On November 22, the Securities and Exchange Commission announced its enforcement results for the 2024 fiscal year with a record $8.2 billion in financial remedies.[1]  At the same time, a few cases and sweeps comprised the vast bulk of that amount, and the number of cases brought dropped by 26%.  In a press release announcing the results, Acting Enforcement Director Sanjay Wadhwa touted the agency’s “high impact enforcement actions” and noted “stepped up efforts” by market participants to self-report their own potential wrongdoing, cooperate in SEC investigations, and remediate any shortcomings.  Chair Gary Gensler, who recently announced he will step down at the start of the next Trump presidency, described the Enforcement Division as a “steadfast cop on the beat.”  Set forth below are key highlights on enforcement trends from the past year, as well as predictions for what the next year may hold under a new administration.

By the Numbers

Beyond the headline number of 583 filed enforcement actions, a 26% decrease from the previous year, the SEC filed 431 stand-alone cases that were not follow-ons to criminal convictions—the best measure of core enforcement productivity—representing a 14% decrease from fiscal year 2023.[2]  Total financial remedies reached a record-setting $8.2 billion, up from $4.9 billion in 2023, and consisted of $6.1 billion in disgorgement and prejudgment interest and $2.1 billion in civil penalties, the second-highest penalty amount on record.  Notably, though, more than half of the total remedies came from one judgment following the SEC’s trial victory in a crypto fraud case.  In addition, over $600 million in penalties came in the continuing off-channel communications sweep against more than 70 firms.  The SEC also obtained 124 orders prohibiting individuals from serving as officers or directors of public companies, the second-highest number of bars in a decade.

The SEC’s Enforcement Toolkit

Sweeps

The SEC continued its recent trend of undertaking several significant risk-based sweeps.  Prominent sweeps this year included more than a dozen investment advisers for compliance with the Adviser Act’s Marketing Rule; a renewed focus on whistleblower protection rules; form-filing sweeps related to both timely reporting of stock holdings and transactions by public companies and their insiders and Forms 13F and 13H filings by institutional investment managers; and the continued sweep of off-channel communications at broker-dealers, investment advisers, municipal advisors, and credit-rating agencies.  The Gensler SEC has been fond of sweeps, with each one not only serving as a lucrative source of penalty money for the SEC, but also prompting waves of compliance reviews by entities hoping not to get caught up in the next round. 

In keeping with the focus on retail investor harm, the SEC will back away from its recent heavy reliance on risk-based investigative “sweeps” of regulatory compliance that do not necessarily involve investor harm, like off-channel communications (where sweeps had probably run their course anyway), delinquent form filing, and the like.  Under the last Trump administration, the SEC did undertake enforcement initiatives, but they were focused on areas with greater perceived investor harm, such as the EPS Initiative, which investigated suspected earnings management at public companies, and the mutual fund share-class selection initiative. 

Whistleblowers

In 2024, the SEC received 24,000 whistleblower tips and announced awards of more than $255 million to 47 individuals, down slightly from the year before.[3]  Notably, more than 14,000 of the 24,000 tips came from two individual whistleblowers.  The SEC also continued to aggressively enforce whistleblower protections.  In an enforcement sweep announced in September 2024, the SEC levied $3 million in penalties against seven companies that allegedly violated whistleblower protection rules by, for example, requiring employees to waive their right to receive whistleblower awards, or asking customers to agree to not contact the SEC. In one case, a broker-dealer paid an $18 million penalty for allegedly impeding “hundreds of advisory clients and brokerage customers from reporting potential securities law violations to the SEC” by having them sign an agreement to keep confidential any settlement or credit obtained from the broker-dealer.  The agreements permitted clients to respond to SEC inquiries but prevented them from voluntarily contacting the SEC.  Notably, in all of these enforcement actions, the SEC acknowledged that the entities did not actually enforce the provisions to prevent individuals from communicating with the SEC.  The new SEC will likely wind down sweeping compliance with whistleblower protection rules, but will continue to pursue whistleblower tips—albeit with far fewer resources in light of the planned Department of Government Efficiency.

Cooperation

The SEC continued to stress in speeches and enforcement actions that it will reward firms that self-report, cooperate, and remediate, highlighting specific actions that may contribute to lower—or even no—penalties or other rewards.  In May 2024, former Director Grewal emphasized five main principles of cooperation: (1) self-policing with “appropriate safeguards” and technologically up-to-date compliance policies; (2) self-reporting without delay; (3) proactive and timely remediation; (4) “above and beyond cooperation;” and (5) “early, often, and substantive[]” collaboration with the SEC.  The SEC specifically called out actions such as:

  • Self-reporting before completing an internal investigation or being certain a violation has occurred;
  • Flagging and explaining documents or data, particularly through forensic accountants or other experts who can explain technical or complex information; and
  • Identifying key witnesses, facilitating interviews, and presenting findings and summarizing interviews from internal investigations.

The SEC also highlighted specific remedial actions, such as:

  • Clawing back executive bonus compensation;
  • Disciplining and/or terminating involved employees;
  • Updating employee trainings;
  • Hiring necessary personnel; and
  • Adopting new technology and/or policies.[4] 

This year, cooperation yielded benefits including: lower civil monetary penalties; in some cases, no penalties;[5] potentially reduced charges;[6]  and other benefits such as not requiring admissions.  For example, in a sweep of 11 institutional investment managers for failure to file certain forms, two firms received no financial penalty because of their timely self-reporting, cooperation, and remediation.  In a sweep of off-channel communications at credit-rating agencies, two of six firms received substantially lower penalties and did not have to retain a compliance consultant because of their cooperation.

In its public statements, the SEC has put the most emphasis on the importance of self-reporting, including before an entity has a full understanding of the facts or even whether there was a violation.  These can be extremely difficult decisions to make.  While the SEC has done better recently to detail what types of cooperation will be rewarded, it still has never adopted a formal framework that would provide greater predictability, and does not provide any information about cases where cooperation contributed to no case being brought at all.  Under a Republican administration, it is possible that the Enforcement Division could publish the kind of formal framework the defense bar has long requested and in cases where an entity provides substantial cooperation in an SEC investigation and remediates any shortcomings, the SEC will be more likely to consider not imposing a monetary penalty, or even to decline to bring an enforcement action at all. 

Litigation

Fiscal year 2024 was an active litigation year for the SEC, including numerous ongoing crypto litigations across the country.  It is an open question whether the agency will be able to keep up its current litigation pace as the agency faces a resource crunch and a Republican administration and Congress rethinks its approach to regulating the asset class. 

This year, the SEC encountered mixed results in court, accumulating a few trial victories involving securities fraud, an unregistered broker-dealer, and shadow trading.  But the agency also suffered prominent defeats in court, most notably where a district court gutted most of the SEC’s case involving the SolarWinds cyberattack on a motion to dismiss, dealing a blow to the SEC’s practice of charging internal controls and public disclosure violations against the victims of cyberattacks.[7]  In October 2024, Commissioners Peirce and Uyeda said that the SEC needs to “start treating companies subject to cyberattacks as victims of a crime, rather than perpetrators of one.”[8]  This could very well foreshadow the approach the new SEC will take going forward.  The Second Circuit also checked the SEC’s use of increasingly aggressive disgorgement theories, ruling that disgorgement should be limited to the quantifiable investor losses caused by a defendant’s violations.[9] 

One of the most notable litigation developments this year was the Supreme Court’s decision in SEC v. Jarkesy, which significantly constrained the SEC’s ability to bring administrative proceedings in the SEC’s in-house courts, which are ultimately decided by the SEC itself.  The Jarkesy Court found that a defendant has a right to a jury trial under the Seventh Amendment in cases where the SEC seeks civil penalties for fraud claims.[10]  While the actual holding is somewhat narrow, the practical impacts of the decision could be far-reaching.  Due to Jarkesy and to separate legal challenges to the way administrative judges are appointed and removed, the SEC had essentially stopped bringing contested fraud claims through administrative proceedings.  It is now possible that the SEC will also stop bringing any administrative proceedings that could result in monetary penalties or actions that could be portrayed as punitive, such as industry bars, and head to district court instead.  In fact, in the wake of Jarkesy, the SEC moved to dismiss eight pending administrative proceedings for accountant malpractice, one of them against an auditor who had counter-sued the SEC earlier in the year, arguing that the administrative proceeding against him violated his constitutional right to a jury trial.  The SEC has subsequently brought district court cases against auditors and public-company accountants that include equitable claims to bar them from practicing before the SEC.  It remains to be seen whether federal judges will feel comfortable wading into the regulation of the accounting profession.

Substantive Enforcement Highlights

Crypto

This year crypto remained at the forefront of SEC enforcement, with the SEC doubling down on “regulation by enforcement” by pursuing enforcement litigation with no appetite for crafting rules or guidance on digital assets.  The House of Representatives passed the Financial Innovation and Technology for the 21st Century Act in May 2024, which would establish a federal regulatory regime for digital assets.  The bill has not yet been sent to the Senate and has yet to become law, and many in the industry and defense bar expect the new Republican Congress will bring some much-needed regulatory clarity to crypto.  Moreover, in the wake of the election, the SEC continues to press ahead with crypto investigations and litigation, but when the new administration starts, we anticipate that the agency will pause numerous active cases—at least those not involving fraud allegations—if not dismiss them outright pending reconsideration of its approach to crypto going forward.

In terms of ongoing crypto litigation, the SEC brought three high-profile cases against digital asset trading platforms in three different jurisdictions.  So far, the only thing that all courts have agreed on is that digital assets themselves are not securities.  Instead, the manner in which a digital asset is sold could constitute a securities transaction.  This approach was first minted last year in an SEC litigation against an enterprise crypto and blockchain technology company and two of its executives.[11]  The manner of sale refers to either “primary” sales, which are typically directly from an issuer to a purchaser, or “secondary” sales, which are typically between anonymous parties on a trading platform.  The courts also specified that the particular features of the secondary sales should be taken into account for this analysis.  All three trading platform cases are at early stages, so the consequences of early rulings are not yet clear.  The industry will pay close attention to these cases next year, to the extent they go forward under the next administration.

Cybersecurity

Cybersecurity at public companies remained high on the SEC’s priorities this fiscal year.  In late 2023, new rules on cyber disclosures took effect, which among other things require disclosure on Item 1.05 of Form 8-K within four business days after a registrant determines that it has experienced a material cybersecurity incident.[12]  Meanwhile, the SEC pressed forward with cases involving cyberattacks that pre-dated the new rules, largely for alleged internal controls and disclosure violations.

Perhaps the most notable development in this area, however, was the Southern District of New York’s dismissal of most of the SEC’s case against the software company SolarWinds and its chief information security officer related to a massive, state-sponsored cyber intrusion that came to light in 2020.[13]  In an opinion notable for its common sense, the court ruled that SolarWinds’ pre-incident public statements about its cyber-defenses were too general to be materially misleading, and that post-incident disclosures did not misleadingly downplay the intrusion because they were based on the best information available to the company during a fluid situation.  Notably, the court held that the internal controls provisions of the securities laws were meant to apply to accounting controls and not cybersecurity controls.  The only allegations the court allowed to go forward were that the company had misled investors by making public statements that it adhered to specific security standards, when the SEC alleged it had failed to do so.  The well-reasoned opinion prompted speculation that the SEC might pull back on fly-specking companies’ post-incident disclosures and would stop charging internal controls violations.

The SEC made clear it was still in the cybersecurity game shortly after its fiscal year ended, bringing four cases against information technology companies that it alleged had downplayed the extent of SolarWinds-related cyber intrusions they had suffered.  The Republican Commissioners issued a forceful dissenting statement, just as they did when the SolarWinds litigation was launched, characterizing the actions as victim-blaming that rested on a strained interpretation of what details are material to investors.  On that basis, we expect the SEC to bring fewer cybersecurity cases and to focus on those that involve the potential for real investor harm. 

Off-Channel Communications

The SEC continued its industry sweep of regulated entities’ use of “off-channel communications,” assessing over $600 million in penalties in settled actions against over 70 broker-dealers, investment advisers, municipal advisors, and credit-rating agencies.  Penalties this year ranged from $40,000 to $50 million per firm.  This is up from the $400 million collected in fiscal year 2023 and involved more firms than the past two years combined, including smaller targets and, for the first time, stand-alone registered investment advisers.  The initiative likely has run its course, but should definitely be put to rest under the new administration, as the two Republican Commissioners who will remain on the Commission have already called on the agency to “reconsider [the] current approach to the off-channel communications issue.”[14] 

Other Areas

  • Insider Trading: Insider trading remains an evergreen enforcement priority for the SEC, which continues to use sophisticated market surveillance technology and consider novel legal theories.  We anticipate the new SEC to continue its focus on these cases given the real risk to US markets and investor harm.
    • Shadow Trading: The most notable cases in this area this year involved so-called “shadow trading” cases, in which material nonpublic information about one company is used to trade securities of another company.  In May 2024, the SEC obtained a settlement against the former chairman and founder of a technology company who traded in another company’s options through accounts of a relative and associate after learning of its impending acquisition through his company’s relationship with a third party.  In September 2024, a district court affirmed a jury verdict that found a biopharmaceutical company employee guilty for purchasing call options in a comparable company shortly after learning of his company’s impending acquisition.[15] 
    • Rule 10b5-1 Trading:  Another notable case was the first-ever insider trading criminal prosecution based on trading pursuant to a Rule 10b5-1 plan, which resulted in a guilty verdict in 2024 against the former chairman of a healthcare company, who DOJ alleged had created two 10b5-1 trading plans to dump company stock when he learned inside information that the company was about to lose its biggest customer, trading that saved the defendant $12.5 million.[16]
  • Foreign Corrupt Practices Act: FCPA continues to be an active area for the SEC, as the agency continues to bring charges where DOJ did not take action, underscoring the agency’s focus on cases involving recordkeeping and accounting controls violations.  Just before the close of the fiscal year, the SEC announced a settlement with a global manufacturer of agricultural machinery and heavy equipment to resolve recordkeeping and internal accounting controls charges related to a bribery scheme in Thailand. The SEC also continued to take an active role in coordinated matters with DOJ.  This year, the SEC reached a $100 million settlement with a global software company related to bribery schemes in Africa and Asia that was part of a global settlement with DOJ and South African authorities.  In 2024, the SEC also put its subpoena power to use and conducted industry sweeps to investigate compliance with the FCPA by technology companies relating to the use of international third-party business partners and distributors  The FCPA was a focus under the last Trump administration, and strong enforcement, especially against foreign companies, is expected to continue under the next administration.
  • Insider Filings: The SEC continued its initiative of using data analytics to identify entities and corporate insiders that failed to timely file necessary reports and forms regarding beneficial holdings and transactions in publicly traded company stock, or that contributed to or failed to report such filing failures.  In September 2024, the SEC announced settled charges against 13 firms and 10 individuals and raked in over $3.8 million in penalties, with penalties for firms ranging from $40,000 to $750,000, and penalties for individuals ranging from $10,000 to $200,000. While the SEC has conducted failure to timely file sweeps since 2014, the significant back-to-back sweeps in 2023 and 2024 with hefty individual fines emphasizes the importance of timely filings, even for routine forms.  Whether this remains a focus under the new administration remains to be seen.
  • Artificial Intelligence: The SEC significantly intensified its focus on artificial intelligence this year with a multi-pronged approach combining enforcement actions, examination priorities, and proposed rulemaking.  This reflects the SEC’s growing concern about the opportunities and risks presented by AI in financial markets, particularly when market participants misrepresent what AI can do—or whether they are actually using AI at all.  In March 2024, the SEC announced two enforcement actions against investment advisers for “AI-washing” and violations of the Marketing Rule because they marketed that they were using AI in certain ways that they actually were not, resulting in penalties of $175,000 and $225,000.[17]  These actions may signal an increased focus on AI oversight going forward.  The new SEC is likely to focus on egregious cases with real investor harm as the agency shifts to encouraging business growth.

Looking Ahead

With the key picks of Chair and Director of Enforcement yet to be announced, the enforcement agenda under the second Trump administration has yet to emerge.  Based on the last Trump administration and on the stated policy preferences of the two current Republican Commissioners, who will remain on the Commission, we can predict some priorities:

  • The SEC will return to its traditional bread and butter cases that involve harm to retail investors, like accounting and disclosure fraud, misappropriation of funds by investment advisers, market manipulation and insider trading, and offering frauds.
  • The SEC will levy smaller penalties on large entities, and penalties will need to bear a relation to a measurable benefit the entity received from its alleged securities law violations.  The SEC will be less likely to pursue novel theories of disgorgement. 
  • The SEC likely will take a less expansive approach to materiality and will be less likely to pursue aggressive theories and perceived “regulation by enforcement.”  With resource constraints likely to continue, the SEC may also shy away from pursuing protracted litigation where they are not assured of success.  With the SEC more receptive to the arguments made by public companies and regulated entities, effective, thoughtful advocacy will matter more than ever.

[1] https://www.sec.gov/newsroom/press-releases/2024-186.

[2] https://www.sec.gov/newsroom/press-releases/2024-186.

[3] https://www.sec.gov/newsroom/press-releases/2024-186.

[4] https://www.clearyenforcementwatch.com/2024/09/trio-of-sec-enforcement-actions-underscores-importance-of-internal-controls-including-in-ma-context/.

[5] https://www.clearyenforcementwatch.com/2024/09/trio-of-sec-enforcement-actions-underscores-importance-of-internal-controls-including-in-ma-context/.

[6] https://www.clearyenforcementwatch.com/2024/09/trio-of-sec-enforcement-actions-underscores-importance-of-internal-controls-including-in-ma-context/.

[7] https://www.clearygottlieb.com/news-and-insights/publication-listing/sdny-court-dismisses-several-sec-claims-against-solarwinds-and-its-ciso.

[8] https://www.sec.gov/newsroom/speeches-statements/peirce-uyeda-statement-solarwinds-102224.

[9] SEC v. Govil, 86 F.4th 89 (2d Cir. 2023).

[10] https://www.clearygottlieb.com/news-and-insights/publication-listing/supreme-court-limits-secs-use-of-in-house-adjudication-raises-questions-for-other-agencies.

[11] https://www.clearygottlieb.com/news-and-insights/news-listing/ripple-ceo-brad-garlinghouse-in-dismissal-of-all-sec-claims.

[12] https://www.clearygottlieb.com/news-and-insights/publication-listing/new-sec-disclosure-rules-for-cybersecurity-incidents-and-governance-and-key-takeaways.

[13] https://www.clearygottlieb.com/news-and-insights/publication-listing/sdny-court-dismisses-several-sec-claims-against-solarwinds-and-its-ciso.

[14] https://www.sec.gov/newsroom/speeches-statements/statement-peirce-uyeda-qatalyst-09242024.

[15] https://www.clearygottlieb.com/news-and-insights/publication-listing/jury-decision-lends-support-for-shadow-insider-trading-theory.

[16] The SEC brought parallel charges, which are still pending.

[17] https://www.clearyenforcementwatch.com/2024/03/sec-announces-ai-washing-cases-against-investment-advisers/.