Speaking in Hints: More From SEC Speaks

The star of last week's SEC Speaks forum in Washington was, of course, Mark Cuban—owner of the Dallas Mavericks, and bête noir of the Securities and Exchange Commission ever since he defeated the agency at trial last year over insider-trading charges. Cuban crashed the SEC Speaks forum on Friday and proceeded to give running commentary live on Twitter, which makes for pretty funny reading if you have the time.

Now let's give some attention to what was said during the rest of the program. The SEC Speaks forum is the single largest public gathering of SEC officials all year, so while nobody else may have been as entertaining as Cuban, they did drop plenty of hints of what they want to do in 2014 and beyond.

First, Commissioner Luis Aguilar, who spent a lot of time talking about cyber-security risk. Earlier this month the SEC announced plans for a special forum on cyber-security to be held in March, and Aguilar outed himself as the person behind that idea. He had pressed Chairman Mary Jo White to put cyber-security on the agency's agenda, he said, and he elaborated on his concerns:

I am hoping that the roundtable will foster thoughtful discussions on how SEC-regulated entities and public companies can best prepare for, and respond to, the inevitable cyber-attack. Clearly, both market participants and issuers need to consider and develop appropriate preventive safeguards and they need to have adequate plans in place that will make it easier to quickly repair the damage of an attack.

Right now, federal securities law and SEC guidance focus more on what cyber-security risks companies need to disclose to investors—which is a much lower standard than risks companies need to prevent. Well, as I read Aguilar's comments above, he's talking about prevention and safeguards and repairs; steps that go well beyond disclosure. He also mentions the “inevitable” cyber-attack, and he's right: cyber-attacks are now so common, that merely disclosing such a risk is almost meaningless.

I can't help but wonder whether Aguilar is hinting that companies be prodded to adopt strong internal controls to prevent cyber-security threats, akin to how the Sarbanes-Oxley Act requires you to have strong internal controls to prevent fraud. We'll have to wait until his cyber-security forum on March 26 to learn more.

Newbie Commissioner Kara Stein, meanwhile, sounded every bit like the dogged crusader for investors that one would expect a Democrat appointee to sound like. She singled out “gatekeepers”—executives, accountants, lawyers and, yes, compliance officers—as particularly important targets for enforcement: “Actions will be brought when professionals fail to fulfill their responsibilities.” She also praised the Commission's recent policy change to make defendants settling charges against them admit their guilt more often.

You pursue gatekeepers to send signals, to both Corporate America and the public. You do it to show your agency is made of tough stuff, and isn't afraid to pick fights with powerful people if the cause is right. In other words, you pursue gatekeepers to set a tone, that the SEC is not afraid to make powerful people pay a price when they betray the investing public.

Stein also mentioned the SEC's bad-actor provisions, intended to prevent felons and other persons with a past history of misconduct from participating in certain types of securities offerings. Bad actors can, however, occasionally get a waiver from those provisions. Stein took time in her speech to call for fewer waivers to be granted.

We must ensure that we have a fair, sound and consistent basis for granting or denying a waiver request … I am pleased to be working with my colleagues to ensure that we have clear waiver policies that I think will buttress our efforts to promote the public interest and protect investors. 

That suggests to me that Stein wants a clear policy on granting waivers so the SEC can grant less of them; set a high bar for bad actors, make that bar clearly visible, and let people be on warning. Again, you do that to set a tone.

I have to admit, the most run-of-the-mill speech came from SEC Chair Mary Jo White herself, who gave such a sweeping overview of SEC activity that you couldn't discern anything terribly newsworthy. White covered the whole range of SEC oversight: financial fraud, enforcement, municipal advisers, broker-dealers, the tick-size for stock quotes, disclosure reform, and more.

She did, however, elaborate on the SEC's long-promised update of its disclosure regime. White first floated the idea of disclosure reform in October, and the SEC staff published a preliminary study of disclosure reform in December. We've all been waiting for another update since then.

Well, White said, “This year, the Corp Fin staff will focus on making specific recommendations for updating the rules that govern public company disclosure.  As part of this effort, Corp Fin will be broadly seeking input from companies and investors.”

That sounds like another round of roundtables to me. Stay tuned.