A PDF version of the full publication is attached here: Trends in SEC enforcement actions (PDF 288kb)

The SEC has increased enforcement over recent years, cracking down on both new and repeat offenders. Penalties associated with recent enforcement actions ranged from several thousand to several million dollars assessed against the span of securities market participants, from large public companies and investment firms to individual gatekeepers, executives, and social media influencers. At the same time, the SEC recognized meaningful cooperation from registrants and individuals subject to enforcement investigation.

For its fiscal year ended September 30, 2023 (FY23), the SEC filed 784 enforcement actions. ² The SEC also awarded almost $5 billion in financial remedies. This includes $1.6 billion in civil penalties and $3.4 billion in disgorgement and prejudgment interest. Thus far in 2024, the SEC has continued to pursue a high volume of enforcement actions, many involving large financial penalties.

View image

While total remedies declined in FY23 compared to FY22, the FY23 remedies remain higher than earlier years.

The SEC identifies possible violations of securities laws through various channels including:

In recent years, there has been an increase in the overall number of tips, complaints, and referrals, with whistleblower tips making up an increasing portion of the total number of tips. In FY23, the 40,000 total tips, complaints, and referrals received was up 13% from FY22. The 18,000 whistleblower tips was the highest on record, and was approximately 50% more than the year before and over 500% more than the program’s 2012 inaugural year.

View image

The SEC continues to actively promote its whistleblower program and, more specifically, the record awards it has issued under the program. Whistleblowers were awarded almost $600 million during FY23, the most ever awarded in one year, including a record $279 million awarded to one person. However, while the number of whistleblower tips and the monetary awards are significant, the number of individuals actually rewarded for whistleblower tips declined to just 68 in FY23, its lowest level since 2020.

View image

Further highlighting the SEC’s focus on supporting the whistleblower program, the SEC has alleged in recent cases that certain employment and separation agreements included provisions that violate SEC rules prohibiting actions to prevent an individual from contacting the SEC. ³ Given this focus, we recommend companies periodically review their whistleblower programs and also employment and separation agreements to ensure they do not violate these provisions.

This section details some of the common topics addressed by enforcement actions. The appendix includes the full breakdown of actions by topic for the past three fiscal years.

Issuer reporting, audit, and accounting cases drove the significant increase in enforcement actions. The 53% increase since 2021 represents the largest increase among all categories of cases over that timeframe.

Our review of recent actions in this category identified four key themes: (1) accounting and disclosures; (2) recordkeeping and controls; (3) individual accountability; and (4) gatekeepers.

Collectively, the cases highlight the need for companies to build and maintain robust internal control environments and dedicate sufficient resources to support the accuracy, reliability, and completeness of their accounting and disclosures. In addition, the number of cases alleging misleading disclosures highlights the SEC’s continued focus on this issue, reiterating the importance of companies maintaining effective processes to support disclosures, including over statements by individual executives, ensuring those statements are factual and consistent with other information disclosed by the company.

A common theme across a number of accounting cases is the motivating factor of pressure to meet established earnings or other targets. Cases generally focused on improper accounting that distorted earnings or disclosures that resulted in misleading information. These cases in part stem from an SEC initiative utilizing risk-based data analytics of EPS to uncover potential earnings manipulation. This initiative has resulted in a number of companies and individuals being charged with violations of securities laws.

The enforcement actions related to improper accounting addressed a range of accounting issues, including cases relating to revenue recognition, leases, and asset valuations (including unrecorded impairments). Actions related to improper revenue recognition included allegations of falsifying contracts, orders, or other documents; recognizing revenue prematurely; and failing to account for provisions in arrangements, including side agreements. Other recent cases include allegations of improper accounting relating to costs, loans, debt, and related party transactions as well as control failures that impact accounting.

Recent cases and remarks by SEC Division of Enforcement senior staff also highlight that the SEC continues to take action when it believes that a company has provided misleading information to investors. In evaluating whether disclosures are misleading, the SEC focuses not only on the financial statements, but also on information outside the financial statements, including public financial targets and non-GAAP financial measures. The SEC has alleged in recent cases that disclosures of non-GAAP financial measures or other financial information were incomplete and lacked material contextual information that resulted in the information being misleading.

The SEC continues to focus on the importance of a registrant’s holistic internal control environment, from the processing of underlying transactions all the way through to recognition and disclosure. Often, charges of disclosure and accounting violations also alleged violations of recordkeeping and disclosure controls and procedures requirements, although there are recent actions focused solely on recordkeeping and controls. ⁴ Last year, two SEC commissioners highlighted what they viewed as the Commission’s expanded use of the internal accounting controls’ provisions in enforcement cases. ⁵

In recent commentary, senior SEC staff have emphasized the SEC’s focus on the individuals responsible for a company’s alleged violations of the securities laws, and the SEC’s recent enforcement actions highlight an increased focus on holding individuals accountable. Many cases included charges against both the company and specific executives or other individuals within the organization. In the cases against individuals, settled charges frequently included disgorgement of ill-gotten gains, other penalties, and an administrative bar preventing them from appearing or practicing before the Commission for a period of time.

Consistent with recent messaging from the PCAOB, the SEC continues to focus on audit quality and pursue cases that seek to hold auditors accountable for audit quality. The SEC brought cases against numerous audit engagement partners for violations of securities laws arising from improper professional conduct and misrepresentations regarding compliance with PCAOB standards. When fraud was perpetrated by companies, cases were often also brought against audit partners for failure to appropriately evaluate audit results and follow up on red flags identified through audit procedures. Actions taken against these individuals included imposing civil penalties and revoking their privilege of appearing or practicing before the Commission as accountants.

The SEC also brought charges against gatekeeper firms related to the overall tone at these organizations and their quality controls. These cases can have a significant impact on registrants, as highlighted in a recent case. Following its finding of fraud and failing to comply with PCAOB standards, the SEC denied an audit firm the privilege of appearing or practicing before the Commission. This action has significant ramifications for public companies that were audited by that firm as those companies will now have to appoint a new auditor, and any prior periods audited by the former firm will need to be reaudited, potentially causing delays in both periodic reporting and also capital-raising transactions. This case highlights the importance of companies and audit committees engaging in discussions with their independent auditors regarding their quality controls.

With over 15,000 registered investment advisers and 3,500 broker-dealers in the SEC’s jurisdiction, it is not surprising that the SEC has brought the largest number of actions in these two spaces, representing 38% of the total actions. Many of these cases are the result of “sweeps” by either the Division of Enforcement or the Division of Examinations looking for thematic concerns across multiple firms. One significant area involves the safeguarding of assets and the custody rule. ⁶ In several rounds of actions against multiple firms, the SEC asserted that certain firms that had custody of client assets failed to meet the audit or surprise examination requirements, and/or make accurate disclosures in required forms. Firms should review areas where they may have inadvertent custody as well as regularly review the accuracy of their Form ADV disclosures, particularly if their approach to compliance with the rule has changed recently. Because many of these cases derive from examinations, firms may also consider undertaking compliance assessments as a way to identify potential areas of concern.

The SEC also brought a number of cases alleging noncompliance with recordkeeping and reporting requirements applicable to broker-dealers and investment advisers. There were multiple cases involving text messages concerning business matters exchanged on personal devices, referred to as “off-channel communications.” The SEC alleged that the registered broker-dealers and investment advisers did not capture and retain proper records of these communications. These cases resulted in significant fines, which contributed to the SEC’s record-breaking fines and penalties in fiscal years 2022 and 2023. This focus continues, with similar actions announced as recently as April 2024. Separately, the SEC also brought cases relating to incomplete or untimely reporting of information such as suspicious activity reports (SARs) and blue-sheet trade data. Other cases against broker-dealers focused on firms and their representatives choosing their own interests over their customer’s best interests, primarily related to retail investors.

Several cases against investment advisers allege noncompliance with the newly amended marketing rule. ⁷ Given the recent amendments to the rule and scrutiny of marketing by investment advisers, firms should ensure they have strong internal controls to assess whether their marketing representations, including on their websites, are accurate and can be fully substantiated.

Enforcement also continues to focus on advisers to private funds, particularly related to the disclosures of conflicts of interest, inappropriate allocation of fees and expenses to funds, and custody arrangements. Firms should review their arrangements between their affiliates and the client funds, along with expense allocations, ensuring that they are consistent with contractual obligations and disclosures.

Using sophisticated data analysis, the SEC identifies unusual trading activity and bad actors in the markets, and it continues to take actions against individuals believed to profit from the misuse of and trading on material nonpublic information. These cases frequently involve officials at a company, but recent cases show that the SEC casts a wide net in investigating unusual activity, even including employees who inadvertently shared material nonpublic information with people with whom they have personal relationships.

The SEC frequently expresses concerns regarding the risks associated with insider trading on material nonpublic information, including in connection with statements on broader market events. These statements emphasize the role of good governance and compliance programs to avoid violations of insider trading rules. While enforcement cases on insider trading are typically against individuals, they can lead to reputational harm to related registrants, further emphasizing the need for companies to have strong controls around material nonpublic information.

The SEC frequently brings enforcement actions involving alleged fraudulent or unregistered securities offerings. In addition to cases relating to crypto asset securities offerings, other common examples include cases alleging that individuals or businesses solicited investor money on the promise of significant returns, but instead misappropriated the assets for their own benefit or to support an ongoing “Ponzi scheme” in which funds from new investors were used to pay returns to earlier investors.

The Foreign Corrupt Practices Act (FCPA) prohibits individuals and companies from engaging in corrupt practices to obtain or retain business overseas. While FCPA actions represent a small portion of the total cases each year (typically around 1%), they have historically represented some of the largest settlements on reporting matters. In one case, the SEC charged a foreign private issuer for alleged misconduct resulting in improper bidding practices when competing for government-related business.

In recent years, the SEC has also focused on emerging matters, such as potential violations of securities laws arising from cybersecurity, crypto asset securities, and ESG-related matters. The SEC’s actions to address these emerging areas include establishing a Crypto Assets and Cyber Unit, which has doubled in size in recent years, as well as a Climate and ESG Task Force.

In response to the increasing frequency and sophistication of cyber threats, the SEC has prioritized enforcement actions against companies that fail to adequately protect sensitive information or disclose cybersecurity risks and material cybersecurity incidents. While the SEC adopted new disclosure requirements in 2023 that prescribed the specific form and content of disclosures of cybersecurity risks and incidents, this enforcement focus highlights the SEC’s longstanding view that material cybersecurity risks and incidents require disclosure. ⁸ Given the 2023 rules, we expect the SEC will continue to focus on cybersecurity incident and risk management disclosures, specifically on potentially misleading disclosures.

Supporting the SEC’s mission to maintain fair, orderly, and efficient markets, the Crypto Assets and Cyber Unit also focuses on cybersecurity controls at regulated entities, trading on the basis of hacked nonpublic information, and cyber-related manipulations, such as brokerage account takeovers and market manipulations using electronic and social media platforms.

The surge in popularity of crypto assets and associated products and services in recent years has resulted in increased interest by investors, abuse by bad actors, and scrutiny by the SEC. Recent enforcement actions have focused on a range of alleged violations of securities laws with respect to crypto assets that the SEC asserts are securities. For example, certain initial coin offerings may be securities offerings, and as such, need to be registered with the SEC or fall under an exemption to registration. A failure to comply with registration requirements can lead to an enforcement action and penalties. Numerous firms have been charged for allegedly offering unregistered securities through crypto asset lending and/or staking programs.

Additionally, the SEC aims to regulate intermediaries that facilitate or participate in crypto asset securities transactions, ensuring that they comply with applicable securities laws, including by implementing robust security measures and providing fair and transparent services to investors. Notable cases were brought against intermediaries for operating as unregistered securities exchanges, brokers, and clearing agencies. Some of these intermediaries were separately charged for the unregistered offer and sale of securities.

Other recent investigations related to crypto asset securities included:

As companies contemplate transactions involving crypto assets, they should consider the potential implications on compliance with related securities laws.

In 2021, the Division of Enforcement launched a Climate and ESG Task Force to proactively identify ESG-related misconduct. It focuses on identifying material gaps or misstatements in issuers’ disclosures of climate and human capital risks under SEC rules as well as disclosure and compliance issues relating to investment advisers’ and funds’ ESG strategies. Examples of recent cases include allegations (1) of false and misleading disclosures about the safety of operations and (2) that a company’s disclosure controls and procedures did not properly consider complaints about workplace misconduct. Separately, the SEC pursued charges against several asset managers for lacking policies and procedures on ESG investments.

The SEC has been increasingly focused on the implications of advancements in artificial intelligence (AI) and machine learning, including potential violations of securities laws. Recent remarks by Commissioners and senior SEC staff highlight their growing concern that these advancements could pose emerging risks as the technologies may lead to noncompliance with the securities laws. The SEC recently settled actions against two investment advisers that allegedly made false and misleading statements regarding their use of AI and machine learning technologies, and we expect the SEC will continue to focus efforts on how use of these technologies may impact investors and markets. Registrants should consider how the use of AI and related public disclosures, may impact compliance with securities laws, including considerations relating to internal control over financial reporting and disclosure controls and procedures.

While controls should be designed to prevent violations of securities laws, even companies with strong compliance programs and controls are well advised to build mechanisms to detect possible wrongdoing into their processes. This includes a culture in which employees can raise concerns without fear of retaliation as well as strong internal audit and legal compliance functions that conduct independent analyses to identify potential violations. If a company identifies a possible enforcement matter, the SEC has highlighted in recent cases and public comments by senior officials how actions such as self-reporting, cooperation with investigations, and prompt remediation contributed to lower penalties.

Regardless of how the possible violation is identified, actions prior to and during the investigation can impact the ultimate resolution, and cooperation can result in reduced or eliminated penalties. Cooperation with investigations involves actions such as providing underlying documents that would otherwise be challenging for the SEC to compel, waiving privilege and producing privileged documents, providing helpful analysis, and providing translations and/or compilations of key documents. Actions such as complying with subpoenas and providing truthful testimony are baseline expectations of the SEC, and thus would generally not qualify as cooperation that would result in reduced penalties. The timing of cooperation can also play an important role; while cooperation can occur at any stage of an investigation, more credit is granted to cooperation provided early in the investigation.

The following table details the number of actions by topic and the percentage by topic of total actions by fiscal year.