The following is part of our annual publication Selected Issues for Boards of Directors in 2026. Explore all topics or download the PDF.

Fiscal year 2025 was a year of extremes in terms of the number of enforcement actions brought by the Securities and Exchange Commission (SEC). During the first quarter of fiscal year 2025 (October through December 2024), the SEC reported a record-breaking number of enforcement actions.[1] However, for the remainder of the fiscal year, the SEC’s enforcement numbers significantly declined. Despite the reduction in enforcement actions seen in the second half of the year, there are early indications that enforcement under the second Trump administration is not disappearing but instead shifting focus. Public companies should expect continued SEC enforcement focused on fraud and harm to investors, and should remain mindful of the SEC Enforcement Division’s emphasis on voluntary report and cooperation.

By the Numbers: A Year of Transition

Following the election of President Donald Trump, Republican Commissioner Mark Uyeda served as Acting Chairman until Paul Atkins was sworn in on April 21, 2025. Judge Margaret “Meg” Ryan was not installed as Director of Enforcement until September 2025—after which a weeks-long government shutdown ensued. Although the SEC has not yet announced its official fiscal year 2025 enforcement results, analysis by the NYU Pollack Center for Law & Business and Cornerstone Research shows the SEC initiated 56 actions against public companies and subsidiaries in 2025—a 30% decrease from 2024.[2] Most of these actions occurred under outgoing Chairman Gary Gensler in late 2024, with only four initiated under Acting Chairman Uyeda and Chairman Atkins.[3] These results reflect not only shifting enforcement priorities but also unique challenges of the 2025 transition. While all administration transitions involve temporary delays while agencies fill leadership positions, the departures in 2025 reduced the SEC’s headcount by approximately 15% and the surge of enforcement actions filed in the prior administration’s final months left few mature investigations in the pipeline.[4]

How much of the reduction in number of new enforcement actions is likely to persist for the coming three years remains to be seen. However, now that Chairman Atkins and Judge Ryan are firmly established in their roles and new investigations are in progress, we expect 2026 will bring a rise in enforcement actions in core areas such as insider trading, accounting fraud and material misrepresentations that harm investors. In terms of priorities, Chairman Atkins has emphasized that the SEC will return to its core mission “to hold accountable those who lie, cheat, and steal.”[5]

Enforcement Trends to Watch in 2026

Back-to-Basics: Core Enforcement Areas

The SEC is expected to continue prioritizing enforcement actions focused on insider trading, accounting and disclosure fraud, offering fraud, Ponzi schemes, market manipulation and breaches of fiduciary duties by investment advisers. Conversely, Chairman Atkins has advised that SEC resources should not go toward “enforcement actions in areas, such as retention of books and records, that consume excessive Commission resources not commensurate with any measure of investor harm.”[6] In other words, as noted by then-Acting Director of Enforcement and now Principal Deputy Director Sam Waldon, the Enforcement Division is focused on “perennial areas of enforcement,” and is no longer in the business of pursuing “[c]reativ[e]” enforcement actions.[7]

So far, the enforcement data supports these statements by SEC leadership. According to data from the 2025 Cornerstone Report, three out of four actions brought against public companies under the new administration alleged issuer reporting and disclosure violations.[8] And the Commission has closed investigations and voluntarily dismissed in court many of the more novel enforcement actions focused on the crypto industry.[9] Additionally, although we anticipate that the SEC will actively pursue traditional insider trading cases, it may be less likely to bring cases asserting novel insider trading theories, such as “shadow trading.”[10]

Further, the reduced headcount at the SEC means that enforcement actions will likely be more focused on cases involving significant harm or risk of harm to investors, especially retail investors. We expect to see these priorities translate into a rise in enforcement actions involving significant accounting errors and restatements, especially if accompanied by a large drop in stock price. The recently announced priorities of the Division of Examination indicate that the SEC will also prioritize investment adviser and broker-dealer activity that relates to retail investors, a likely signal that the Enforcement Division will focus on such cases as well.[11]

The reduction in staff provides an opportunity for entities under investigation to earn cooperation credit and shape the narrative of an investigation by thoughtfully engaging with SEC staff, such as by giving an early presentation on the issues or providing key documents early in an investigation. In a recent keynote address, Chairman Atkins announced significant defense-friendly reforms to the “Wells” process, which is often the last opportunity for potential defendants to persuade SEC staff to close an investigation.[12] The reforms provide potential defendants with additional time to prepare Wells submissions and require enforcement staff to provide the evidentiary basis for potential charges, including testimony transcripts and key documents.[13]

Cybersecurity and Emerging Technologies

  • Fraud Committed Using Emerging TechnologiesShortly after the transition, the SEC rebranded its Crypto Assets and Cyber Unit as the Cyber and Emerging Technologies Unit (CETU), whose mission is “combatting cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space.”[14] The CETU will utilize the staff’s substantial fintech and cyber-related experience to combat misconduct across seven priority areas focused on cybersecurity and incident response and the use of technology to commit fraud.[15] Public companies can expect to see the SEC pursue enforcement actions against entities that fraudulently misrepresent their artificial intelligence (AI) capabilities (known as “AI washing”) or use AI technologies to perpetrate fraud. We also expect to see enforcement cases involving registered entities, such as broker-dealers and investment advisers, arising from the Examination Division’s announced focus in 2026 on registrants’ use of automated investment tools, AI technologies and associated risks.[16]
  • CybersecurityCybersecurity remains top of mind for the SEC. The CETU’s focus on fraudulent disclosure of cybersecurity issues indicates that the SEC will pursue cases involving public company disclosures related to cybersecurity incidents that involve deceptive statements and real harm to a company’s investors or customers. However, the SEC has sent a clear signal that it is backing away from the prior administration’s more aggressive approach to cybersecurity disclosures. Immediately after the government shutdown ended, the SEC announced that it was voluntarily dismissing its case against SolarWinds Corp. and its Chief Information Security Officer for allegedly misleading disclosures and deficient cybersecurity controls in connection with the “SUNBURST” cyberattack.[17] The SEC’s Division of Examinations also identified cybersecurity, particularly defenses and incident response plans, as a “perennial examination priority” in its 2026 Exam Priorities.[18] In anticipation of an active enforcement environment around cybersecurity defenses, responses and disclosures in the wake of significant cybersecurity incidents, public companies should consider reviewing their cybersecurity compliance and controls, incident response procedures and maintaining effective internal and disclosure controls related to cybersecurity incidents. Entities that establish good governance procedures and follow them in the wake of an incident are less likely to be second-guessed than in the past.
  • Technology Advancements at the SECIn addition to regulating the misuse of AI, the SEC has also looked to enhance its own use of AI for regulatory oversight and investigations with the launch of the AI task force charged with “accelerat[ing] AI integration to bolster the SEC’s mission.”[19] One example of the SEC’s successful integration of technology for enforcement purposes is its longstanding use of data analysis tools to uncover anomalous trading patterns indicative of insider trading. With insider trading remaining a focus of the SEC and AI-enhanced detection capabilities improving, public companies should ensure robust insider trading policies, including policies related to blackout periods and material nonpublic information stewardship.

Market Volatility and Economic Dislocation

Economic volatility due to tariffs and other market-moving policies as well as potential workforce reductions can often put strain on companies and present additional incentives and opportunities for securities violations and thus lead to an increase in enforcement activity. Where workforces are under pressure to meet financial targets in the face of economic winds, they are more likely to turn to high-risk tactics such as “channel stuffing,” managing earnings by adjusting accounting entries near the end of a quarter or even resorting to aggressive revenue recognition tactics or outright accounting fraud.

With the SEC focused on cases of fraud that harm investors, companies would do well to foster a robust compliance environment by ensuring strong controls and properly trained staff in areas that can have an outsize impact on financial statements, such as revenue recognition, review of assets for potential impairment and valuations. If companies do discover accounting errors, they should carefully document a thorough consideration, in consultation with outside auditors, of whether those errors are material and require restatement or revision of prior financial statements. Risks of economic dislocation and concern about operational disruptions due to factors such as geopolitical events, extreme weather and cyber-attacks, underscore the continued need both for operational resilience and planning, but also disclosure controls to consider whether existing and emerging risks warrant new or additional disclosure.

Key Takeaways

Despite the reduced enforcement numbers in 2025 and Chairman Atkins’s efforts to make it “cool” again to take a company public,[20] boards of directors should be prepared for investigations and enforcement actions in the coming year that focus on traditional fraud enforcement, technology and cybersecurity and harm to retail investors.

  • This is an opportune time for companies to conduct a comprehensive tune-up of their internal controls and disclosure controls, as history demonstrates that lax practices during one administration can result in significant penalties years later. Companies that establish sound internal reporting and disclosure policies and ensure Sarbanes Oxley compliant whistleblower programs that can catch early warning signs of fraud will be well-positioned to achieve favorable outcomes if subject to enforcement actions in the future. Strong compliance programs and proactive risk management remain essential regardless of the enforcement climate. With the SEC focused more on material risks, companies would be wise to also take a risk-based approach and focus on getting big things right.
  • While the political landscape may shift over the next several years, core enforcement priorities around financial reporting and accounting persist. Moreover, because the statutes of limitation for securities violations extend at least five years and thus beyond administrations, a company’s conduct today may be scrutinized under a future administration.

[1] Press Release, “SEC Announces Record Enforcement Actions Brought in First Quarter of Fiscal Year 2025,” (Jan. 17, 2025), available here.

[2] Cornerstone Research & NYU Pollack Center for Law & Business, “Fiscal Year 2025 Update SEC Enforcement Activity: Public Companies and Subsidiaries,” (Nov. 19, 2025), available here. The report analyzes information from the Securities Enforcement Empirical Database (SEED), which is based on available data on the SEC’s website as of November 14, 2025. The data only includes enforcement actions with public companies or their subsidiaries as identified defendants. For purposes of the dataset, public companies are defined as “those that traded on a major U.S. exchange as identified by the Center for Research in Security Prices (CRSP) at the time the enforcement action was initiated, or otherwise within the five-year period preceding the initiation.”

[3] Id. at 3.

[4] Speech, Chairman Paul S. Atkins, “Opening Remarks at the SEC Town Hall,” (May 6, 2025), available here. According to Chairman Atkins, in 2024, the SEC had approximately 5,000 employees plus 2,000 contractors and was down to approximately 4,200 employees and 1,700 contractors as of May 2025.

[5] Id.

[6] Speech, Chairman Paul Atkins, “Keynote Address at the 25th Annual A.A. Sommer, Jr. Lecture on Corporate, Securities, and Financial Law,” (Oct. 7, 2025), available here.

[7] Reuters, “SEC to Focus on Traditional Cases Under New Leadership, Acting Director Says,” (Mar. 24, 2025), available here.

[8] Cornerstone Research & NYU Pollack Center for Law & Business, “Fiscal Year 2025 Update SEC Enforcement Activity: Public Companies and Subsidiaries” at 3, (Nov. 19, 2025), available here.

[9] See, e.g., Press Release, “SEC Announces Dismissal of Civil Enforcement Action Against Coinbase,” (Feb. 27, 2025), available here; Law360, “Kraken Joins Crypto Cos. Announcing SEC Case Dismissals,” (Mar. 3, 2025), available here.

[10] For further discussion on shadow trading, see our April 2024 alert memo available here.

[11] For further discussion of the SEC Exam Priorities for 2026, see our November blog post available here.

[12] Speech, Chairman Paul Atkins, “Keynote Address at the 25th Annual A.A. Sommer, Jr. Lecture on Corporate, Securities, and Financial Law,” (Oct. 7, 2025), available here.

[13] Id.

[14] Press Release, “SEC Announces Dismissal of Civil Enforcement Action Against Coinbase,” (Feb. 27, 2025), available here.

[15] Id.

[16] SEC Division of Examinations, “Fiscal Year 2026 Examination Priorities,” (Nov. 17, 2025), available here.

[17] Litigation Release, “SEC Dismisses Civil Enforcement Action Against SolarWinds and Chief Information Security Officer,” (Nov. 20, 2025), available here. For further discussion on SolarWinds, see our July 2024 alert memo available here and the enforcement article in the 2025 edition of Selected Issues for Boards of Directors, available here.

[18] SEC Division of Examinations, “Fiscal Year 2026 Examination Priorities,” (Nov. 17, 2025), available here.

[19] Press Release, “SEC Creates Task Force to Tap Artificial Intelligence for Enhanced Innovation and Efficiency Across the Agency,” (Aug. 1, 2025), available here.

[20] Speech, Chairman Paul Atkins, “Keynote Address at the 25th Annual A.A. Sommer, Jr. Lecture on Corporate, Securities, and Financial Law,” (Oct. 7, 2025), available here.