SEC faulted on record-keeping performance

Jonny McCullagh/

The Securities and Exchange Commission lacks clear policies and proper training in records management, according to a recent audit.

Jon Rymer, the interim SEC inspector general, surveyed and interviewed employees to determine whether the agency’s Office of Records Management Services had thoroughly complied with President Obama’s November 2011 memorandum on improving records management. The agency’s policies on financial document destruction became the focus of a whistleblower controversy last year.

SEC documents include confidential treatment requests files, correspondence, investigation records, records of matters under inquiry, transcripts, working papers, consumer complaint files, congressional and chairman files, administrative proceedings files, self-regulatory files and bankruptcy files.

“The SEC does not have an active staff assistance program, and periodic agency-wide staff assistance visits were not conducted by [the records management office] or its predecessors,” the audit concluded. Although the central records office “provided assistance to SEC offices and divisions to identify their records and has scheduled records for disposition, it has not conducted staff assistance visits of all 36 SEC offices and divisions. Therefore, confusion exists,” the audit said, “regarding their records management responsibilities.”

The audit, dated Sept. 30, also highlighted inadequate training specific to records management and faulted some offices for not responding to requests within required deadlines. The absence of a “timely review of commission records eligible for destruction” has left a 10-year backlog of documents that have not been properly destroyed,” the report said. Up to 40 percent of SEC employees responding to the IG survey had not disposed of any records, as privacy policy requires.

In 2011, a whistleblower made national headlines by accusing the SEC of destroying as many as 9,000 documents related to preliminary investigations involving companies that played active roles in the 2008 financial meltdown.

The IG made 12 recommendations, including increasing the number of visits to offices by records management specialists, improved internal controls of documents as well as policy training in records retention.

SEC management agreed with all the recommendations. The IG has called for an action plan to implement them within 45 days.

(Image via Jonny McCullagh/

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.