Flaws in SEC document-shredding policy affirmed by watchdog

A long-awaited report on document retention practices faults the Securities and Exchange Commission for misapplying policy and being less than forthright in its explanations after an internal whistleblower this summer came forward with charges that SEC wrongly destroyed thousands of documents related to preliminary investigations of companies involved in the nation's 2008 financial meltdown.

An SEC inspector general's report released Tuesday but dated Oct. 5 found no grounds for referring the matter for criminal prosecution by the Justice Department. But it reprimanded SEC managers for destroying some documents they should have retained and for misleading the National Archives and Records Administration after it challenged SEC's practices.

Rolling Stone magazine in August broke a story that SEC violated document retention polices, based on charges lodged by a 13-year veteran of the commission's enforcement division named Darcy Flynn. The same day, Sen. Chuck Grassley, R-Iowa, sent a letter to SEC Chairwoman Mary Schapiro saying he had received a letter from Flynn's attorney alleging that SEC staff destroyed thousands of documents related to a procedure called matters under investigation. A MUI is the first step the independent financial regulator takes when it receives word of a possible securities violation.

In Tuesday's report, Inspector General David Kotz and his team wrote that SEC enforcement staff's "case-closing manual, which has been posted on enforcement's intranet since at least 2001, specifically directed enforcement attorneys, 'After you have closed a MUI that has not become an investigation, you should dispose of any documents obtained in connection with the MUI.' "

The auditors found that "staff destroyed documents related to closed MUIs that should have been preserved as federal records. These documents included anonymous correspondence and complaints, correspondence from the SEC requesting documents from companies in the course of a MUI, and correspondence to accompany companies' document production responses."

But the IG added that it was unaware that the destruction of documents hampered any investigation, and found no evidence of "improper motive" behind the long-standing policy, "although there was a lack of clarity as to the rationale for the policy."

The IG said SEC's reply to Archives officials did not comply with federal regulations and omitted key information, while the commission's destruction of the records may have affected its ability to comply with Freedom of Information Act requests. The IG called for further refinement of document retention policies to address continuing concerns from Archives officials.

SEC Spokesman John Nester said in a statement, "We appreciate the inspector general's review of the decades-old document retention policy that was discontinued in July 2010. We are pleased that the inspector general found no evidence of any improper motive on the part of current or former SEC staff, and is not aware of any enforcement investigations that were hampered as a result of the policy that had been in place for 20 years. As the report notes, the old policy was discontinued when the National Archives and Records Administration voiced concerns. We will continue to work closely with NARA to resolve any outstanding issues."

National Archives Chief Records Officer Paul Wester said in a statement that his agency agrees with the IG's recommendations, welcoming a review of SEC management guidance on conforming to the Federal Records Act and promising site visits to SEC facilities.

"The ability of the National Archives to ensure that federal agencies properly manage all of their records and that records of enduring value are preserved for future generations depends on the cooperation of federal agencies," Wester said. "Records that document the workings of the federal government and hold federal officials accountable for their actions are the cornerstone of our democracy. Therefore we were disappointed that the SEC had omitted important information when it responded to NARA's 2010 query." Grassley appeared unsatisfied with the report. "When a whistleblower reported inappropriate document destruction at the SEC, the agency seemed to spend more time covering tracks and drafting a lawyered-up response than just following the law and otherwise using common sense," he said in a statement. "Even now, after a detailed inspector general review, it's not clear why the SEC had an official policy to destroy a large category of documents. No one seems to know the rationale for the policy in the first place. The result is a messy situation that the SEC needs to clean up, using the guidance and recommendations in this report as a start." He called for a new IG probe of which documents were destroyed and which cases might be affected.

Stephen Kohn, executive director of the National Whistleblowers Center, told Government Executive he remains concerned that the whistleblower be protected from retaliation. "The IG needs to take a harder look concerning culpability," he said. "I've read this type of report many times, where they find misconduct but then give a pass."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.