The SEC “Toy Box” Scandal

Chidem Kurdas

Just when you think you know the shenanigans happening inside the United States Securities and Exchange Commission, something else crops up. The scandals keep coming—they let Uncle Bernie play his game for decades, ditto they would not touch Allen Stanford’s Ponzi scheme, all the while top staff could not tear themselves away from their favorite porn websites.

Last year we were treated to sex and spyware stories in the lawsuit filed by the SEC watchdog’s former head of investigations, David Weber, against the agency and its (again former) chair, Mary Schapiro. The case was recently settled.

I’m being selective here, for the sake of brevity. You can add to the list.

Now comes the report on an SEC technology lab. While the report is heavily redacted – blanked out, to use plain words – there is enough text left to tell yet another tale of deep-seated bureaucratic dysfunction, hubris and irresponsibility.

It confirms Mr. Weber’s complaints that SEC staff left unprotected computers in hotel rooms and conferences, potentially exposing sensitive exchange data to hackers. Turns out, they also used unprotected laptops at the lab to go to gaming sites. Nothing about porn sites, but maybe that’s been redacted.

The lab’s firewall was down for several months, but the staff kept using the network unprotected from intruders.

The funny – or infuriating – thing is, this lab was set up to work on information security at exchanges and brokerages. The SEC wants to make mandatory the security standards it is developing. I’d guess security will be better if exchanges and brokerages are left to their own devices.

But there’s more. The lab had only three to four employees most of the time, but they spent almost $1.2 million to buy an inordinate number of laptops and other computer products. The equipment and software was largely not used for official functions but appealed to the fancy of staffers.

They bought the “latest tech toys for their personal use” says a whistleblower. An official of the SEC Office of Information Technology referred to the lab as “a toy box” in his testimony.

The implication is clear: these folks have way too much time and money on their hands. Then again, they spent so much time in training sessions at the agency’s expense, they fell behind schedule with investigations. One of them took $50,000 in training and straightaway left for a job elsewhere.

Nobody supervised the training or the toy shopping spree; possible overseers lacked technology expertise, authority or interest. Even though they thought it was odd, all the hardware bought and not used, the big training budgets, they did not ask hard questions.

Come to think of it, SEC investigators did not ask tough questions to the fraudster Stanford, either, until they finally decided after 12 years to nab him. I suppose they like to let things simmer, whether Ponzi scheme or toy buying and online gaming by the staff.


Tags: , , , ,

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: