Securities Fraud: The Internet Poses Challenges to Regulators and
Investors (Testimony, 03/22/99, GAO/T-GGD-99-34).

Pursuant to a congressional request, GAO discussed Internet securities
fraud and regulatory efforts to combat this growing problem, focusing
on: (1) information about the incidence and types of securities frauds
perpetrated over the Internet; (2) the Securities and Exchange
Commission's (SEC) initiatives to combat Internet securities fraud; (3)
information on the penalties that have been imposed on individuals found
to have committed Internet securities frauds; (4) information from state
securities regulators about state efforts to control Internet securities
fraud; and (5) potential challenges facing SEC and state regulatory
initiatives in combating securities fraud over the Internet.

GAO noted that: (1) SEC and state regulatory officials generally agree
that as the Internet continues to expand rapidly, opportunities for
securities frauds are growing as well; (2) an indicator of the growth in
Internet securities frauds is the number of public electronic mail
complaints that are submitted to SEC's Internet website; (3) according
to SEC, the Internet provides a new medium to perpetrate traditional
investor frauds; (4) however, some securities frauds appear unique to
the Internet environment; (5) SEC has responded to the growing Internet
fraud problem by, among other things, creating the Office of Internet
Enforcement to coordinate the agency's efforts to combat Internet fraud,
providing training to SEC investigative staff on monitoring the
Internet, and preparing guidance for SEC staff who are investigating
potential Internet frauds; (6) SEC has established programs to educate
investors about the risks associated with Internet securities frauds;
(7) since 1995, SEC initiated a total of 66 enforcement actions against
alleged perpetrators of Internet securities frauds; (8) as of February
1999, 32 of the 66 cases had largely been concluded, with violators
generally required to: (a) pay civil money penalties; or (b) refrain
from further violations of the securities laws; (9) however, in 2 of the
32 concluded cases, state or federal criminal enforcement authorities
prosecuted violators and obtained criminal convictions or prison
sentences for 7 individuals; (10) over the past several years, nearly
half of all state regulatory agencies have established specific programs
to combat Internet frauds that violate state securities laws; (11)
although many state agencies have initiated enforcement actions to
prevent further violations of state law, officials from these agencies
told GAO that in some cases violators may continue committing the
fraudulent activity in other states; (12) SEC and state regulatory
agency programs to combat Internet securities fraud are new and face
significant challenges that could limit their effectiveness in the
long-term; (13) in particular, the potential exists that the rapid
growth in reported Internet securities frauds could ultimately place a
significant burden on the regulators' limited investigative staff
resources and thereby limit the agencies' capacity to respond
effectively to credible fraud allegations; and (14) the regulators face
challenges in developing a coordinated approach to combating Internet
fraud and educating a wide audience about the risks associated with
Internet investing.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-GGD-99-34
     TITLE:  Securities Fraud: The Internet Poses Challenges to 
             Regulators and Investors
      DATE:  03/22/99
   SUBJECT:  Securities fraud
             White collar crime
             Computer security
             Electronic mail
             Federal/state relations
             Securities regulation
             Self-regulatory organizations
             Computer crimes
             Computer networks
             Fines (penalties)
IDENTIFIER:  Internet
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************
Microsoft Word - 166w01!.PBF SECURITIES FRAUD The Internet Poses
Challenges to Regulators and Investors

Statement of Richard J. Hillman Associate Director, Financial
Institutions and Markets Issues General Government Division

United States General Accounting Office

GAO Testimony Before the Permanent Subcommittee on Investigations

Committee on Governmental Affairs U. S. Senate

For Release on Delivery Expected at 1: 30 p. m. EST on Monday
March 22, 1999




GAO/T-GGD-99-34

  GAO/T-GGD-99-34

Summary Securities Fraud: The Internet Poses Challenges to
Regulators and Investors

Page 1 GAO/T-GGD-99-34

The Internet is a global network of computers that ties together
an estimated 153 million users worldwide and is providing the
basis for a rapid expansion in electronic commerce. The rapid
growth of Internet commerce is also significantly transforming the
U. S. securities industry. For example, in 1998, approximately 22
percent of all securities transactions were conducted over the
Internet compared with virtually no such transactions in 1995.
According to industry observers, the Internet is popular among
investors because it allows them to buy and sell securities from
their personal computers, lower trading commissions, and gain
ready access to market research.

Unfortunately, the Internet also provides fraudulent operators
with a new and efficient medium to defraud investors of millions
of dollars. Fraudulent operators find the Internet attractive
because they can instantly communicate with millions of potential
victims via professionally looking websites, that appear to offer
legitimate investment information, on- line newsletters, or e-
mail at far lower costs than traditional means of communication,
such as the telephone. In addition, the Internet makes it easier
for fraudulent operators to remain anonymous and commit crimes
from nearly any location in the world and thereby evade U. S.
regulatory and law enforcement authorities.

According to Securities and Exchange Commission (SEC) officials,
as the Internet continues to expand rapidly, opportunities for
securities frauds increase as well. For example, the number of E-
mail complaints submitted to SEC, many of which allege potential
Internet frauds, soared from about 10 to 15 daily in 1997 to
between 200 and 300 daily in early 1999. According to SEC, the
types of frauds committed over the Internet are generally
traditional securities frauds. In one scheme, individuals who own
a company's securities spread positive but false information about
the company to increase investor interest and drive- up the price
of the securities. The individuals then sell their securities at a
quick profit, while later investors face large losses when the
price of the inflated securities declines.

SEC has established an office to coordinate the agency's response
to Internet fraud, provide training to SEC staff on monitoring the
Internet, and develop guidance for SEC staff to follow when
investigating Internet fraud cases. SEC has also (1) developed
education programs to warn investors about the risks associated
with Internet investing and (2) initiated 66 enforcement actions
since 1995 to punish alleged perpetrators of Internet securities
frauds. Nearly half of the 50 state securities regulatory agencies
we surveyed have also developed specific programs to

Summary Securities Fraud: The Internet Poses Challenges to
Regulators and Investors

Page 2 GAO/T-GGD-99-34

monitor the Internet for potential frauds and penalize violators
of state securities laws.

However, SEC and state regulatory programs to combat Internet
securities fraud are new and face significant challenges that
could limit their longterm effectiveness. In particular, the
potential exists that the rapid growth in reported Internet
securities frauds could ultimately place a significant burden on
the regulators' limited investigative staff resources and thereby
limit the agencies' capacity to respond effectively to credible
fraud allegations. Moreover, the regulators face challenges in
developing a coordinated approach to combating Internet fraud and
educating a wide audience about the potential risks of Internet
investing.

Statement

Page 3 GAO/T-GGD-99-34

Ms. Chairman and Members of the Subcommittee: We are pleased to be
here today to discuss Internet securities fraud and regulatory
efforts to combat this growing problem. The Internet is a global
network of computers that ties together an estimated 153 million 1
users worldwide and is providing the basis for a rapid expansion
in electronic commerce. According to one industry research firm, 2
total U. S. business trade on the Internet reached $43 billion in
1998 and is projected to soar to $1.3 trillion by 2003. The rapid
growth of the Internet is also significantly transforming the
securities industry in the United States. An industry study, 3
reported that approximately 22 percent of all retail U. S.
securities trades were conducted over the Internet in the first
half of 1998, which was significant given that there was virtually
no on- line trading in 1995. The industry study projected that the
total number of on- line brokerage accounts will nearly triple
from about 5 million in 1998 to over 14 million in 2002.

Securities industry observers and participants cite several
benefits that the Internet provides to investors, which account
for its growing popularity. In particular, the Internet permits
investors to place buy and sell orders from the convenience of
their personal computers and can lower trading commission fees
charged by full- service brokers. By accessing brokerdealer
webpages, investors can also gain access to stock market research
that previously was not readily accessible to the investing
public. Moreover, the Internet also allows investors to obtain
immediate access to price quotes on securities or mutual funds.

Unfortunately, the Internet also provides several advantages to
fraudulent operators who are using the new medium to defraud
investors of millions of dollars. First, the Internet provides
fraudulent operators with the ability to communicate
electronically with millions of potential victims at a far lower
cost than traditional means of communication, such as the
telephone or mass mailings. Fraudulent operators can communicate
with investors over the Internet through professionally designed
webpages that may appear to offer legitimate investment
information, on- line investor newsletters, chatrooms, or mass E-
mailings (called spam). Second, fraudulent operators can use
technology available on the Internet that

1 NUA Internet Surveys: How Many On- line? January 1999, NUA Ltd.
2 U. S. On- line Business Trade Will Soar To $1. 3 Trillion By
2003. December 1998, Forrester Research, Inc. 3 Broker Watch.
Investorguide. com, Inc.

Statement Page 4 GAO/T-GGD-99-34

makes it easier to hide their identity and thereby evade
regulatory authorities. Third, fraudulent operators with Internet
access can quickly initiate investment scams from virtually any
location in the world thereby making it difficult for federal and
state regulators to catch and prosecute violators or obtain
compensation for victims.

As you requested, my statement will

 provide information about the incidence and types of securities
frauds perpetrated over the Internet,

 describe Securities and Exchange Commission (SEC) initiatives to
combat Internet securities fraud,

 provide information on the penalties that have been imposed on
individuals found to have committed Internet securities frauds,

 present information from state securities regulators about state
efforts to control Internet securities fraud, and

 identify potential challenges facing SEC and state regulatory
initiatives in combating securities fraud over the Internet.

In summary, our work to date indicates that:

 SEC and state regulatory officials generally agree that as the
Internet continues to expand rapidly, opportunities for securities
frauds are growing as well. One rough indicator of the growth in
Internet securities fraud is the number of public E- mail
complaints that are submitted to SEC's Internet website. The
number of such E- mail complaints, many of which allege potential
Internet securities frauds, soared from 10 to 15 daily in 1996 to
between 200 and 300 daily in early 1999.

 According to SEC, the Internet provides a new medium to
perpetrate traditional investor frauds, such as stock price
manipulation schemes. However, some securities frauds appear
unique to the Internet environment, such as the reported illegal
copying of legitimate brokerdealer webpages for the purposes of
defrauding unknowing investors.

 SEC has responded to the growing Internet fraud problem by, among
other things, creating the Office of Internet Enforcement (OIE) to
coordinate the agency's efforts to combat Internet fraud,
providing training to SEC investigative staff on monitoring the
Internet, and preparing guidance for

Statement Page 5 GAO/T-GGD-99-34

SEC staff who are investigating potential Internet frauds. In
addition, SEC has established programs to educate investors about
the risks associated with Internet securities frauds, such as
posting relevant information on its website.

 Since 1995, SEC initiated a total of 66 enforcement actions
against alleged perpetrators of Internet securities frauds. As of
February 1999, 32 of the 66 cases had largely been concluded, with
violators generally required to (1) pay civil money penalties or
(2) refrain from further violations of the securities laws.
However, in 2 of the 32 concluded cases, state or federal criminal
enforcement authorities prosecuted violators and obtained criminal
convictions or prison sentences for 7 individuals.

 Over the past several years, nearly half of all state regulatory
agencies have established specific programs to combat Internet
frauds that violate state securities laws. Although many state
agencies have initiated enforcement actions to prevent further
violations of state law, officials from these agencies told us
that in some cases violators may continue committing the
fraudulent activity in other states.

 SEC and state regulatory agency programs to combat Internet
securities fraud are new and face significant challenges that
could limit their effectiveness in the long- term. In particular,
the potential exists that the rapid growth in reported Internet
securities frauds could ultimately place a significant burden on
the regulators' limited investigative staff resources and thereby
limit the agencies' capacity to respond effectively to credible
fraud allegations. Moreover, the regulators face challenges in
developing a coordinated approach to combating Internet fraud and
educating a wide audience about the risks associated with Internet
investing. Due to time constraints, we focused our analysis on SEC
and state agency regulatory efforts to combat Internet securities
fraud rather than other securities regulators that may also play a
role, such as the National Association of Securities Dealers
(NASD), the New York Stock Exchange (NYSE), and the Commodities
Futures Trading Commission (CFTC). However, we did meet with
officials from these organizations to obtain a general
understanding of their regulatory efforts.

To meet our objectives for this work, we interviewed SEC officials
from OIE, Division of Market Surveillance, Office of Investor
Education, and the San Francisco District Office. We also obtained
information from SEC on the outcomes of the 66 Internet securities
fraud cases and reviewed the data contained in a random sample of
100 complaints received by the SEC and referred to SEC regional
and district offices and other federal

Statement Page 6 GAO/T-GGD-99-34

agencies. In addition, we met with officials from the Federal
Trade Commission (FTC), the Department of Justice (DOJ), the
Federal Bureau of Investigation (FBI), the White Collar Crime
Center, 4 and the North American Association of Securities
Administrators (NAASA) to discuss their roles in monitoring and
combating Internet securities fraud. Finally, we (1) surveyed
officials from all 50 state securities regulatory agencies to
obtain their views on Internet securities fraud and efforts to
control this growing problem and (2) met with officials from three
on- line brokerdealers to discuss securities fraud and related
issues. We did our work between October 1998 and March 1999 in
accordance with generally accepted government auditing standards.

There are no comprehensive statistics available on the incidence
of securities frauds committed over the Internet. However, SEC and
other federal agency officials we contacted said that Internet
securities fraud is an emerging problem, which will likely grow as
the use of the Internet continues to expand worldwide. The data
available from state securities agencies also suggest that
Internet securities fraud is increasing. According to SEC, the
growing number of frauds committed over the Internet are types
that are generally well- established in the securities industry.
For example, in one common scheme, an individual who owns a large
number of shares spreads positive but materially false information
about a company over the Internet. This information drives up the
company's stock price and the individual makes a profit from the
sale of these stocks at the expense of other investors (commonly
referred to as pump and dump schemes). We also identified some
frauds that appear unique to the Internet environment, such as the
reported illegal copying of legitimate broker- dealer websites for
purposes of defrauding unknowing investors.

One rough indicator of the growth of Internet securities fraud is
the number of complaints that SEC has received through its E- mail
complaint system, which was established in June 1996. According to
SEC, the public submitted about 10 to15 complaints daily in 1996
via the E- mail system with the number rising to about 120 daily
through September 1998. After SEC publicly announced a crackdown
on Internet securities fraud in October 1998, SEC officials said
the number of daily E- mail complaints soared to 200 to 300 daily
and has continued to run about this range in early 1999. However,
it is important to note that the volume of daily E- mail

4 The National White Collar Crime Center is a unit within the U.
S. Department of Justice, Office of Justice Programs, Bureau of
Justice Assistance that provides services, such as information
sharing, case funding, training and research to local and state
law enforcement, prosecution, and regulatory agency members.
Regulators Report That

Internet Securities Frauds Are Increasing

The Volume of Public Email Complaints About Internet Securities
Fraud Suggests an Emerging Problem

Statement Page 7 GAO/T-GGD-99-34

complaints submitted to SEC has several significant limitations as
a measure of the extent of Internet securities fraud. For example,
investors who are unaware that they have been defrauded would not
likely submit Email complaints to SEC. In addition, SEC receives
E- mail complaints that do not involve potential violations of the
securities laws and some complaints may allege securities frauds
that do not involve the Internet.

Other organizations and state regulatory agencies have also
reported a significant number of public complaints regarding
potential securities fraud committed over the Internet. NAASA the
organization that represents state securities regulatory agencies
received about 350 securities- related complaints involving the
Internet over a 4- week period in October 1998, when NAASA first
established an E- mail complaint system. Officials from securities
regulatory agencies in 37 of the 50 states surveyed told us that
they collectively received over 1,400 complaints related to
potential Internet securities frauds last year. Generally, states
reported receiving no such complaints in 1996.

SEC officials told us that the Internet provides a new medium for
perpetrating fraudulent schemes that are well- established
violations in the securities industry. Some of the fraudulent
schemes are violations of the Securities Act of 1933 and the
Securities Exchange Act of 1934. For example, one commonly
employed fraudulent scheme involves disseminating materially false
information via spam, websites, on- line newsletters, or other
means about small companies that have issued thinly traded
securities. The transmission of materially false information such
as false statements about a company's financial condition over the
Internet provides instant access to millions of potential victims
at far lower costs than traditional means of perpetrating scams,
such as the telephone or mass mailings.

According to SEC officials, one reason fraudulent operators spread
false information about companies and their securities is to
increase investor purchases of the securities, thereby increasing
share prices. Frequently, the fraudulent operators already own a
large number of these securities and are able to make quick
profits by selling their securities as prices increase. By
contrast, investors who purchase securities on the basis of false
information may experience significant and rapid losses when the
perpetrators sell their large positions. For example, in one case,
SEC alleged that the defendants encouraged discussion about a
company on Internet news groups and disseminated information that
materially misrepresented the state of the company's technology,
commercial viability, and existence of purchase orders for
equipment. SEC further The Internet Provides a

New Medium to Perpetrate Traditional Securities Frauds

Statement Page 8 GAO/T-GGD-99-34

alleged that while continuing this scheme the defendants sold the
company's securities for more than $3 million.

SEC identified fraudulent operators who frequently provide
compensation to, for example, on- line newsletters in the form of
securities or cash to further these schemes. The newsletters
publish the false information about companies or claim to provide
objective analysis about the promising prospects for the
securities without disclosing the compensation provided to the
newsletter in exchange for publishing this positive information, a
practice known as touting. Touters often sell their shares in the
company immediately following their recommendations, which is a
deceptive practice commonly referred to as scalping. In October
1998, SEC announced a nationwide crackdown on Internet touting,
charging a total of 44 individuals or companies with engaging in
the practice. In February 1999, SEC continued its Internet fraud
crackdown and charged another 13 individuals or companies. We
discuss SEC's enforcement activities in more detail later in this
statement.

The sale of unregistered securities on the Internet is a problem
reported among the states we contacted. In one case, Connecticut
securities officials found that a prepaid cellular telephone
company was advertising falsely over the Internet that it would
sell limited liability partnership interests for a minimum price
of $5,000. Rather than using these funds to create a cellular
telephone network in the Boston area as advertised, state
regulators believed that the money may have been diverted to the
company's owners. Other state securities regulators have reported
the illegal sale over the Internet of stocks in offshore gambling
enterprises, time travel technology, Hollywood movie theme
restaurants, and airconditioning and helicopter production
companies. Financial losses suffered among victims of illegal
securities sales reportedly ranged from $18,000 to over $100
million.

Other Internet securities frauds identified by federal and state
regulators include initial public offerings and prime bank note
schemes. 5

Although the Internet generally provides a new medium to commit
traditional securities frauds, it has also provided opportunities
for some new fraudulent schemes. For example, officials from a
licensed, on- line broker- dealer in California told us that in
May 1997, the company's website

5 In a prime bank scheme, perpetrators will offer investors the
opportunity to buy notes, purportedly guaranteed by the world's
top 100 banks, or prime banks, which are fictitious financial
instruments that allegedly offer high rates of return and safety.
The Internet Also Provides

Opportunities for a New Type of Securities Fraud

Statement Page 9 GAO/T-GGD-99-34

was illegally copied. Information contained in the website such as
the company's name, address, and telephone numbers were slightly
altered or changed. The company CEO told us that the perpetrator
who committed this scheme used the copied website to dupe foreign
investors into sending funds to addresses listed. The company CEO
also said that this scam went on for about 10 months, until the
perpetrator moved on and copied another company's website and
continued the scam.

Similarly, a Washington state securities official told us that a
web site of a legitimate broker- dealer located in Seattle was
copied and used to defraud foreign investors. The state official
said that foreign investors were persuaded to purchase worthless
stock certificates, and lost millions of dollars before the
perpetrators decided to move on and copy another company's web
site. Although the scam has not targeted U. S. investors, the
regulator said that the securities division decided to pursue the
case because it has the potential to undermine the reputation of
and confidence in the U. S. securities markets.

SEC established the Office of Internet Enforcement (OIE) to
coordinate the agency's response to increasing reports of Internet
securities frauds. 6 OIE has several responsibilities, including
developing policies and procedures for Internet surveillance,
managing the E- mail complaint system, and providing guidance for
conducting Internet securities fraud investigations. It has 3
full- time staff and about 125 volunteer staff in SEC headquarters
and regional offices who work on a part- time basis to identify
Internet fraud- related activities. Through its Office of Investor
Education and Assistance, SEC has also established education
programs to inform investors about the risks associated with
Internet securities frauds.

In 1998, SEC established OIE to coordinate the agency's response
to growing reports of Internet securities fraud. OIE's three full-
time staff are responsible for a variety of oversight and
coordination activities. For example, OIE has developed a policy
manual to guide SEC's Internet surveillance activities. The manual
provides guidance to SEC investigative staff on monitoring
Internet web pages to identify potential securities frauds. OIE's
Chief told us that the manual also includes guidance on conducting
Internet securities fraud investigations. In addition, OIE
provides training to staff from SEC, state regulatory agencies,
and international regulators, and coordinates some of SEC's
Internet securities fraud enforcement cases.

6 Although SEC established OIE in 1998, OIE's Chief has been
responsible for coordinating SEC's response to Internet frauds
since 1995. SEC Has Established a

Unit to Coordinate Efforts to Combat Internet Securities Fraud

OIE Established to Coordinate SEC's Internet Oversight Activities

Statement Page 10 GAO/T-GGD-99-34

OIE also manages SEC's E- mail complaint system discussed earlier.
OIE's Chief told us that staff review the E- mail complaints each
day and decide the most appropriate action for each complaint.
OIE's Chief also told us that some complaints are discarded
because many complaints may refer to the same potential Internet
securities fraud, in which case only a few complaints are
retained; or because SEC already has an ongoing investigation into
the alleged Internet securities fraud. According to OIE's Chief,
staff refer other E- mail complaints which the staff believe
generally represent promising leads on potential securities frauds
to staff in SEC's enforcement division in headquarters or regional
offices. 7 OIE may also refer complaints that do not involve
violations of securities laws to other regulatory agencies, such
as FTC. During calendar year 1998, OIE referred about 800
complaints 8 to other SEC units, and to other federal regulatory
and enforcement agencies.

SEC's enforcement division and regional offices provide about 125
staff who work part- time on various Internet fraud- related
activities. For example, SEC staff may volunteer to spend about 1
to 2 hours a week identifying potential securities frauds. Or, the
SEC staff may work on Internet securities fraud investigations
that were initiated on the basis of referrals made by OIE. SEC
staff also may obtain information on potential Internet securities
frauds from sources other than OIE. For example, senior officials
in SEC's San Francisco district told us that enforcement actions
had been initiated against alleged perpetrators of Internet
securities frauds on the basis of information received directly
from the public or through their own Internet investigations.

OIE also has the responsibility to coordinate SEC's Internet
oversight efforts with other federal regulators. OIE's Chief has
met with officials in other organizations such as NASD, NYSE, FTC,
FBI, and the Secret Service to discuss joint investigations
pertaining to Internet fraud. As mentioned earlier, the OIE Chief
said that OIE may refer E- mail complaints not related to
violations of the securities laws to one of these organizations.

7 OIE is also part of SEC's enforcement division. 8 The potential
exists that some of these complaints are not related to alleged
Internet securities frauds. Based on our limited review of 100
complaints referred to SEC regional offices, and other federal
regulatory and enforcement agencies, some of these referrals
appear to relate to securities frauds, but do not involve the
Internet. Other complaints appeared to be related to problems that
customers have experienced with their broker- dealers. We did not
systematically analyze these referrals to establish the percentage
that were directly related to alleged Internet securities frauds.
SEC Interagency

Coordination Activities

Statement Page 11 GAO/T-GGD-99-34

In addition, OIE has coordinated SEC's participation in Internet
surf days, which are generally organized by FTC. On these assigned
days, staff from a variety of organizations including FTC, CFTC,
SEC, NAASA, or foreign regulators are to spend time surfing the
Internet to identify potential fraudulent practices. In the
November 1998 Investment Opportunity Surf Day, agencies focused on
identifying potential consumer financial frauds. The U. S.
agencies that participated in the surf- day found dozens of cases
among the over 400 web sites reviewed that potentially promoted
consumer frauds. FTC officials told us that the regulators
typically send warning messages to persons who operate such
websites. Although the regulators do not ordinarily take
enforcement actions on the basis of surf day findings, FTC
officials said that the identified websites are monitored to
determine if they are complying with the warnings. Failure to
comply could result in enforcement actions.

SEC's Office of Investor Education and Assistance has also
developed education programs to inform investors about the risks
associated with potential Internet securities frauds. According to
its Director, SEC's primary message to individual investors is
that investment decisions should not be based solely on
information obtained over the Internet given the potential for
fraud. Rather, the SEC official said that investors should perform
a number of independent steps to ensure the accuracy of
information provided about a stock over the Internet. These steps
include reviewing financial information about the company that may
be available from independent sources, determining whether the
company is in fact developing a technology as advertised over the
Internet, and contacting companies that are alleged to be in the
process of signing contracts with the company in question. Unless
investors are willing to take such steps, the SEC official said
that investors may want to avoid using the Internet as a basis for
making investment decisions.

SEC has implemented several programs to advise the investing
public about the risks associated with the Internet and potential
frauds. For example, SEC's website provides investor education
information, such as procedures that investors should follow when
assessing the reliability of on- line newsletters. SEC's webpage
also contains information about the risks associated with Internet
bulletin boards, chat rooms and mass Emailings. In addition, SEC
(1) produces pamphlets that discuss the risks associated with
Internet securities investing; (2) holds local town meetings
across the United States to discuss investment risks; and (3)
coordinates the Facts on Savings and Investing Campaign with
federal, state, and international securities regulators. This
campaign is designed to educate individuals on saving and
investing. The campaign released a SEC's Investor Education

Programs

Statement Page 12 GAO/T-GGD-99-34

study in February 1998, entitled The Facts on Savings and
Investing, which, among other things, found that many Americans
lack basic information about investing.

SEC initiated a total of 66 judicial and administrative actions
since 1995 to combat Internet securities fraud, and about one-
half of these cases had largely been concluded 9 by February 1999.
Because SEC is a civil rather than a criminal enforcement
authority, SEC enforcement actions result in civil penalties---
such as fines--- rather than prison sentences for persons who are
found to have violated securities laws. However, state or federal
criminal enforcement authorities have also initiated criminal
proceedings in 2 of these 66 cases, which have resulted in
criminal convictions or prison sentences for 7 individuals.

As provided by the Securities Enforcement Remedies and Penny Stock
Reform Act of 1990 (the Remedies Act), SEC can seek civil money
penalties in enforcement actions in federal district court or
administrative proceedings against any individual or firm in the
securities industry. The Remedies Act provides the district court
with discretion in determining the civil penalty to be imposed in
judicial proceedings. Depending upon the seriousness of the
violation, SEC has the statutory authority to seek penalties that
range from $5, 500 to $1.1 million or up to 3 times the gross
amount of the pecuniary gain to the defendant as a result of the
violation. 10 Further, if the penalty is not paid within a
prescribed time, SEC may request contempt proceedings in federal
district court to compel payment.

According to SEC officials we contacted, the agency has limited
staff and other investigative resources and is not able to pursue
every credible allegation of securities law violations, including
Internet frauds. Thus, SEC officials from the San Francisco
district said that agency investigations often focus on message
cases that have a high degree of public notoriety. According to
the SEC officials, message cases are intended to punish wrongdoers
for egregious offenses and deter other potential violations.

9 We defined cases as largely concluded when a final judicial or
administrative action was brought against at least one party in
the case. These final actions include civil fines, disgorgements,
permanent injunctions, cease and desist orders, prison sentences
for defendants, and any combination thereof. Some of the cases
that we define as largely concluded may have other litigation
pending against one or more defendants.

10 All penalties were increased to adjust for inflation as
required by the Debt Collection Improvement Act of 1996. The
increase was effective December 9, 1996. SEC Has Concluded

About One- Half of the Internet Securities Fraud Cases Initiated
Since 1995

SEC Has Statutory Authority to Pursue Civil Penalties

Statement Page 13 GAO/T-GGD-99-34

As of February 1999, a penalty or injunctive order had been
imposed on at least one of the defendants in 32 of the 66 Internet
securities fraud cases SEC initiated since 1995. Litigation was
pending in the other 34 cases. In 21 of the 32 cases that have
largely been concluded, violators were required to pay some form
of civil money penalty. Specifically, violators were required to
(1) pay civil fines, (2) disgorge illegally obtained profits to
compensate defrauded investors, or (3) pay both civil fines and
disgorgements. The civil fines that SEC imposed ranged from $5,000
to $4.4 million, while the disgorgements ranged from $500 to $4.4
million.

In nine other cases that have largely been concluded, a civil
money penalty was not imposed on the violators. Instead, SEC
primarily obtained a cease and desist order or permanent
injunction to prevent further violations of the securities laws.
In the remaining two cases, prison sentences or other criminal
convictions were imposed by a state or federal court. According to
DOJ officials we contacted, the department or the FBI would become
involved in Internet securities fraud cases where there are
widespread losses and many victims.

We also obtained survey information from the 50 state securities
regulatory agencies about state efforts to control Internet
securities fraud and penalize state securities law violators. 11
Nearly one- half of the state agencies reported that they have
implemented specific Internet securities fraud control programs
over the past several years such as surfing the Internet to detect
potential frauds. Many states have also initiated enforcement
actions to penalize individuals who use the Internet to violate
state securities laws. However, some state agency officials report
that state enforcement actions are not always effective because
perpetrators prohibited from selling securities in one state can
continue to sell securities in other states.

In 23 of the 50 states we surveyed, officials from regulatory
agencies reported establishing specific programs to control
Internet securities fraud and penalize violators of state
securities laws. In 14 of these 23 state regulatory agencies, the
programs generally consisted of one or more persons surfing the
Internet using word searches, such as investment, finance, or the
name of their state to detect fraudulent activity. Other states
reported monitoring Internet bulletin boards, newsgroups, and chat

11 We conducted a structured telephone survey of securities
regulatory agencies in all 50 states from December 1998 through
January 1999. We asked primarily the Directors of these agencies,
among other things, to describe whether or not their agencies had
established specific programs to combat Internet fraud and the
types of penalties imposed on violators. We obtained data about
New York from an official of the New York Attorney General's
Office. One- Half of All SEC

Enforcement Actions Have Been Concluded

Many States Also Reported Implementing Programs to Control
Internet Securities Fraud

Nearly One- Half of All the States Have Implemented Programs To
Combat Internet Securities Fraud

Statement Page 14 GAO/T-GGD-99-34

rooms to identify potential securities frauds. The frequency at
which these states reported conducting Internet monitoring varied
widely among the states, ranging from one- half hour daily to 2
hours weekly to one time per month.

Regulatory officials from the other 27 state agencies that we
contacted said they had not established specific programs to
identify and combat Internet securities fraud. The officials cited
several reasons for not establishing specific programs, such as
inadequate technical expertise or, as in two cases, a lack of
Internet access. In addition, officials from some of the other
smaller state agencies said that the control of securities fraud
on the Internet was the responsibility of the federal government
and that their agencies would not be in a position in terms of
available resources to handle the problem.

Officials from 31 of the 50 states we surveyed said that their
regulatory agencies had initiated a total of about 190 enforcement
actions against persons and companies accused of violating state
securities laws through the use of the Internet. The number of
enforcement actions initiated per state ranged from 1 to 22. The
remaining 19 states had not initiated any enforcement actions
related to Internet securities fraud.

Based on the results of our survey, states that have implemented
specific Internet fraud securities control programs collectively
initiated about three times as many enforcement actions as the
states that did not have a program in place. About 146 enforcement
actions were initiated across the 23 states that implemented
programs compared with about a total of 48 actions that were filed
across the 27 states that did not establish a program. 12 Nearly
all of the enforcement actions initiated by the states resulted in
warning letters, informal agreements, or the issuance of cease and
desist orders. However, as discussed previously, state criminal
enforcement authorities have pursued criminal cases as well.

An enforcement action brought by one state may deter persons or
companies from committing fraudulent acts in that state, but it
does not necessarily prevent persons or companies from committing
the same scam through the Internet in other states. For example, a
Pennsylvania securities official reported that the state took an
administrative action against a company that disseminated Internet
spam that called for investors to purchase interests in a trust
and realize an 80 to 160 percent

12 Other factors, such as the size of the state's securities staff
and the number of frauds originating from a particular state can
also account for this difference. Applicability of State

Enforcement Actions May Be Limited

Statement Page 15 GAO/T-GGD-99-34

return on their investment. Although the administrative action
prohibited the company from selling these interests to
Pennsylvania residents, the company reportedly defrauded about
1,500 residents in other states who bought about $3 million in
interests.

Moreover, California securities enforcement officials reported
that if enforcement actions are initiated against companies
located overseas, these companies tend to ignore the orders and
continue to sell their securities. For example, the enforcement
officials told us that an order was issued to a company located in
England to stop the offer and sale of securities and convertible
bonds in time travel ventures in the state of California. However,
the officials said that the British company continued to
fraudulently sell securities and bonds over the Internet,
including to California residents.

Although SEC and state regulatory agencies have initiated programs
to combat Internet securities frauds, these programs are new, and
it is too early to predict their long- term effectiveness. On the
basis of our work, we identified several potential challenges that
could limit the ability of these programs to protect investors
from Internet scams. In particular, the potential exists that the
rapid growth in reported Internet securities frauds could
ultimately place a significant burden on the regulators' limited
investigative staff resources and thereby limit the agencies'
ability to respond effectively to credible fraud allegations.
Another ongoing challenge is coordinating oversight among
international, federal, and state securities regulators so that
fraudulent operators are deterred from taking advantage of the
fact that Internet frauds can be initiated from virtually anywhere
in the world. A final challenge involves educating the investing
public about the risks associated with Internet securities frauds.
Since regulatory resources are limited, preventing investors from
falling for Internet securities frauds in the first place may be
the best way to contain the problem.

The rapid expansion of the Internet and the growth of securities-
related activities over the past several years pose potential
challenges to SEC and state regulatory agencies to control
securities fraud on the Internet. According to SEC's OIE Chief,
the rapid expansion in E- mail complaints from 10 to 15 daily in
1996 to 200 to 300 complaints daily in early 1999 suggests that
the agency may ultimately reach a point where it cannot respond to
all credible allegations of Internet securities fraud. Given its
present staffing levels, SEC officials said that the agency
already tends to focus investigations on certain high- profile
cases, including Internet fraud cases. We also note that over the
past several years a significant number Regulatory Challenges

in Combating Internet Securities Fraud

The Rapid Growth of Reported Internet Securities Frauds Poses
Challenges to Limited Regulatory Investigative Resources

Statement Page 16 GAO/T-GGD-99-34

of SEC attorneys who are responsible for investigating Internet
and other securities fraud cases have left the agency for higher-
paying jobs in the private sector. For example, SEC reports that
between 1996 and 1998 SEC's New York office lost 54 percent of its
137 enforcement staff and the San Francisco office lost about 40
percent of its 25 enforcement staff.

State regulatory officials we contacted said that their agencies
have few staff allocated to investigate Internet fraud cases. For
example, many state officials said that their agencies have no
more than five staff to investigate and enforce all relevant state
securities laws, so finding the time to adequately monitor the
Internet to detect potential frauds can be difficult. Further,
officials from some other state agencies said that specific
programs to monitor Internet fraud have not been established in
their organizations due to limited staff.

Given that the Internet has millions of web- sites 13 and the
regulators' belief that a large number of these sites, on- line
newsletters and spams include schemes intended to defraud
investors, SEC and state regulators may also face challenges in
obtaining the technical capacity to comprehensively monitor the
Internet and detect potential securities frauds. According to
state regulatory officials, their staff mainly surf the Internet
using commercial search engines and key word searches to detect
potential frauds, which is a method that an official from the
National White Collar Crime Center said is labor intensive and
inherently inefficient. The official also said regulators should
develop customized search engines to detect potential Internet
frauds that could relieve staff of the labor- intensive search
activities and thereby enhance regulatory efficiency. SEC's OIE
Chief told us that use of customized search engines can help
facilitate the detection of Internet securities frauds, but such
devices are no substitute for the judgement of experienced,
investigative staff trained in methods to identify potentially
fraudulent activities. Further, the OIE Chief said that developing
such customized search engines could place demands on a
regulator's limited financial resources.

13 Latest estimates show that as of July 1998, the Internet
consisted of about 37 million web sites. Source: Internet Domain
Survey, July 1998, Network Wizards http:// www. nw. com.

Statement Page 17 GAO/T-GGD-99-34

The global nature of the Internet increases the regulatory
challenges of combating Internet securities fraud because the
Internet for the most part does not recognize jurisdictional
boundaries. Now, a fraudulent operator from anywhere in the world
could solicit U. S. investors linked to the Internet. Even in the
United States, fraudulent operators located in one state can use
the Internet to defraud residents of other states, even though
another state has taken action directing the operator to cease and
desist. Jurisdictional issues are challenging because close
coordination and cooperation among international, federal, and
state securities regulators is required to prosecute violators and
hopefully, deter additional Internet frauds.

The regulatory challenges associated with investigating overseas
Internet securities fraud cases include obtaining evidence,
convincing other governments to prosecute foreign entities and
individuals, and ensuring restitution for victims. A 1997 report
14 by the International Organization of Securities Commissions
(IOSCO), 15 argued that securities regulators need to establish
well- defined mechanisms for cooperating with their foreign
counterparts to respond to these challenges and deter Internet
frauds. For example, IOSCO recommended that securities regulators
develop policies and procedures to ensure the timely exchange of
information about ongoing investigations of Internet securities
fraud. IOSCO also stated that coordination should include sharing
information about (1) Internet surveillance techniques, (2)
questionable transactions that may represent potential Internet
frauds, and (3) successful approaches to prosecuting Internet
securities fraud cases.

State securities regulatory agencies face similar challenges in
developing a coordinated approach to Internet fraud investigations
and enforcement. As pointed out earlier, state enforcement actions
may have limited success because Internet securities frauds may be
committed from out- of- state locations. Challenges facing states
include working with other regulatory agencies to combat
fraudulent schemes that operate across states, ensuring sufficient
monitoring of the Internet by other jurisdictions, and obtaining
necessary evidence to initiate enforcement action.

14 Report on Enforcement Issues Raised by the Increasing Use of
Electronic Networks in the Securities and Futures Field. IOSCO
(September 1997). 15 IOSCO is an international organization of
securities regulators including SEC whose mission is to promote
global coordination in the regulation of the securities industry.
Regulators Face Challenges

in Maintaining a Coordinated Approach to Combating Internet
Securities Fraud

Statement Page 18 GAO/T-GGD-99-34

According to SEC, investor education is a critical defense against
Internet securities frauds given the fact that regulatory
resources to combat the problem are limited. If investors are
adequately informed about the risks associated with potential
Internet securities frauds, then they will be less likely to fall
victim to sophisticated scams. The investor education challenges
facing regulatory agencies include identifying schemes or
mechanisms that require further investor awareness and widely
disseminating information about the risks associated with Internet
in a timely and effective manner. While SEC has taken steps to
educate the public that investment decisions should not be made
solely on the basis of information received over the Internet,
ensuring that such warnings reach a wide audience is a difficult
challenge. SEC's investor education initiatives to date such as
posting information on the SEC website and producing pamphlets are
relatively low cost and have a limited ability to reach a wide
audience. For example, not all investors may be aware that SEC has
posted investor education information on its website. Reaching a
large audience with relevant investor information often involves
conducting large media campaigns that could be expensive and may
take a long time to produce results. SEC's capacity to educate
investors and disseminate widely relevant information about the
potential risks of Internet securities frauds may be limited.
According to SEC, the agency's budget and staff resources directed
to investor education have remained relatively stable over the
past several years, so the agency's capacity to initiate large-
scale media campaigns is limited.

In summary, Ms. Chairman we commend you for holding this hearing
and thank you for inviting us to testify on our preliminary
observations on Internet securities fraud and regulatory efforts
to combat this growing problem. Hearings such as this are
particularly useful because they provide a public forum for
educating large numbers of investors that while the Internet has
much to offer, there are potential risks as well. We look forward
to working with you and your staffs in this important area.

Ms. Chairman, this concludes my prepared statement. My colleague
and I would be pleased to answer any questions that you or Members
of the Subcommittee may have. Regulators Face Challenges

in Educating the Investing Public on the Risks Associated with
Internet Securities Frauds

Page 19 GAO/T-GGD-99-34

Page 20 GAO/T-GGD-99-34

Ordering Information The first copy of each GAO report and
testimony is free. Additional copies are $2 each. Orders should be
sent to the following address, accompanied by a check or money
order made out to the Superintendent of Documents, when necessary.
VISA and MasterCard credit cards are accepted, also. Orders for
100 or more copies to be mailed to a single address are discounted
25 percent.

Order by mail: U. S. General Accounting Office P. O. Box 37050
Washington, DC 20013

or visit: Room 1100 700 4 th St. NW (corner of 4 th and G Sts. NW)
U. S. General Accounting Office Washington, DC

Orders may also be placed by calling (202) 512- 6000 or by using
fax number (202) 512- 6061, or TDD (202) 512- 2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512- 6000 using a
touch- tone phone. A recorded menu will provide information on how
to obtain these lists.

For information on how to access GAO reports on the INTERNET, send
e- mail message with info in the body to:

info@ www. gao. gov or visit GAO's World Wide Web Home Page at:
http:// www. gao. gov

United States General Accounting Office Washington, D. C. 20548-
0001

Official Business Penalty for Private Use $300

Address Correction Requested Bulk Rate

Postage & Fees Paid GAO Permit No. G100

(233587)

*** End of document. ***