Bates Research | 12-02-22
SEC FY2022 Enforcement Division Report: Regulator Raises Penalties to Increase Deterrence
In its annual report of legal actions taken in Fiscal Year 2022 (ending September 30, 2022), the SEC noted its “robust enforcement” efforts to “impose penalties designed to deter future violations, establish accountability from major institutions, and order tailored undertakings that provide potential roadmaps for compliance by other firms.” The SEC underscored these key messages by highlighting (i) aggregate metrics on the agency’s enforcement efforts; (ii) the expanded use of enforcement tools brought to bear (namely, data analytics and whistleblowers); (iii) the resolutions of specific high-profile cases involving disclosure and gatekeeping activities; and (iv) enforcement successes in categories of cases involving evolving risk.
The numbers bear out just how robust SEC enforcement efforts have been. Representing a 9% increase year-over-year, the SEC filed 760 actions in 2022, including 462 new "stand alone" securities law cases, 129 cases involving compliance filing delinquencies, and 169 administrative proceedings against individuals that follow from criminal convictions or civil orders. In an addendum to the announcement, the SEC broke down these figures by percentage, revealing, for example, that 17% of filed cases were brought against broker dealers and 23% of filed cases were brought against investment advisers or companies. In the aggregate, the SEC ordered payment in these cases (including civil awards, disgorgement and interest) totaling $6.4 billion, a significant increase over the $3.9 billion in 2021. The SEC figures also show an increase in the aggregate amount of money distributed to harmed investors ($937 million in FY 2022 vs. $521 million in FY 2021, but still shy of a high of $1.197 billion in 2019).
Data Analytics, Cooperation, and Whistleblowers
To underscore the message of its expanded strategic use of multiple resources to go after misconduct, the SEC described how it leveraged “the entire enforcement toolkit,” referring to the use of data analytics, “cooperators,” and whistleblowers.
On big data, the SEC used sophisticated techniques to “review and triage[ ] more than 38,500 tips, complaints, and referrals of possible securities law violations submitted by the public, self-regulatory organizations, and others.” The agency cited a wide range of cases using evidence derived from this method, including “hacking to trade,” “pump and dump” schemes, and “insider trading,” among others. On cooperation, the SEC highlighted cases in which the company “tangibly” helped with an agency investigation or by providing evidence. (The agency emphasized how it takes into account such cooperation when ordering remedies.) On whistleblowers, the SEC pronounced that their use is “an integral part of the enforcement program.” In 2022, the agency said it processed 12,300 tips and gave out $229 million over 103 awards. The agency also cited cases that emphasized its efforts to safeguard whistleblower anonymity and protect against retaliation.
Categories of Enforcement Action
In its recap, the SEC distinguished several categories of cases. Among them: financial fraud and issuer disclosure along with so-called “gatekeeper” actions involving auditors, lawyers and transfer agents. Emphasizing personal accountability, the agency cited cases where it pursued issuers and employees who misled investors by making material and inaccurate disclosures, as well as going after “auditors and their professionals” for failures that led to improper disclosures, or other misbehavior.
As to broker-dealers and investment advisers, the SEC highlighted recent enforcement activity around Regulation Best Interest (Reg BI), special purpose acquisition companies (SPACs) and against institutions involving the “misuse of complex products and strategies.” The agency broke down the cases undertaken during the year, tackling a range of evolving risk. By category, the SEC highlighted enforcement actions involving:
- cryptocurrency (including registration violations, fraud, and insider trading); of note, the SEC said it had doubled the number of positions to its Crypto Assets and Cyber Unit to boost investigations of potential misconduct.
- cybersecurity (primarily compliance violations on recordkeeping and protecting personal information); the SEC emphasized the importance of ensuring that firms keep up with “technological developments” and its effect on business practices.
- complex products (concerning inadequate training of advisors, misleading communications and fraudulent schemes); the SEC pursued cases of fraud involving both complex products and strategies.
- environment, social and governance (ESG) issues (related to misleading disclosures and breaches of fiduciary duty); the SEC was careful to demonstrate how its efforts were tied to “time-tested principles concerning materiality, accuracy of disclosures, and fiduciary duty, as codified in federal statutes, regulations, and case law”.
- private funds (concerning conflicts of interest, fees and expenses, custody violations, and protection of nonpublic information); the SEC highlighted the growth in assets managed by private funds as the agency went after private fund advisors and associated individuals.
- public finance (including cases for disclosure violations and misleading statements, registration rule violations, and pay-to-play violations); the SEC noted cases against broker dealers, investment advisers and – for the first time – underwriters (for registration violations).
- market abuses (focusing on insider trading, market manipulation, and other illegal trading practices); the SEC underscored that its efforts served to defend both market integrity and victimized investors.
- Foreign Corrupt Practices Act (FCPA) violations (including misrepresentations to investors); these cases were brought against US issuers that committed bribery and other prohibited practices abroad.
The aggregate metrics on the agency’s enforcement efforts, the emphasis on expanding the use of data analytics, cooperation agreements and whistleblowers, and the attention paid to compliance gatekeepers represent amplified messaging intended to alert both legislators and market participants. Most striking in the report are references to how the SEC “recalibrated penalties for certain violations, including prophylactic remedies, and required admissions where appropriate.” The agency stated that it increased these penalties to “deter future misconduct and enhance public accountability,” citing examples of orders (i) imposing additional billions of dollars in penalties for recordkeeping violations; (ii) requiring “undertakings” (including “retention of compliance consultants”) to ensure compliance policies and procedures and internal controls; (iii) requiring that gatekeeping (such as auditing) firms keep up with their continuing education courses; and (iv) requiring admissions of fault. These remedies go beyond proportional penalties for compliance or rule violations; they—like the report in general—reflect a very intentional message that “the fines were not just a cost of doing business,” thus once again raises the stakes. Bates will keep you apprised.