SUMMARY
In this article, attorneys from BCLP’s Financial Services Disputes and Investigations (FSDI) team predict the next Administration’s SEC Enforcement priorities. The FSDI team includes former SEC, FINRA, and CFTC enforcement attorneys and former federal prosecutors. The team advises clients on SEC and FINRA enforcement, and other securities litigation, matters.
How will President-elect Trump’s reelection impact the SEC’s enforcement priorities? We looked for clues from the first Trump Administration’s Enforcement program, and also from the agency’s current Republican Commissioners. In the new Administration, we expect the SEC (1) to emphasize protecting retail investors, (2) to refocus crypto enforcement actions on fraudsters, and (3) to take a more conservative approach to corporate disclosure and cybersecurity cases.
Protecting Retail Investors
During the first Trump Administration, the SEC Enforcement Division emphasized charging defendants who had harmed retail investors, such as in cases involving “accounting fraud, charging inappropriate or excessive fees, ‘pump-and-dump’ frauds, and Ponzi schemes…”[1]During the second Trump Administration, we think the SEC will do the same. That emphasis will likely mean a shift away from process-and-procedures-focused cases without obvious direct victims, like the off-channel communications sweep. Indeed, Republican SEC Commissioners Hester Peirce and Mark Uyeda recently expressed “deep reservations” about the off-channel cases, particularly the penalties and undertakings imposed on firms.[2](Firms might still see off-channel enforcement actions by FINRA, a broker-dealer regulator that is not an agency of the government.[3])
This emphasis on protecting retail investors will not necessarily mean a small Enforcement footprint; the SEC may still pursue industry-wide Enforcement sweeps. During the first Trump Administration, for example, Enforcement launched a share-class disclosure initiative, inviting firms to-self disclose recommendations that clients buy mutual fund share classes with high fees, when cheaper share classes were available.[4] The initiative impacted 95 advisers and returned over $139 million to investors, though firms avoided penalties by self-disclosing.[5] And it is worth noting that the total number of Enforcement actions filed during the first Trump Administration exceeded the number brought under Biden (3,152 vs. 2,824 enforcement actions, and 1,867 vs. 1,829 stand-alone actions).[6]
A Focus on Crypto Fraudsters
SEC Enforcement will also likely change course on crypto and blockchain-technology cases. The current political environment favors the crypto industry.[7]And the Commission’s Republican Commissioners, Peirce and Uyeda, have publicly dissented from crypto enforcement actions about non-fungible tokens[8]and about a crypto firm’s failure to register as a dealer.[9]Those Commissioners have also called for more guidance about which crypto assets are securities.[10] In addition, Commissioner Peirce has proposed a “safe harbor…which would allow token offerings to occur subject to a set of tailored protections for token purchasers”[11]and has questioned whether a “securities regulatory framework” is the best way to provide “customers transparency around terms and risks of crypto lending products.”[12]
But the SEC will likely continue to bring some crypto-related enforcement actions during the second Trump Administration. Indeed, the SEC brought such actions during the first Trump Administration.[13]And Republicans and Democrats alike seem to agree that some crypto transactions do involve securities within the agency’s jurisdiction; at least when those transactions involve fraud, the SEC will likely continue bringing charges. For example, in In the Matter of Wireline Inc., the SEC alleged that Wireline engaged in securities fraud (and also sold unregistered securities) when it raised funds from investors in return for a promised future token distribution, by misrepresenting “the viability of the [underlying blockchain] platform and the timetable for the issuance of the tokens.”[14]Commissioner Peirce issued a statement that she “support[ed] most of the Commission’s settled enforcement action against Wireline….” (She did raise concerns about a settlement term that prevented Wireline from distributing the tokens, arguing in part that the original capital raise was the securities transaction, that the underlying tokens might not be securities downstream, and that this provision ignored the distinction.)[15]
During the second Trump Administration, moreover, Congress may well pass legislation clarifying at least some digital assets’ regulatory status. This change could also impact the SEC’s crypto enforcement actions (especially actions not focused on fraud).
More Conservative Approach to Corporate Disclosure and Cybersecurity Cases
We also expect the SEC to pursue more conservative theories in corporate-disclosure and cybersecurity cases. Republican Commissioners have argued that recent enforcement actions of both types went too far.
In September 2024, for example, the SEC settled charges against Keurig Dr. Pepper Inc., alleging that the company had misrepresented in annual reports that, “without qualification, [] its testing and recycling facilities ‘validated[d] that [K-Cup beverage pods] can be effectively recycled…’”[16]The company’s research and testing did indicate that the pods were recyclable. But according to the SEC, the representation was misleading because, in reality, “two large recycling companies had indicated that they did not presently intend to accept pods for recycling…” because of “commercial” considerations. Commissioner Peirce dissented.[17]She argued that the company’s statement was not misleading, especially not materially so. She also argued that the SEC was engaged in “pedantic parsing” of the company’s statements and could prompt companies to “pad any statements they do make with a mountain of caveats.”
Similarly, in February 2023, the SEC settled charges against Activision Blizzard, including a charge concerning a risk-factor disclosure in the company’s public filings, which stated that the company’s success depended on retaining skilled employees. The SEC alleged that the company had failed to maintain sufficient controls and procedures to “ensure that information related to employee complaints of workplace misconduct” would reach personnel responsible for making public disclosures relating to this employee-retention risk factor.[18]Commissioner Peirce dissented, arguing in part that it was difficult to “see where the logic of this Order stops…If workplace misconduct must be reported to the disclosure committee, so too must changes in any number of workplace amenities and workplace requirements….” She added that the Commission was playing its “new favorite game ‘Corporate Manager.’”[19]
And in October 2024, the SEC brought settled enforcement actions against four companies impacted by a cyberattack. The SEC alleged that the companies had failed to update generic cybersecurity risk-factor disclosures in SEC filings to reflect actual cybersecurity breaches; omitted material details when publicly disclosing cyber events; or failed to maintain internal controls sufficient to ensure that information about cyber events timely reached those responsible for making disclosure decisions. Commissioners Peirce and Uyeda dissented from the orders, saying that the Commission was “engage[d] in hindsight review to second-guess the disclosures” and was also relying on “immaterial, undisclosed details to support its charges.”[20]The dissenting Commissioners argued that companies need only disclose the cyber events’ “impact,” not the “details regarding the incident[.]” Those Commissioners also argued that whether “risk factors need to be updated because certain hypothetical risks have materialized is not always a straightforward matter, and the Commission should be judicious in bringing charges in this area.”
In addition to cases about alleged disclosure failures, the SEC might also be more conservative in alleging that companies maintain inadequate cybersecurity protections. In June 2024, the SEC settled charges[21]against a public company that suffered a cyberattack. The company allegedly had not established sufficient controls and procedures concerning cybersecurity incidents, a failure which was ultimately “exploited by hackers.” As a result, the SEC alleged (in part), the company had violated Section 13(b)(2)(B) of the Exchange Act, i.e., failing to “maintain a system of internal accounting controls sufficient to provide reasonable assurances…that access to company assets [was] permitted only” as management authorized. (Emphasis added.)
Commissioners Peirce and Uyeda dissented. They argued[22]that equating an alleged cybersecurity-controls failure with an accounting-controls failure under Section 13(b)(2)(B) “gives the [SEC] a hook to regulate public companies’ cybersecurity practices.” According to the dissent, section 13(b)(2)(B) does not extend so far: In the dissent’s view, the requirement to establish accounting controls sufficient to protect “company assets” concerns “assets” that are the subject of corporate transactions, not assets like computer systems. The following month, a federal district court similarly rejected the SEC’s interpretation of section 13(b)(2)(B), saying that the accounting-controls provision “refers to a company’s financial accounting.” SEC v. SolarWinds, 2024 WL 3461952, at *49 (S.D.N.Y. July 18, 2024).
Conclusion
In the next four years, we expect the SEC to take a business-as-usual approach to Ponzi schemes, insider trading, and other types of securities fraud. But the agency may take a different approach to cases without retail-investor victims, to crypto enforcement actions that do not involve fraudsters, and to cases about corporate disclosure and cybersecurity.
[1] Stephanie Avakian and Steven Peikin, “Oversight of the SEC’s Division of Enforcement,” (May 16, 2018)
[2] Cmr. Peirce and Cmr. Uyeda, “A Catalyst: Statement on Qatalyst Partners LP,” (Sept. 24, 2024)
[3] Dave Michaels, Wall Street Journal, “SEC’s Grewal Moves to Wall Street After Turning Tough as its Overseer,” (Oct. 15, 2024). Like us, former Enforcement Director Grewal predicts an end to the SEC’s off-channel communications cases, a less aggressive approach to “lapses in cybersecurity controls and other financial conduct,” and a changed approach to cryptocurrency cases. Id.
[4] “SEC Share Class Initiative Returning More than $125 Million to Investors,” (Mar. 11, 2019).
[5] “SEC Orders Three Self-Reporting Advisory Firms to Reimburse Investors,” (April 17, 2020).
[6] “Addendum to Division of Enforcement Press Release, Fiscal Year 2024,” (Nov. 22, 2024); “2020 Annual Report, Division of Enforcement,” (Nov. 2, 2020), https://www.sec.gov/files/enforcement-annual-report-2020.pdf.
[7] MacKenzie Sigalos, CNBC.com, “Here’s what Trump promised the crypto industry ahead of the election,”; Fredreka Schouten, CNN.com, “The crypto industry plowed tens of millions into the election. Now, it’s looking for a return on that investment,” (Nov. 17, 2024).
[8] Cmr. Peirce and Cmr. Uyeda, “Collecting Enforcement Actions: Statement on Stoner Cats 2, LLC,” (Sept. 13, 2023); Cmr. Peirce and Cmr. Uyeda, “Omakase: Statement on In the matter of Flyfish Club, LLC,” (Sept. 16, 2024).
[9] Cmr. Peirce and Cmr. Uyeda, “On Today’s Episode of as the Crypto World Turns; Statement on ShapeShift AG,” (March 5, 2024).
[10] Cmr.. Peirce and Cmr. Uyeda, “In the Matter of Coinschedule,” (July 14, 2021).
[11] Supra, “In the Matter of Coinschedule.”
[12] Cmr. Peirce, “Statement on Settlement with BlockFi Lending LLC,” (Feb. 14, 2022).
[13] Steven Peikein, “Keynote Address to the UJA Federation,” (May 15, 2018).
[14] Order Instituting Proceedings, In the Matter of Wireline, Inc., File No. 3-20206 (Jan. 15, 2021).
[15] Cmr. Peirce, “Concurrence in the Matter of Wireline Inc.,” (Jan. 15, 2021).
[16] In the Matter of Keurig Dr. Pepper, File No. 3-22100, (Sept. 10, 2024).
[17] Cmr. Peirce, “Not so Fast: Statement on In the Matter of Keurig Dr. Pepper Inc.,” (Sept. 10, 2024).
[18] In the Matter of Activision Blizzard, File No. 3-21294, (Feb. 3, 2023).
[19] Cmr. Peirce, “The SEC Levels Up: Statement Regarding In re Activision Blizzard,” (Feb. 3, 2023).
[20] Cmr. Peirce and Uyeda, “Statement Regarding Administrative Proceedings Against Solar Winds Customers,” (Oct. 22, 2024).
[21] In the Matter of RR Donnelly and Sons Co., File No. 3-21969, (June 18, 2024).
[22] Cmr. Pierce and Cmr. Uyeda, “Hey, look, there’s a hoof cleaner! Statement on R.R. Donnelley & Sons, Co.,” (June 18, 2024).
[View source.]