Recently, Gurbir Grewal, the U.S. Securities and Exchange Commission’s director of the Division of Enforcement, testified before the U.S. House of Representatives’ Subcommittee on Investor Protection, Entrepreneurship, and Capital Markets as part of a budget request for the next fiscal year. Grewal reiterated many of the SEC’s enforcement priorities of the last several years, most notably the goal of active enforcement to restore the public’s trust in financial markets and institutions through “robust enforcement, robust remedies, and robust compliance.” At the very least, his testimony was further evidence that the SEC will continue to take a more active role under the current administration, especially in areas of priority such as crypto assets and gatekeeper accountability.
Grewal began his testimony by noting that Americans’ trust in the financial markets and institutions is near an all-time low. He attributed this sentiment to repeated lapses by large businesses, gatekeepers such as attorneys and accountants, and other market participants, while also noting the common perception that regulators are failing to hold bad actors accountable. Grewal testified that to combat this sentiment, one of his main goals is to use the SEC’s enforcement powers to restore public trust in the financial markets and institutions and prove that large corporations do not play by a different set of rules. Large businesses will be a target.
Thereafter, Grewal testified about each of the SEC’s enforcement priorities. As to enforcement, Grewal specifically highlighted the SEC’s efforts to curb abuses and police crypto assets and cybersecurity. The Division of Enforcement’s Crypto Assets and Cyber Unit has been busy, and it is adding 20 new positions. Since 2018, it has initiated more than 80 enforcement actions alleging fraudulent and unregistered crypto asset offerings and platforms, which has resulted in more than $2 billion in monetary relief. The division also has brought actions against registrants and public companies that it believes have failed to maintain adequate cybersecurity controls and appropriately disclose cyber-related risks and incidents. In short, the SEC plans to focus on investigating alleged violations related to crypto asset offerings, exchanges, broker-dealers, and lending and staking products; decentralized finance (“DeFi”) platforms; non-fungible tokens (“NFTs”); and stablecoins.
Grewal’s comments could be considered a preview of the SEC’s complaint—and parallel criminal proceeding—filed shortly after his testimony asserting a former employee of Coinbase Global, Inc. engaged in insider trading of crypto assets ahead of their release on the Coinbase platform. Notably, the SEC articulated its case for why nine specific crypto assets constitute securities, signaling to the crypto industry the SEC will take a more expansive view of the sort of crypto projects that may constitute securities going forward.
In addition to crypto, the SEC is continuing its multi-year focus on gatekeeper accountability. Grewal specifically emphasized the recent charges against Ernst & Young LLP after its employees cheated on its exams to maintain CPA licenses, and the company withheld evidence of this misconduct. The company admitted to the facts and agreed to pay a $100 million penalty.
Grewal next testified that the SEC’s remedies must be sufficiently robust to deter future bad actors and not simply be seen as a cost of doing business. Not surprisingly considering this focus, Grewal discussed two different remedies in detail—penalties and prophylactic relief. Since the U.S. Supreme Court’s decision two years ago in Liu v. SEC, which held that the SEC may only seek disgorgement if the funds are for the benefit of investors and reflect only the net profits with legitimate business expenses deducted, the SEC has shifted some of its focus away from disgorgement and to more robust penalties. Grewal’s testimony indicates that the SEC will continue in this direction. Indeed, he detailed the factors that guide the SEC’s penalty recommendations, specifically noting that the SEC “assess[es] the conduct at issue, in light of the statutory tier factors and judicial opinions, and look[s] to comparable cases.” If a penalty given in a past case did not sufficiently deter misconduct, then the SEC will seek stiffer penalties in future cases involving the same misconduct, whether in settlement negotiations or in litigation. Grewal also noted that prophylactic relief—such as officer and director bars, associational bars, suspensions, conduct-based injunctions and undertakings—will continue to be an important tool. As anyone recently under SEC investigation knows, it has almost uniformly insisted that such bars be part of any negotiated settlement.
Interestingly, in what may end up being a departure from the SEC’s past practices, Grewal noted that while the division will continue to recommend the usual no-admit-no-deny settlements in the majority of cases, it will begin seeking actual admissions in certain cases. According to Grewal, the SEC will want companies and individuals to make public admissions “where heightened accountability and acceptance of responsibility are in the public interest.” Such admissions will certainly have future repercussions for businesses, including affecting everything from insurance premiums to default provisions in contracts with other businesses. Businesses thus will need to factor in the SEC’s preferences when choosing how to defend against investigations and whether to settle.
Finally, Grewal discussed the need for all market participants to share responsibility for robust compliance. Of particular note for businesses, he called out public companies “to think rigorously about how their specific business models and products interact with both emerging risks and their obligations under the federal securities laws, and tailor their internal controls and compliance practices and policies accordingly.” He cautioned that businesses cannot rely on “check-the-box compliance policies,” but instead they should develop policies tailored to their work and the associated risks. As a result, it may be prudent for businesses involved in the securities industry to revisit their compliance policies in the near future.