Skip to main content

tv   Politics and Public Policy Today  CSPAN  May 2, 2016 3:00pm-5:01pm EDT

3:00 pm
browsing the internet or using any online service, you have no choice but to provide certain information with the carrier about the traffic. so with a phone call you have to provide information about the phone number you're calling, the length of time you're talking on the phone, et cetera. and with internet traffic, it's kind of similar. you have to provide information about -- that enables the broadband provider to route the traffic from one place to another. the customer pays the carrier for service. and has to provide information about their communications in order to get that service. and one of the goals of the law is to protect that information. basically to make sure that the information isn't then being used for other purposes other than to direct the traffic or to direct the calls. without the customer's approval. then the other objective is competition based objective where one of the -- you know, the fcc actually for decades
3:01 pm
prior to the 1996 telecom act had been regulating customer proprietary network information. you'll be hearing us refer to that as cpni. had been regulating it on a competition basis. there was an idea if you have carriers that are seeing lots of information about relationships that their customers have with other companies, by virtue of the fact their customers are calling other companies, there would be issues if the carrier could use that information to compete in other markets. a good example is like with a an alarm service or home security. if you're getting a service from one provider if your phone company offers a home security system it knows who you're a customer of for home security, it might even known when you've had an incident based on your call logs or how often you're contacting customer service with that other
3:02 pm
home security system, et cetera, that could be information it could use to gain an edge for itself. those are the two goals. so for consumers now, now that broadband has been reclassified as a common carrier service, again, with the routing of communications from one place to broadband consumers can expect to have a very similar privacy framework to what has been instituted with respect to phone the information they provide to their phone carriers, they can expect to have similar protections in place with respect to the information they share with their internet providers. so the websites you visit, the services that you're using that you're in contact with, the destination of your traffic and the origin of it, the duration and the amount of traffic. that type of information, as jim described, will be subject to
3:03 pm
the sort of like multi-tiered consent structure. >> so that information is -- would be protected in the isp would not be able to collect it. does this rule apply to sites like google, twitter, snapchat, or the apps on my motorola phone? >> good question. that's a good question. i think just to address one part of that, though, these rules are not about collection, they are about use in general. so that -- because there is an assumption that carriers have to collect the information that customers have to provide to carriers and carriers have to collect it in order to provide the service in the first place. that aside, no, these rules don't apply, at least, you know, based on what we know about the proposal again, as jim said, we haven't seen the text of the actual proposal yet. based on what we know about it, no, it would not extend to edge services. you know, so there are companies that provide both edge services
3:04 pm
and internet carriage. and when they are in the business of providing the broadband access, then they'd be subject to the fcc's rules that protect the information in that context. and when they're in the business of offering an edge service. >> okay. so the phone that i have in my hand it wouldn't apply to like, i'm looking at my apps, fitbit app, it wouldn't apply to my google mail, my pandora or even the operating system and this happens to be an android system. the other major operating system you might have heard of it, ios by apple. >> it's been in the news a little bit. >> yeah. >> that's correct. right. it would not apply to those other entities. this is just about broadband internet access service providers. >> let's me ask, whether anyone wants to weigh in on this? what is so special? what is so special about broadband service providers and is this regime similar or
3:05 pm
different to other privacy regimes that we have in the united states? now, we had a briefing down the hall last week on the eu/u.s. privacy shield. we had a fellow from the european commission, the reason we have to do this band-aid is because the u.s. has an inadequate level of privacy protection, in our opinion, meaning the european commission's opinion. what's so special about this particular broad band service provider and what do they see that's so special? >> do you want to jump in? >> thank you, yeah, for that question. i think -- you have to look at the whole context of the data. it's not so much that it's particularly sensitive data. it's the whole context. a customer who uses the internet at home or on the phone there's a lot of data that's being collected. it's sensitive and detailed information. there's not that many options for a customer to sort of switch the provider or, you know, evade the situation.
3:06 pm
so it's the amount of information detailed and really the opportunity for the customer to not really go anywhere else. if you think about the whole -- the kind of profile that can be collected about a user, you know, a lot of important inferences can be made about a user. you can understand, for example, the usage patterns, you can draw conclusions about whether there was somebody, for example is unemployed because they suddenly started using their home internet service more frequently during the daytime, the kind of devices that are being connected to the internet, again, in the home setting. for example, a pacemaker or you know, your fitbit there's a lot of information that can be gleaned from that. it's the entire context you have to look at. the ftc, for example, looks at the sensitivity of the data and says with regard to health information you should -- it's particularly sensitive,
3:07 pm
therefore, there's an opt in required. i think it's important to not only look at the sensitivity of the data but then that's the next step. also, the purpose of the data. i think that is where we talk about the proposed rules, it looks at the entirety of the data and what is it being used for. and i'd be happy to go into that a little bit more. >> we'll come back to the two points about not being able to go to somewhere else, and then also the sensitivity of the data, the uniqueness of the data. we can go back to that. can we focus on the mobile ecosystem? that's who your members represent is the mobile and wireless. >> the mobile eco system, as you know, involves a lot of companies who are providing the service, the isp's. one of the companies that provides the connectivity. it isn't always the same isp when you're using the phone. if you think about when you're at home you connect to the home wi-fi and if you're out taking transportation to
3:08 pm
work you're on your network connection, once you get to work you might be on the coffee shop wi-fi or in a park because you have no wi-fi connection. throughout the day you're using more than one isp. if you take a look back at the original purpose of the privacy law we're talking about, communications act, you look at the voice services market. you had one phone company in 1996, you made a phone call from your house. they delivered it to someone else. two companies and everyone that was within the phone services market was covered by the law. here, by applying that same law to internet service providers, you're only applying that to a tiny subset. who are delivering internet service to you. from the isp's perspective and from a consumer's perspective it doesn't make sense there's a lot
3:09 pm
of confusion that will ensue if you have one set of rules for isp's and other companies who are handling the exact same data in some cases even more data because if you think about using your phone and you're bouncing around from one isp to another throughout the day you might be logged into services throughout the day consistently no matter which isp you're using. so if you have an e-mail provider, a social network, you might be logged in that entire time so that social network or search engine would be able to see your activity throughout the day or any given isp would only see a fraction of that. >> we have a difference of opinion between you and catherine. >> catherine is saying the sensitivity of the data and it's unique you're saying well the data that the isp would collect isn't all that different from what other apps or operating systems would collect, why are we being treated differently, is that the point of contention? >> i think so. i think that the market has just
3:10 pm
changed so much. i mean, the smartphone has changed so much of the way we communicate. while in 19 -- in the '90s, when we first get the internet, everyone had their home connection, you sat at your computer and worked for a few hours and you turned your connection off because you had to dial in. now we have the always on connection and you're seeing isp's all over town, it's a very different market. there is a lot of competition, especially in the wireless market. think about when you're watching the super bowl, how many of those ads were for wireless companies trying to get you to switch from one provider to another provider. it's very unlike the market that was around back when this law was passed where there was a monopoly phone provider. >> i think one of the challenges here is that in an overall internet eco system where there is potentially tracking of users in a variety of different ways, probably the simplest thing for consumers to understand is they
3:11 pm
can go one place and opt out, exercise control. that's what -- if you read the legislative history of the cpni law that congress passed as part of the telecom act, the key concept was to give consumers control. control can mean an opt out or opt in. if you're in a market there's a small percentage of markets in the united states where there is one lanline isp. if you have an opt out you can still object and exercise your choice, provided that's presented clearly. similarly, with the rest of the eco system on the internet, there are self-regulatory mechanisms like the digital advertising alliance opt out. one could work on that further and spread it's adoption more broadly and isp's could be part of doing that. but if this order goes through,
3:12 pm
isp's will be subject to a unique, far more restrictive set of privacy rules than apply to virtually any other sector in the united states. and they'll be separated out from and not be part of a unified system where consumers would have control and consumers may not understand, probably won't understand that the opt in request that they get from the isp doesn't apply to anyone else in the internet universe. >> let me go to catherine or laura. and basically, if we need to clarify what opt in is. the opt in is like the isp is going to say to the customer, here is the information in the following ways and here it is. do you want this? and you have to do something, but basically it's like yes. so that's opt in. opt out is they do it provide you notice generally. if you say i don't want to do that you can click on something that says exempt me. it manifests in a lot of ways. that's basically it. this is an opt in regime.
3:13 pm
why should it be an opt in regime. can you defend that portion? >> so i think, again, these are really important distinctions. opt in requires an affirmative action. opt out assumes you don't have an objection, which, you know, okay. what the fcc right now is proposing we know this from the fact sheet. we do have some idea of what they have in mind. the three buckets with regard to the use of the data. so the first bucket is the implied consent, you don't need to ask the customer to do anything because you might need the data to use for maintenance or sort of security purposes. also, for a service that is for marketing -- using the data for marketing for the same type of service that the customer already has, again, no action is needed, so let's say you have a certain data plan and you need an upgrade for that, no further action is needed. when you then look to the opt out regime they're proposing,
3:14 pm
again, you have to look at the use of the data. it's for marketing of communications related services. so these are the use of the data that you don't sign up for a particular purpose now. the isp wants to market you related services. it seems to make sense that you can expect that the customer would be interested it's related. there's certain expectations that makes sense to say we assume you're okay with this until you tell us otherwise. the third bucket is for any other purposes to use the data for any other purposes. so i think it's fair to say that you cannot assume that the customer is okay with that. unless they tell you affirmatively yes i would like for you to tell me what other things you can offer me and then i agree to that kind of practice. i think you have to look at the purpose for the use and that's really critical. and so i think that's sort of a fair process. >> yeah, i think it's interesting.
3:15 pm
that kind of scheme is found -- i don't think that's ever found anywhere in the rest of the marketing rules that apply to companies in the united states. it's on. now, it's on. so if you think about a company that is offering you clothing and they decide to go into the shoe business, or they go into a completely different business, they're selling hardware or something, they are fully able to say, hey, we saw you bought some clothing and we'd like to sell you something completely different. they're not restricted from doing that. i'm not understanding the sensitivity of marketing different kinds of products and services, especially when customers probably want to get discounts on different products and services that a company might offer. an example of that was just yesterday or the day before, sprint came out with a new offer you can get amazon prime by the month as opposed to amazon prime for the year. this would be a benefit if you want to have amazon for the christmas season. you want to have free shipping
3:16 pm
for example, during christmas season and you don't want to pay for it for the whole year. amazon -- sprint would be potentially -- i don't know these rules are a little unclear. we haven't seen them yet. but they would not be able to market that to their customers and let their customers know about this new offer unless the customer affirmatively said, i want to get marketing offers from you, as opposed to saying, hey, here's a marketing offer for amazon. you can get it on a monthly basis. it's october you're going to get ready for christmas shopping and the customer can say, i don't want that. maybe i'll tell them not to send that to me. a lot of customers will say that's a great deal. it doesn't give them a choice if they have to affirmatively say in february when they sign up for service that they want marketing e-mails or not. because how are they going to know that the amazon offer is going to be so great for them? >> i would challenge actually this argument that we don't have anything like this anywhere else
3:17 pm
in the u.s. privacy regime of course, the most obvious place where we have a similar framework is with respect to phone information. with respect to information customers share to their phone carriers where there is a very similar privacy regulatory framework that applies to that information. the information that a customer shares with their phone provider, or that the phone provider has access to solely by virtue of the customer relationship. the phone carrier can only use on an opt out basis for marketing of related services, and it's on an opt in basis for marketing of unrelated services. again, i think there's a couple things here. so one is, if you're talking about what the privacy justification for that type of regime is, again, you know, it's important to remember that privacy is contact specific. consumers feel their privacy has been violated when they think information has been used out of context. out of the context -- no. in violation of the norms that
3:18 pm
they applied to the way they thought the information would be shared and the context in which they first shared it with the provider. and we do see -- in the phone contacts or in the internet context where a consumer is sharing information with their carrier for purposes of routing traffic, or for purposes of routing phone calls, they expect the information will be used in that way. and not that it will be used for marketing purposes. we see this in, you know, other types of information -- other contexts where consumers have no choice but to go through a particular provider for a service we think is generally essential, like health. >> let's unpack that a little bit. right. we have in the united states we have this patchwork -- i'm not saying that in a negative way -- we have different types of regimes for different types of privacy. for instance, in congress passed the cpni law in 1996.
3:19 pm
we have hipaa, the health information privacy act. those are related to just generally non-internet types of data. really the only major legislation we have related to internet privacy is copa, the children's online protection act. that's kids online. that's very specific. lastly as an overlay. jim mentioned earlier. correct me if i'm wrong, i'm not the expert, here you guys are. we have the federal trade commission section v act. if somebody says we're going to protect your privacy and do it this way and not give your information here but use it for this, if they make that promise and they fail to follow up with it, whether it's online or offline the federal trade commission, the other cop on the beat here, can come in and say, you know, you didn't do what you told the customer you'd do with regard to your policy and we'll slap a $20 million fine on you.
3:20 pm
>> yeah. furthermore, both the democratic-celled white house and the majority democratic-controlled ftc issued reports on privacy, the way they thought privacy should work in the united should work in the united states that established a bunch of best practices that are wildly followed in the business community. both of those thought there should be no choice whatsoever offered with regard to first party advertising. not opt in, not opt out. the eu data protection regulation, which you've heard the privacy discussion last week, europeans think is way tougher than u.s. privacy law, does not require an opt in consent for first party advertising. this party, this first party advertising aspect of the cp&i rule would be the toughest or most extreme however you want to characterize it restriction on
3:21 pm
use of data by entities that you as a consumer have a relationship with in u.s. law. if it were to go through without qualification. in the health context, there are limits in some aspects, first party advertising is prohibited, your doctor can't come to you and say hey you should use this drug instead of that drug. they can put up signs but they can't use your information to go propose that to you. if you go to a hospital, some of you may have had to do that for good reasons or bad reasons, and you check into the hospital, you get marketing communications from that hospital because they know that you've been to the hospital. they start offering you other sorts of services and things through their hospital. this would be a limit only on offering existing types of services that the broadband isp currently offers to a consumer with some small types of upgrades. to give you an idea of how
3:22 pm
that's different, or how that made sense in the context of the telephone network, which laura was talking about before as of 1996 when the telecom act passed from the way the internet is today, you need to think about the competitive purpose cp&i law. which laura described second. but if you read the cpni law, there are requirements on the incumbent phone company to disclose to competitors, subscriber lists so that competitors can go market to them and try to get service or they can shift service over to, if they choose to sign up with a competitor. there are restrictions against trying to win back customers. if a customer decides to switch to a competitor. and the competitive concern, if you look at the original cp&i rules, is the incumbent your
3:23 pm
local telephone company which had all these customers would use that information to keep large control of the market. in the context of the telephone network which was, as debbie explained, a closed network, there was no question about advertising, there was no advertising over the phone network. we're now in a very different world where there is a lot of advertising. this would effectively be saying only for this category of people can opt in. >> you're saying two things. one, coming off of my comment about the different types of privacy regimes for different types of data, you're saying no fair, that isp's are held to the higher standard compared to the other privacy regimes. >> more importantly, confusing. >> customers can't get the offers they're getting from other companies. >> number two, the competitive environment under which the original rules were passed you're saying -- i'm not saying this -- you're saying they seem not to make sense. just ask you to respond to that. >> with regard to the
3:24 pm
consistency argument, we need consistency and clarity, the host of you know public interest organizations active in the space, we have advocated for a long for the need of base line privacy legislation for all the players in the space. absent such regulation which is unlikely to come anytime soon, and with the fcc having that authority and a responsibility to protect the privacy of broadband customers, you know we feel they have to take that step that's an important step. and we'll see, what has to happen afterwards. you know, that's sort of the context we operate in. and we feel that the consistency is important goal. but it's not sort of the sake of consistency. we want to have the right protections, the right standards that customers feel they have control over their data. just to pick up on this control
3:25 pm
piece, i think we have to look a little bit at the evolution of the space and we have yesterday the commissioners, many of them, cited the pew study that's come out early in the year, there's another study from the university of pennsylvania that talks about how customers internet users have lost a sense of control over their data. they have resigned, they feel that they don't trust the institutions in the space. so, i think for the purpose of the robustness of the economic development and people wanting to engage with the technology, it's important to give customers and users and citizens a sense of control over their data back. >> the problem, though, is if you give control to customers over a tiny segment of certain companies that hold the data when the data is flowing freely throughout the eco system, they'll get a false sense of security, perhaps, oh, i've opted out or i've opted in to certain things and that will apply across the board when it's not. all those other companies -- not
3:26 pm
even just the companies they directly interact with the social networks, the advertising networks they've never heard of, data brokers, their operating system they may not appreciate the operating system that's on the phone is seeing the data. they're seeing it in an unencrypted way. the isp's, as we talked about a little bit about encryption, a lot of the internet is becoming encrypted. the isp's are unable to see the data that's encrypted. at the same time, the other companies on the internet can see that data. there's a real disparity. it's like taking a howitzer and shooting a mosquito. all that data is going to go everywhere. >> so i have -- a few things, one is. i think you know there is definitely a desire by the
3:27 pm
companies, an understandable one, to try to make it sound like isp's and other companies that are operating on the internet that are collecting information and marketing with it are the same type of entity. and that consumers have the same type of relationship with them. but they don't. consumers pay their isp's to provide them with service. they pay their isp's to get them connected to the internet. and then, once they're on the internet, they make choices about what services they're going to use, you know, online. or on the internet or however they're using the network. and that's -- but -- as an initial matter, they have no choice but to go through an isp in order to get on to the network in the first place. that is different. you know, there's a different value exchange where they are exchanging money in a subscription, generally a subscription context for access to the network and that's what they're paying for, that's what they expect they're getting. there is a difference with respect to the fact they have to
3:28 pm
go through an internet access provider to get on there. i mean, i can choose whether or not to use a free e-mail service, where i understand i'm sharing information about my communications with the e-mail provider, i'm sharing that information in exchange for getting e-mail for free. but i can't choose whether or not to build a relationship with an isp and share lots of super sensitive information about my communications with them to get on the network. >> that's interesting. so what you're suggesting is, at least in part, this is only the first part of what you were suggesting, is that we've -- consumers and customers and people using the internet have come to the convention of their expectation of privacy that, if they pay for a service that they want to just get that service. for the free services on the internet like twitter or facebook or snapchat, there is a built-in assumption that they're bargaining for a free service, they're bargaining something. maybe it's perhaps advertising. >> i'm not necessarily saying
3:29 pm
that is always the case. i mean, i think there are probably situations where people -- i think that it is questionable in some situations whether people understand that the information they're providing is -- will just be used in whatever, you know, they clearly don't read privacy policies, they don't understand how they're information will be used in exchange for a free service. i think the relationship they're building with their broadband internet service provider is one they believe the relationship is one where they have subscribed to a service specifically to go online and that's the service they think they're getting. not an advertising service. >> go ahead. chairman wheeler said in his statement that most of us understand that the social media we join and the websites we visit collect our personal information and use it for advertising purposes. he's suggesting, not you suggesting, but you're not suggesting it as strongly as he's suggesting it. >> i mean, in psalms way it is an empirical question. i think in general people probably understand more about
3:30 pm
how their information will be used, at least consider it in the context of considering an optional service and considering to engage in an optional service then when they're engaging in a service that's essential. just on the point of first party uses of data, again, like, you know, these are -- they're different types of service. you can expand if you're a company that provides internet service you want to expand into advertising, that's fine. but you don't have a right necessarily to use the information that you've collected in the context of routing traffic in the broadband access service, provision of broadband access service. you don't have a right to use that information to build this other business. i think, if you saw a health insurance company expand its business into advertising, you know, start moving -- whatever. start up an advertising arm because it's a giant and has a lot of money and wants to move into advertising, you wouldn't say, okay, yeah, go ahead and use, this is first party use of
3:31 pm
information, use all the information you know about insurance. >> wait, we're talking about opt in versus opt out. we're not saying they have a right to do it without any choice. we're saying why should consumers have to choose specifically to get better deals on products they might want to get? why can't they get the offer, if they decide they don't like those kind of offers they can opt out, just like it is for all the other companies in the eco system. there's nothing unique about an isp offering the deal, so uber has cars and they drive you around. all of a sudden they started offering uber eats. should they have been prohibited from telling you about uber eats unless you said i want to learn about food offered by uber. it doesn't make sense to me. >> in terms of framing the debate that you opt in to get better or additional offers, i think what a lot of the folks in the community and civil rights groups have pointed out this data with also be used to sort
3:32 pm
of disadvantage you. it's not always about you getting great, new offers but that there might be information leading from you that might be used to your disadvantage. that's where i think it makes a lot of sense if people want to have control over that. >> the naacp president has written saying it did not make sense to focus on this particular area. secondly, essentially a lot of the advocacy for the proposal and the logic of what the fcc has said, well, there might be particular uses of information which are unfair to consumers discriminatory, intrusive. the way that the federal trade commission approaches this is to say, there needs to be opt in for specific types of uses. laura also equated an isp with a hospital or healthcare institution that opens an advertising network. that under the federal -- >> i would say compare not equated. but sure. >> you drew an analogy.
3:33 pm
>> yes, i did draw an analogy. >> the point here is, if there is sensitive data, that is being obtained through provision of internet access service, under the old federal trade commission framework or the framework that applies to the rest of the internet eco system, it makes sense for the fcc now that it now has done something regulatorly which means it rules the roost it should apply the same sets of standards which would be opt in for uses of health data, prohibition against use of information in a way that would discriminate against consumers. probably if there was analysis of absolutely all the data that travelled through a system, that might be worthy of opt in consent. we're seeing opt in consent is the requirement for all of these buckets of uses, regardless of whether there's any health data, any discrimination, anything else. i think we need to take that off the table for the purpose of
3:34 pm
this. it would be more narrowly and precise to focus on things that might cause consumer harm. from what we know about the proposal, it also applies to not information that contains your name, but information that could be used to identify you. it's very very broad. all the data and internet access provider might have that might be linked to your account, even if it is not linked. that's a huge amount of information that would be subject to a lot of regulation. >> we are scratching the surface area. i want to drill down on two points. before we go to questions from the audience, but before we leave, i would ask you guys to explain what happens from here, before we leave. and what is the role of congress in this entire rulemaking ross? since they originally wrote the law. any questions from the audience? john.
3:35 pm
he's going to bring the microphone to you. it's not going to go through the speakers, so talk away. >> john, carnegie melon university. two of you have emphasized the fact that there are different rules for different players. but the fcc -- if what you want is the same rules everywhere, the fcc can't give you that. they have title i authority over commercial broadband internet access providers. they don't have authority over starbucks when they provide me internet access. the only way to get that is legislation. are you calling -- the congressional staff in this room, are you calling for broad-based privacy regulation across all of these legislation all these providers? >> do you want to opt in for privacy legislation from congress or do you want to be opt out of this fcc rule? >> i think, to be clear, the previous fcc requirements, which
3:36 pm
can be placed into regulations under the fcc's own framework, there's a proposal that was submitted to do that. there is nothing to stop the fcc if it's going to, as is proposing in its -- talking about regulating all information, not just cpni that's received by an internet access provider. if it has the authority to do that, it certainly has the authority to go beyond the structure of cpni. and to replicate essentially the fcc framework with opt ins for use of sensitive data, opt ins for prohibitions against disclosing any information that might be used for profiling or in ways that might discriminate against data. all that is within the fcc's authority if, as it says it can, it's going to regulate all customer information received. >> there's two ways to do this just to answer your question. you could pass legislation, there has been support to have one overriding privacy law to
3:37 pm
simplify everything in the united states. that's certainly -- not all industries are unified behind that. there are some. but i do think that what jim is saying to harmonize it with the ftc's framework is a good way to go. the ftc's framework has resulted in very strong enforcement actions against huge companies, i'm not going to name them here. huge companies you have heard of that last for 20 years. and provide really strong protection. at the same time, there's enough framework, unlike what the fcc is proposing, enough flexibility to allow for all the new kinds of innovation we've seen over the last 20 years in the internet. that's been the model that's applied across the internet so far. to try to pull into a very restrictive scheme where there's lots of specific notices and very arcane choices is not going to promote any kind of -- it's going to make it really hard to make innovation around isp's. so i think it's a serious question to ask is how we want
3:38 pm
to move. what direction do we want to go. do we want to go more ry. ive for everybody or do we want a flexible system that's served the country very well as compared to other countries that don't have as much innovation. they don't have silicon valleys. >> it's a question that's going on in my view for 18 years. certainly very very strongly. and let me ask -- before we love john's question -- let me go to cater reason na. john suggested why don't you go up to the hill and ask for privacy regulation across the board and it be opt in with the center for democracy and technology support omnibus privacy legislation on the hill, would it be opt in or opt out? >> we've been on the record of course we would support base line privacy legislation. i think we would have to look again at the particular context of the data and the purposes of the data, whether that's, you know, that's opt in or opt out. it wouldn't have to be differentiated.
3:39 pm
>> if i can add, it's worth noting here that these are not mutually exclusive options, right? it may be the fact -- i would argue it is a fact -- it's appropriate to have high standards for internet service providers. because of this special relationship that they have with consumers. and, you know, it's a relationship where you want to encourage consumers to build this relationship, to get on the network, to be willing to connect to and then to consider the services they want to use online accordingly but not be afraid to take the first step to get online because they're concerned about these possible practices that isp's might be engaging in. opt in framework is great for that because the default is privacy protection. do nothing, go online, build a relationship with your isp, do nothing and there will be very strong protections for your information. the information that you have to provide by virtue of the
3:40 pm
carrier-customer relationship. information you're optionally providing in other contexts maybe it's appropriate. that's not mutually exclusive with perhaps meeting base line prooft si privacy legislation information that is sensitive, maybe is being used already in ways that can most consumers don't agree with and maybe the ftc's framework is not adequately addressing. but, you know, yes, and it's not -- >> that might have made sense when there was one isp per person. we have so many isp's and there's so much competition, let the isp's compete for this kind of business. it's just so different now than it was back in 1996. i appreciate your point. it's just the market has changed so much. >> it is different. but no matter where you are, you're going first through an isp and then online. >> you're going to a free wi-fi hot spot that's not regulated by the ftc. so they can go ahead and use your data because they're not going to be regulated by the fcc. >> if you look at what consumers
3:41 pm
do in a course of a day, they access the internet at work, at home, on their smart device, they may go through a bunch of wi-fi locations. none of those entities has all that much information in the context of the way the consumers are using. >> i don't think that's true. you can draw -- >> you are positing one internet access provider with a special relationship. think about -- when i connect through the house wi-fi, i'm entrusting the data that flows through, unless i put in a vpn, when i connect at starbucks, same thing. this is not the monolithic world of 1996. i think you're positing a special relationship here is, without polling data to support it, is questionable. also you have, in any given situation, if you have a
3:42 pm
customer that's paying you a lot of money, you're going to be very cautious and i think you've seen most of the isp's being cautious about advertising. sorry. >> was that to your satisfaction that answer, john? any other questions? ma'am. >> i find consistency in your argument in that you say this offers are so valuable, the consumers it's so terrible they wouldn't be able to get the wonderful offers from sprint or whoever. if it's so wonderful why are you assuming the consumers would not be jumping at the chance to opt in. it seems kind of -- >> they may not understand what the offers are going to be. you sign up for a service in january with a new isp would you like to opt into marketing offers. you're like, i don't know. they're going to be great but they can't specify what they are because they don't know what they are yet. comes october and there's free shipping on amazon or something
3:43 pm
and they can't make that offer because you haven't opted in. are they going to -- i don't understand how the consumers are going to know what the offers are before the offers are even out there. >> can i ask, i don't mean to hijack your question, but what is the practical effect of opt in versus opt out? we're throwing them around casually. >> how does it hurt to get an offer? that's the other part i'm not clear on. just getting an offer and you end up not taking it. you get offers all the time. >> probably in reality the people aren't getting the offer i assume that if amazon and sprint are going together to offer this to somebody, they're doing it on the basis of some kind of data, whether it's let's say you buy a high-end data package you never use. okay, then maybe you'll be a high-end delivery package and a high-end video package because prime is both and not use it that much which will increase the profits to amazon.
3:44 pm
but some consumer who could use this wonderful per month thing for december or whatever, they're not going to see it. they're going to be red lined. >> why do you assume that? what is the interest in not trying to get as much of the market that you can? >> you want to get the part of the market that gives you a profit. that's why you use the data, to find the part of the market where your profits are. >> you're supposing that there isn't an interest in serving middle and low income consumers. if you look at the money -- for example, comcast has put hundreds of million dollars to wire low income neighborhoods so they get broadband. >> we're talking about prime by the month. >> it could be something else. you don't know what it is. i'm not saying this is a wonderful opportunity for consumers. that's not my point. to assume there will always be
3:45 pm
nefarious conduct in advertising is -- wouldn't really be economically rational. >> it also would apply to the entire advertising ecosystem which isp's are a blip. most of the online advertising, 70% is by ten companies. none of those companies are isps. >> i wanted to jump in. i am confident that companies can come up with pretty creative ways to explain the value proposition that the companies are -- by customers should opt in. if it's an opt in they will have to really make that extra step. with an opt out, you know, you basically as a company have to do a whole lot. again, the assumption is until the customer objects you can market. so i think i'm confident the companies can -- >> sorry. if i can just add, i think it's worth noting that, again, you know, this regulation that is title ii privacy regulation. the regulations we're talking
3:46 pm
about that apply to internet service providers, or that, you know, are being proposed to apply to internet service providers, again we're getting -- we haven't seen the text yet and we're not sure where it's going to go. a lot of these are great questions that will be addressed in comments for the record. this is activity-based regulation, it is not entity based regulation. what that means is if a company is an internet service provide and an the operator of an advertising network, it can continue to operate under the ftc's generally opt out framework with respect to privacy regulation in this area where it is engaging in advertising. it just cannot use the information that it's collecting from its broadband customers in the context of providing broadband service that they're giving them to route the traffic. it can't use that in the advertising context without opt in consent. >> we're running out of time.
3:47 pm
if anybody has a burning question, i want to finish with -- i didn't get to -- there will be a lot of questions about how much can -- this goes to the heart of the question, how much -- the unique perch that isp's and broadband providers have with regard to data. you'll hear debate how much they can see, whether they're on the wi-fi at mcdonald's or accessing the house public wi-fi or a lot of the data is encrypted. that's a question we don't have time for today. you'll hear a lot about that one. i would ask you to ask a lot of questions about that. there's differences of opinion. and then the other one is that, where does it go from here? i'm sorry we don't have the text of the notice of proposal we're making. from what i understand there's 500 questions in the text that -- beyond what they're saying about the rule. where does this -- what's the process from here? just really quickly if i could ask a few of you to say -- what
3:48 pm
is congress' role since they crafted the darn thing. >> they did. you know, we're going to get the text of the rule shortly, i think. there is no consensus to exactly when. sometime today, maybe next week early. there will be two comment periods and will extend through half of the summer, and there will be an opportunity for companies, consumer advocates, other parties to comment on the record. and members of congress to comment on the record. congress is faced with a fractured set of laws that apply to some companies and not apply to others that are holding the same data. i think that congress does have a strong role to play here to smooth this out and make sure the data is what's protected, not just data that's held by certain companies. >> so we'll be seeing hearings throughout the summer on this and probably a lot more discussion up here on the hill about the rules, is that fair to say? >> yeah. >> all right. i'll let you have one last parting comment. really quickly on --
3:49 pm
>> one thing to think about is whether you're satisfied with, in the members you work for, are satisfied with the speed and availability of broadband in your congressional districts. and, in connection with that, think about whether you want a unique, pretty burdensome regulatory structure to apply to use of data that's obtained through providing those services. think about how easy it is to set up an internet advertising business. almost no capital investment. and think about what that might do to investment in your district. >> i'll touch on the point that we didn't get to, which is encryption, and this is obviously a debate that's much broader than this because encryption is everywhere. but there is more encryption. and the more encryption we have going forward, the less that isp's are going to see. the trends are clear in this direction. think about that as you're thinking about the larger
3:50 pm
encryption debates, how it will impact this proceeding. to regulate isp's more when they're seeing less and less every week because more companies are encrypting, is a question that needs to be encr question that needs to be considered. >> i'm going to skip over the encryption comment. we're really excited about this debate because we think it's a really important debate for our society at large. i would encourage everybody to broaden this to your constituencies and get involved in this debate. because i think it just really touches upon some fundamental issues. and the more educated we are about these issues the better. so thank you for hosting this. >> as my final parting thought, i would give that i think it's important for us to think about the justifications for some of the really strong privacy laws we have. it's to protect relationships where we really want people to engage freely with an entity and
3:51 pm
to have free and open communications. that's why we have strong health privacy laws so that people will go to their doctors and feel free to talk to their doctors about their health status. it's why we have lawyer/client confidentiality which many of us in this room i'm sure are well aware of. so that -- so that clients feel free speaking candidly with their lawyers. really strong privacy laws that apply to internet service providers so people can take that step of going online and know that their traffic is going through an isp without concern about how their information will be used. >> i'd like to thank the panelists and thank everybody for coming. thanks so much. [ applause ]
3:52 pm
this afternoon at 4:00 eastern time, cspan will be live for a discussion about mining, federal lands policy and how other natural resources are handled in the process. hosted by the cato institute. and the state of indiana holds its primary tomorrow. it's an open primary. voters can decide when they arrive at the polls. donald trump is campaigning in south bend this evening. we'll have live coverage on cspan 2. and then at 7:30, cspan will be live in indianapolis for a rally for texas senator ted cruz campaigning at the indiana state fairgrounds. donald trump is leading senator cruz in the state. while congress is on break this week, it's american history tv in prime time. normally seen weekends here on
3:53 pm
cspan3. tonight, a look at the worst presidents in american history and the centennial of the national park service. here's a preview. this whole panel could be rendered moot by the next election. [ laughter ] so maybe would have been better to have this in 2017. but as i -- as people saw my name on this and the question was, so, who's your choice. and i should say i really didn't address the question that way. i mean, we can get to that and i probably can throw out some candidates. but what i want to talk about is what do we mean by worst? what do we mean by a bad president? because i think when we think of great presidents, the criteria are pretty clear. and you know, we might quibble a little bit, but there's a very small number that probably all of us would put there at the
3:54 pm
very top. but, you know, you might call it the anna korinina formulation. bad presidents are bad in many different ways. i want to go through a few of the different kinds of bad presidents and see which of these really makes for the worst. first of all, the completely insignificant and forgettable presidents. and as a historian really of the 20th century, i'm, you know, like everyone else, have trouble with all those 19th history, which had the whiskers, which had the burnside, which was which. i took the trouble -- because this was a research intensive panel -- to go no whitehou
3:55 pm milled fill more demonstrated through methodical industry and some confidence. some, not a lot. some. through methodical industry and some competence an uninspiring man could make the american dream come true. this is at one kind of worse president is the forgettable, the insignificant. >> the national park service is sometimes described as the world's largest classroom, outdoor classroom usually. but it's not just where an awful lot of americans learn something about history that they didn't learn in school. but if you've been to the liberty bell or independence hall in philadelphia or if you've been to yosemite or canyon lands, you know that
3:56 pm
there are several million visitors from abroad who get their first lesson in american history through the national park service experience. think of the wake of that on the ranger. but it does create impressions and they come with very little knowledge of american history, they come with open minds. so they're empty vessels for the most part in which park rangers are pouring something. it's a great way for a responsibility to try and get history as right as possible, as balanced as possible. >> the panel discussion on the worst presidents in america history, just some of tonight's american history tv in prime time. then at 9:35, a look at 100 years of the national park service. american history tv and prime time, normally seen weekends, here on cspan3. tonight on the
3:57 pm
communicators, tim winter, president of the parents television council on their recent report. the system intended to protect children from violence, sex, and profanity on tv has failed. he's joined by david shepherdson. >> there is actually no show on broadcast television, no series on broadcast television today that is rated appropriate for anything older than children. tv 14 is the oldest rating. even most explicit content is rated as appropriate for children to watch. we learned that the tv networks themselves rate the shows. and we've learned that the tv advertisers who pay the bills for the networks rely on the ratings just like parents do. so there's a conflict of interest, rating content accurately, a lot of advertisers won't sponsor mature audience content and the system is
3:58 pm
incapable of doing as it was intended. >> tonight at 8:00 eastern on cspan2. senior sec officials testified on capitol hill about what they're doing to protect investors while maintaining free and fair markets. the house financial services subcommittee on capital markets convened the hearing. it ran nearly two hours. >> good morning, everyone. >> good morning. >> how you doing? >> your team is here. >> our team is here. >> where is everybody? >> going the field alone over here. >> the subcommittee on capital markets and gses will be hereby
3:59 pm
called to order, continued oversight of the sec's offices and divisions. without objection, chair authorized declare recess of the subcommittee at any time and also without objections. members of the financial service committee who are not members of this subcommittee may in fact sit on the dais and participate in today's hearings. i want to recognize myself for three minutes for an opening statement. today, the subcommittee will continue it efforts to continue vigorous oversight of the sec and the individual offices which make up the sec. in the last two years, our subcommittee heard testimony from the trading and marks, corporation finance enforcement, and divisions at the sec. these hearings have allowed us to take a more thorough look at the agencies operations, and enforcement practices so we can
4:00 pm
better understand whether the sec is appropriately carrying out its threefold mission to protect investors, maintain fair and efficient markets and last but essential not least facilitate capital formation. so i welcome our witnesses today. i look forward to a hearing and testimony and hope between the four of you here on the panel that we're able to cover a lot of ground in the time we have. if you go back in the year 2000, the sec's operating budget was about $369 million. today, the sec's budget authority for fiscal year 2016 we're in is a little over $1.6 billion. and the sec has recently submitted request for fiscal year 2017 budget coming up of $1.8 billion. congress has been accused of starving the sec of funds it needs to fulfill its admission.
4:01 pm
its budget has quality quadrupled in a little less than dozen years. instead, we are likely to look back at this as a period of time when the sec missed some of the greatest frauds in history that when it was ill prepared for the financial crisis of 2008 and when it failed to properly incorporate economic analysis into its rule-making and more recently often times complicit in advancing the priorities of special interests. so unfortunately, instead of addressing some of the fundamental structural issues at the sec, the dodd-frank act has creat created more offices within the agencies. dodd-frank also granted vast new rule-making authority that the sec has struggled with to implement appropriately. for example, the sec has made strides toward improving the economic analysis that underline
4:02 pm
its rule-makings, there is still much more work. so it's not acceptable for the sec to simply say, well, congress made me do it, and therefore assume that rule-making is beneficial in all cases. it is also incumbent upon the sec to clearly articulate a problem or market failure that the rules are intended to address, which should be obvious, but it's lacking in many of the dodd-frank rules that have been implemented. so i'm eager to come here today to hear about the steps the sec is taking to further improve its economic analysis. finally over recent rule-makings related at credit rating agencies. such as removal of references were much needed and directly addresses one of the causes of financial crisis, i worry that many of the other micromanaging rules have had the effect of
4:03 pm
further stifling competition in the credit rating industry. i want to thank all the members for their testimony and yield to the ranking member for five minutes. >> good morning and thank you so much, mr. chairman, for holding this important meeting and all of our participants today. this hearing will continue our subcommittee series of oversight hearings on the sec. today, we're focusing on four divisions and offices in the sec. the office of compliance, inspections, and examination, the office of credit ratings, the office of whistle blower. all four of these offices play a critical role in policing our nation's securities markets. the office of credit ratings oversees the registered credit rating agencies such as moodies, s&p, and fitch. specifically it revealed the
4:04 pm
catastrophic consequences that can result when the rating agencies all get their ratings congress. in response, dodd-frank created the office of credit ratings in order to increase the overnight of create rating agencies. one of the principal missions ensure that conflicts of interest do not influence the ratings that the firms assign to different securities. the office of the whistle blower was also created by dodd-frank and intended to encourage whistle blowers to come forward with specific and timely information about wrongdoing. in return for tips that lead to punishments of over $1 million, they're entitled to a reward which incentivizes them to blow the whistle before frauds get too large and too devastating.
4:05 pm
already, this office has received thousands of tips from potential whistle blower which is striking. in fact, in 2015, the office received over 4,000 tips from whistle blowers. the division of economic risk and daniels or dera is the data arm of the sec. conducting cost benefit analysis of potential rule-makings. developing models that help focus the commission's resources on the riskiest practices and even calculating the appropriate punishment for bad actors. finally, the office of compliance, inspections, and examinations or ocie is one of the largest and most underfunded. offices in the sec, it has over 1,000 employees who examine registered investment advisors, broker/dealers, exchanges,
4:06 pm
mutual funds and mutual advisors. this sounds like a lot of examiners, but it pales in comparison to the number of market participants that the office has to examine. the officer oversees more than 26,000 market participants including over 12,000 investment advisors, 1,000 mutual funds, 4,000 broker/dealers, 800 municipal advisors, and 18 securities exchanges. as a result, the commission is only able to examine about 10% of all investment advisors each year. which is a terrifying thought. this means that roughly 40% of investment advisors have never been examined. what makes this even scarier is that in 2015 a whooping 77% of the commission's examinations
4:07 pm
identified deficiencies at investment advisors and 11% resulted in referrals for enforcement action. if those numbers are constant, that means that of the 5,000 investment advisors that have never been examined, a little under 4,000 have deficiencies that have not been yuncovered. this is a scary thought for investors who rely on these advisors to manage these savings. i look forward to your testimony. thank you for your work. and i yield back the balance of my time. >> the gentle lady yields back, the vice chairman of the committee for two minutes. >> thank you, mr. chairman. welcome to our panel. i represent a rural district in virgin virginia, stretches from the northern piedmont to the north carolina border. i regularly hear from my
4:08 pm
constituents that they're concerned with the seemingly new normal administrative state in new washington that makes it difficult to access capital and be successful. it would help our nation's small businesses strive and build upon the bipartisan success of the jobs act, an equally important function is fulfilling congress's duty to conduct vigorous oversight. just as my constituents are concerned, i too am concerns that the sec often deviates from its three-part mission and to fascinate capital formation. hearings such as this allows congress to exercise its responsibility of proper oversight over how the sec allocates its resources in fulfilling its three-part mission. look forward to the testimony of our witnesses and thank the chairman and yield back the
4:09 pm
balance of my time. >> now, i welcome the members of the panel before us. your full statement will be made part of the record. you'll be recognized for five minutes. most of you have not been here before, but you know the drill i assume. you'll be recognized for five minutes. in front of you are the lights which are green, yellow, red. yellow light should come on when you have one minute remaining. so we'd ask you at that time to begin to wrap up and red light is when you have expired. with that, mr. butler, you are recognized for five minutes. >> good morning, chairman garrett, ranking member maloney and members of the subcommittee. thank you for inviting me to testify on behalf of the u.s. securities and exchange commission. the office supports the commission's three-part mission, protect investors, maintain
4:10 pm
fair, orderly and efficient markets. it does this by overseeing credit agencies that are granted registration as nrsros. in 2006, the credit rating agency established the regulatoregular framework. the dodd-frank act expand the the commission's authority and demanded creation of an office. the office's activities generally fall within three areas. first, examinations, next nrsro monitoring and constituent monitoring, and third policy and rule-making. examinations of nrsros accounts for the majority of the office's activities. the dodd-frank act requires an office to conduct an examination of each nrsro each annually and
4:11 pm
covers eight required review areas. the office employs a risk-based approach to exam planning. this improves the efficiency and effectiveness of the examinations as resources are prioritized and focused on areas of higher risk. in addition to the annual examinations and the office conducts sweeps and target examinations to address credit market issues and concerns, follow up on tips, complaints, and self-reported incidents. the nrsros have been responsive. many have implemented fundamental changes, strengthening policies and procedures for managing conflicts of interest, adding staff, investing in multi-year technology initiatives, enhancing disclosure, transparency and governance. the annual examinations currently under way include a comprehensive review of compliance with the new rules and amendments adopted in august
4:12 pm
of 2014 all of which became effective by june 2015. as required by the dodd-frank act, the office prepares an annual examination report summarizing the findings of the examinations. in december 2015, the office published a fifth annual examination report. the nrsro monitoring and constituent monitoring groups gather, analyze, and assess data and identify trends across the industry. nrsro monitoring conducts periodic meetings and heat meets on a proactive basis. nrsro monitoring meets with certain boards of directors including a separate discussion with the independent directors. constituent monitoring holds meetings with -- they conduct ad hoc research as warranted. the information obtained by the monitoring group provides useful
4:13 pm
input for examinations and guiding the direction of future rule-makings. the policy and rule-making group is responsible for drafting reports and including those required by the credit rating agency reform act and dodd-frank act. new rules adopted in august 2014 address among other things reporting on internal controls, conflicts of interest, including an absolute prohibition in hiring sales and marketing activities from analytics. procedures to protect integrity of transparency and rating methodologies. a requirement to approve a methodology before it is used, and standards of training, experience, and competence for credit analysts. additional certifications to accompany credit ratings affirming that no part of the credit rating was influenced by any other business activities.
4:14 pm
while the commission has broad authoritying and to impose sanctions for violating statutory positions, the commission is not permitted to regulate the substance of credit ratings or the procedures and methodologies used to determine credit ratings. thank you again for having me here today and i'd be pleased to answer any questions. >> thank you, mr. butler. mr. flannery, welcome to the panel and you are recognized for five minutes. you have a right, mr. butler, make sure you always push your button on and off. thanks. >> thank you. good morning chairman garrett, ranking member maloney and members of the subcommittee. it's my pleasure to be here today to talk about the responsibilities of the division of economic and risk analysis which we call dera. over the past several years, we have grown from approximately 96
4:15 pm
employees in 2013 to 175 by the end of this fiscal year. we anticipate employing 88 ph.d.s, but also some accountants. these ph.d.s will be supported by 2 research associates by the end of the year. also includes a team of other professional experts and professional staff. the rapid growth and result in depth of expertise has allowed dera to expand its support. our most well-known function is to provide economic analyses and rule-making and other priority initiatives. dera analyze the potential economic effects of the proposed and final rules and evaluate public comments on those rules. we provide theoretical and
4:16 pm
data-driven policies. we work closely with staff from elsewhere in the commission from the earliest stages of policy development to the final stages of a particular rule. in the course of assisting other divisions and offices, staff routinely prepares white papers and other documents that present novel economic analyses of specific policies or rule-makings. dera staff produced white papers for open-ended mutual funds operation. the funds derivative usage, volunteer clearing activity in the credit default swap market and another paper on the market for unregistered security offering. in addition to research performed, dera staff regularly public their research in journals and staff papers are posted on the dera web page to
4:17 pm
provide the public with access on our current research on financial markets. it extends also to risk assessment. we provide financial and risk modelling expertise to other divisions and offices in support of their supervisory surveillance and other investigative programs. it provides guidance on which entities to examine and what to look for during the examinations. one example is our broker/dealer risk assessment tool. it analyzes a firm's behavior to identify anomalous behavior. we also have a new corporate issue of risk assessment tool developed in conjunction with the division of enforcement that allows enforcement attorneys to examine over 200 custom metrics
4:18 pm
that help them to assess corporate issuer risk by identifying irregularities that may indicate fraud. we also work with the division of enforcement. dera staff provided expert assistance in over 120 new enforcement matters. those staff helped identify securities law violations, quantify to the harm to investors, calculate ill-gotten gains and economic based claims of a defendant. for cases that go to trial, dera helps to prepare the commissions outside experts and critique or challenge the work of opposing experts. dera staff have recently testified on behalf of the commission. none of this work could be performed without high quality data. dera acts as a central data hub throughout the commission. dera oversight falls into two
4:19 pm
distinct but related categories. we work closely with other sec divisions and offices to design data structuring approaches for required disclosures. dera supports data collections and usage by designing validation rules, data quality assessments, and data dissemination tools. dera is responsible for the day-to-day management of many databases. we also develop and refine data sets that are purchased from outside. i believe dera staff are delivering high quality, data-driven analyses that are critical to the sec's mission and we look forward to continuing this work in the future. thank you again for inviting us. i look forward to answering your questions. >> mr. mckessy, good morning, and welcome to the panel.
4:20 pm
>> good morning chairman garrett, ranking member maloney, and members of the subcommittee. thank you for inviting me to testify regarding the responsibilities and activities of the office pof the whistle blower. it's currently comprised of 13 attorneys, five legal assistants an administrative assistant. it will deviced to provide the commission about possible securities law violations, to act swiftly to protect investors from harm and bring violators to justice. people who provide information resulting in monetary sanctions exceeding $1 million may be eligible to receive an award equal to 10% to 30% of the monies collected. we evaluate whistle blower award
4:21 pm
claims and whether they satisfy the eligibility requirements for receiving an award. we continue to receive a significant number of award claims including 140 in fiscal year 2015 alone. preliminary determinations and/or final orders have been issued for nearly 400 cliems for whistle blower awards. the commission has awarded more than $57 billion to 27 whistle blowers, including more than $37 million in 2015 alone. the efforts of these 27 whistle blow blowers has included over $325 million in discouragement ordered to be paid to compensate harmed investors. because all our payments are made out of our investor protection fund, the amounts ordered to be returned to harmed investors have not been affected
4:22 pm
in any way. thanks in part to the positive attention the program attracted, the number of whistle blower tips we received has increased each year. a 30% increase over the number received in fiscal year 2012. since the program's inception, we have received more than 16,000 tips from whistle blowers iner state of the country and from individuals in 95 countries outside of the united states. our office is also actively involved with enforcement staff and helping to ensure employees feel secure in reporting wrongdoing without fear of retaliation. the commission brought its first enforcement action under the anti-retaliation provisions of the whistle blower program, retaliation in any form is unacceptable. the commission has expressed its view that the anti-retaliation
4:23 pm
protections extend to those who report potential securities law violations internally regardless of whether they separately reported the information to the commission. our office continues to assist enforcement staff to prevent them from coercing employees. we brought the first enforcement action against a company that required its employees to sign broad confidentiality agreements. this rule prevents any person from taking any action, including forcing or threatening to enforce a ficonfidentiality agreement. safeguarding whistle blowers' rights continue to be among our top priorities. in the less than five years since the implementation of the program, we have demonstrated we can and will protect the confidentiality of whistle
4:24 pm
blowers, to report wrongdoing and award tens of millions of dollars to whistle blower whose information leads to successful enforcement actions. we expect the commission will continue to receive high quality tips that can be leveraged to detect fraud earlier and more efficiently. it will continue to be a game changer and ensure the fairness and efficiency of the marketplace. thank you again for the invitation and i'm happy to respond to your questions. >> thank you. last but not least, mr. wyatt, you are recognized for five minutes. >> chairman garrett, thank you for the opportunity to discuss the sec's office of compliance, inspections and examinations, ocie, with you today. ocie examines the sec's mission through examinations.
4:25 pm
with a staff of just over 1,000 employees, ocie has examination responsibility for registered entities consisting of over 4,000 broker/dealers, more than 400 transfer agents, over 650 registered municipal advisors. also oversight responsibility for 18 national securities exchang exchanges, six active clearing agencies, and the pcaob. recent legislative changes have expanded ocie's responsibility to include examinations of security-based swap market participants as well as crowd funding portals. compounding is the continued growth in the financial markets and the complexity of market
4:26 pm
participants. ocie is in the formative stages of reallocating advisors. we've adopted a risk-based framework for examinations, increasedizati utilization of advanced analytics. we've adopted our framework to identify activity which may harm investors. finding operational red flags in our restaurant population. this allows them to identify examiners and determining the areas that will be reviewed in the course of an examination. over the past five years, ocie has recruited industry experts, e enhanced our technological capabilities.
4:27 pm
for example, in the last fiscal year, ocie developed a new version of neat. neat enables examiners to access and analyze a year's worth of trading data much faster than we ever could above. developed techniques and technologies that help them detect specific activity in areas such as money laundering and high frequency training. it will prevent fraud and monitor risk. ocie strives to improve compliance through greater tran paraphernalia -- transparency. we allow them to self-assess and report immediate noncompliant behavior on their own. inform registrants about area the staff believe represent heightened risk and may warrant
4:28 pm
examination. we are pursuing several key initiatives that are critical to the protection of investors. in 2015, ocie launched the retire initiative focused on investment advisors and the services they offer to investors with retirement accounts. we remain focused on retirement based savings because they're faced with a complex set of factors when making critical divisions. another priority we've announced is cybersecurity. we've conducted examinations to identify cybersecurity risks and assess cybersecurity preparedness among broker/dealers and investment advisors. we published our intended areas of focus. after conducting exams, ocie published a summary of our observations. we're continuing to conduct
4:29 pm
cybersecurity examinations including access and control rights, vendor management and incident response. the final priority i will mention is liquidity. in light of changes over the past several years, ocie is examining advisors to mutual fund, etfs and private funds. include a review of various controls, trading activity and valuation policies. thank you for inviting me to testify today and i would be happy to answer any questions. >> thank you for your testimony. at this point, i'll recognize myself for five minutes to begin questions. i'll begin with mr. butler. one of the areas that there was actually buy partisan support in dodd-frank was with regard to removal of references to credit rating agencies 939-a. that was an area that i work with chairman frank at the time to get included in the -- in the
4:30 pm
dodd-frank and remove references throughout. but despite -- and the purpose was -- putting that into dodd-frank was what? to say that investment decisions should not be as they had been prior to that, entirely relying upon credit rating agencies. but we've seen since then, despite the removal and specific in the regulations that some pension funds are still including them. some pension funds are still specifically including the names of two of the large agencies in their investment guidelines. so in 30 seconds, can you say has 939-a been effective as far as what the intention was here? >> 939-a spoke with regard to the removal of references with regard to federal statutes. and the sec's actually -- wasn't
4:31 pm
the office of credit rating responsible for the removal. the office of the divisions completed the work there. so all references have been removed from federal statute. >> has that been effective? i understand there are certain pension funds actually seeing two of the larger credit rating agencies saying that their opinions in the past were wildly inaccurate on the one hand. but on the other hand, they actually are still using them as far as their investment guidelines which seems counter intuitive or perhaps opposed their fiduciary duty? >> i'm aware there are specific references to credit ratings by name or oftentimes by reference to the big three. >> is that a problem? >> i wouldn't necessarily characterize it as a problem. the statute didn't allow us to do more other than remove references within federal statute. >> is there something more that should be don done, that
4:32 pm
congress should be doing or sec can be or should be direct the to? >> it was not within the office of credit ratings oversees. that was the advanced trading markets -- >> is there anything else we should be doing in this regard? >> with regard to the office of credit rating, we're comfortable with the authority we have. >> i got that. is there anything else you'd be recommending in the light that funds are still relying upon them? >> we're comfortable with the authority we have. beyond that, i wouldn't really want to comment. >> i got you. mr. flanery. when it comes to certain regulations, economic benefit analysis in one form or another is conducted by the agency, correct? >> yes. >> right. when you came to the issue of the pay ratio rule, that was done? >> yes. >> and in that analysis, did
4:33 pm
they find that -- is it true they find they cannot quantify a benefit? >> yes, i think that's right. ultimately, the -- the justification, the benefit for the pay raise share rule was tied to informing investors about the possible as vicebility of their say on pay votes. >> at the end of the day, the sec could not quantify a benefit correct? >> yes, sir. i think there's a difference between quantify and find. a lot of what we do is very difficult to quantify even though it's very important. >> the decision-making process, why was this one done when other areas when you can quantify a benefit? >> i -- dera responds to the rules as they come up, as they're treated by the commission. we try to explain and clarify to them what the economic facets of the decision are, and then they are free to weigh those benefits
4:34 pm
and costs against the other -- >> is it fair to say this was done because it was a mandate of congress as opposed to the sec recommending that it be done? >> i believe it was a mandate of congress. i believe it was in dodd-frank. >> it's a shell situation as opposed to amaze situation. there were other areas where you could quantify a benefit, correct? >> where we could probably do more quantification than in that case, yes. >> is there a reason why we see in areas where you can't quantify, the sec goes ahead and does so, and when you can quantify, vice ser sa. >> we are in many ways a reactive division. we don't actually control when the rules are considered. >> do you make recommendations at the end of your report? >> about the order of consideration? >> no, sir, we don't.
4:35 pm
>> gentle lady from new york is recognized for five minutes. >> thank you, mr. chairman. dr. flanery, it's very good to see you again. as you know, i'm a big fan of structured data. it certainly makes it easier for investors to locate good investments, diamonds in the rough, and easier for startups and new businesses to get it out and let investors know where they can make a good investment. in your testimony, you described dera as the hub of information with the commission. so can you talk a little bit about why structured data like xbrl is useful to the investor and useful to the sec and exactly where does the implementation of it stand now with the sec? >> yes. we have an office of structured
4:36 pm
disclosure inside of dera. the purpose of that office is to advise where and what and how data should be structured. so when there's a new rule, when there's a revised form, these folks evaluate what can be captured and what's the best technical way for it to be captured, which xbrl is one good possibility. a good example of what that does for us, we now publish on our website quarterly financial reports for all registrants. the small ones don't get a lot of attention from the commercial data providers. we have a complete set of information, and that's useful to investors for the purposes you said. it's useful for us when we do a rule or risk analysis because we have a more complete and a much better grasp of the information that is most relevant to the firms that have the hardest time
4:37 pm
raising capital. so it's a very valuable resource for us and we provided the data to the public. one of the things about xbrl, the data are to be filed within the end of the quarter, and usually the end of next week, we have those data sets up and available for people to use. >> some people say they don't use it because there's no enforcement on the accuracy on the xbrl. aren't you dependent on what the industry hands you? the company hands you their data. you don't check to make sure that data is correct, correct? >> it did be done easily with an -- >> but you do rely on the industry giving you the information, correct? >> yes, we do. and there -- there's been a learning process since 2009 when we first required the largest registrants to report using
4:38 pm
xbrl. >> how could you enforce the accuracy more? that is the one complaint that i hear from investors that they would like it to be accurate and there's no guarantee that it's accura accurate. so they say they don't use it because there's no really check on the accuracy. how could we improve the accuracy and the enforcement of accuracy on the data you receive? >> that's a primary objective of our office of structured disclosure. as i mentioned, within xbrl, there are various mechanisms for at least assuring the internal consistency of the data. if somebody files an incorrect number, whether that's in xbrl or on paper, there's nothing we can do about that as long as it is not inconsistent with other parts of the report. but our osd people are investigating at all times, when
4:39 pm
i said how the data get reported, they're investigating how we can most efficiently ensure and increase compliance. >> they say that one of the best ways to get accurate data is, you know, when the sale takes place on the exchange, just being able to capture that as e opposed to depending on private industry. what's your response to that? >> that would be a stock sale. >> yeah. >> and the data i've been thinking about -- talking about was the financials provided by fr registrants in xbrl. >> yeah, but the stock sales. >> the stock sales, we have direct feeds. there are direct feeds that go to various private participants. but we have direct feeds and the consolidated audit trail which is to be considered next wednesday i believe which eventually make those audit trails extremely accurate and
4:40 pm
detailed. >> how does your work differ from the office of financial research which is also capturing this information? do you share your information with them? >>. >> yes, we absolutely do. they're responsible to the fsoc. we have collaborated with them on a couple of important data sets. one is hedge fund data. very confidential data. we look forward to continuing a fruitful relation with them. >> we're coming up on votes. i'm going to try to keep things within time. >> thank you, mr. chairman. mr. flannery, i had some questions for you. the president signed executive order 13579 that required all agencies to perform an analysis of rules that may be out moded
4:41 pm
or burdensome and appeal them in accordance with that which has been learned. seems like to me your division is uniquely qualified to perform research for the sec and that's -- that's the purpose of your division, correct? >> it's certainly one of the purposes, yes. >> have you -- has your division participated in any of these -- these retceiptro specktive revi? >> they usually get examined after about ten years after their instance. and we do that in conjunction with the general counsel's and i was. rather than taking credit for finding potential things that can be improved in these rules, i should sar it with some of the other divisions. because a lot of information comes in from the other industries from the industry.
4:42 pm
there are frequently things that can be -- where the burden can be reduced by staff guidelines, by no action letters. and lot of the kinks, if you will, that might be in an initial rule can be worked out that way by staff interaction with the registrants. >> since the president signed this order, can you think of any example in which a rule has been repealed such as it is because it was excessively burdensome, intesktive or outmoded. >> i can give you an example. a need for better information and a reduction in the frequency of reporting. that would be to do with import, which is the mutual fund asset composition reports that are going to be filed if the rule is improved. we were trying to take advantage of better information and reduce the -- >> and that was done through
4:43 pm
staff guidelines? >> yes. >> but dwen, just to be clear, modify, streamline, expand or repeal. there's not an instance you can think of where a rule's been repealed? >> i cannot remember one, no, sir. >> all right. another question i have deals with the issue of regulations that are developed, some pursuant to dodd-frank with participation from joint -- joint participation from individual agencies and obviously there is a requirement of review by your office in terms of cost benefit analysis, the economic impact, economic effects of these rules, but there are some who suggest that when it is a joint rule-making, that that -- that that cost benefit analysis is not required. what's your take on that and have you had -- have you-all had
4:44 pm
pushback from the other agencies that you've had to develop rules with on that specific issue? how do you deal with that? >> of course you're right. we have a securities law requirement that we consider among other things efficiency competition and capital formation which is unique to the sec. we will do a joint rule with the banking regulators and ours will be the only economic analysis. there's one that we're involved in now where we -- >> so is the analysis that you do, is that used in the prom l investigation of the rule? >> yes. >> so the banking regulators don't do that? >> i believe that's correct. they're not required. i don't know what they do inside. but they're not required to put an economic analysis out with the rule text for public comment. >> do you see a problem there,
4:45 pm
where you have an extensive work done by your agency evaluating the cost and benefits on your side as it relates to your registrants, but not as it relates to those regulated by the other agency? is that a problem? >> i don't know whether there's a problem in that regard. what i know is that we have different statutory and regulatory constraints that we operate under. we develop our guidance on economic analysis to take advantage of our specific expertise and fit with the specific inconstitutions and pa -- institutions and capital markets we work with. whether that should transplant elsewhere is beyond my expertise. >> thank you. >> thank you, mr. chairman. my first statement is to thank you and to thank our distinguished panel of witnesses
4:46 pm
for their appearance and testimony today. my first question is to mark flannery. as you're aware, the department of labor issued a rule earlier this month regarding the fiduciary standard of care owed to investors when providing them investment advice about their retirement accounts. this standard of care provides they act in the client's best interest. chairman hoyt has publicly stated she would like the sec to implement its own fiduciary duty rule. has the sec studied whether conflicts of interest in the provision of investment advice hurts investors? >> as you say, this is a major objective of the chair, and she
4:47 pm
has people in training and markets who oversee brokers and dealers. she has people in investment management, and staff from dera collaborating on developing a rule. turns out for reasons that surprised me very much because i was new to the sec, it turned out to be that it is a very difficult problem. it's taking a long time to get it right, when we want to make sure we get it right when we get something out. >> this committee has considered bills that would impose a cost benefit analysis on the sec. and i believe these bills would favor industry over investors and open the sec up to increased litigation risks. can you please describe all of the economic analysis obligations that the sec undertakes when it looks to propose a new rule or an amendment to an existing rule? >> yes, we have -- as i said, we
4:48 pm
have a 15 or 20-page document that we refer to as the guidance which is about four years old and lays out the content of what should go into an economic analysis at the sec. we establish what's called a baseline. we try to document what is the state of the market, what is the state of the affected players. if we don't introduce the rule. so we start with a baseline. we spend a lot of time trying to document that with statistics. that gives everybody involved in the discussion an opportunity or perhaps an obligation to work off of the same baseline. then we are interested in identifying who will be effected by the rule. who is likely to be affected by the rule and what will be the benefits and costs to the various -- the various people who the are affected, the various firms and individuals. one of the things that we find is that there are many cases
4:49 pm
where we cannot quantify a benefit. so i would love someone to explain to me how, for example, i could quantify the benefit of a more informed investors. i know it's positive -- >> i can't answer your question, but i am very much in favor of that rule that the secretary of labor has recommended and has had hearings for a long time and that i think would certainly help investors. mr. wyatt, the office of compliance inspections and examinations completed approximately 2,000 examinations by 11 regional offices. is the current sec budget sufficient to keep pace with the increasing number of examinations that need to be conducted. >> we certainly are trying to use our limited resources as effectively as possible. we are trying to endeavor to increase our examinations for
4:50 pm
last year, fiscal year 2015, was a four-year high for the examinations. we are striving to conduct additional examinations and increase our is around 10% on the broker dealer side, together with finra we got to 50% of those registrant. we certainly welcome additional resources and information that can help us develop our exam program and risk-based program to conduct further exams. >> how do the s.e.c.'s resources to examine registrants compare to the resources of some of the large broker dealers, banks or other public companies that the s.e.c. is supposed to hold accountable? >> and just very quickly. >> the s.e.c. has -- o.c. has 1,011 examiners there are some large, global registrants who have over 3,000 in their compliance program, to a global compliance program, i will highlight. >> thank you. yield back.
4:51 pm
>> mr. royce. >> thank you, mr. chairman. thank you to witnesses for joining us today. experts have deemed the united kingdom's retail distribution review as being effectively i y identical to the labor department's rule in the eye of just not industry but the eyes of the british government itself, implementation of the rdr review, created what they called an advice gap that locked out middle and lower income savers from investment advice. i've studied the johnson report about the department of labor's communications with the s.e.c. during the lead-up to the rules release. i share the senator's frustration with the department's lack of cooperation in releasing all of its communication with the commission regarding this rule. so i am going to ask mr. flannery, did the d.o.l. and the s.e.c. communicate about the
4:52 pm
impact of great britain's rdr on british consumers and, if so, to what extent? and if not, why did the s.e.c. not think it relevant to reference the fact that a developed economy has already implemented a rule, similar to the d.o.l.'s rule, and this was no longer a hypothetical situation. >> the retail distribution review, which i think took effect at beginning of 2013, we viewed in the s.e.c., we viewed that as an extraordinarily interesting policy step we can call it experiment because it didn't involve us. i undertook a couple of conference calls with people over in the regulatory agencies there, with those -- with me on conference calls was one of my staff who was involved in dealidea dealing with the department of labor economists. so we conveyed certainly that information to them.
4:53 pm
i don't know in what form. i'm not familiar with details. but certainly information was conveyed through that individual. >> information coming back the other way about the advice gap they were experiencing in britain with middle income and lower income savers from investment advice, that information was being -- >> it was -- >> -- collected or studied. >> it was certainly conveyed to the department of labor. when asked to provide technical advice to any organization, we provide technical advice based on our expertise with institutions and our space. so if we sent over comments or suggestions, those people are operating in a different regulatory environment under different legislation and it's, therefore, their decision which of our comments is most appropriate to their situation. >> i was going to ask mr.
4:54 pm
mr. mckessey a question, and this goes to the issue of the office's creation under amendment i offered in this committee. it came as a result, actually, of the struggle which she explained to us decade-long ti e veil to bring bernie madoff's ponzi scheme to the s.e.c. and in particular, his frustration, year after year, failure of the s.e.c. to take any action against bernie madoff. so the idea, in a nutshell, was that by establishing a separate office within the commission, the s.e.c. would be better situated to protect whistle-blowers and ensure that their concerns are, in fact, acted on and not handled as the previous situation was. do you think the new structure is working, and what could be done to improve it? and i'm also concerned that not
4:55 pm
unlike the gaps in coordination we had between regional offices and divisions in the s.e.c., before your office was created there may be gaps in coordination with other parts of the government. how does your office coordinate with other federal agencies that allege conduct that is beyond the s.e.c.'s jurisdiction? that is the thrust of what i'm concerned about. >> so, i think the office, creation of the office of the whistle-blower -- i'm grateful for it, it created my job -- i think it has been effective in encouraging whistle-blowers to come forward. i certainly have hat a number of meetings now and gathered thoughts on how we can be effective in advocating for whistle-blowers. i think beyond the office of the whistle-blower, there are other structural changes in the agency that i think have been effective in dealing with issues like information gaps, creation of
4:56 pm
office of market intelligence, a centralized office that centralizes all of the intelligence that comes into the agency to make sure that when we get a tip from a whistle-blower, if it's related to something that somebody's already looking at, that it finds the right home and we don't have competing offices working on the same matter. i think -- at the end of the day i think the fact that the office, the whistle-blower office provides three benefits to whistle-blowers, confidentiality, anti-retaliation and ability to be paid created real incentives for people to come forward if they otherwise were unwilling or reluctant to. i think we're seeing results in that in the fact we've soldier list itted over 16,000 tips since the program went into effect. >> good, good. >> gentleman from massachusetts, five minutes, recognized. >> good morning. thank you mr. chairman. i want to thank the witnesses for their help on this issue. mr. butler, i was a member of this committee during the
4:57 pm
financial crisis going back to 2008 and i think it's beyond any reasonable doubt that the rating agencies played an important role as facilitator of the crisis and they not only amplified the intensity of the crisis but also, i think, facilitated the wider skop cope the crisis as well. independent researchers, investigators, as well as the justice department basically said that the sort of pay to play role that our testimony has been in place where customers pay for ratings and that the conflict of interests on the part of the rating agencies contributed greatly to the problems we had back then. and that that model has to change. now, since the crisis, your agency hasn't instituted any fundamental changes in the credit agency business model
4:58 pm
that created those conflicts of interest and credit rating agencies have returned to record profits. your own most recent examinations found severe failures by major credit agencies to comply with their own stated policies and procedures, yet you have not levied any fines or penalties on rating agencies you have not used your statute authority under section 15-e under the security exchange act to suspend agencies or individuals from ratings and office of credit ratings public examination do not identify, they don't identify the specific rating agencies that violate procedural rules. you don't call them out. no name in shame. it seems to he moo that tme tha system is designed to shield rating agencies from any accountability. we don't identify the people, we use terms like one of the larger rating agencies, which i assume is one of the big three.
4:59 pm
your testimony states to protect users of credit agencies. do you believe we can get to that place without eliminating the conflict of interest that currently exists where companies pay the rating agencies for favorable credit ratings and that the companies are in competition with each other, there's a great segment in the big short, that movie, where they're talking to one of the folks from stand or and poorer's and the analysts ask, why aren't you tougher on or more demanding on these guidelines? and the woman, from standard and poorer's says if we do, they'll just go to moody's. that sort of encapsulates the problem here. so, what's the answer here? i mean, as on as we have that
5:00 pm
conflict of interest, are we ever going to get to a place where we're actually as, you know, your mission states, are we able to protect users of credit ratings? >> in my estimation, compliance is not a destination but a journey. and we're rel along on that journey with regard to rating agencies and infusing in them importance of compliance, enhanced governance, transparency, training, and other methods to build rigor within the rating process and to establish integrity. to address specifically your question with regard to the issuer or paid conflict. in august 2014, the commission adopted a new set of rules and the rules were effective fully indown of 2015, importantly in that set of rules there's a requirement for a complete separation of the sales and marketing function from the


info Stream Only

Uploaded by TV Archive on