US SEC Enforcement 2022 Year in Review

Robin Bergen and Matthew C. Solomon are partners and Tom Bednar is counsel at Cleary Gottlieb Steen & Hamilton LLP. This post is based on a Cleary memorandum by Ms. Bergen, Mr. Solomon, Mr. Bednar, Alexander Janghorbani, Meghan Leibold, and Nora Vallerini.

On November 15, 2022 the Securities and Exchange Commission announced the Division of Enforcement’s results for fiscal year 2022,[1] which ended on September 30, and was the first full year for the Division under the leadership of both Chair Gary Gensler and Director of Enforcement Gurbir Grewal. Results were up from the year before, with a record $4.2 billion in civil penalties. The high penalty number was due not just to a number of blockbuster settlements, but also to a drive by the agency to see that penalties are “recalibrated” upward across the board. While the SEC’s results showed a continued emphasis on traditional areas such as investment advisers, broker-dealers, and issuer accounting and disclosure, the SEC’s Enforcement results also show the agency’s renewed emphasis on individual accountability and suits against “gatekeepers” such as accountants and lawyers. The past year has also been notable for the SEC’s willingness to impose third-party compliance consultants, often with broad mandates, to oversee entity-level improvements. Our below analysis of the SEC’s enforcement results provides indications of where the agency may focus in the year to come.

Overall Results and Shifts in Approach

The SEC brought a total of 760 actions in fiscal year 2022, which included a total of 462 new “standalone” actions, up 6.5 percent from fiscal year 2021. The SEC obtained a total of $6.439 billion in monetary remedies, comprised of disgorgement, interest, and the record $4.2 billion in penalties.[2] It was also a banner year for whistleblowers, with the SEC receiving 12,300 whistleblower tips and making 103 whistleblower awards totaling $229 million. The headline cases included:

  • A billion-dollar case against an investment firm to settle fraud charges that three portfolio managers falsified records and lied to investors to cover up losses when they deviated from the disclosed strategy of a supposedly low-risk options-based “Structured Alpha” strategy. The SEC settlement, comprised of a $675 million civil penalty, $315.2 million in disgorgement, and $34 million in prejudgment interest, came alongside parallel criminal charges that saw the firm plead guilty to securities fraud, pay a $2.33 billion criminal fine, forfeit another $463 million, and agree to pay $3.24 billion in restitution to investors in one of the largest corporate enforcement settlements ever.[3]
  • Over a dozen broker-dealers and registered investment advisers collectively paid $1.235 billion in penalties for alleged violations of recordkeeping requirements involving employees who used text messages or messaging apps for business communications, with nine firms settling for a $125 million penalty each, two firms each agreeing to a $50 million penalty, and one firm settling for a $10 million penalty.[4] These cases are part of the so-called “off-channel communications” sweep conducted by the SEC in conjunction with the Commodity Futures Trading Commission (CFTC), and which is ongoing with more settlements expected in the current fiscal year.
  • A major bank paid $361 million, including a $200 million civil penalty and $161 million in disgorgement, to settle charges of having offered and sold approximately $17.7 billion of unregistered securities due to an alleged failure to implement adequate internal controls to track its issuance of securities from a shelf offering after losing its “well known seasoned issuer” status.[5]
  • A Big Four accounting firm paid $100 million, the highest-ever penalty in an audit firm case, and admitted that numerous audit professionals had cheated on professional exams, and that the firm had failed to update its response to a related SEC inquiry. In settling the case, the SEC imposed—for the first time—two separate independent compliance consultants instead of just one.[6]
  • A crypto lending firm paid $100 million—half to the SEC and half to a consortium of states—to settle charges that its interest-bearing crypto lending product was an unregistered security and that it was acting as an unregistered investment company.[7]

The past year also demonstrated some shifts in the SEC’s enforcement priorities and strategy:

  • Increased penalties: In announcing its record year for penalties, the SEC announced it had “recalibrated” penalties for certain violations to “deter future misconduct.” According to Director Grewal, the higher penalties were meant to ensure that regulatory fines are “viewed as more than the cost of doing business.” [8] Penalty levels were higher not just in the blockbuster cases, but across the board and notably against individuals as well in some cases. For instance, the SEC ordered two former co-CEOs to pay $4 million and $2 million respectively for violating antifraud, reporting, and books and records provisions.[9] In another matter, a former accountant was ordered to pay a nearly $2 million civil penalty for using his company’s confidential financial data to trade ahead of earnings announcements.[10]
  • A Drive for Faster Investigations: Director Grewal and Deputy Director Sanjay Wadha have repeatedly emphasized their desire to shorten the time it takes the SEC to bring cases. In late 2021 Grewal announced plans to streamline the Wells process—the process by which parties the SEC is considering suing can advocate against an Enforcement action—by generally allowing parties less time to prepare “Wells submissions,” and by granting fewer meetings with top Enforcement leadership. It is not clear that these efforts have made investigations appreciably shorter, particularly since the timeframe of most investigations is determined by the Staff with the Wells process reflecting only one often relatively discrete part. In a May 2022 speech, Grewal also took aim at the defense bar, claiming that recipients of SEC subpoenas too often engage in undue delay in responding, raise unsupported claims of attorney client privilege, or otherwise obstruct the SEC’s desire for efficient investigations.
  • Cooperation credit: While the SEC continues to tout the purported benefits of providing “meaningful cooperation” in Enforcement investigations, the actual benefits, particularly on a case-by-case basis, often remain difficult to quantify. A few cases in the past year provide some insight:
    • A health care company settled charges that for over 20 years, it had engaged in non-GAAP-compliant foreign exchange transactions that caused it to overstate its net income, and that for almost ten years it had engaged in intra-company foreign exchange transactions for the sole purpose of generating revenue and overstating its net income.[11] The terms of the company’s settlement—a no-admit, no-deny settlement to negligence-based fraud charges with an $18 million penalty—were lenient in light of the unusually long period of allegedly fraudulent conduct. The SEC attributed this to the company’s extensive cooperation, including self reporting to the SEC, conducting an internal investigation, and providing to the SEC detailed explanations of complex transactions and summaries of witness interviews.
    • An oilfield services company and its former CEO settled charges that the company had failed to make required disclosures of the CEO’s executive perks and stock pledges.[12] While the former CEO settled to fraud-based charges and paid a penalty, the company was able to settle to nonfraud charges and did not pay a penalty. The SEC noted in the results announcement that this no-penalty outcome was due to the company’s cooperation. The settlement order detailed extensive remediation by the company, such as installing new management with public company experience, adding directors, and adopting new policies and procedures.
    • In its Enforcement results and public speeches by Director Grewal, the SEC also touted the case of a technology company whose founder and CEO allegedly raised tens of millions of dollars from investors while lying about the company’s valuation.[13] The SEC cited the case, in which the company settled to fraud charges and paid no penalty, as an example of the benefits of cooperation, but the unique facts make the case a difficult precedent to replicate: the company conducted an internal investigation; fired the CEO and provided cooperation against him which led to his indictment; installed new management and expanded its board; adopted new policies and procedures; wrote down its valuation; returned 70% of the money from certain fundraisings; and offered to return the rest by issuing interest bearing promissory notes.
  • Individual accountability: The past year also saw a continued focus on individual accountability, with over two-thirds of the SEC’s stand-alone enforcement actions including at least one individual. Notable examples included:
    • In a case alleging a long-running revenue recognition fraud, the SEC charged a software company and seven of its current and former employees, including a former general counsel. The SEC also sued the company’s former CEO under Section 304 of the Sarbanes-Oxley Act to reimburse the company for more than $1.3 million in stock sale profits and incentive compensation.[14] Section 304 allows the SEC to sue to force a CEO or CFO to reimburse the company for any incentive compensation or stock sale profits received from the company in the year following an accounting restatement due to misconduct— with the SEC taking the position that the misconduct of any employee at the company can suffice.
    • The SEC also sued to recover executive compensation in an accounting fraud case of a company that allegedly used “pull forwards” of future orders to create the misleading appearance of stronger financial performance in a current period,[15] and clawed back executive compensation in the case of a company that allegedly misstated its revenue and profit margin to hide cost overruns on construction projects. In that case, three former executives not charged with misconduct agreed to return a total of more than $1.9 million in bonuses and compensation to the company under Section 304.[16]
  • Admissions requirement: Early in his tenure, Director Grewal announced that the SEC would once again seek admissions of wrongdoing in Enforcement cases. As with the prior policy of seeking admissions in select actions during the tenure of Chair Mary Jo White, the current SEC appears to maintain a flexible approach to when it will seek admissions, often demanding them where its evidence is the strongest. For example, the SEC obtained admissions in the audit firm exam cheating case,[17] and the “off-channel” recordkeeping cases.[18]
  • Compliance consultants: The SEC required independent compliance consultants in some of this year’s biggest settlements. These arrangements seem to be more numerous than in years past, with the consultants sometimes receiving sweeping mandates:
    • In the audit firm exam cheating case, for the first time ever the SEC imposed two separate compliance consultants—one to review the firm’s policies and procedures relating to ethics and integrity, and a second to conduct a privileged review of the firm’s response to the SEC’s investigation by its in-house lawyers and executive committee, with a mandate that includes ordering personnel actions, including terminations.[19]
    • A mining company was ordered to retain a compliance consultant to review its disclosure controls.[20]
    • Each broker-dealer or investment adviser firm that settled a recordkeeping case was require to retain a compliance consultant to review its electronic communication controls.[21]
    • After settling charges that it failed to abide by professional standards in the audits of two companies later accused of accounting fraud, an audit firm agreed to retain a compliance consultant to review its audit and quality control standards.[22]
  • Whistleblower retaliation: The SEC continues to enforce the prohibitions on retaliating against or interfering with whistleblowers. In the last year, the SEC brought an action against an armored car company for using overly restrictive confidentiality agreements that prohibited the disclosure of financial or business information, and which contained no exception for SEC whistleblowers.[23] The SEC also settled charges that a former executive of a technology company violated a prohibition on taking “any action to impede” a whistleblower’s communicating with the SEC. After learning that an employee of the company had threatened to report a possible securities law violation, the executive allegedly turned off the employee’s access to company files, monitored his computer usage, and obtained and used the passwords to his personal email and other accounts, before ultimately firing him.[24]

Substantive Areas of Focus

  • Off-Channel Communications: As noted, the SEC assessed over $1 billion in penalties related to the use of “off-channel” communications, such as text messages, by employees of registered broker dealers and investment advisers. The cases showed the SEC’s increased interest in internal control and recordkeeping cases even in the absence of underlying misconduct. The SEC has indicated that this sweep is ongoing, and there has already been reporting that the SEC has sent inquiries to funds and advisers on this topic.[25]
  • Digital assets: The SEC’s focus on enforcement in the digital asset market shows no sign of abating, and the agency signaled an intent to continue robust enforcement by almost doubling the size of the Enforcement Division’s Cyber Unit (now called the “Crypto Assets and Cyber Unit”) and adding a team of dedicated litigators.[26] In addition to its case against a crypto lending platform for allegedly offering unregistered securities and failing to register as an investment company,[27] the SEC has continued to pursue cases charging providers of digital assets with unregistered securities offerings. Some of these cases have led to closely watched district court litigation, including a recent summary judgment win for the SEC.[28] This approach to regulating the digital asset market, however, exposes a risk of fragmentation if different judges reach different conclusions regarding what constitutes a “security” in this context. Other significant digital asset enforcement actions included the SEC charging eleven individuals for their alleged roles in a fraudulent crypto pyramid and Ponzi scheme,[29] and charges against a “crypto influencer” for allegedly touting unregistered crypto asset securities without disclosing his compensation.[30]
  • Insider trading: As always, insider trading was high on the SEC’s priority list, though the 2022 fiscal year did not start out well for the SEC. In December 2021, the SEC received a surprising trial defeat in a case in which the defendant allegedly bought options on the stock of his brother-in-law’s company, which was negotiating a merger, after communicating with the brother-in-law.[31] Despite the statistically “improbable success rate” of the trades, a Virginia district judge found the largely data-driven evidence insufficient to support the insider-trading case and granted judgment as a matter of law for the defendant after the SEC’s case, and before the defendant had even taken the stand, a ruling the SEC has appealed. Nevertheless, the SEC has continued to use data analytics in insider trading cases, yielding actions against nine individuals in three separate trading schemes, alongside parallel criminal charges.[32] Significant developments in insider trading enforcement this year include:
    • The SEC and DOJ brought an insider trading case against a former employee of a digital asset trading platform for providing tips to others to trade ahead of listing announcements on the platform, in violation of his employer’s policy on the use of confidential information.[33] The SEC did not allege that the former employee himself traded, but that he received the personal benefit of gifting the information. The SEC’s complaint was notable for specifying—for the first time—that certain digital assets were securities, while not commenting on the status of other digital assets at issue in the case. The DOJ case, by contrast, rested solely on the wire fraud statute, which is worded similarly to the securities fraud statute, but does not require proof that a security is involved.
    • In September 2022, the SEC settled charges against the CEO and a former executive of a China-based technology company, charging that the two officers set up a Rule 10b5-1 trading plan while in possession of material nonpublic information.[34]
  • ESG: Environmental, Social, and Governance (“ESG”) issues continue to be a growing area of focus for the SEC. In two cases, the SEC charged investment firms with misleading investors by stating that they invested pursuant to ESG policies and procedures, but not in practice following those policies and procedures. In one case, the SEC charged an investment adviser that allegedly offered investments compliant with shari’a (Islamic) law, yet had no policies and procedures addressing how it would assure ongoing shari’a compliance.[35] Similarly, the SEC’s ESG task force charged another investment adviser for failing to act consistently with its ESG disclosures to investors and having inadequate policies and procedures to prevent the misleading disclosures.[36] This enforcement focus is likely to continue, with the SEC having proposed new rules that would give Enforcement staff additional tools to track and target investment advisers and funds pursuing ESG strategies.[37] The SEC also touted as ESG cases actions against public companies for allegedly misleading disclosures or omissions regarding airplane safety,[38] mine safety,[39] and environmental conditions.[40]
  • Accounting fraud and issuer disclosure: While accounting fraud and issuer disclosure cases have always been core to the SEC enforcement program, the agency has innovated in this space, continuing to bring cases under the “EPS Initiative,” which used data analytics to identify companies suspected of using accounting fraud to manipulate their earnings per share. Since 2020, the initiative has led to multiple enforcement actions, including two in the last fiscal year. In one, a major pest-control company and its former CFO were charged with fraud for allegedly manipulating EPS by making unjustified adjustments to its “termite reserve” and other reserve accounts for workers’ compensation and the like; the company paid $8 million to settle the charges.[41] In the second case, a medical device company paid $2 million to settle fraud charges that it shipped orders ahead of schedule in order to “pull forward” revenue that allowed it to beat EPS projections. [42] Notably, in that case the company’s “pull forwards” in some cases caused it to misstate its financials in violation of generally accepted accounting principles. In other instances, however, the revenue was valid under accounting standards, yet the SEC claimed that the company misleadingly gave investors the false impression that the company had obtained solid results organically, without the benefit of the “pull forwards.”

Other notable accounting and issuer disclosure cases included:

    • A software company paid $12.5 million—and had seven current or former employees charged—in a case alleging the use of backdated contracts and other devices to improperly recognize $46 million in revenue over several quarters.[43]
    • A financial institution paid a $10 million penalty and over $2.5 million in disgorgement and interest, and its former CEO paid a $300,000 penalty and over $100,000 in disgorgement and interest, in a case alleging a failure to disclose purported related party loans to entities affiliated with the former CEO.[44]
    • A mining company entered a $12 million settlement on claims that it negligently made misleading statements about the impact of a technology upgrade on costs.[45]
    • A software company paid $8 million to settle charges that it made misleading statements about its backlog of software licenses, with the SEC alleging that the company delayed delivery of orders in order to push revenue out into future periods and obscure its declining sales performance.[46]
  • Broker-dealers and investment advisers: This year the SEC brought the first enforcement action under Regulation Best Interest, or Reg BI, which went into effect in June 2020, charging a brokerage firm and five of its registered representatives for failing to conduct due diligence necessary to understand the disclosed risks of a product they recommended to customers, leaving the registered reps without a reasonable basis to determine that the product was in their clients’ best interest.[47] The SEC was active elsewhere in the broker-dealer and registered investment adviser space:
    • The SEC settled with six investment advisers and six broker-dealers on charges that they failed to file and deliver client or customer relationship summaries, known as Form CRS, to their retail investors.[48]
    • The SEC charged an investment advisor with misleading customers when marketing a “no fee” robo-adviser offering that allegedly allocated significant percentages of customers’ investments to cash, which the firm’s affiliated bank then loaned out, earning the firm as much, if not more, in interest than it had previously earned in fees.[49] According to the SEC, the firm misled investors by falsely describing the cash allocations as the result of the robo-advisor applying “modern portfolio theory.”
    • The SEC charged several investment advisers with failing to comply with the Advisers Act custody rule and for failing to make related disclosures.[50]
  • Safeguarding customer information: The SEC charged three different financial services firms for failure to adequately prevent customer identity theft in violation of Regulation S-ID, alleging that the firms lacked reasonable policies and procedures to detect and respond to identity-theft red flags.[51] In addition, one of the largest U.S.-based broker dealer and investment adviser firms settled with the SEC for charges related to its alleged failure to properly dispose of hard drives and servers containing the personal identifying information (PII) of approximately 15 million customers.[52]
  • SPACs: This fiscal year, the SEC focused aggressively on Special Purpose Acquisition Companies (“SPACs”) from a rulemaking perspective, proposing sweeping rules on March 30, 2022.[53] However, only one SEC case directly involved a SPAC during the fiscal year, charging an electric vehicle maker whose founder was later convicted of criminal securities fraud.[54] The market for SPAC activity has quieted considerably, likely as a result of the SEC’s proposed rules.
  • FCPA: The past year was relatively slow for enforcement of the Foreign Corrupt Practices Act (“FCPA”). The SEC charged Brazil’s second largest airline with bribing government officials to secure favorable tax reductions,[55]and an American technology company agreed to pay more than $23 million to settle charges that its subsidiaries created and used slush funds to bribe foreign officials.[56] There have also been a few examples of the SEC taking action without parallel DOJ matters. For example, the SEC brought charges against the largest South Korean telecommunications company for alleged violations in several countries,[57] as well as against a Luxembourg-based steel pipe manufacturer for alleged bribes in Brazil.[58]

2022 was a successful year for Enforcement, with an increased number of enforcement actions and record amount in penalties. In 2023, expect the Enforcement Division to continue to ramp up enforcement actions with a similar mix of priorities and an acute focus on penalties and accountability.


1 back)

2The increase in penalties, and a decrease in disgorgement recoveries, were likely impacted by the Supreme Court’s 2020 ruling in Liu v. SEC, 140 S.Ct. 1926 (2020), which placed limits on the SEC’s ability to recover disgorgement of ill-gotten gains, leading the SEC to seek increased penalties in some cases.(go back)

3 back)

4 back)

5 back)

6 back)

7 back)

8 back)

9; litigation/admin/2022/33-11057.pdf.(go back)

10 back)

11 back)

12 back)

13 back)

14 sec-accounting-enforcement-action-signals-heightened-focus-onindividual-accountability-and-puts-public-company-executives-on-noticefor-potential-sox-304-reimbursement/(go back)

15 back)

16 back)

17 back)

18 back)

19 back)

20 back)

21 back)

22; see also https://www. (SEC requiring an independent consultant in response to failure to comply with audit requirements). (go back)

23 back)

24 back)

25 back)

26 back)

27 sec-takes-aim-at-crypto-lending-in-blockfi-settlement-calls-on-market-tocome-into-compliance-is-regulatory-clarity-coming-soon/(go back)

28See SEC v. LBRY, Inc., 2022 WL 16744741 (Nov. 7, 2022); see also https:// back)

29 back)

30 back)

31 sec-s-stunning-trial-loss-rattles-its-insider-trading-strategy (go back)

32 back)

33 sec-and-doj-charge-employee-of-digital-asset-trading-platform-and-hisassociates-with-alleged-insider-trading-in-digital-assets/(go back)

34 sec-charges-company-executives-with-insider-trading-for-allegedlysetting-up-10b5-1-trading-plan-while-in-possession-of-mnpi/ ; see also back)

35 back)

36 secs-esg-task-force-comes-out-swinging-with-inaugural-enforcementaction-ahead-of-new-esg-disclosure-rules/ (go back)

37 new-esg-rule-proposal-raises-the-stakes-under-secs-new-marketing-rule/ (go back)

38 back)

39 back)

40 back)

41 back)

42 back)

43 back)

44 back)

45 back)

46 back)

47 back)

48 back)

49 sec-brings-robo-adviser-case-against-charles-schwab-for-misleadingclients-about-hidden-costs/ (go back)

50 back)

51 back)

52 back)

53 back)

54 back)

55 back)

56 back)

57 back)

58 back)

Both comments and trackbacks are currently closed.