Accelerated Pace and Increased Regulatory Expectations in Enforcement and Compliance Investigations
January 17, 2023
The Securities and Exchange Commission (SEC) and Department of Justice (DOJ) ramped up their enforcement efforts in 2022, often in highly coordinated actions, including with other regulatory agencies such as the Commodity Futures Trading Commission (CFTC), Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). The DOJ also announced major policy changes regarding corporate criminal enforcement and took steps to convey its seriousness in pursuing actions against individual wrongdoers, recidivists and companies that fail to maintain effective compliance programs. The SEC was particularly active, setting its record for civil penalties and continuing its enforcement focus on insider trading, digital assets and Environment, Social and Governance (ESG) disclosures.
The SEC reported 760 enforcement actions filed in 2022, a 9% uptick from 2021. With a record $4.2 billion in civil penalties in its 2022 fiscal year, the SEC realized its goal to see penalties “recalibrated” upward across the board. Several blockbuster corporate settlements showcased the SEC’s continued focus on traditional areas such as investment advisers, broker-dealers and issuer accounting and disclosure, as well as its priority to ensure individual accountability. Finally, in light of significant volatility in digital asset markets, including the collapse of the digital asset trading platform FTX, the SEC continues to pursue an aggressive litigation and investigation posture towards all actors in the industry, including platforms, lenders and digital asset issuers.
Last year, the SEC assessed over $1.2 billion in penalties for violations of recordkeeping requirements relating to the use of “off-channel” communications such as text messages and messaging apps by employees of some of the largest banks, broker dealers and investment advisers. The SEC’s sweep of the market has expanded to hedge funds and private equity firms and will certainly continue into next year. Financial institutions (and any others subject to the recordkeeping provisions of the federal securities laws) should pay particular attention to their policies regarding the use and monitoring of employee communications, especially in light of new app-based messaging practices on employees’ personal devices and messaging systems with the capacity to permanently delete conversations and message threads, whether selectively or automatically.
Having doubled the size of the Enforcement Division’s Cyber Unit (renamed the Crypto Assets and Cyber Unit), the SEC signaled its commitment to ramp up enforcement in the digital asset space, all against the backdrop of parallel regulatory and legislative efforts to establish a workable regulatory framework for this nascent industry. The SEC continues to assume the role of “cop on the beat” with respect to digital assets, pursuing a broad range of actions that includes charges of unregistered securities offerings, fraud, insider trading and disclosure violations. This includes auditors responsible for evaluating the financials of firms in the crypto industry. In the wake of FTX’s collapse, these investigations and litigated actions will inevitably continue into next year, with SEC Chair Gary Gensler signaling that the “roadway is getting shorter” for non-compliant crypto issuers and exchanges to register with the agency. Litigation to follow in 2023 includes the SEC’s first digital asset insider trading case against a former employee of a digital asset trading platform and alleged co-conspirators who allegedly traded on non-public information about digital asset listings on that platform, as well as a potential decision on summary judgment motions in the SEC’s case against Ripple Labs Inc. and two of its executives, which is seen as a bellwether for when digital assets are considered securities.
The SEC continues to pursue actions against regulated entities for allegedly misleading disclosures and omissions related to ESG issues. In May 2022, the SEC and BNY Mellon Investment Adviser, Inc. settled claims that the investment advisor misled investors about its consideration of ESG principles in making investment decisions for certain mutual funds it managed. The SEC’s Climate and ESG Task Force will remain focused in 2023 on applying time-tested theories concerning materiality, accuracy of disclosures and fiduciary duty in the ESG context.
The DOJ continued to provide additional detail regarding new policy initiatives previewed in 2021 and anticipated the rollout of even more policies to come in 2023. New appointments at the Department signal the Biden Administration’s focus on enhancing corporate compliance programs both through enforcement actions and policy guidance. The DOJ’s focus is to empower compliance personnel to adopt measures that lead to increased prevention, detection and mitigation of misconduct, including greater cooperation with authorities and higher likelihood of self-reporting. Prosecutors across all DOJ units have been urged to adopt policies that will further incentivize self-reporting and cooperation.
Corporate Enforcement Policies
In September, the DOJ released a memorandum providing guidance to prosecutors in several key corporate criminal enforcement areas. Individual accountability will be paramount to how the DOJ expects corporations and their counsel to conduct investigations. In order to obtain cooperation credit, the DOJ has made clear that it expects companies to identify everyone involved in the relevant conduct and to make timely and complete disclosures regarding those individuals. Companies with a history of misconduct, regardless of the criminal or civil nature of such misconduct, will need to be prepared to address that history and distinguish it from the conduct at issue. Timely voluntary self-disclosure will be rewarded, and the DOJ has committed to providing further guidance on the benefits of self-reporting in the coming months, in addition to guidance on the use of personal devices and third party messaging applications and compensation clawback provisions that will be relevant to cooperation in DOJ investigations.
The DOJ has reinvigorated the corporate monitorship program, which was relatively dormant during the Trump administration. In 2022, the DOJ reached four Foreign Corrupt Practices Act (FCPA) resolutions, with Stericycle Inc., Glencore plc, GOL Airlines S.A. and ABB Ltd. Both Stericycle and Glencore agreed to the imposition of corporate monitors. As part of a coordinated resolution between the DOJ and CFTC, Glencore had one compliance monitor imposed as part of its settlement regarding FCPA violations and a separate compliance monitor with respect to market manipulation violations. In what will likely be an increasingly common feature of resolutions going forward, both the Glencore and GOL Airlines resolutions required “compliance certifications” attesting to the strength of the companies’ compliance programs. The DOJ also declined to prosecute JLT Group Holdings for violations of the FCPA in light of voluntary self-reporting by the company regarding bribe payments to Ecuadorian government officials. The DOJ still sought disgorgement from JLT Group and, consistent with its stated priorities, prosecuted five individuals involved in the misconduct.
Several major events in the digital asset space, including the collapse of the trading platform FTX and the algorithmic stablecoin Terra, have led to increased investigations and litigation by the DOJ. Consistent with its focus on individual accountability, the DOJ has also sought to prosecute actors in this space for alleged insider trading, market manipulation and money laundering, among other criminal allegations. Unlike the SEC, the DOJ has been able to pursue actions without needing to prove that the underlying digital assets are securities. With the indictment of FTX leaders including CEO Sam Bankman-Fried in December 2022, it is clear that this space will continue to be active in 2023 and will be characterized by heavily coordinated investigative activity and litigation by the SEC, CFTC and DOJ.
Boards of directors should be prepared for investigations and enforcement actions designed to implement policy goals announced by the agencies throughout the past year.
- Investigations will proceed at an accelerated pace, and prosecutors and regulators will expect facts regarding any culpable individuals to be front-loaded. Failure of companies under investigation to cooperate expeditiously may result in reduced cooperation credit.
- The DOJ will be particularly focused on whether executives and high-ranking employees have compensation clawbacks in their contracts that encourage compliance with DOJ investigations.
- All companies subject to any recordkeeping provisions of the federal securities laws should establish robust policies and employee training and guidance regarding use of personal communication channels, use of workplace devices and document retention, especially where, as a practical matter, a substantial amount of business is conducted using such channels.
- All companies should evaluate their risk exposure to digital assets and the disclosures and representations to counterparties and the public regarding accounting for those assets.
- Companies—particularly those in the oil and gas, mining, automotive, aerospace and industrial sectors—should continue to devote resources to their internal monitoring and compliance protocols for ESG targets and anti-corruption in light of the Biden administration’s targeted focus on these topics.
 Deputy Attorney General Memorandum, “Corporate Crime Advisory Group and Initial Revisions to Corporate Criminal Enforcement Policies” (October 28, 2021), available here. See also our November 2021 alert memo available here.
 See, e.g., Dylan Toker, “Hewlett Packard Enterprise Executive to Lead Justice Department’s Fraud Section” (June 7, 2022), available here; Dylan Toker, “Justice Department Recruits AB InBev Data Expert to White-Collar Crime Force” (September 8, 2022), available here.
 Deputy Attorney General Memorandum, “Further Revisions to Corporate Criminal Enforcement Policies Following Discussions with Corporate Crime Advisory Group” (September 15, 2022), available here. See also our September alert memo available here.
 In an effort at increased transparency, the DOJ last year also released a consolidated list of monitors from the past ten years. See DOJ Corporate Enforcement, Compliance and Policy Unit, “List of Independent Compliance Monitors for Active and Previous Fraud Section Monitorships” (last updated December 13, 2022), available here.