On November 14, 2023, the Securities and Exchange Commission (the “SEC”) published its enforcement results for fiscal year 2023. FY23 was another active year in terms of SEC enforcement, with a 3 percent increase in total enforcement actions from FY22. The total monies recovered was the second-largest amount in SEC history after last year’s record-setting number. These enforcement results reflect the proactive approach the SEC has taken under the leadership of SEC Chair Gary Gensler, as he describes the Division of Enforcement as the “cop on the beat.” This post will review some key takeaways from the SEC FY23 report.

Enforcement Statistics

In FY23, the Division of Enforcement brought 784 enforcement actions, including 501 standalone enforcement actions, 162 follow-on administrative proceedings, and 121 delinquent filings. The number of standalone actions shows an 8 percent increase from FY22. Though high, the number of enforcement actions and standalone actions was still lower than the numbers in FY19 (862 enforcement actions and 526 standalone actions). The percentage of actions from each category has remained largely the same over the past three years.

Securities offering matters (33%), investment advisers/investment companies matters (17%), and issuer reporting/audit & accounting matters (17%) constitute the majority of standalone actions. However, although the number of enforcement actions increased from last year, the total monies ordered, including penalties and disgorgement, declined by more than 20 percent, which was still the second highest recovery amount in the past five years. More importantly, the ratio of disgorgement to penalties returned to the traditional ratios of approximately 2:1, indicating that last year’s inversion of 1:2 and the record-breaking amount of monies ordered were largely due to a few high-impact cases with abnormally high penalties.

Crypto Enforcement

In FY23, the SEC remained active in prosecuting crypto-based misconduct, bringing actions involving fraud, unregistered offerings, unregistered exchanges and other intermediaries, and touting. The highest profile case was the SEC’s action against the former FTX CEO, who was charged with orchestrating a scheme to defraud equity investors in FTX, in violation of the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, and was convicted in a criminal action arising from the same conduct in October 2023.[1]

In litigation, the SEC had mixed results with respect to its crypto asset prosecutions. The SEC had great success in SEC v. LBRY, Inc., in which a federal district court found that LBRY’s tokens were securities.[2] However, the SEC also encountered a major setback in SEC v. Ripple Labs, in which a federal district court ruled that Ripple Lab’s sale of its crypto assets to the secondary market did not constitute unregistered sale of securities.[3]

Whistleblower Program

FY23 was a record-breaking year for the SEC’s Whistleblower Program. The SEC received more than 18,000 whistleblower tips, which is 50% more than in FY22, and received more than 40,000 tips, complaints, and referrals, a 13% increase over FY22. Most notably, the SEC issued nearly $600 million in whistleblower awards, which is the highest in the SEC history, including a whopping $279 million awarded to one whistleblower.

The SEC also highlights its protections of whistleblowers. As an example, the SEC settled charges against a major registered investment adviser for raising impediments to whistleblowing,[4] and charged firms for using employment and separation agreements that violated the whistleblower protection rule.[5]

Industry Shaping Initiatives

The report also highlights a number of SEC initiatives in FY23 to proactively investigate recurring or widespread violations in the securities industry. The initiatives included investigations into noncompliance with the Marketing Rule, failures to timely file required SEC forms, and noncompliance with Regulation A.

The new Adviser Marketing Rule went into effect in 2022, and broadens the definition of advertisements to include traditional advertising concepts as well as testimonials and endorsements.[6] In September 2023, the SEC charged 9 investment advisers for violating the Marketing Rule by advertising hypothetical performance to mass audiences on websites without having the required policies and procedures.[7]

Other Major Focuses

The report also shows a number of other major areas of enforcement actions, including recordkeeping, cybersecurity, and ESG. In FY23, the SEC brought a series of actions targeting regulating entities for violations of recordkeeping requirements. In these actions, the SEC focused on off-channel communications, such as the use of unauthorized messaging platforms on personal devices to communicate business matters.[8]

Cybersecurity continues to be an SEC focus in enforcement actions. Notably, a software company agreed to pay a $3 million civil penalty to settle charges for making misleading disclosures about a ransomware attack.[9]

Environmental, social and governance (ESG) issues have become increasing important over the years. The SEC brought several enforcement actions relating to ESG issues in FY23. For example, the SEC brought charges against an international bank subsidiary for making materially misleading statements about its controls concerning ESG products.[10] A notable enforcement action in respect to corporate governance in FY23 was SEC’s settlement with the former CEO of McDonald’s for corrupting the company’s internal policies and making false and misleading statements relating to his termination from the company, barring him from serving as an officer or director for five years.[11]

Key Takeaways

We expect to continue to see a high level of enforcement activity in FY24. With the expansion of the Crypto Assets and Cyber Unit, crypto and cybersecurity will continue to be areas of focus in the future. FY23 report also shows the Whistleblower Program as a key enforcement tool for the SEC.

We also expect that FY24 will bring more enforcement actions relating to off-channel communications. Firms should continue to review and enforce their internal policy and compliance procedure, particularly in the areas of investor disclosures, recordkeeping, cybersecurity, and whistleblower procedures.

The full press release and accompanying addendum are available here.