The Securities and Exchange Commission (SEC) recently published its enforcement results for FY2022...
The Securities and Exchange Commission (SEC) recently published its enforcement results for FY2022. This report is a valuable compliance resource for regulated entities and General Counsels and CCOs, who can learn a great deal from the cases that the Enforcement Division pursues and where the SEC allocates its resources.
SEC Enforcement By the Numbers
The SEC brought 760 total enforcement actions in FY 2022, which was a 9 percent increase over FY 2021. These included 462 new, or “stand alone,” enforcement actions, representing a 6.5 percent increase over FY 2021.
Record-breaking penalties resulting from compliance violations were paid by regulated firms. Civil penalties totaled $4.194 billion, which was the highest on record to date. Disgorgement, at $2.245 billion, decreased by 6 percent from FY 2021. Overall, the SEC imposed $6.4 billion in penalties and disgorgement, which was the most on record in SEC history and up from $3.852 billion in FY 2021. Additionally, FY 2022 was the SEC’s second highest year ever in whistleblower awards, in terms of both the number of individuals awarded and the total dollar amounts awarded.
SEC Enforcement Trends
SEC Chair Gary Gensler emphasized that enforcement numbers tell only part of the story. The SEC’s FY 2022 enforcement fines reveal several trends that can help senior management of regulated entities boost their compliance efforts and lower their risks of enforcement penalties in FY 2023.
SEC Trends Align With Rulemaking Priorities
Many of the enforcement trends are not surprising, as they reflect areas where the SEC is pursuing regulatory changes, such as environmental, social, and governance (ESG) issues and cybersecurity. The SEC also brought several high-profile enforcement actions in the rapidly evolving crypto asset securities space. Charges included a first-of-its-kind action against crypto lending platforms for violating the registration requirements of the Investment Company Act of 1940.
With regard to cybersecurity incident responses, the SEC brought significant enforcement actions concerning failures by major firms to comply with core protection obligations including record-keeping and safeguarding customer information. Charges included having insufficient policies and procedures to protect investors from identity theft, in violation of the SEC’s Identity Theft Red Flags Rule (Regulation S-ID) and failing to protect the personal identifying information (PII) of brokerage customers.
In March, the SEC proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Among other requirements, the rules would require material cybersecurity incidents to be reported on Form 8-K within four (4) business days of discovery and updates on previously reported cyber incidents be disclosed on Forms 10-K and 10-Q. Companies would also be required to make periodic disclosures about their policies and procedures to identify and manage cybersecurity risks, management’s role in implementing cybersecurity policies and procedures, and the board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk. Now is an opportunity for Companies to review existing policies/procedures, conduct additional risk assessments, and prepare for adoption and implementation of new policies and procedures.
In terms of ESG, the SEC focused on public companies, as well as investment products and strategies. In one action, the agency charged an investment adviser with making materially misleading statements and omissions about its consideration of ESG principles in making investment decisions for certain mutual funds. In another, the SEC charged one of the world’s largest iron ore producers with allegedly making false and misleading claims to local governments, communities, and investors about the safety of its dams. The collapse of the Brumadinho dam in Brazil, which killed 270 people, caused serious environmental and social harm, and reduced the company’s market capitalization by more than $4 billion.
The SEC is still reviewing comments on a series of proposed ESG rulemakings that call for enhanced climate risk disclosures by issuers, enhanced ESG disclosures by registered funds and investment advisers, and modernized rules governing ESG-related fund names. Issuers will need to be responsive when the Final Rules are published.
SEC Requiring Independent Compliance Consultants
The SEC’s enforcement results were achieved by the tools and strategies that the agency and its staff is prioritizing. For instance, the Enforcement Division is increasingly requiring parties to retain independent compliance consultants (ICCs). In actions against several broker-dealers for failures to maintain and preserve work-related text message communications conducted on employees’ personal devices, the SEC mandated the retention of compliance consultants to, among other things, conduct comprehensive reviews of the firms’ policies and procedures relating to the retention of electronic communications found on personal devices. Fines, penalties and ICC costs for record keeping failures were significant.
The SEC emphasized that it continues to recognize meaningful cooperation, citing that assistance from cooperators can help expedite completion of investigations and bring to light important evidence. For example, the agency noted that a company whose former CEO allegedly fraudulently inflated key financial metrics and doctored internal sales records to boost the company’s valuation, was not penalized for its wrongful conduct after taking significant remedial measures.
SEC Targeting Gatekeepers
The SEC’s enforcement results reveal who may be in the agency’s crosshairs during 2023. Most notably, the SEC brought a number of enforcement actions against “gatekeepers”, such as auditors, lawyers, and transfer agents. CCOs have not been exempt either.
In one action, an auditor’s China-based affiliate was charged failing to comply with fundamental U.S. auditing requirements when auditing U.S. issuers and foreign companies listed on U.S. exchanges, allowing clients to select their own samples for testing, and having clients prepare their own audit documentation. In another action, a former general counsel of a public company settled an action for his role in an unregistered, fraudulent securities offering. According to the SEC, the attorney knew or was reckless in not knowing that there was no exemption from registration available.
SEC Prioritizing Financial Fraud and Issuer Disclosure
The SEC continues to emphasize that public company disclosure is the bedrock of the securities markets. In a press statement announcing the enforcement data, the SEC stated that it “places a high priority on pursuing issuers or their employees who make materially inaccurate disclosures, as well as auditors and their professionals who violate applicable laws and rules in connection with such disclosures.”
The Enforcement Division’s actions in this area targeted misconduct by issuers, auditors, and their employees. For instance, the SEC brought charges against a mining company for misleading investors about a technology upgrade the company claimed would reduce costs but ultimately increased costs, and for failing to properly assess whether to disclose financial risks created by their excessive discharge of mercury in Brazil. The SEC also brought an enforcement action against an audit firm and three senior-level employees for failing to properly audit a client company’s financial statements over a four-year period, when that client was improperly inflating revenues.
Next Steps for Regulated Entities
This article discusses several trends that can be gleaned from the SEC’s FY 2022 enforcement data. We recommend that entities subject to agency oversight review the enforcement results in their entirety and consult with experienced counsel about how they could be impacted in FY 2023 by failing to assess current policies/procedures against Rule changes that will be adopted and implemented during FY 2023 and later.
We encourage the management of regulated entities to regularly review what types of enforcement actions the SEC is bringing and use the information to align your firm’s compliance priorities with the agency’s evolving enforcement agenda. Continue to monitor the SEC’s Exam Priority and Deficiency notifications and Cybersecurity Breach Incident reporting to level set your firm’s threat and risk assessments.
Why Compliance Monitoring Matters for NY and NJ Businesses
Compliance programs are no longer judged by how they look on paper, but by how they function in the real world. Compliance monitoring is the ongoing process of reviewing, testing, and evaluating whether policies, procedures, and controls are being followed—and whether they are actually working. What Is Compliance Monitoring? In today’s heightened regulatory environment, compliance […]
When Are New Jersey Business Owners Personally Liable for Corporate Debt?
New Jersey personal guaranty liability is a critical issue for business owners who regularly sign contracts on behalf of their companies. A recent New Jersey Supreme Court decision provides valuable guidance on when a business owner can be held personally responsible for a company’s debt. Under the Court’s decision in Extech Building Materials, Inc. v. […]
Commercial real estate trends in 2026 are being shaped by shifting economic conditions, technological innovation, and evolving tenant demands. As the market adjusts to changing interest rates, capital flows, and workplace models, investors, owners, tenants, and developers must understand how these trends are influencing opportunities and risk in the year ahead. Overall Outlook for Commercial […]
One Big Beautiful Bill: New Tip Income Tax Rules Employers & Workers Need to Know
Part 2 – Tips Excluded from Income Certain employees and independent contractors may be eligible to deduct tips from their income for tax years 2025 through 2028 under provisions included in the One Big Beautiful Bill. The deduction is capped at $25,000 per year and begins to phase out at $150,000 of modified adjusted gross […]
One Big Beautiful Bill: New Overtime Tax Rules Employers and Employees Need to Know
Part 1 – Overtime Pay and Income Tax Treatment Overview This Firm Insights post summarizes one provision of the “One Big Beautiful Bill” related to the tax treatment of overtime compensation and related employer wage reporting obligations. Overtime Pay and Employee Tax Treatment The Fair Labor Standards Act (FLSA) generally requires that overtime be paid […]
New York’s FAIR Business Practices Act: What the New Consumer Protection Measure Means for Your Business
In 2025, New York enacted one of the most consequential updates to its consumer protection framework in decades. The Fostering Affordability and Integrity through Reasonable Business Practices Act (FAIR Act) significantly expands the scope and strength of New York’s long-standing consumer protection statute, General Business Law § 349, and alters the compliance landscape for New York […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
