The SEC’s Record Year for Compliance Enforcement & What That Means for 2023

  • January 20, 2023
  • Quantivate

The Securities and Exchange Commission (SEC) has been making headlines with a record-breaking year for enforcement in 2022.

The SEC reported that it filed 760 enforcement actions and imposed $6.4 billion in penalties and disgorgement (the return of wrongfully obtained money), the highest amount recorded for a single fiscal year in the agency’s history.

“While we set a Commission record this past fiscal year for total money ordered at $6.4 billion, including a record $4.2 billion in penalties, we don’t expect to break these records and set new ones each year because we expect behaviors to change,” said Gurbir S. Grewal, Director of the Division of Enforcement. “We expect compliance.”

SEC Compliance: Expect Increased Scrutiny, Higher Penalties

Grewal, who took control of the division in 2021, operates under the belief that organizations receiving enforcement actions have viewed fines as merely another cost of doing business. As a result, in 2022, the SEC focused on a more robust approach to enforcement designed to deter misconduct and violations, establish accountability, and provide a compliance roadmap for other firms.

This “recalibrated” approach to enforcement signals that stiff penalties for non-compliance are likely the new normal, Bloomberg Law points out. The SEC’s recent activity sets a precedent for 2023 and future years, and financial services organizations and their compliance teams should take notice.

“Corporate penalties can affect a company’s bottom line and jeopardize the jobs of in-house lawyers and compliance officers, since they are often blamed for not preventing the violations in the first place. These individuals need to know that what might once have been a simple recordkeeping issue or administrative weakness, and thus lower-priority, is now a potentially significant liability. 

That was presumably the point. As the SEC makes regulatory foot-faults more expensive, companies will be incentivized to invest more in their compliance programs to make sure that fewer errors occur.”

Areas of Focus and Outlook for 2023

The SEC’s 2022 enforcement actions targeted issues including cryptocurrency, cybersecurity and compliance, and ESG. As these areas continue to attract regulatory and legislative scrutiny, now is the time for financial services organizations to ensure that their compliance and risk management practices are effective and up to date.


The SEC nearly doubled the size of its Crypto Assets and Cyber Unit workforce last year. The agency issued 30 cryptocurrency-related enforcement actions in 2022, up 50% from 2021 and the highest number since 2013, according to a Cornerstone Research report.

Cybersecurity and Compliance

The SEC plans to implement standardized practices regarding risk management, governance, and reporting processes. The new rules would require organizations to report on past and current incidents, policies and procedures to identify and manage risks, and the role of management in assessing the current cybersecurity risk environment.

Recent enforcement actions in this area have targeted firms’ record-keeping and ability to safeguard customer information.

“These cases, and others like them, reflect the critical importance of firms ensuring that their policies, procedures, and practices keep pace with technological developments and the resulting changes in how business is conducted,” the SEC noted in its 2022 enforcement results.

Related ReadingImproving Data Security and Privacy

Environmental, Social, and Governance (ESG) Concerns

ESG is a growing area of focus for the SEC Enforcement Division. The agency has proposed new rules that would give Enforcement staff additional tools to track and target investment advisers and funds pursuing ESG strategies, the Harvard Law School Forum on Corporate Governance reports. Recent enforcement actions have charged firms with inadequate ESG policies and procedures and failure to act consistently with ESG disclosures.

As the SEC and other regulators consider standards for ESG compliance and reporting, organizations need to be proactive about building capabilities that equip them to adapt to shifting regulatory obligations.


The Securities and Exchange Commission has made its intentions clear: in the coming year, the agency is seeking more funding to enhance enforcement efforts. As the SEC penalizes misconduct and non-compliance with higher fines, it is more important than ever for organizations to have a full understanding of their compliance obligations and develop effective and efficient means of mitigating risk.

Read Next The Costs of Non-Compliance