Public Statements & Remarks

Modernizing Investor Protection for the Digital Age: Opening Remarks of CFTC Commissioner Christy Goldsmith Romero

The North American Securities Administrators Association’s Annual Meeting in San Diego, California

September 11, 2023

Remarks Prepared for Delivery

Standard Disclaimer

Thank you to NASAA.  I’m thrilled to be here with all of you, especially with those of you, who like me, have dedicated their careers to protecting investors.  With our nation at the cusp of some very exciting technological advances, advances that can also prove to be challenging, it will take federal and state regulators working together to build a safer financial system.

Today, I will share my view that one of the best ways to modernize investor protection is for regulators to keep pace with technology.  I will talk about how regulators can use technological advances to our advantage.  Finally, I will re-propose a National Financial Fraud Registry[1] — which I first proposed in December 2019—one stop shopping for investors to check if the companies or individuals they are considering investing with, have been convicted or fined for fraud.

Modernizing investor protection by keeping pace with technology

If government does not keep pace with technology, it is often the most vulnerable who will suffer.  As regulators are making policy decisions on next generation technology, it is critical that we have a foundational understanding of the technology, and its implications for finance and law.  That is why I sponsor the CFTC’s Technology Advisory Committee (TAC), and why I stacked its membership with well-respected technology experts in FinTech, responsible artificial intelligence, cryptocurrency, blockchain, and cybersecurity. 

These technology experts can help us come up with investor protections and guardrails.  They present subjects like finding a way in crypto, including with decentralized finance, to conduct Know Your Customer and Anti-money Laundering, using digital identity and other technology.[2] 

When it comes to AI, I promote responsible AI—the subject of two TAC meetings.  Responsible AI is AI that is designed and deployed in a way that aligns with the interests of many stakeholders, is transparent and explainable, auditable by humans, uses unbiased data, and minimizes the potential for harm.  Federal regulators are just getting started when it comes to AI.  A good place to start is governance in making important decisions that impact investors and markets.  I ask many of our regulated exchanges, clearinghouses, and intermediaries, how they are using AI and how they are making decisions on AI. 

These are just two examples that show how important it is for regulators to keep pace with technology.

Regulators can use technological advances to our advantage, particularly in enforcement

I remember being a line staff attorney in SEC’s Division of Enforcement years ago, along with NASAA’s own Vince Martinez.  How we conducted investigations was very different.  When I would see movement in a stock from a company that had not announced any news—my interest was piqued.  I might work with the exchange to get the traders and trade activity.  Then I would try to recreate what happened.  Did an analyst say something? Were any insiders trading?

Now, one of the first places to look might be twitter—“X”—reddit, Facebook, and other social media.

In my last role as the Special Inspector General for TARP (SIGTARP) at Treasury, I oversaw a national law enforcement office, with special agents, investigators, and lawyers in five offices around the country.  Criminal law enforcement officials take significant advantage of digital information, tools that combine that information, and other technology.

This experience showed me how from an enforcement and broader regulatory standpoint, civil regulators should use all the tools available in a digital age.  Tracing funds, tracing crypto, using the blockchain, using link analysis, using social media, and data analytic tools should all be in a regulators’ tool kit.  The ability to find connections between people has gotten tremendously easier, faster, and more reliable.  This could help regulators determine connections to uncover those working in concert or for insider trading, for example.  Regulators could also consider AI or other tools to help establish beneficial ownership or other types of links.

Social media has always been a source for fraud, as con artists previously limited by geography could easily and rapidly expand their reach to and numbers of, potential victims.  Now, social media has become a source for investors to make decisions.  Think about the meme stocks with reddit, social media-fueled crypto runs in 2022, followed by this year’s bank runs.

Regulators can use social media to their advantage.  From an enforcement standpoint, the statements that people make on social media can be strong evidence of intent.  Social media can also be a powerful platform for regulators for financial literacy and warnings about scams.  There is great potential in reaching a retail investor audience that turns to social media to get their news.  But to be successful, a government social media account needs to be interesting, catchy, something that people will watch or read and repost.  I propose that it is worth regulators thinking about using your existing staff who may be really good at social media posts to help.

In a world swimming in information, disclosures for retail investors is a challenge of our day.  This is particularly true as more retail investors are expressing preferences not to use traditional brokers, but to instead trade through apps on their phones.  As society moves to conduct more business on our phones, people get e-disclosures, quickly scroll down often without reading it, or understanding it, and then click “accept.”  Courts are upholding these clickwrap agreements.

As regulators, we want to ensure that retail investors are informed of their rights and risks.  So along with focusing on the content of disclosures, regulators can protect retail investors by also focusing on the method of delivery of disclosures.  This is an area that state regulators may be in a better position to act than the federal government.

Re-Proposal for a National Financial Fraud Registry

The damage caused by financial fraud is so devastating that deterring fraudsters and protecting investors is a top priority of law enforcement.  There is a more effective and efficient way to achieve this important mission—one that could help prevent fraud, and ultimately save law enforcement resources.  Today, I re-propose a National Financial Fraud Registry—a centralized record of all crimes and fines related to financial fraud.

At SIGTARP, we started by creating our own Financial Institution Crimes & Fines Database.  In order to protect a defendant’s right to due process, SIGTARP only included resolved fraud cases—those ending with a criminal conviction or a civil fine. We also included the date of conviction or fine.

What I propose is a coordinated approach by federal leaders to create a single public access point to information on fraud convictions and civil fines.  Once established, each federal agency would register its convictions, sentencings, civil fines and resolved enforcement actions.  State and local agencies could join to achieve a true national fraud registry.

This would be a comprehensive record that the public can easily check before giving someone their money, their trust, and their business.  Would-be fraudsters will not like that ease and accessibility, creating a powerful deterrence.  This would ease government’s identification of repeat offenders.

Media coverage is the traditional method to let the public know how fraudsters are being held accountable, but it is not the most effective or efficient method.  In a modern world with a sea of information, press releases are not read and media coverage is often non-existent.  When the message of accountability is not received by would be fraudsters, deterrence suffers.

Just as fraudsters have evolved their methods to take advantage of technology, so must law enforcement evolve.  I understand that a National Financial Fraud Registry will require substantial cooperation and coordination.  We have to speak in one voice, in a way that transcends all of the noise.

The public does not care which agency prosecutes the fraud.  They don’t want to have to search all corners of the internet.  They care about not becoming a victim in the first place.  I invite further discussion.  I would also suggest that states consider doing this on their own.


In a digitized world, it’s time for a new approach to protect investors.  One where regulators keep pace with technology, put the latest technological advances in our tool belt, and arm investors with readily accessible information that can prevent them from becoming victims.  Together, federal and state officials can build a safer financial system.  One that harnesses the best of technology, while protecting investors and financial stability.

[1]  Special Inspector General Christy Goldsmith Romero, A Proposal for a National Financial Fraud Registry (Dec. 2019) Crimes_Fines_Press_Release_Proposal.pdf (

[2]  CFTC Technology Advisory Committee Meeting (March 22, 2023) TAC Meeting Agenda That Includes Cybersecurity, Decentralized Finance, and Artificial Intelligence - YouTube.