Debevoise Discusses SEC’s Division of Enforcement Year-End Results

On November 14, 2023, the U.S. Securities and Exchange Commission’s (“SEC” or “Commission”) Division of Enforcement (“Division”) announced its enforcement results for fiscal year (“FY”) 2023.[1] Disgorgement and penalties were the second highest in the SEC’s history at just under $5 billion, while the overall number of actions rose by 3% over FY 2022. The Division maintained its focus on individual accountability for company officers and directors, as well as for gatekeepers, such as auditors and lawyers. In addition, the Whistleblower Program continued to grow significantly with a record-high number of awards and tips.

The SEC highlighted a number of continued areas of focus, including recordkeeping procedures, crypto assets, ESG, and cybersecurity, and also noted several initiatives where the Commission is targeting “recurring” or “widespread” violations. The actions highlighted by the SEC in its press release provide valuable insights into evolving trends and a roadmap for industry players as to ongoing initiatives.

FY 2023 Statistics

The SEC brought 501 standalone enforcement actions in FY 2023, continuing the upward trend starting in FY 2020 with an 8% increase year-over-year. The number of follow-on administrative proceedings and actions against issuers who were delinquent in making required filings with the SEC hovered around the same level as last year. Overall, the total number of actions also increased slightly to 784.

Three types of actions constituted the majority of standalone actions brought during FY 2023:

  • Securities offering matters (33% of the total);
  • Investment adviser and investment company matters (17% of the total); and
  • Issuer reporting/accounting and auditing matters (17% of the total).

There were two types of actions with significant year-over-year increases: securities offering matters (55% increase) and broker-dealer matters (30% increase). The increase in securities offering matters was partly due to the investigative sweep focusing on failure to comply with Regulation A requirements, but also reflects a return to levels seen in such retail-type enforcement in the prior administration. In addition, there were 11 FCPA matters brought in FY 2023, bringing the number closer to pre-pandemic levels after two considerably slower years that were partly attributed to the administrative transition and shifting enforcement priorities into crypto, off-channel communications, and other areas. On the other hand, several other types of actions experienced year-over-year decreases, including matters involving market manipulation (31% decrease), investment adviser/investment company (28% decrease), and insider trading (26% decrease).

Standalone Enforcement Actions by Primary Classification

Primary Classification FY 2020 FY 2021 FY 2022 FY 2023
Investment Adviser / Investment Co. 21% 87 28% 120 26% 119 17% 86
Broker-Dealer 10% 40 8% 36 10% 46 12% 60
Securities Offering 32% 130 33% 142 23% 106 33% 164
Issuer Reporting / Audit & Accounting 15% 62 12% 53 16% 76 17% 86
Market Manipulation 5% 22 6% 26 7% 32 4% 22
Insider Trading 8% 33 6% 28 9% 43 6% 32
FCPA 2% 10 1% 5 1% 6 2% 11
Public Finance Abuse 3% 12 3% 12 4% 19 1% 6
SRO / Exchange 0% 0 0% 1 0% 1 1% 5
NRSRO 1% 3 0% 2 0% 1 1% 4
Transfer Agent 0% 1 0% 2 2% 7 1% 3
Miscellaneous 0% 5 2% 7 1% 6 4% 22

The Division filed more than 40% of the standalone matters brought in FY 2023 as litigated matters, in whole or in part. This trend is likely reflective of the more aggressive settlement demands made by this administration, which make settlement less likely, as well as the focus on crypto cases, which tend to litigate more often given the novel issues involved and the existential nature of some cases, the latter of which often makes settlement impossible.

The SEC’s press release focused on jury trial wins involving false and misleading statements in press releases, fraudulent schemes regarding penny stocks, and fraudulent schemes involving trading in microcap securities. The impact of the Supreme Court’s highly anticipated Jarkesy[2] decision on the future of administrative proceedings remains to be seen.

Second Largest Total Monetary Sanctions in SEC History

While monetary sanctions were not nearly as high as the Commission’s record-breaking FY 2022 (as the Division correctly signaled last year would be the case in subsequent years), the SEC imposed nearly $5 billion in monetary sanctions, the second highest in the Commission’s history. Monetary sanctions included approximately $1.6 billion in penalties—a sharp drop from last fiscal year’s $4.2 billion—and $3.4 billion in disgorgement.

As shown above, the amount of disgorgement in FY 2023 exceeded the amount of penalties imposed, indicating that FY 2022 may have been an outlier in terms of penalties due to the recordkeeping investigative sweep that resulted in combined penalties of approximately $1.1 billion.[3] However, as further described below, actions involving alleged recordkeeping violations continued to constitute a significant portion of the total penalties in FY 2023.

Overall, another year of high monetary sanctions illustrates the Division’s continued objective to “aggressively employ[] all of its tools to protect investors and market integrity[,]”[4] including by demanding penalties significantly exceeding penalty precedents in similar cases.

Focus Areas

As expected, the SEC’s press release highlighted the Commission’s actions targeting recordkeeping violations involving “off-channel” communications, as well as actions related to digital assets, ESG, cybersecurity, and what the SEC described as “[i]ndustry [s]haping [i]nitiatives.” Notably, the SEC’s focus in FY 2023 seems to have shifted away from private funds, which was a focus area in FY 2022.

Recordkeeping Violations by Regulated Entities

Recordkeeping violations again received significant attention in FY 2023, part of what the SEC termed its “Off-channel Communications Initiative.” The SEC’s press release specifically called out actions against several large banks, among 22 other advisory firms, broker-dealers, and credit rating agencies, which resulted in over $400 million in penalties. In each of these cases, the SEC highlighted that respondents’ employees used unauthorized messaging platforms on personal devices to communicate about business matters, and the respondents failed to preserve the “substantial majority” of these communications. The off-channel communications actions were also significant in that the respondents agreed to retain independent compliance consultants and undertake comprehensive reviews of their internal policies and procedures.

Given the SEC’s clear focus on the area, we expect continued enforcement activity for the foreseeable future. In addition, in light of the scrutiny over the broker-dealer rules relating to recordkeeping requirements, we expect to see the SEC’s focus begin to shift to standalone violations of the Advisers Act rules.

Digital Assets

Following the growth of the SEC’s Crypto Assets and Cyber Unit last year, FY 2023 was a busy year for the Commission in the digital asset space. The press release highlighted four types of actions focusing on alleged (1) fraud; (2) unregistered securities; (3) unregistered exchanges and other intermediaries; and (4) touting. Among other actions, the SEC noted its high-profile actions against the former FTX CEO Samuel Bankman-Fried (“SBF”)[5] and FTX executives,[6] as well as Terraform Labs and its founder Do Kwon.[7] The Commission’s case against SBF, filed in December 2022, alleged that SBF defrauded equity investors and the users of the now bankrupt FTX crypto asset trading platform. The case has been stayed until the conclusion of the parallel criminal case, which recently resulted in SBF’s conviction.[8]

In addition to alleged crypto fraud, the Commission has initiated consequential actions alleging unregistered offerings and unregistered exchanges and other intermediaries, implicating several major players in the crypto industry, including Genesis/Gemini, Celsius, Kraken, and Nexo. While the SEC’s actions against Kraken and Nexo were settled, the cases against Genesis/Gemini and Celsius are litigating. In addition, the SEC also filed its first actions against issuers of non-fungible tokens (“NFTs”) in August and September 2023; Impact Theory LLC and Stoner Cats 2 LLC both settled the Commission’s cases against them.[9] Finally, the press release did not discuss the outcome of the SEC’s litigated case against Ripple Labs, where the U.S. District Court for the Southern District of New York ruled that Ripple’s XRP token is not a security and did not constitute an investment contract when sold on the secondary market; this was the first court to decide that a digital asset challenged by the SEC was not a security.[10]


The SEC also continued its focus on ESG, with several new actions relating to what the agency viewed as misleading ESG claims. For example, the Commission imposed a $19 million civil penalty against a large bank subsidiary for making materially misleading statements about its controls relating to ESG integrated products.[11]In addition, the SEC entered into a settlement with the former CEO of McDonald’s, barring the individual from serving as an officer or director for five years, for allegedly making false and misleading statements relating to the former CEO’s termination from the company.[12] The SEC also brought an action against a large investment bank regarding alleged policies and procedures failures involving mutual funds and a separately managed account marketed as ESG investments.[13]

We expect that the SEC’s proposed rules on climate disclosure and ESG disclosures for registered investment advisers and funds, as well as the Names Rule adopted in September 2023,[14] will drive continued scrutiny by the Division around ESG.


Over the past several years, the Commission has significantly increased its expectations for market participants facing a cybersecurity breach. In FY 2023, the Commission brought several enforcement actions arguing that market participants should have disclosed material cybersecurity risk and incidents. The press release highlighted an action against Blackbaud Inc. concerning allegedly misleading disclosures related to a 2020 ransomware attack.[15] We expect continued enforcement in this area as ransomware attacks become more prevalent among companies and the SEC’s cybersecurity rules for public companies become effective next month. In addition, we will continue to observe a number of proposed rules that, if adopted, would impose significant compliance requirements—including incident reporting obligations—on broker-dealers and investment advisers, and likely be a focus of enforcement.

“Industry Shaping” Initiatives

The press release also highlighted a number of initiatives to “proactively” investigate what the Commission views as recurring or widespread violations in the securities industry. The first highlighted initiative related to alleged noncompliance with the new Advisers Act Marketing Rule that became effective in November 2022,[16] which resulted in charges against nine investment advisers. As a part of another ongoing initiative, the SEC focused on insider disclosures by bringing 11 actions against officers, directors, major shareholders of public companies, and issuers for failing to file timely reports, an effort resembling similar sweeps conducted in the past.[17] Another initiative involved actions against ten microcap companies concerning Regulation A compliance.


The SEC has maintained its attention on a perennial enforcement area against so-called “gatekeepers”—namely auditors and lawyers. The press release highlighted actions against several audit and accounting firms, including Prager Metis and Crowe U.K. LLP (“Crowe”). In the action involving Crowe, for example, the SEC charged the auditing firm, its CEO, and a senior audit partner for conduct relating to an allegedly deficient audit of a SPAC target.[18] As a result of the action, Crowe and the individuals agreed to pay civil penalties and the individuals cannot appear or practice before the SEC as accountants.

In addition, although not specifically referenced in the press release, the SEC brought an insider trading case against an attorney alleging that the lawyer accessed MNPI about law firm clients and traded in the securities of these issuers while in possession of MNPI, an indication that lawyers remain on the Commission’s radar as important gatekeepers.[19]


The SEC highlighted several actions resulting in cooperation credit, including a settlement with GTT Communications, Inc. alleging that GTT failed to disclose material information in its filings. GTT was awarded credit for promptly self-reporting, undertaking affirmative remedial measures, and providing substantial cooperation, and the Commission did not impose a penalty.[20] Another no-penalty example was the action against View Inc., which recognized the company for providing detailed factual analyses and explanations, proactively identifying key documents and witnesses, and following up on the Commission’s requests without requiring subpoenas.[21]

While the SEC promoted rewarding cooperation as a way to encourage firms to “proactively” self-police, self-report, remediate potential violations, and provide meaningful cooperation with the investigations, the level of predictability in actions brought by the Commission continues to raise questions about whether the incentive is effective.

Individual Accountability

The SEC has stayed consistent in its focus on “individual accountability” as a “pillar” of the SEC’s enforcement program. Similar to FY 2022 and prior years, more than two-thirds of the standalone enforcement actions during FY 2023 involved at least one individual. Moreover, the SEC barred 133 individuals from serving as officers and directors of public companies, resulting in the highest number of officer and director bars obtained in a decade.

The SEC’s press release also noted that barred individuals could face substantial penalties. For example, the SEC ordered a former Wells Fargo executive to pay a $3 million penalty and more than $1.9 million in disgorgement for allegedly misleading investors about the success of Wells Fargo’s core business.[22] This focus on individual accountability appears to have prompted more respondents to litigate with the SEC.

Whistleblower Protections

FY 2023 was another consequential year for the Whistleblower Program. The SEC received more than 18,000 tips, approximately 50% more than FY 2022. The Commission also issued a new record-high amount in whistleblower awards, which totaled nearly $600 million.

In particular, the SEC issued a $279 million award to a single whistleblower this year. By itself, that award exceeded FY 2022’s total dollar amount in whistleblower awards by 22%. In announcing the award, the SEC noted that even though information obtained from a whistleblower may “not prompt the opening of the Commission’s investigation,” the quality of information and continued cooperation of a whistleblower can lead to the distribution of a large award.[23] Certainly we expect that with awards like this, the Whistleblower Program will continue to incentivize reporting.

In addition, the Commission has increased its focus on Rule 21F-17, which targets actions taken to impede reporting to the SEC. The five enforcement actions brought during FY 2023 constitute approximately a quarter of all Rule 21F-17 actions brought since 2015.[24] In one of those actions, the Commission found that a company’s employee separation agreement violated Rule 21F-17 because the agreement contained broad language requiring a statement that the employee did not report any of the company’s misconduct to any federal agency, despite also including a specific carve-out for SEC reporting.[25] We expect to see continued attention in this area by the Commission.


The SEC continues to be focused on issues such as recordkeeping and industries such as crypto. Looking ahead to FY 2024, we expect continued emphasis on off-channel communications and increased enforcement proceedings against current and defunct players of the crypto industry. While the past two fiscal years had seen enforcement activity below recent averages, the level of activity in FY 2023 suggests that enforcement is beginning to return to pre-pandemic levels.


[1]      Press Release, SEC Announces Enforcement Results for Fiscal Year 2023 (Nov. 14, 2023), [hereinafter “FY 2023 Enforcement Press Release”].

[2]      Jarkesy v. SEC, 34 F.4th 446 (5th Cir. 2022), cert. granted, 143 S. Ct. 2688 (2023) (mem.).

[3]      See Press Release, SEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures (Sept. 27, 2022), Given the Second Circuit’s recent ruling in SEC v. Govil, No. 22-1658, 2023 WL 7137291 (2d Cir. Oct. 31, 2023), which significantly limited the availability of the remedy, it will be interesting to see whether disgorgement remains at this level in FY 2024.

[4]      FY 2023 Enforcement Press Release.

[5]      Press Release, SEC Charges Samuel Bankman-Fried with Defrauding Investors in Crypto Asset Trading Platform FTX (Dec. 13, 2022),

[6]      Press Release, SEC Charges Caroline Ellison and Gary Wang with Defrauding Investors in Crypto Asset Trading Platform FTX (Dec. 21, 2022),

[7]      Press Release, SEC Charges Terraform and CEO Do Kwon with Defrauding Investors in Crypto Schemes (Feb. 16, 2023),

[8]      See Luc Cohen & Jody Godoy, Sam Bankman-Fried convicted of multi-billion dollar FTX fraud, Reuters (Nov. 3, 2023),

[9]      Press Release, SEC Charges LA-Based Media and Entertainment Co. Impact Theory for Unregistered Offering of NFTs (Aug. 28, 2023),; Press Release, SEC Charges Creator of Stoner Cats Web Series for Unregistered Offering of NFTs (Sept. 13, 2023),

[10]    SEC v. Ripple Labs, Inc., No. 20-cv-10832-AT-SN (S.D.N.Y. July 13, 2023).

[11]    Press Release, Deutsche Bank Subsidiary DWS to Pay $25 Million for Anti-Money Laundering Violations and Misstatements Regarding ESG Investments (Sept. 25, 2023),

[12]    Press Release, SEC Charges McDonald’s Former CEO for Misrepresentations About His Termination (Jan. 9, 2023),

[13]    Press Release, SEC Charges Goldman Sachs Asset Management for Failing to Follow its Policies and Procedures Involving ESG Investments (Nov. 22, 2022),

[14]    Investment Company Names, Release No. IC-3500 (Sept. 20, 2023) (Adopting Release).

[15]    Press Release, SEC Charges Software Company Blackbaud Inc. for Misleading Disclosures About Ransomware Attack That Impacted Charitable Donors (Mar. 9, 2023),

[16]    17 CFR § 275.206(4)-1.

[17]    Press Release, SEC Charges Corporate Insiders for Failing to Timely Report Transactions and Holdings (Sept. 27, 2023),

[18]    Press Release, SEC Charges UK Audit Firm, CEO, and Senior Auditor for Failures in Connection with De-SPAC Transaction (Aug. 14, 2023),

[19]    SEC Complaint, SEC v. Costa Neto, 23-cv-02451 (D.D.C. Aug. 23, 2023),

[20]    Press Release, SEC Charges GTT Communications for Disclosure Failures (Sept. 25, 2023),

[21]    Press Release, SEC Charges “Smart” Window Manufacturer, View Inc., with Failing to Disclose $28 Million Liability (July 3, 2023),

[22]    Press Release, Former Wells Fargo Senior Executive Carrie Tolstedt Agrees to Settle SEC Fraud Charges for Misleading Investors About Abusive Sales Practices to Inflate a Key Performance Metric (May 30, 2023),

[23]    Press Release, SEC Issues Largest-Ever Whistleblower Award (May 5, 2023),

[24]    See Office of the Whistleblower, SEC Enforcement Actions, available at (last accessed Nov. 20, 2023).

[25]    See Press Release, SEC Charges CBRE, Inc. with Violating Whistleblower Protection Rule (Sept. 19, 2023),

This post comes to us from Debevoise & Plimpton LLP. It is based on the firm’s memorandum, “SEC’s Division of Enforcement Year-End Results Reflect Continuing Aggressive Approach to Enforcement and Remedies,” dated November 20, 2023, and available here.