Mike Piwowar, Former SEC Commissioner, Talks Data, RegTech, CCO Challenges and Regulatory Direction

Published On March 1, 2019

In this interview, Mike talks about his previous roles at the Commission, what he’s doing now and why.

What are you doing now?

I am currently the Executive Director of the Center for Financial Markets at the Milken Institute, which is a nonprofit, nonpartisan think-tank. Its overall mission is to advance collaborative solutions to increase prosperity by widening access to capital, creating jobs, and improving health. I run one of the seven centers and we have four key programs, which encompass access to capital, fintech, housing finance, and international capital markets. I joined in September of 2018.

I was a commissioner at the US Securities and Exchange Commission (SEC) for five years. Much of what I am engaged with at the Milken Institute continues my work at the Commission, such as improving access to capital and helping to pursue the American dream by investing in entrepreneurs. In addition, I was named a distinguished policy fellow at Georgetown’s McDonough School of Business in their Center for Financial Markets Policy. I am a proud MBA alum and delighted to be engaged with that program where I am a guest lecturer and conference participant. In addition, I was invited onto the advisory board of Behavox, which is a very exciting opportunity and business.

How can you best summarize your time at the SEC?

I had one official position, but I like to say that I had four different jobs over my five years there. When I first arrived with a full Commission, we were in the midst of a lot of the Dodd-Frank rulemaking, which is the single biggest piece of financial regulatory change in the history of the United States. Many think that after it was passed in July 2010, that was the end of it. Far from it! It was just the beginning and the financial regulators had to promulgate 400 new rules of which the SEC was responsible for about 100.

My second role was as a minority commissioner with a three-person Commission; a quorum requires that all three commissioners be present to approve any Commission action. This gave me more leverage, which I could use to make some deals, slow down some actions that I did not agree with, and push forward some of my own ideas.

My third job was as Acting Chairman after President Trump took over; we were down to two commissioners – myself, a Republican, and Commissioner Stein, a Democrat. This was the time I am most proud of as a commissioner. Rather than being just a seat-warmer, I took the opportunity to be very active. Commissioner Stein and I worked very hard to identify and to move forward on bi-partisan rulemaking. It was a distinct contrast to many of the Dodd-Frank rulemakings, which were heavily politicized and often broke down along party lines. This was the opportunity to put the SEC back on the path of a bi-partisan and collaborative government agency, working on rulemaking closer to our core mission of protecting investors; maintaining fair, orderly, and efficient markets; and promoting capital formation. One of the more prominent rulemakings we drove was the shortening of the trade settlement cycle from three to two days, getting the US back on track with the rest of the world and taking a lot of risk out of the system.

My final job was as “caddy” for the new Chairman Jay Clayton (he is a keen golfer), and giving him advice and essential background before he made key decisions.

What is the current view of Jay Clayton and the direction of the SEC especially with regard to the wholesale market?

Jay came in and set out that he wanted to focus on the retail side. Mr. and Mrs. 401(k) is his favorite phrase. This takes the SEC back to its core mission. He is also very focused on critical market infrastructure, especially cybersecurity. Regulatory Systems Compliance and Integrity (SCI) is fairly new and subjects many regulated entities to SCI; this places emphasis on monitoring for systems compliance. Non-SCI entities must also be resilient to cyber threat. One of the first things Chairman Clayton did when he came into the Commission was assess the SEC’s own approach to cybersecurity and in the midst of that review he found that it had been hacked a few years previously. Cybersecurity and resilience is very high on the priority list.

In addition, there will be more work with the banking regulators and Treasury on anti-money laundering programs and there is a new emphasis on that administration-wide. Digital assets and crypto, in terms of how to designate them and what the SEC is thinking, adds to a full menu.

Finally, there are the self-regulatory organizations (SROs) that the SEC oversees (e.g. MSRB, FINRA, and the exchanges) with particular emphasis on FINRA, and the reliance placed on them to follow through on their examination programs.

On rulemaking, Regulation Best Interest will take center stage for the retail side. Work with the Commodities Futures Trading Commission (CFTC) has already commenced to try to catch up and rationalize rulemaking for the derivatives side. Dodd-Frank gave jurisdiction over the swaps market to the CFTC and the securities-based swaps market to the SEC. The CFTC moved ahead fairly quickly and progressed rulemaking, but the SEC was slower to do this. This now presents an opportunity to work with the CFTC as they review their rules and the SEC considers adopting the same principles.

What are the challenges and obligations on the market side, bearing in mind the complexity of the regulation and the speed of change – how can the CCO of an investment bank best prepare and prevail?

Securities laws are extremely complex and difficult. Under previous Commission leadership, the approach was much more confrontational and enforcement-led; placing high expectation on the CCO, and potentially personal liability for violations at their firm. This gave me great discomfort. Of course you want a CCO who is focused on compliance, but you want one who is running into the fire and not away from it.

There is a balance that the Commission needs to have when it discovers violative behavior. If it is egregious behavior, like fraud, and causes harm to retail investors, of course strong enforcement action is appropriate. And, regulators always need to be mindful of being captured by the firms they regulate. But, there are so many minor technical violations with no discernible harm. Is this best dealt with by a deficiency letter? Is it enforcement and if so how punitive should it be? Are there unintended consequences from an enforcement action? For example, if other firms see the SEC penalise them for those smaller infractions, will it reduce the motivation to pursue full compliance? Some firms might decide to save the money spent on compliance and take their chances on a future monetary penalty. Too much reliance on enforcement can unintentionally reduce the incentives to pursue compliance, which is not good for the markets and investors. This is where technology can come in and help the compliance effort enormously.

With increasing reliance on tech by the regulators, use of the cloud, the CAT and RegTech, what is the impact these developments can forge in the market during the next five years?

It all starts with data; the vast amounts of data being collected by the regulated entities and the regulators, and the ability to make sense of it. A large percentage of all the data that has been collected was generated in the last three years and that is increasing exponentially. I actually did some work with the compliance folks at the Commission 17 years ago as an economist and we were just starting to get data on the corporate bond and municipal bond market, which led to rudimentary analyses using SAS datasets and spreadsheets.

Now the ability for the SEC to use cloud computing and AI presents a different dimension. The Consolidated Audit Trail (CAT) offers huge potential in the future. In the meantime, the SEC has access to the cloud-based Market Information Data Analytics System (MIDAS), which was implemented from a third-party vendor off-the-shelf solution after the flash crash in May 2010, to monitor trades and quotes in real time. This enables communication and collaboration with the markets.

In terms of collaboration and the ability to share data and gain insights, do you think this is a facility that might be used as an approach between regulators and even between regulators and the market to improve and standardize compliance?

Something we saw after the financial crisis was that the banking regulators (Federal Reserve, OCC, and FDIC) and the market regulators (SEC and CFTC) were more confrontational as a reaction, and the pendulum swung quite significantly from a more collaborative approach before. Ten years later, and that pendulum is swinging back. We are seeing it among market participants, especially with respect to cyber security, where trade groups that represent very competitive firms recognise that these issues require sharing of information to construct a better aggregated view, as well as opening a dialogue with the regulator. The SEC is adept at communicating with the market as it examines it, especially if there is widespread misunderstanding, which avoids a repeat of the “broken windows” enforcement-first mentality.

In an increasingly global market where practice and rules start to blend and have influence on each other, do you think demands of investors and participants will shape regulatory harmonization and global adoption of the highest standard?

We saw this in Dodd-Frank, where some of the provisions were adopted explicitly by foreign regulators or where global investors were demanding similar practices in other jurisdictions. We also experienced this when MiFID II was coming and I was working at the Commission, especially around the unbundling of research and the unintended effects this would have in the US. So we worked on that and bought some time in the window after MiFID II, through three no-action letters, to assess the right response.  

GDPR is interesting; whether it is directly from GDPR or the general recognition around data privacy and portability, the issues it raises permeate into other areas like open banking where we have seen something similar in California. Some states tend to take the lead, such as Massachusetts and California. We are seeing this not only at the international and state levels, but there is increasing interest on Capitol Hill in terms of legislative requirements at the federal level. These trends are not new. When I was an economist at the Commission fifteen years ago we went to see one of the Canadian regulators and they watched what we were doing very closely as the markets are so linked; this encourages harmonization. Our regular dialogue included what was and was not working. As the world gets more connected and global, this collaborative approach will ensure regulators are focused on similar things. As more data is produced, evidence-based rulemaking will start to prevail.

What was it that made you decide to work with a company like Behavox when you have limited time outside your main role and many offers from other interested businesses?

In two words – Erkin Adylov (the CEO and co-founder). In my career, I have had the opportunity to meet a number of visionary leaders, a number of CEOs, from startups to large complex financial institutions. When I met Erkin it was clear to me that he has not only one of the most brilliant minds, but the sort of leadership qualities where he has vision and knows exactly where he wants to go. He has assembled a team of all-stars, he can articulate that vision and he has already implemented it to put the business on a course where I can foresee Behavox being incredibly successful.

I did my due diligence; I spoke to clients of Behavox and these people used phrases like “game changer” in terms of their approach to compliance. You look at who has invested and these are very serious venture capitalists who have so many other opportunities but are putting their own money into this company, which speaks volumes.

I am joining at a very exciting time in the growth of the business. It is not just a compliance company but also offers a holistic view; it is part of the ecosystem as a collaborator and an educator using the Behavox University so that clients can learn and feedback. It has developed a community and offers subject-matter expertise like Radar. I go into very large firms and see this magazine on their coffee tables and know it is a proper company that takes compliance seriously. I was blown away by the tech when I saw the demos; while compliance is a way to get into the client, the cross-sell of the other products is the next step and it is simply an incredible business opportunity.