During fiscal year 2022, the SEC brought 760 enforcement actions (an increase of nine percent over 2021) and obtained a record level of $6.439 billion in civil penalties, disgorgement and pre-judgment interest. The civil monetary penalties were the highest on record at $4.194 billion, which is noteworthy in light of recent challenges to the SEC’s authority to impose such penalties. Finally, the SEC granted 103 whistleblower awards in 2022, awarding a total of $229 million—the second highest total since the SEC implemented its whistleblower program in the wake of the Dodd Frank Wall Street Reform and Consumer Protection Act of 2010.
Enforcement Strategy Updates: A Focus on Deterrence
Stronger Monetary and Non-Monetary Penalties
In the SEC’s year-end enforcement release, Director of Enforcement Gurbir S. Grewal indicated that the agency had “recalibrated penalties” in 2022, including by implementing “prophylactic remedies” (i.e., undertakings) and, in certain egregious cases, requiring admissions with the goal of strengthening deterrence and making it clear that “fines [are] not just a cost of doing business.” The SEC is sending this message to market participants by coupling unprecedented monetary penalties with substantial non-monetary relief, such as onerous undertakings (e.g., the retention of compliance monitors). In addition to punishing individuals and entities that violate the securities laws, the SEC has made clear that the tailored undertakings in its orders are meant to provide potential roadmaps for compliance.
The SEC has not limited its strategy to headline-worthy cases. It also sought more monetary and non-monetary penalties than in prior years against the so-called “gatekeepers” of the securities industry—e.g., accountants, auditors, lawyers—for violations related to internal controls and violations of reporting and books and records provisions:
- In June 2022, an audit firm agreed to pay a penalty of $100 million (the largest ever imposed on an audit firm) and undertake extensive remedial measures to address ethical failures within the company. The firm admitted that over multiple years a significant number of audit professionals cheated on the ethics component of CPA exams and various required continuing education courses.
- In June 2022, an audit firm agreed to pay a penalty of $1.9 million and unprecedented restrictions on retaining new audit clients in a settlement for violations of professional standards. The SEC order prohibits the firm from taking on a new audit client if the new engagement would begin more than nine months after the prior fiscal year-end date for entities, or if the new audit client conducts the majority of its operations outside the U.S. (unless such foreign operations are audited by a Public Company Accounting Oversight Board-registered firm), has an unremediated material weakness in its internal controls over financial reporting or has received an audit report with a going-concern opinion as of the end of the past fiscal year.
- In September 2022, 15 broker-dealers and one investment adviser paid combined penalties of more than $1.1 billion in settlement of charges that the firms violated recordkeeping provisions of the securities laws by failing to maintain and preserve electronic communications. In contravention of internal policies, employees routinely used unapproved platforms on personal devices to communicate about the firms’ business. The firms failed to implement their policies and procedures prohibiting off-channel communications, leading to their failure to reasonably supervise their employees.
The past year included a renewed emphasis on individual accountability. Similar to 2021, more than two-thirds of the stand-alone enforcement actions brought in FY 2022 involved at least one individual defendant or respondent.
Notably, the SEC did not limit its pursuit of individuals to those who directly violated the securities laws. In 2022, the SEC made use of Section 304 of the Sarbanes-Oxley Act to require non-culpable executives to return bonuses and other compensation in the wake of financial restatements. In one case, the former chief executive officer of a company charged with inflating the financial performance of a major subdivision was required to return more than $1.8 million in bonuses and compensation to the company.
The SEC pursued enforcement actions arising from a wide variety of misconduct and against a broad range of market actors. Below, we highlight certain significant areas of focus—crypto and digital assets; cybersecurity; ESG; insider trading; and investment professionals—which the SEC pursued in addition to its “bread-and-butter” enforcement actions based on public company disclosures and reporting requirements.
Crypto and Digital Assets: Crypto platforms, crypto investment schemes, and digital assets continue to be a significant enforcement priority. Putting its money where its mouth is, SEC leadership added 20 positions to its Crypto Assets and Cyber Unit, doubling its size.
The FTX bankruptcy—which Chair Gensler noted was hallmarked by a problematic mix of “customer money, non-disclosure and leverage borrowing against it … [and] companies trading” against or ahead of their customers—puts more pressure on the SEC to pursue its already aggressive enforcement agenda in the digital asset space. Indeed, in the wake of FTX, it has been reported that the SEC and DOJ have opened investigations into another large player in the crypto markets in connection with internal transfers to its lending arm.
Although many have pushed for clearer regulatory guidance on the application of the securities laws to digital assets, Chair Gensler has remained consistent in his position that the industry “[has] got regulations and those regulations are often very clear,” and cryptocurrency firms must come into compliance with existing rules. The 2022 enforcement results reflect this position.
In FY 2022, the SEC continued to bring charges against platforms which allegedly offered unregistered securities to finance platform development; and prevailed in litigation. In SEC v. LBRY, Inc., No. 21-cv-00260 (D.N.H. Nov. 7, 2022) (No. 86), the Court agreed with the SEC that digital tokens sold for use on LBRY’s platform were sold as securities under SEC v. W.J. Howey Co., 328 U.S. 293 (1946), the leading case defining when the offer or sale of an asset constitutes an “investment contract.”
Crypto enforcement in 2022 was not limited to registration violations (i.e., cases involving the question of what is a security). Among other matters, the SEC brought enforcement actions against crypto mining operations, crypto lending platforms and celebrities touting crypto assets on social media; and charged individuals with insider trading in digital assets. It is worth noting that, although all involved novel schemes or assets, some of these enforcement actions applied time-tested theories of liability (e.g., fraud) in support of the charges.
Cybersecurity: Cybersecurity enforcement—both against public companies and regulated entities (e.g., broker-dealers, investment advisers and national securities exchanges)—remains a significant enforcement priority.
In FY 2022, the SEC brought notable enforcement actions concerning data protection. In one case, the SEC alleged that three financial services firms lacked reasonable policies and procedures to detect and respond to threats of identity theft in violation of Regulation S-ID. In another, a major investment adviser and broker-dealer agreed to pay a $35 million penalty in settlement of charges that it failed to properly protect or dispose of devices containing the personal identifying information of approximately 15 million customers.
The SEC is also policing public company disclosures about cybersecurity. The SEC proposed new rules to this effect in early 2022, detailing new cybersecurity-specific preparedness, reporting, governance and public disclosure obligations for registered advisers, funds and public companies. These rules are summarized here. Market participants can expect the SEC to scrutinize compliance with these new regulations, which will likely become effective in April.
Environmental, Social and Governance: In response to an increase in investor interest in ESG and pressure from Capitol Hill, in March 2021, the SEC established the Climate and ESG Task Force within the Enforcement Division to analyze disclosure and compliance issues relating to investment advisers’ and funds’ ESG strategies, and, in March 2022, issued proposed rules to standardize ESG-related disclosures.
In FY 2022, the SEC brought at least six ESG-related enforcement actions, which largely addressed material omissions or misstatements to investors. In one case, the SEC charged an investment firm with making materially misleading statements and omissions about ESG considerations in making investment decisions. The firm allegedly misled investors by stating that it invested pursuant to a policy requiring ESG quality review, but not following those policies and procedures in practice. In another case, the SEC charged an automated digital investment advisory program for failing to adopt policies and procedures consistent with its marketing materials. The SEC alleged that the investment adviser marketed itself as providing advisory services that were compliant with Shari’ah law but failed to adopt policies and procedures addressing how it would ensure that securities selected for its clients were Shari’ah compliant.
Insider Trading: Insider trading remained an enforcement priority in FY 2022, with notable actions brought in two areas of regulatory interest. In July 2022, the SEC and the DOJ brought parallel insider trading charges against three individuals, including a former employee of a digital asset trading platform, for providing tips as to the timing and content of announcements regarding the listing of digital assets on the platform. The action is notable because, while the SEC brought securities fraud charges, the DOJ limited its prosecution to mail and wire fraud, suggesting a potential disagreement between the two authorities regarding whether the assets constitute securities. On January 10, 2023, one tippee was sentenced to ten months of imprisonment and ordered to forfeit approximately $900,000 after pleading guilty to wire fraud in 2022.
In September 2022, two officers of a China-based company settled insider trading charges for selling company securities pursuant to a purported Rule 10b5-1 trading plan while in possession of material nonpublic information. This enforcement action followed the issuance of proposed rules (now final), which enhance the requirements to successfully invoke the Rule 10b5-1 affirmative defense.
In addition, in SEC v. Matthew Panuwat, No. 3:21-cv-06322 (N.D. Cal. Jan. 14, 2022) (No. 26), described in detail here, the SEC has enjoyed preliminary success in advancing its novel “shadow trading” theory of insider trading. In denying Panuwat’s motion to dismiss, the Court accepted the SEC’s theory that Panuwat could have breached a duty owed to his employer by using the employer’s confidential information to trade in the securities of another company, where the employer’s policy prohibited the use of confidential information to trade in the securities of another publicly traded company. Further, as a matter of first impression, the Court accepted the SEC’s theory that confidential information regarding an acquisition involving Company A could also be considered material to Company B (and presumably companies C, D, E, etc.) that operates within the same general industry. At present, the case is in discovery with a trial date tentatively set for February 2024.
Also of note is the SEC’s continued use of data analytics to detect insider trading and other market abuses. In 2022, suspicious trading patterns detected by the Enforcement Division’s Market Abuse Unit’s Analysis and Detection Center led to enforcement actions against nine individuals in three separate trading schemes. In each case, the SEC charged individuals for allegedly sharing confidential information related to future corporate acquisitions with others who then traded based on that information.
Investment Advisers, Broker-Dealers and Private Funds: Similar to prior years, the SEC continued to pursue a significant number of enforcement actions against investment professionals, including advisers. Of note, the SEC brought the first enforcement action under Regulation Best Interest, which took effect in June 2020, alleging that a broker-dealer failed to conduct the due diligence necessary to understand the risks of a product recommended to customers, leaving it without a reasonable basis to determine that the product was in the best interest of its clients.
Special Purpose Acquisition Companies: Although the number of special purpose acquisition companies (SPACs) on the market sharply (and spectacularly) declined in 2022—primarily due to the SEC’s aggressive enforcement—market participants should not expect SEC scrutiny of underwriter due diligence, conflicts of interest and investor disclosures to let up.
In FY 2022, the SEC proposed rules designed to align SPAC transactions with traditional initial public offerings, and brought charges against an investment adviser for failing to disclose conflicts of interest with respect to its ownership of entity sponsors in several SPACs in which it advised its clients to invest.
Market participants can expect the SEC to continue to pursue SPACs and related parties, especially SPACs that merged with weak targets and/or had conflicts of interest. Indeed, on January 3, 2023, the SEC brought fraud charges against the former chief financial officer of a SPAC who embezzled funds raised based on misrepresentations that investor funds would be used to launch a separate SPAC. The SEC filed its complaint just four months after the underlying conduct was disclosed.
Looking Ahead to 2023
Market participants can expect the SEC’s aggressive enforcement agenda to continue into 2023. In its FY 2023 Congressional Budget Justification, the SEC anticipated that “the number of litigated cases will continue to rise as the Enforcement Division increasingly holds wrongdoers accountable for their misconduct with more meaningful and, in some instances, escalating sanctions,” and requested an overall budget increase in part to fund additional hiring for the Division.
Accordingly, market participants should review their policies, procedures and controls to ensure compliance with the securities laws, particularly in relation to the SEC’s stated priorities. Mindful of the SEC’s expectation that companies learn from the mistakes of others, regulated entities and public companies should conduct their own individualized risk assessments while being cognizant of how other entities ran afoul of the law. In this aggressive climate, officers and directors must promote a positive “tone at the top” and ensure that compliance departments are sufficiently resourced to devise and implement internal controls as well as policies and procedures reasonably designed to prevent violations.