Top SEC Enforcement Actions of 2024 and What Investment Advisers and Broker-Dealers Can Learn from Them

The U.S. Securities and Exchange Commission (“SEC”) continued to play a vital role in ensuring firms’ compliance with securities regulations in its mission to protect investors and promote transparency. In 2024, enforcement actions resulted in a record-breaking $8.2 billion in financial remedies. Interestingly, the number of enforcement actions dropped by 26% compared to 2023, as the SEC adopted a new strategy of high-impact actions and promoting self-reporting.

Areas that received the most scrutiny this year included emerging technology and alternative currency, off-channel communications, and cybersecurity.

This month’s Risk Management Tip focuses on five key SEC enforcement actions and violations of 2024, and how investment advisers, broker-dealers, and others can use these lessons to enhance their compliance programs and avoid costly mistakes.

  1. Crypto Assets: The SEC vs. Terraform Labs and Do Kwon

In 2024, the SEC filed charges against Terraform Labs and its founder, Do Kwon, for fraudulent activities and market manipulation, as well as failing to register the crypto assets as securities. The SEC held Terraform and Kwon liable for securities fraud involving crypto assets, resulting in $4.5 billion in penalties and other fines[1].

Takeaway: For advisory firms and broker-dealers, this case serves as a cautionary tale about the potential risks of engaging in the crypto market without proper registration. Firms should ensure that they fully understand whether the crypto assets they offer are classified as securities, as this classification brings them under stringent SEC regulations. Failure to comply with these regulations, or misclassify assets can result in severe penalties, reputational damage, and client mistrust. Compliance with the Securities Act is critical to ensuring that firms do not make misleading claims.

  1. Cybersecurity: The SEC vs. Morgan Stanley

One of the notable cases of 2024 involved Morgan Stanley, which faced significant SEC penalties for Block Trading fraud and cybersecurity violation.[2] The SEC found that the firm had not implemented adequate measures to supervise bankers’ activities and failed to implement proper cybersecurity to protect consumers’ non-public information.

Takeaway: Firms must prioritize cybersecurity as a core part of their operations. Implementing data encryption, training staff to identify and report potential breaches, and conducting regular risk assessments are essential steps to comply with Regulation S-P. Ensuring your firm is up to date with the latest cybersecurity practices can help prevent costly penalties and reputational harm.

  1. SEC Marketing Rule: Misleading Advertising Practices

In 2024, the SEC brought enforcement cases against more than a dozen firms[3] for violations to the Marketing Rule. The SEC’s actions reinforced the importance of adhering to the Marketing Rule introduced in 2022, especially considering digital platforms, and highlighted the importance for firms to implement robust compliance measures to ensure their marketing efforts do not violate compliance requirements under Rule 206(4)-1.

Takeaway: Firms must exercise caution when promoting their services, especially on new digital platforms. The Marketing Rule requires that advertisements accurately reflect the risks involved in any investment, and that claims about past performance or potential returns are substantiated. Firms should review all marketing materials, implement approval processes for promotional content, and ensure that marketing teams are trained on the importance of transparency and full disclosure.

  1. Off-Channel Communications: SEC’s Crackdown on Off-Channel Communications

Off-channel communications was a hot topic in 2024, mainly due to the SEC’s blanket requirement that all business communications must be documented.

In 2024, the SEC brought enforcement actions against more than 70 firms for violations of the Recordkeeping rule, fining over $600 million in penalties [4] for failure to track, monitor, and/or maintain adequate records of all business communications. The majority of violations resulted from a lack of adequate monitoring of communications that took place over off-channel, unapproved platforms.

Takeaway: Firms need to implement systems that can track, store, and review off-channel communications to ensure compliance with FINRA and SEC requirements. Firms should invest in tools that capture text messages, encrypted chats, and communications on company-approved platforms (such as Zoom or WhatsApp). Additionally, ongoing training for staff and key members of the organization is instrumental in developing a firm culture that establishes clear communication policies and adheres to them.

  1. Emerging Tech Risks: Artificial Intelligence

AI presents significant opportunities for innovation, but the SEC raised concerns about the potential for market manipulation and lack of transparency in AI-driven investment decisions. Firms that deploy AI must ensure that they are transparent about how these technologies influence investment recommendations and comply with Securities Act disclosure rules.

In addition, adequate supervision and disclosure of the use of AI is necessary to avoid misleading clients about a firm’s use of AI. In 2024, the SEC took enforcement actions against two advisers on allegations of “AI-washing” and violations of the Marketing Rule[5], stating that the firms engaged in misleading marketing regarding their use of AI. The penalties serve as a clear indication of the scrutiny firms face as they integrate AI into operations and the importance of accounting for AI in compliance efforts.

Takeaway: Firms using AI and automation tools in their advisory or brokerage activities must ensure that they are compliant with Reg BI and Securities Act disclosure requirements. This includes ensuring transparency about the use of AI in investment decision-making processes and documenting how these technologies are used to make recommendations. Regular audits of AI tools and their compliance with regulations are essential to mitigate legal risks.

The SEC’s enforcement actions in 2024 underscore the importance of staying ahead of emerging risks in the financial sector, particularly in the areas of cybersecurity, off-channel communications, cryptocurrency, marketing practices, and the use of new technologies like AI. Investment advisers, broker-dealers, and others in the financial space must be proactive in their compliance efforts, ensuring that they are adhering to key regulations.

By focusing on transparency, maintaining effective communication policies, and implementing rigorous cybersecurity measures, firms can minimize the risk of costly penalties and safeguard their reputations in an increasingly complex regulatory environment.

Author: Michelle L. Jacko, Managing Partner, Jacko Law Group, PC (“JLG).

JLG works extensively with investment advisers, broker-dealers, investment companies, private equity and hedge funds, banks, and corporate clients on securities and corporate counsel matters, including succession planning. For more information, please visit https://www.jackolg.com/.

The information contained in this article may contain information that is confidential and/or protected by the attorney-client privilege and attorney work product doctrine. This email is not intended for transmission to, or receipt by, any unauthorized persons. Inadvertent disclosure of the contents of this article to unintended recipients is not intended to and does not constitute a waiver of attorney-client privilege or attorney work product protections.

The Risk Management Tip is published solely based on the interests and relationship between the clients and friends of the Jacko Law Group P.C. (“JLG”) and should in no way be construed as legal advice. The opinions shared in the publication reflect those of the authors, and not necessarily the views of JLG. For more specific information or recent industry developments or particular situations, you should seek legal opinion or counsel.

You hereby are notified that any review, dissemination or copying of this message and its attachments, if any, is strictly prohibited. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions.

 

[1] U.S. Securities and Exchange Commission. “Terraform and Kwon to Pay $4.5 Billion Following Fraud Verdict.SEC.gov, 20 Dec. 2024.

[2]Fraud in Block Trading Business.” SEC.gov, 6 Feb. 2024.

[3] U.S. Securities and Exchange Commission. “SEC Announces Fiscal Year 2024 Enforcement Results.” SEC.gov, 19 Dec. 2024.

[4]2024 SEC Enforcement Results: Takeaways for Fund Managers.” The National Law Review, 19 Dec. 2024.

[5] U.S. Securities and Exchange Commission. “SEC Charges Two Investment Advisers with Making False and Misleading Statements About Their Use of Artificial Intelligence.” 5 Mar. 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *