November 21, 2023

SEC Announces Record-Setting Enforcement Results for Fiscal Year 2023

Holland & Knight SECond Opinions Blog
Brandon Len King | Kayla Joyce | Jessica B. Magee
Gavel and scale resting on desk

The SEC's Division of Enforcement recently announced its Fiscal Year (FY) 2023 results, touting a record-setting year. Rather than repeat Enforcement's detailed report available here, we boil the data down to give our readers a sense of the scale and magnitude of Enforcement's efforts and outcomes between Oct. 1, 2022, and Sept. 30, 2023. And though Enforcement does not publicly report statistics relating to the investigations it closed without action, the actions it did file – and the themes the Report highlights – underscore that the agency is committed to using all the tools at its disposal to enforce the law, from offering and accounting fraud, insider trading and disclosure cases to pioneering forays into environmental, social and governance (ESG), cybersecurity and crypto enforcement.

FY 2023 at a Glance: More Cases, More Tips, More Whistleblowers

SEC FY23 Enforcement

Enforcement's FY 2023 "performance review" continues the previous year's trend of record-breaking achievements. Following last year's historic $6.4 billion in remedies ordered, Enforcement secured roughly $4.95 billion in regulatory penalties and fines in FY 2023 – the second highest in the agency's history. Enforcement's strategy included seizing opportunities to secure eye-popping penalties where it could and enabled the agency to return $930 million to investors, marking the second consecutive year of more than $900 million distributed. Critical to its programmatic outcomes, the SEC's Whistleblower program awarded an unprecedented $600 million to whistleblowers in FY 2023 in a year that saw no slowdown in inbound whistleblower tips, which also set a new record high at 18,000 tips, up a whopping 50 percent from 2022.

Themes and Priorities

The 784 enforcement actions filed in FY 2023 (with a heavy push of cases filed in the final weeks of the fiscal year), 501 of which were "standalone" (i.e., where the agency initiates and handles its own administrative proceedings), covered a wide array of companies, industries, subject matters, and alleged (and frequently settled on a no-admit, no-deny basis) statutory and rule violations. In summarizing FY 2023 outcomes, Enforcement focused on a number of themes, successes and priorities, including:

 

Off-Channel Communications and Recordkeeping

Twenty-five broker-dealers, advisers and credit rating agencies agreed to pay more than $400 million for alleged widespread misuse of personal devices and apps such as WhatsApp for business transactions, violating recordkeeping requirements.

Timely Reporting of Insider Transactions

Data-driven sweep – which is ongoing – charged six officers, directors and major shareholders for failing to timely file Forms 3 and 4 and charged five publicly traded companies for contributing to those failures. Settling parties agreed to pay more than $1.5 million combined in civil penalties.

Reg A Violations

Ten microcap companies faced penalties for allegedly circumventing crowdfunding exemptions in Reg A by making significant changes to their offerings after they had obtained qualification for Reg A exemptions.

Crypto

Enforcement targeted a wide range of alleged misconduct such as "billion-dollar crypto fraud schemes, unregistered crypto asset offerings, platforms, and intermediaries, and illegal celebrity touting." And for the first time, issuers of non-fungible tokens (NFTs) were charged with selling unregistered securities.

Public Companies

In addition to policing fraud and financial manipulation, the agency charged companies for misleading disclosures about matters such as revenue projections, sales growth and product launches and for deficient internal controls related to accounting misstatements.

Gatekeepers

Enforcement launched multiple actions against auditors, accountants, credit rating agencies, underwriters and lawyers. In one case, an audit firm agreed to pay $10 million and to comply with various undertakings, such as retaining independent consultants to evaluate audit and quality control policies and procedures.

Market Manipulation

Enforcement brought numerous actions alleging insider trading, frontrunning and market manipulation, including a case involving an alleged $100 million market manipulation scheme by eight social media influencers. Two financial service industry professionals were also charged for alleged frontrunning.

Marketing Rule Violations

As this new rule was still being implemented by firms, nine investment advisers agreed to settle claims of not complying with the rule's hypothetical performance requirements.

ESG

Enforcement focus on ESG-related disclosures is ramping up. In one case, a Wall Street firm agreed to pay $4 million to settle charges for failing to implement policies and procedures for funds marketed as ESG investments.

Public Finance

A series of actions in the public finance sector highlighted charges against a public company for its involvement in a multiyear fraudulent political corruption scheme against broker-dealers for failing to obtain disclosures when selling new issue municipal bonds and against an audit firm for alleged fraud related to its audit of a school board's financial statements.

FCPA

Anticorruption enforcement actions in 2023 show that Enforcement remains focused on the Foreign Corrupt Practice Act (FCPA). For instance, a global chemical company based in the U.S. agreed to pay more than $100 million to resolve FCPA anti-bribery charges, among others.

Individual Accountability

In 2023, two-thirds of all enforcement actions involved charges against individuals. Enforcement also barred a record-breaking number of individuals from serving as directors or officers of public companies.

Whistleblowers

To protect whistleblowers' rights and ability to report violations, Enforcement imposed robust financial remedies. An investment adviser agreed to pay $10 million related to its employee policies that created impediments to whistleblowing – a record-breaking penalty for a standalone violation of the whistleblower protection rule.

Cybersecurity

Enforcement has taken a "vigilant" approach with cybersecurity disclosure. A software company that provides donor data management to nonprofit organizations agreed to pay $3 million for misleading disclosures concerning a 2020 ransomware attack that impacted thousands of customers, among others.

Investment Professionals

The division continues to emphasize proper disclosure of conflicts of interest. A private equity firm agreed to pay $20.5 million to settle charges that it failed to disclose millions in brokerage fees paid to a firm owned by the CEO.

Retail Investor Protection

Several cases showcase Enforcement's determination to protect retail investors from fraudsters. There were multiple enforcement actions against individuals accused of running Ponzi schemes and frauds that targeted various cultural and affinity groups.

In addition, the Report underscores Enforcement's focus on "meaningful" cooperation, a consistent theme in recent years with SEC leadership giving increased attention to – and detail about – companies that proactively communicate before and during investigations and engage cooperatively throughout investigations.

Lastly, the Report notes that Enforcement is willing to litigate when necessary and that, in FY 2023, it litigated more than 40 percent of standalone actions. The Report goes on to summarize what are described as "significant trial, administrative, and motion practice wins in fiscal year 2023."

Key Takeaways from FY 2023 and Early Observations for FY24

  • Report Shields Less Rosy Results. Although the SEC undoubtedly had an active and aggressive year of enforcement, as is customary, the agency did not emphasize areas where results did not improve year over year. For example, as covered by Cornerstone Research Group, even though the SEC filed more actions against public companies in FY 2023, monetary settlements in those actions decreased to $1.3 billion, the lowest total in the last eight fiscal years.

Furthermore, as the agency pushes more of an "everything is a priority" enforcement agenda, its standalone enforcement actions – and total enforcement actions – continue to lag behind totals under prior SEC Chair Jay Clayton in FY 2018 and 2019. Moreover, even though the SEC obtained nearly $3.4 billion in disgorgement (a significant year-over-year increase), year-over-year penalties dropped from nearly $4.2 billion in FY 2022 to approximately $1.6 billion in FY 2023. Additionally, money distributed to harmed investors decreased year over year. Although these numbers can't be viewed in a vacuum as a small collection of high-dollar cases influence the top-line numbers, the results were not all "up and to the right" for the agency.

The agency included its customary "Trial and Litigation Highlights" section but did not include any litigation setbacks. For example, the SEC did not make any mention of the high-profile Ripple litigation, where the defendants largely beat back the agency's enforcement action. Additionally, the agency did not mention its dismissal of 42 administrative proceedings in connection with enforcement team members having improper access to certain documents. More broadly, there is no mention about the U.S. Supreme Court unanimously siding against the SEC on the mechanism for constitutional challenges to the SEC's in-house administrative proceedings, with broader challenges to the proceedings currently up before the Court. Although the agency undoubtedly had some significant trial and litigation victories in FY 2023, not all of the agency's results came up roses.

  • Cybersecurity. The agency has steadily increased the magnitude and scope of enforcement activity in the cybersecurity space. The SEC filed multiple enforcement actions in both the regulated entity and public company space in connection with cybersecurity disclosures and protocols. Additionally, although filed after the end of the fiscal year, the SEC's SolarWinds matter represented the latest ramp-up with a series of firsts (first scienter fraud action, first litigated action and first cybersecurity enforcement action against an individual). With the SEC proposing several cybersecurity and information safeguard rules for regulated entities and finalizing recent mandatory cybersecurity disclosures for public companies, heightened cybersecurity enforcement is likely here to stay.
  • Director and Officer Bars. Back in 2021, SEC Enforcement Director Gurbir Grewal announced that the division would seek to impose officer and director bars where the SEC charged individuals with scienter-based fraud violations, including in matters where the individuals were not public company officers or directors. Two years later, we see the agency making good on this promise, with Enforcement barring the highest number of individuals from serving as officers and directors.
  • ESG. Looking ahead, it remains to be seen what will come from ESG enforcement matters and Enforcement's Climate and ESG Task Force. The agency's highly anticipated rules mandating climate-related disclosures add another layer of questions concerning whether and when this rule would impact or change the focus of these enforcement actions, especially as the division moves beyond policing disclosure of environmental risks in FY 2023. Several recent ESG enforcement actions, including a $35 million enforcement settlement for workplace misconduct implicating the "S" for "social" in ESG, suggest that there will be more scrutiny of social- and governance-related issues with cases involving workforce-related risk factors and CEO departures.
  • Policing the Crypto Space. The Report touts FY 2023 as a "highly productive and impactful year" for crypto-related enforcement efforts. However, the recent string of crypto-litigation setbacks for the SEC (as we covered here and here) could impact the pace, or influence the focus, of future enforcement actions in this area.
  • Meaningful Cooperation. As we recently discussed, the SEC continues to leave breadcrumbs on what constitutes satisfying the "Seaboard factors," and companies have increasingly benefitted from this cooperation to avoid civil penalties in certain instances. However, despite highlighting its reward for "meaningful cooperation," in contrast to the U.S. Department of Justice's cooperation program, the agency remains beset by a lack of predictability as to the results of cooperation and remediation, and there remains a lack of visibility into when cooperation can result in an outright declination.

The SEConds Opinions Blog will continue to monitor SEC enforcement actions heading into 2024 and provide updates on any notable developments. If you need additional information on this topic – or anything related to securities enforcement or investigation – please contact the authors or another member of Holland & Knight Securities Enforcement Defense Team.

Related Insights