office of Compliance Inspections and Examinations (OCIE), which has oversight responsibility over securities SROs and routinely inspects their disciplinary programs, has begun to analyze data on the SROs' disciplinary actions. On January 31, 2005, OCIE staff provided GAO with copies of analyses conducted to date. The analyses focused on six commonly-cited SRO rule violations and covered the following: misrepresentation or material omissions of fact, failure to respond truthfully and completely, outside business activities, net capital violations, conversion, and continuing education requirements. A senior OCIE official, Helene McGee, told GAO during a May 5, 2005, follow-up interview that OCIE had not conducted any additional analyses since the January 31 meeting but plans to do so. She said OCIE also plans to use the findings from its analyses to determine the scope and timing of future SRO inspections. SEC's Office of Information Technology has also established a September 2005 time frame for implementing a new Web-based SRO database to replace the current database. As of May 2005, OIT was on schedule to meet all of its internal goals for a successful September 2005 deployment.

In response to our recommendation, since July 2004, CFTC worked with futures and securities regulators such as National Futures Association (NFA) to develop suggested best practices for fingerprinting procedures for the futures industry. According to Mr. Nathan, NFA made some adjustments to the fingerprinting guidance developed by the task force to tailor the suggested best practices to the futures industry. The guidance became available to NFA members on July 29, 2005.

Since July 2004, SEC has worked on a task force with CFTC, and several of their SROs to develop suggested best practices for fingerprinting procedures for the securities industry. The task force used the FBI's fingerprinting guidance for preventing fingerprinting fraud in civil and criminal cases. According to Mr. Etter, SEC's suggested best practices for fingerprinting procedures became effective on May 26, 2005, after NASD published a "Notice to Members" reminding its members to review and update their fingerprinting procedures so that the identity of persons submitting their fingerprints can be identified.