Mary Jo White, chairman of the Securities and Exchange Commission, first dropped the phrase “broken windows” on the compliance world during a speech in October 2013.

Just as police officers deter serious crime by tackling small quality of life issues—from graffiti to turnstile jumpers to, yes, breaking windows—White’s idea was to do the same with SEC rules and requirements. “It is important to pursue even the smallest infractions,” she said.

More than a year later, the concept remains divisive. Proponents say the SEC is tasked with enforcing all rules, regulations, and disclosure requirements, and it should do so with vigor. Critics say the plan is flawed and creates an undue burden on compliance officers who must now worry about minutiae along with bigger risks.

“The SEC is actively pursuing this strategy, but it is flawed,” says Andrew Stoltmann of Stoltmann Law Offices, a Chicago-based firm that specializes in securities litigation. “While it allows the SEC to pound its chest and trumpet increased enforcement numbers, it simply doesn’t lead to fairer capital markets.”

Amid the debates, important questions have emerged. How committed is SEC staff to the concept? Is a broken-windows enforcement strategy sustainable, given budget constraints at the agency? Where should compliance officers focus their efforts in this new world order?

All About the Sweeps

The first indications of how the strategy will and won’t work are starting to appear. Foremost, dramatic increases in one-off enforcement actions or a flurry of comment letters that single out minor infractions are not likely to happen. What has happened, and will continue to, is grouping cases that might otherwise be spread throughout the year. Rather than target companies on a case-by-case basis, enforcement efforts start with a thesis—that companies are late when filing a particular disclosure, for example—and then validate that suspicion by searching for specific infractions from its massive data trove. Violations are then bundled together and announced for maximum publicity.

“The sweeps are generally the only evidence we have seen of the broken-windows approach,” says David Kotz, a former inspector general at the SEC and now managing director of Berkeley Research Group.

“The SEC is actively pursuing this strategy, but it is flawed. While it allows the SEC to pound its chest and trumpet increased enforcement numbers, it simply doesn't lead to fairer capital markets.”
Andrew Stoltmann, Independent Attorney

Broken-windows enforcement actions began in earnest during the second half of 2014. A year-end review of SEC enforcement data by the law firm Gibson Dunn categorizes five enforcement sweeps (affecting 80 companies and individuals) that fit within the strategy. Among them:

In September 2014, 34 companies and individuals were charged with failing to file personal securities transaction reports in a timely fashion.

Also that month, 19 advisory firms and one individual trader were cited for violations of Regulation M, which prohibits short-selling an equity security prior to participating in an offering of the same security.

In November 2014, the SEC sanctioned 13 securities dealers for selling non-investment grade bonds issued by the Commonwealth of Puerto Rico to customers below the minimum denomination of the issue.

That same month, the SEC initiated settled enforcement actions against 10 small public companies for failing to file a Form 8-K to disclose financing arrangements and unregistered securities sales that diluted company’s stock.

As the year drew to a close, the SEC initiated settled proceedings against eight small accounting firms for violating auditor independence rules in connection with their audits of brokerage firm clients.

“Whether they can fully adopt a broken-windows approach, or will, remains to be seen,” Kotz says. “I don’t think what we are seeing shows that the SEC is going to be able to go after every possible issue, but they will continue to do these enforcement sweeps.”

Count Kit Addleman, a partner with the law firm Haynes and Boone and former regional director of the SEC’s Atlanta office, among those who don’t believe the Commission will have much trouble balancing small infractions with larger concerns. The crackdown on late filings in November was handled by just one staffer and an assistant director at the New York regional office, she notes.

“It doesn’t take a lot to bring these cases,” Addleman says. “They are not taking testimony and don’t need to do a full-fledged investigation in the way they would have to for larger accounting fraud or a Foreign Corrupt Practices Act violation.”

If the strategy fails, the cause will likely be more about backlash against the idea than lack of resources to carry it out, says Marc Fagel, former regional director of the SEC’s San Francisco office, now a partner with Gibson Dunn. “The SEC underestimates the cost to defendants and the lack of proportionality. Something may be a low-level violation, but for someone sued by the SEC, their friends, neighbors, and business associates only know that they were charged with breaking the law. It doesn’t matter if it was fraud or something lesser.”

A Burden for Compliance

What does all this mean for compliance officers now tasked with worrying about problems big and small? Unfortunately, the nature of the effort means no roadmap exists to guide the SEC’s efforts or to hint at what offense might come next.


The Securities and Exchange Commission ended Fiscal Year 2014 with 755 enforcement actions and obtained orders for $4.16 billion in penalties and disgorgement, according to its most recent Agency Financial Report. That report touched upon initiatives that fall within the “broken windows” approach:
In FY 2014, the SEC brought a number of large, complex cases, but also remained focused on pursuing smaller, compliance-related violations through streamlined investigative and settlement approaches.

Enforcement’s Compliance Program Initiative, which targets firms that have been previously warned by SEC examiners about compliance deficiencies but failed to effectively remediate them, generated actions in which the SEC sanctioned three investment advisory firms for repeatedly ignoring problems with their compliance programs. The firms settled the SEC’s charges by agreeing to pay financial penalties and hire compliance consultants.

In another noteworthy effort, the SEC charged 34 individuals and entities in a novel Enforcement initiative designed to root out those who repeatedly fail to comply with Federal securities laws requiring them to promptly report information about their holdings and transactions in company stock. Enforcement staff used quantitative data analytics to identify individuals and companies with especially high rates of filing deficiencies. All but one of the 34 individuals and companies charged agreed to settle the charges and pay financial penalties totaling $2.6 million.

Enforcement also continued its successful initiative to target violations of Rule 105, an anti-manipulation rule that prohibits firms from improperly participating in public offerings after short-selling those same stocks during a restricted period – generally five business days before a public offering. In a second sweep under this initiative, the SEC obtained a combined total of more than $9 million in disgorgement, interest and penalties in settlements with 19 firms and one individual trader for their Rule 105 violations.
Source: SEC.

“The SEC is looking for Corporate America to be concerned about any potential violation, and not signaling where it is going in the future,” Fagel says. “The most prudent thing is to focus on issues the SEC says are a high priority, but I don’t think anyone would have guessed that delinquent Form 4 filings or small audit firm independence issues were on the top of that list.”

Not knowing where the next SEC sweep will focus means that companies must be “attuned to compliance with even low-level, rarely enforced securities regulations,” Fagel says. That complicates efforts to have a risk-based compliance program that prioritizes serious issues.

A risk-based approach to compliance has been the mantra preached by regulators to corporations for years now, to ensure that company resources are devoted appropriately and effectively. The broken windows initiative doesn’t dovetail with it very well.

“This approach undercuts other messaging from the SEC in recent years that you need to have a risk-focused approach to compliance,” Fagel says. “When you have a public company or regulated entity with limited compliance resources, you would think the SEC would want them to focus on the issues most likely to cause investor harm. Instead, this will divert internal resources because we don’t know what the next SEC sweep will be. Compliance professionals have to treat everything the same, which is not the best use of their resources.”

“A risk assessment is what compliance needs to do because it can’t be everywhere all the time. That’s the more rational approach,” says David DeMuro, senior counsel with the law firm Neal Gerber Eisenberg, a 10-year veteran of the SEC’s Enforcement Division. “If the SEC is going to bring all kinds of funky cases, they are going to change the risk calculus.”

All companies, large and small, need to foster clear, plain-language disclosures of risks, conflicts of interest, and fees, says Peter Anderson, a partner at law firm Sutherland Asbill & Brennan. “I would focus attention on financial statement reporting and public pronouncements,” he adds.

At least one silver lining is out there for compliance officers: The unpredictability of broken-windows enforcement may help them argue for greater resources and purview.

“Sometimes the business people will say something is not a big deal if you are one day late with a filing, for example,” Addleman says. “But the compliance people can push back and say, ‘Look, that may have been how it was, but now we have to be mindful of all these little pieces.’”