I know were out of time but could you address the question with you would take a fresh look in terms of fbi regulations about other parts of market coverage . Thank you for your letter which i read last night and i agree with you that we need to look at those other important venues in our equity market system to see if they should be reporting on the same basis and as you raised in your letter, whether the public has enough information about which entities are subject . Important we get the information out because responsible entities can vote and move to areas that have this minimum protection in place. Rounds. Good morning. Some of my colleagues have raised the issue of cyberattack, the Electronic System filing corporate disclosures. This incident occurred before your nomination and confirmation but i would like to hear your thoughts on what this incident might suggest about broader posture regarding cybersecurity. It is difficult for any one agency to protect against these intrusions and the level of expertise necessary would help a number of different agencies and departments. The attack that took place, do you feel you have adequate resources to protect yourself in the future and does there need to be more crosscutting interagency effort to prevent these serious intrusions in the future . This is an area, data point to describe to people. Other people in my position or similar positions and other agencies feel the same way i do, this is a risk to our agencies, more resources going forward, private actors and Capital Markets devote Information Technology and cybersecurity as part of that. Single actors dwarf the amount we have available to spend in this area. We are a bit out of step. If you take a look, the system that will remain in place, it has been modified, customized, a little more vulnerable than other large systems that basically have a number of patches, in agencies hands. Another system coming on board, the cad system, comprehensive audit trail, compatible or operational at the same time. A huge amount of information at some location, investors, personal information and so forth, on the system itself, to say time out to make darn sure the new systems coming on board, and time to have second or third opinions, to protect this valuable data, if you were patches, the thoughts in the process implementing the system in the future. Two responses. It has been clear to me we dont want to be taking data from the s we need it and protect it. With respect to whether it is a timeout i dont think a fulltime out on the cat makes sense, that already exists. Whether we need that data it can rank that data, doing not 01 off, nope unintended, we should be doing the Critical Thinking you are asking me to do and how we bring it online and how we sequence what we do. Do we have the resources in process today . That vetting process is a prerequisite. It is time determine at a. I understand certain Federal Reserve capital regulations may be inadvertently causing liquidity concerns that the sec regulates, the securities and Exchange Commission with interested parties on a solution to make this a priority. Liquidity and options, in the listed option. Not just important for the martin all our markets so yes, theres a liquidity issue, it can affect cash equities markets. An important issue. Thank you, sir. Thank you for being here. In one of your first speeches you noted there has been, quote, the total number of us listed Public Companies over the last two decades and you said this decline was, quote, a serious issue for the markets in the country and wanted to to encourage more companies to go public so ordinary investors, 401 k as you called them could get opportunities to invest in emerging companies, you used this rationale for arguing we should review or reduce the disclosure burdens on Public Companies. I want to understand your thinking on this, you compare the number of companies today with the number of companies in 1996, 1997 for your comparison point, the height of the dot. Com boom and there was a sharp increase in the number of Companies Leading to the 1997 years and a lot of those companies failed over the next few years leaving mister and mrs. 401 k losing a lot of money. In 199697 is your target years for comparison, those were the ideal Market Conditions for ordinary investors. I am happy to pick any period over a 5 to 7 year period. You wont come up with the same conclusion. The trend has been i dont think so, lets talk about the trend. To recreate the bubble that wiped out billions of dollars of investor value 20 years ago. Lets look at the trends since the dot. Com bubble popped, there has been a slight decline in the number of Public Companies since then. Most evidence shows that is primarily, mergers, and acquisitions, and soon give a speech supporting stronger trust out lets look at the ipos since that is your focus. You want to get more investors involved in emerging companies, more Companies Going public. In 1996, the peak of the dot. Com bubble, 624 ipos with total of 36 billion. And half of that number, the average volume was higher, and ipo raise 96 billion, nearly triple the total debt volume in 1996, people are investing more money in ipos than i did at the height of the dot. Com boom. If your primary focus is on investors, not on the bankers and those who make money on these ipos, why do you care if there are fewer ipos so long as ipos overall are attracting investor dollars. The growth curve, i believe those ipos used to happen here and if you invest in a portfolio of companies down here, as they go up the growth curve, you as a Retail Investor better off than getting on up here where companies mature and not growing as much. That is your point of view but have you looked at the data on this, fewer but bigger ipos is better for investors. The Ipo Companies have more revenue, they tend to perform better in the long run, more ipos and more failures which looks to me like a positive outcome on his 401 k . Different people have different perspectives on this. It is a concern to me on that growth curve, private money and those investors have done very well and in many cases relatively much better what the data shows us is the ipos now are performing better for investors and less likely to wipe investors out. Let me state my concern, you are using the decline to argue there is something wrong in the market and rules and regulations making a too hard for companies to go public but the data show investors putting more money into ipos now than ever before and those Ipo Companies are doing better for investors because they are more stable before they come to market. The disclosure and Registration Requirements may make life a whole lot more profitable for a handful of bankers and corporate attorneys who want more ipos in the system but there is no evidence it will make life better for investors. It is investors, not bankers and lawyers, you are supposed to be watching out for at the sec. Thank you, mister chairman. Commissioner, for being here. You say materiality is the core of the system of disclosure. Companies should disclose more. I agree. I want to talk about the risk of Climate Change and Severe Weather. In the last 35 years the average number of inflationadjusted, 1 billion Severe Weather events was 5. 5 per year. In the last 5 years it has doubled. I know in 2010 the sec provided some guidance about Climate Disclosure but not much additionally has happened. I want you to talk about how you view Climate Change and materiality, it is becoming increasingly clear we cannot ignore these Severe Weather events and the impact they have on publicly traded companies. I do believe, there are a number of industries where if there are patterns, changes in weather events in this type of thing, those developments do have impacts on companies that should be disclosed. Weather events, recurrence of them, are we experiencing increased losses, trends and increased loss, something investors should know about. Regulatory responses to those events, regulatory responses to those events going to affect the companies, those companies should discuss them. I believe it. Do you think the sec is doing enough to require this disclosure . We have issued guidance around this. We have guidance in a number of areas. I cant say every day but on a fairly regular basis discuss with the division of Corporation Finance whether our guidance in this area or the cybersecurity area or other areas should be updated or otherwise changed. I understand your in conversation, with your current thinking about this. My current thinking is guidance is good but we should continue to look at it. I agree with you there are industries that need to pay close attention to these trendss. Let me give you a specific example, valero energys 10k filing for 2016 state some scientists have concluded the increasing concentrations of Greenhouse Gas emissions in the atmosphere may produce Climate Change with a significant physical effect like increase frequency and severity of storms and floods and other climate events. If any such effects were to occur it is uncertain if they would have an adverse effect on our Financial Condition and operations. At the end of august 2017, Hurricane Harvey, one of the strongest atlantic storms in history, shuttered 20 of the Oil Refinery Industry including five refineries owned by bolero. They usually produce 1. 1 Million Barrels a day which is a third of the total capacity. The week after the hurricane boleros refineries were not back online. Doesnt seem Hurricane Harvey had a material adverse effect on boleros Financial Condition . I dont know the numbers but it would not surprise me an event of that type would have an adverse affect on a companys Financial Condition. Do you think that the sec is doing enough to require disclosure from some of these companies . It seems to me part of the problem is politics, people dont want, not for you but these companies, they dont want to way into something that is the subject of some controversy. The other problem is institutionally the sec measures risks that can be measured, customarily measured and this is a relatively new risk scientists are essentially stipulating to and the system in the sec and elsewhere in the Financial Services industry everywhere is not equipped to evaluate this, what we do is book it at 0. We assume it doesnt exist because it is difficult to assess. When you assess political risk, regulatory risk, other risks that may be material you have a way to get at that but climate risk in a financial context is new. I would just ask, 2010 is a long time ago when it comes to our thinking about climate. A long time ago when it comes to the fiscal impact of republican, private sector, when it comes to Severe Weather. I dont think the 2000 and guidance suffices and i encourage you to maintain an open mind in this space and devote staff time to articulating how we are going to quantify the adverse impacts of Climate Change on the industry. I will, thank you. Good morning, mister clayton, thank you for being here. I have a concern about the fact the sec staff today do not have to abide by the same stringent security protocols uses of the cash database are required to abide by. The gao has identified a few weaknesses related to the sec cybersecurity protocol. Can you give us an update how you are addressing those concerns . Also the other safeguards around the nms plan as well. I want to make this clear. With respect to the cat, we are not going to take the data unless we needed and with respect to your specific question about whether our security protocols for individuals are not as stringent as they should be i dont have an answer to that right now. Do you agree with that conclusion . You are new on the job. They should be. Do you have a position yet . Do you know whether they are, the gaos conclusion . I dont have a position on that now but i think we should be mindful of any guidance. You are working on it today and will you come back to this committee on it when you get more information . Yes. The same concern, under the jobs act companies and revenues hundred Million Dollars file ipo in secondary officers, they would not be related to the public until 15 days, under your leadership this has been extended to companies of all sizes. Can you describe advantages over confidential filing how to improve our more complicated ipo process . The confidential filing process greatly aids companies when they are transitioning to Public Companies. We Want Companies to transition to Public Companies, they are better companies. When they have public of the Financial Statements when you go through the process of sec disclosure they become better companies. Letting the world see all of your financials and strategies and risks long before you go public causes some companies to pull back from that. I am very comfortable, it is a great idea that we allow companies to confidentially submit that information so it can be reviewed the we can comment and tell them where they need to improve and with plenty of time for investors to assess that information make it public before the ipo. It is a smart move that does not listen Investor Protection and increases the number of opportunities investors have. One last question. The conflict minerals rule, can you give us an update how you are looking at that . There was a Court Determination that part of the rule was an issue with it, the rules on the books issued no action guidance in how to comply, we are reviewing the rule, the no action guidance in light of the court case. That is where it stands. Thank you, mister chairman. Senator van holland. Thank you for your testimony. I want to pick up on the questions senator brown asked about materiality. You indicated you are the triggering event for disclosure was a Material Change in circumstances of the company. Generally. You dont want to get into the equifax situation but you would agree not talking about any company, if in fact there was a Material Change it would be wrong pause for executives of that company to then knowingly trade stock before they made any disclosure. Yes. I want to get to what materiality means. I dont believe the sec has definition in the context of cybersecurity. The general definition of materiality does apply in the cyber context. I dont mean the concept doesnt apply but there is no standard definition how to apply the concept of materiality to a cyberbreach. The sec doesnt say cyberbreach would result in disclosure of x amount of information about customers leading to a significant change, the sec doesnt have that. Disclosure of this many people, we dont have that. You know it when you see it, is that the idea . Does the sec bring these materiality cases for failure violation of disclosure . We do. Let me ask you, if you agree it is wrong for people to knowingly trade on information that had not been disclosed, would you agree once a company has decided something is material, that their executives should not be trading that start . Between the time it is material and the time they filed a disclosure to the public in a four day period . I will be very what you are asking is a control issue. Should there be a control in place to assure when a decision is made at a company there has been a material event and there will be disclosure, the company has in place a control to prevent that is what i am suggesting. It is a very good question and a fair question. Whether that is an area with insidertrading or control failure is something. It seems to me there should be a presumption that once the company decided theres a Material Change and before they disclose that to the public there should be a rule that executives dont trade that stock. Does that make sense in terms of protecting the markets . I dont want to comment on a specific company. Those companies have insidertrading policies was having a thoughtful insidertrading policy controlling the suggestion is an important part of corporate hygiene. On the house side, we are working on it but there is a whole question about when you determine materiality. We are talking about that. It seems like a nobrainer that once the company has determined there has been a Material Change and before they notify the public which they have more ways to do, you would require them not to sell stock. Why isnt that obvious . I like the concept. When i was in the private sector i put the concept in insidertrading policies, general counsel would be somebody executives had to clear all trades with, those are the so there is a study done in september 2015 by harvard law school, joshua minutes and others have done studies that showed what they called the 8k trading gap, executives have made money during this four day period, whatever time he lapses between a decision on Material Change that has been made and disclosure. Do you agree it is wrong for executives to make money during that period based on information about materiality . Shouldnt there be a general rule that once the corporation has made a decision, something is material, they not be allowed, their executives not be allowed to trade . I like look forward to working with you on this. Senator shelby. Sorry i had to leave the hearing, we have some other things. Chairman clayton, welcome. Didnt have a chance to do this. I miss a lot of the testimony but i hope this has not been one of the questions. Your confirmation hearing, you agreed my longstanding belief a costbenefit analysis on rulemaking was appropriate to sec, i appreciate your leadership on this issue. What is the sec doing or trying to do to come forward with meaningful costbenefit analysis because rules cost money, sometimes they are really necessary. It is overkill but we all know and you know in your other life that i dont believe work has been done in the costbenefit analysis, talking securities in your area right now. I agree with you costbenefit analysis is very important in rulemaking and important in rulemaking not just should we have the rule or not have the rule, if we have the rule how should it be crafted . What are we getting for this component as opposed to the cost of that component . Not just yes or no but how we craft the rule and importantly what people are going to do to demonstrate compliance and are we getting the best compliance requiring them to demonstrate, we want the best compliance but wanted to be done in the most efficient way to get there and i very much believe that. Where are you and what are you doing . You havent been at sec too long but glad to see you there. What do you expect to do as far as setting the tone and standards . This is an area a couple gated area. It is complicated and i have enjoyed sitting and discussing exactly these things including some of the pending rulemaking we have. This is a focus group. We brought a new chief economist, happy to have him on board. This is an area of interest to me and i agree with you. I was not here earlier but my understanding, the trend of fewer ipos was mentioned which a lot of us dont like, seems like the economy is not doing as it should. What is your thought on that without rehashing everything, what is the trend and what is the information . Let me focus on ipo or not ipo, it is the water coming into the bathtub, there are reasons things go out of the bathtub but i want a bigger bathtub. I want a bigger bathtub. I want people to have more choice. It is difficult for Retail Investors either directly by buying stock or indirectly through mutual funds to have access to invested opportunities outside the public Capital Markets. On balance, i like a larger capital Public Market because i like Retail Investors to have more access to those choices. We have some people who believe 5 trillion in council, lying around looking for a better investment, look at the savings accounts, people not getting much, dividends, the money markets, you name it. How can we put a lot of that money to work from the economy. You are not secretary of the treasury but what you do and your colleagues do does feed right into our economic growth. My aim is more and better Investment Opportunity but i want to be clear a focus for me has been Retail Investor fraud. I want to get more and better investment opportunities, repeat actors get rid of them absolutely. That is as important if not more important than increasing is a number of opportunities. We got to do this. Bring some confidence to the little person. Absolutely. We like what you are doing. Senator camp heitkamp. Before i start with questions we had a long conversation about a bill senator heller and i had that would create a fulltime Small Business advocate with an the sec. You move expeditiously to do that and i want to acknowledge that and tell you how critically important it is that we have that outreach. Your exchange with senator warren filled that opportunity. And microsoft or whatever comes along. With that said they all started in a garage, started with a great idea. I went to walk through thinking people in my state have. They think about gambling and las vegas, a lot think what you do is gambling. If they go to las vegas there is a regulatory body that if someone cheats they are going to get caught and the game is fair and if they cheat or somebody is rigging of the system they have confidence they are going to go to jail. If you took gambling and used those same guidelines or benchmarks people feel about the equity markets. Las vegas gets probably afor security and fairness and i dont know if you get a or athe equity markets as best you can do, probably at a c. If you dont respond to this and respond to the issues that have been raised across the table on what happens when the public seems executive trading after a material event, they use those languages, they would say here it is again, they make money and we lose money, would have had shares, we are worth 25 less in our 401 k . Tell me what we are going to do to convince my retail purchaser you just talked about, what you are going to do is on rig the system and get back to a level of confidence the equity markets are fair. I can tell you people at the commission and i look at those people when we make decisions. People make fun of it or not make fun of it, that is how i look at what i am doing and that is in the markets. I know what they want to know, we have their back, policing large Public Companies, looking at what the executives are doing and if they take unfair advantage in that four day window, that is not appropriate and we will do something about it. As far as retail folks go i am also really worried about the amount of retail fraud. The retail fraud i see every day in terms of Enforcement Actions that we see disgusts me and it has been in the works for some time, we implemented a new retail fraud unit because like you i believe if the main street investor doesnt think we have their back we are not doing their job. That is how i feel. It is not if the main street investor thinks they dont really believe that. Too much history here and to act boldly and directly is essential to bring back that confidence. If it is all behind the curtain, pay no attention, we are studying it. They will study it until next time it happens, then they will study it again and we are never protected. We dont have access to that information and we lose money because when the public knows guess what happens . That stock tanks. I take the loss while executives walk away with a big payoff. It is not a formula for success. I honestly believe people trust the regulators in las vegas to make sure that slot machine is fair more than they trust you to make sure when they buy an equity on markets they are treated appropriately. Of that is the case i want to change it. You need to focus because i believe it is the case. Senator cotton. Thank you, mister chairman, welcome to the committee. I want to focus on some of the challenges on smaller businesses, smaller investors. You may be aware of a Small Business in arkansas we call walmart. Somewhat large now. It continues to provide lots of great jobs for arkansans, groceries, kids toys and clothes and Everything Else under the sun. From 1970, the walmart ipo document, 26 pages, 20 if you exclude the financials, walmarts ipo 1970. The snap ipo document from last year, 247 pages, ten times the size of walmarts ipo. This explains why we have so many fewer ipos then we once did for smaller firms. Dont think you can attribute it to the dot. Com boom from 20 years ago. Other developed countries have seen a 50 increase over the same time period and the types of those ipos have changed, many small ipos have gone overseas, small investors, the people that invested in walmart based on this document any high school educated person with business sense can understand and became wealthy over the years as walmart grew and their stock split, has access to these smallcap companies, they go increasingly into the private market and benefit only the most affluent americans. Without thank private markets are dead can you give us a list of the steps you are taking or intend to take that will encourage more initial Public Offerings . We have already taken a couple steps, one is to allow more confidential filings which under the job zach has proven to be an encouragement for people to consider the Public Offering process. We have reduced the need to file Financial Statements that will not end up being part of the disclosure package to reduce the burden on Companies Seeking to go public or Public Markets. The confidential filing process does extend for a period of time which allows companies to get secondary liquidity which encourages them to go public. That is another aspect of it. On the agenda is our review of the brought disclosure package to modernize and enhance it. I want the disclosure package to be just as good and provide as much protection but i wanted to be more accessible. It needs to be more accessible. We cant have documents that can only be read by lawyers. Do you think anybody reads a document that long and make an Investment Decision on it besides a lawyer . Do you think lawyers have heard it . Lawyers do crazy things. I know lots of small mom and pop investors in arkansas read this document and made a lot of money off of it and a lot of jobs, i am glad to hear you are taking the steps, the related story i want to tell and get your response, a small brokerdealer in Central Arkansas, not much more than a family owned firm, six people so he wouldnt start that firm given the Regulatory Burden but one example he gives his daughter frank expanded the public oversight board, oversight to include annual audits for all dealers registered with the sec. The 6 person firm held to the same auditing standards as a company the size of walmart, apple or google, skyrocketed and he doesnt think quality is any better. One more example in a different space of the cost of overregulation. Is it appropriate to have a threshold for these small firms and that kind of regulation like we have different standards for Community Banks . What threshold might you consider . I have a view that has been affirmed by my time at the commissions that 1sizefitsall doesnt work in a lot of areas, probably doesnt work in that area. I also dont think you are either in or out, you are in regulation or out. Once you decide one size doesnt fit all becomes the real question which is where do we put those steps . That is how i intend to approach regulation in some of these areas. If we have 1sizefitsall we are only going to get one size. I agree and appreciate that. Another area in which i think just because walmart needs to use a giant Accounting Firm under existing law in new york, dallas or chicago doesnt mean a dealer firm in Central Arkansas cant use competent qualified Auditing Firm like bryant or what have you. Thank you. Senator donnelly. Thank you, mister chairman. I understand the sec is reviewing the acquisition of the Chicago Stock Exchange by a chinese company. I dont expect to comment on the specific transaction but can you generally describe the review process within the sec . The review process in the sec is styled as a rulemaking. There were 240 days for a division of the commission subject to delegate authority from the commission to review the application. That was approved. That provides the commission with opportunity to review the approval. The commission took that opportunity reviewing the decision. In light of recent high profile cyberbreaches are you concerned the ownership and control of an American Exchange by a foreign entity could expose markets to new risks and vulnerabilities . I am not going to comment on the specific matter before the commission at this time. It would be inappropriate. I am aware of various issues raised by common sense. I am not asking specifically in regards to this company but overall policy, does that concern you about a foreign entity that could expose markets to new risks and vulnerabilities . Absolutely, not just the foreign owner but state actor in truth in that state actor monitoring of our Financial Markets troubles me. As the sec continues to review Financial Disclosure requirements under regulation sk i hope you will consider whether appropriations should disclose country by country employment data. It helps investors determine when companies employ American Workers to better understand where outsourcing occurs. Are you willing to consider country by country employment disclosure as part of the broader review . I am willing to consider the sk guidance and the rest in terms of providing a more accessible disclosure package for investors including areas of employment. I want to go back to an area we talked about before, stock buybacks. The confirmation hearing, stock buybacks at large corporations often conducted the goal of increasing stock prices to impress wall street investors. That shortterm thinking has come at the expense of innovation that would benefit our country and we have seen it again in recent times where a company chose to use some funds that were used for stock buybacks to make an acquisition and their stock was hammered in large measure because it wasnt going to be the buyback but trying to add to the business and if you look longterm that doesnt make sense but former chair white publicly stated the sec was looking at when and how often companies should tell investors about Share Repurchase programs, referring to the sec concept release to solicit public views on Financial Disclosure requirements and regulation. Currently stock repurchases are reported quarterly. Do you think companies should be required to stock buybacks more frequently than once every quarter . I am not going to comment specifically on something we are reviewing. I am concerned about this issue and any abuse of stock buybacks. I recognize the value in certain circumstances, a way many wellfunctioning companies see it as a way to return capital to shareholders. Many investors engage with companies and want investor engagement to engage with companies and push for stock buybacks. We cant determine in the abstract whether their motives are pure or longterm or shortterm but there are a lot of considerations that go with this. We discussed one thing that does trouble me, these stock buybacks are motivated not by longterm interests of the company but shortterm interest and looking at disclosure in this area that way. I will finish by saying if you look at what is going on with hedge funds i think you will find much of their efforts regarding stock buybacks have nothing to do with company developing or strengthening but taking as much out as quickly as possible. Thank you, mister chairman. Senator reid. Thank you for joining us today. In general, do you think investors understand the cybersecurity risks Companies Face that they invest in . Can companies do a better job disclosing the risk in their disclosure documents . I dont think the general level of understanding the market is where i would like it to be and i dont think disclosure is where it should be. Through your Regulatory Authority at the sec, that disclosure, are you working on that . I am. Thank you. There is also a theory i have that having watched the agency over several decades, in this cybersecurity world it is expensive to stay ahead with technology software. As a result when doddfrank was written i put in language allowing the sec to deposit the reserve fund for cybersecurity and other tools. Are you funding this . Are you assessing registration fees . We want and need the 50 million. You are taking it and depositing it. We are using it, part of our budget. In our legislative process, 100 million limit on the fund. You are prepared to go to 100 million. Let me say this. We need to spend more money. When i got to the commission i made some assessments. We went with a flat budget for the next fiscal year. I will not be asking for a flat budget for fiscal year 19. We will need more money in Cyber Security and it generally and i intend to ask for it. I appreciate that. Usually part of every solution, you got to have it, the mechanism to take it from the registration fees to go through omb or anyplace else, 100 million limit at that point you cant take anymore. I urge you to aggressively do that. The other thing i urge you to do is resist any attempt to take away funds because the Administration Proposed the fund be eliminated and your ability to access be gone. Given the Current Situation with cybersecurity you have to have that in mind, hope you agree. I agree the purpose of the fund to make longerterm commitments to cybersecurity is a very good idea. Let me quickly go back to the point senator donnelly made about stock repurchases. You made a thoughtful point about stepping back and looking in terms of the long run benefits to shareholders and the investing public, not the quick in and out. You went back talking about using money for stock buyback. I have heard of instances where companies were conducting stock repurchases where their Pension Plans were under funded. Are you aware of that . Im not aware of any specific situation. Would that be something to look at in terms of the propriety of doing a stock repurchase, a commitment that has been made to employees is not fulfilled . It is a very interesting question. I want to be responsive. Havent thought about that particular question. What somebody is doing from a governance perspective may be a broader issue. From a governance perspective, putting a funding obligation in jeopardy by buying back equity, that is a serious consideration for the board of directors. Would you have authority to stop that practice by rule . I am not sure. I would need to look into that. These are issues that deserve close review and study. At this point, jumping to a conclusion is not the way to approach it. There are issues you should be considering because we are both committed to the longterm profitability and effectiveness of these companies, not short run in and out. Thank you. Thank you, mister chair. Chairman clayton, good to see you again, i didnt get to hear your opening, i was in two committees at the same time. I want to follow up on the previous hearing we had in your confirmation hearing and follow up on questions and see where you are today with those. Beginning in 2009 as we were dealing with the peak of the foreclosure crisis the sec chair expanded the authority to issue investigative subpoenas, a dozen or so officials in your Enforcement Division was before that time commissioners had to vote on enforcement down to a crawl. Before your tenure acting chairman initiated a review of whether the sec should revert to issuing subpoenas. When i asked about this have a confirmation hearing you said you need to discuss this with the commissioners and sec staff before commenting. Have you made a decision . I have. There was a time as you noted that formal authority rested with the commissioners and commissioners had to vote on it. That was transitioning to the director of the division of enforcement as you cite. Later on, it was put out to the regional offices and availability to have formal authority to open an investigation. It was pulled back to the codirectors of the division of enforcement. I sat with them and discuss this with them with an eye toward whether there was any slowing down in the ability to open matters. They are totally comfortable there was not. One or both of them are available. I have probed on whether funds would be leaving the company or formal authority, out of the regional offices. I am comfortable that there isnt one and i am comfortable there is a benefit, having that authority resting to them and staff. They get the information, enabling them to manage the Enforcement Division and make sure we dont have somebody in San Francisco opening a case in miami. So you pulled it back essentially. We are at the division of enforcement level and im comfortable that is where it belongs. Staff has that authority. You pulled it back a little bit but gained the authority so it is not at the commission level. Very comfortable they are doing a good job. In your confirmation hearing you stated your belief individual accountability has greater deterrent effect across the market. One tool to hold individuals accountable, was put out by the previous administration, understanding current, 30 general sessions, Deputy Attorney general rosenstein looking at rescinding or weakening directives to prosecutors. In your view is this memo consistent with what you told me in this committee and emphasized in your speeches about the need to hold individual Corporate Executives responsible for corporate misconduct. That is my view. Individual accountability in a corporate context has greater deterrent effect and corporate accountability. Have you thought about what you would do if doj with your partner in prosecution since the eighth memo . How would you handle that . We coordinate with doj in these matters. Im comfortable the way our division of enforcement is approaching these matters and looking at individual accountability is correct and that is going to continue. Okay. That is still your emphasis. Thank you. As a lawyer in private practice you criticize aggressive enforcement for placing significant cost in companies and donald trump criticized the f cpa saying it created competitive disadvantage for companies that are not able to bribe foreign governments. That is not what i said. That is what donald trump said when he was a businessman. This appears to be permeating law enforcement. What analysis found that as of september 1st the Trump Administration has had, brought only three of these Enforcement Actions and the two from the sec had roots in the Obama Administration investigations. What is curious is at this time, the same time in the Obama Administration 25 cases had been filed, 17 by the bush administration. Is the sec slowing down for and practices to prosecutions or can you explain these numbers to me . We are not slowing down. I want to go back to the 2011 article i participated in writing. What i was saying was we need to think about whether we are doing this alone, around the world, getting our partners in other countries on board and our partners in other countries have come on board. Senator sasse. Thank you for being you. Id like to discuss the history of Cybersecurity Breaches at the sec. Can you tell me how many Cybersecurity Breaches there have been historically at the commission . I dont have that data with me today. Who defining what a breach is who would know . Who in your organization reports to you that has responsibility for this . The office of Information Technology is the office within the sec that has overall responsibility. Since getting to the commission i have been reviewing how we handle these matters from an oversight perspective, including establishing a cybersecurity working group. To get at these issues, including how we share information about breaches, attempted intrusions, risks across the commission. As i testified earlier. These are areas we need to bring focus to. Who heads that office and how senior are they . Are they a direct report to yo . Ahead of the office is pam dyson. She is a direct report to me and also to our office of, the operating officer. How many direct reports do you have . Resize number, precise number, between 2025. Twentyfive. Is is the first breach you think a facilitated the trading of inside information . Senator, i cannot tell you with 100 certainty that this is the only breach that we have had. Im not in position to tell you that. The sec statement has argued the intrusion did not result in the unauthorized access to personally identifiable information, did not jeopardize the operations of the commission or result in systemic risk. Do you think theres been any breach at the sec that compromise personally identifiable information in the past . Taste on what we know now about the breach that i disclose, we dont think there was personally identifiable information given the file type or where it house systemic risk. Thats based on what we know today. We, investigation is ongoing. In terms of whether there has been a breach at the sec where personally identifiable information was accessed, i dont to my knowledge today i dont know of any but i cannot, in this area i cannot give you a 100 certainty that hasnt happened. I want to ask a parallel question. In this case we dont think there was personally identifiable information they yu dont think ive has been historically. In this case the sec is a statement that says it didnt jeopardize operations of the commission. Historically do we know of any breaches that have ever jeopardize operations at the sec . I know of no historic breaches that are jeopardize operations, but its an area that is of concern to me. We do provide services that are essential to the functioning of the marketplace. A denialofservice attack at the sec in one of those areas would have material effects across our market system. I share your concern and i believe you to be greatly concerned about this. I was presiding over the senate the last hour and the bits i didnt get to hear the beginning of your testimony at a know youre covered some of this information. Instead of trying to have you repeat parts of it and p7 the main may need to consult with ms. Dyson and other consultants you have, ill send you an extensive list of qfrs if thats okay. So instead of but i get your commitment that will get a Quick Response to that list and i would acknowledge in advance a lot of it is technical and long. We love i think this committee and the senate would love to partner with you in trying to upgrade our cybersecurity. You do oversee critical functions of the government and public trust in Financial Markets, and i think we probably need more urgency on this and i think this branch would love to partner with your branch but well send you a long list but id like your commitment we get a Quick Response please. I think its entirely appropriate and you have my commitment. Thank you, chairman. Senator brown. Im not asking for second round, just one question to wrap up. Thank you for your indulgence. In a recent speech, sec commissioner suggested companies that go public should be permitted to require shareholders resolve claims in arbitration and not in the courts what we call force arbitration here. This is as you know, mr. Chairman, this is contrary to best practice and contrary to the sec stated views on this issue. My question is will he continue to support sec practice that preserves shareholders rights to go to court and to reject mandatory arbitration requirements for Companies Going public . Senator, im not going to prejudge of that issue, but i do understand this is also a state law issue. And in many states they are not permitted to have mandatory arbitration. But im not going to categorically say that you would never have a situation where something other than accessing state law remedies for a particular or several particular items is off the table. But i am very cognizant and very cognizant that the ability to go to court is something that is of great value to the shareholders. And is the secs view on this position today as you know. I dont think the sec has articulated a definitive you on this issue. Is that right . Senator brown, we have done so in the context of particular request in the past. There have been request in the past, and theres a long history there that it happy to discuss with your staff bu but i dont think the sec has articulated a firm view on this issue in the past. Mr. Chairman, i was told by staff the question for the record that will be propounded to you are due next tuesday. I know thats not long, but you are a pretty diligent man. Thank you for your parents before the committee today, and we wish you well in your job. Thank you, senator shelby. The hearing is adjourned. [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] [inaudible conversations] this morning a hearing on Homeland Security threats with fbi director christopher wray, acting secretary elaine duke a National CounterterrorismCenter Director nicholas rasmussen. Live with the senate Homeland Security and Governmental Affairs committee starting at 1. Veterans Affairs SecretaryDavid Shulkin testifies this morning about preventing veteran suicide adhering of the Senate Veterans affairs committee. Live coverage at 10 a. M. Eastern on cspan3. Online at cspan. Org or on the free cspan radio app. Saturday booktv has coverage of the 2017 baltimore book festival. Watch our coverage of the 2017 baltimore book festival saturday starting at noon eastern on cspan2s booktv