Authors
Q3 marked an uptick in activity at the U.S. Securities and Exchange Commission (SEC), at least until the federal government shutdown began at 12:01 a.m. on October 1, effectively halting most enforcement investigative activity. During the quarter, the SEC finally saw the appointment of an Enforcement Director. Judge Margaret “Meg” Ryan was sworn in as Director on September 2, 2025. Acting Director Sam Waldon will stay at the Commission, returning to his former role as Chief Counsel for Enforcement. Judge Ryan had served as a senior judge of the United States Court of Appeals for the Armed Forces since 2006 and was also a lecturer on military law and justice at Harvard University Law School. While it remains unknown what mark Judge Ryan will make during her somewhat surprising turn at the Commission, the SEC has made clear its enforcement priorities lie in traditional areas such as disclosure fraud, insider trading and market manipulation, and breaches of duties by registrants.
In this special edition of our enforcement newsletter, we share key insights gained from the recent Securities Enforcement Forum Central in Chicago. The conference’s stellar faculty – including numerous senior SEC enforcement officials and more than 40 other luminaries in securities enforcement, such as recent lateral joiner and Global Regulatory Enforcement partner Rebecca Fike, who served as Program Chair and moderated the insider trading panel – discussed the most pressing and critical issues in securities enforcement. Topics included financial and accounting fraud, the impact of artificial intelligence (AI), advanced litigation and investigation strategies, managing SEC-related criminal matters, financial firms, cryptocurrency, whistleblowers, insider trading, and cybersecurity. We hope you find these key takeaways useful and enjoy this special feature; look out for our next update, where we will be taking a deeper dive.
Key takeaways
1. Shifting priorities and a focus on fraud
As discussed in our Q1 update, the SEC has signaled an entirely new approach to cryptocurrency regulation and FCPA enforcement, opting to pull from the conference any current SEC staff who were scheduled to speak on either topic. This move further confirms that the SEC is prioritizing a “back to basics” enforcement strategy that is focused on (1) insider trading; (2) accounting and disclosure fraud; (3) market manipulation; and (4) breaches of fiduciary duties by investment advisors.
Panelists noted that, given the recent structural and staff changes, enforcement activity seems to have slowed down as they wait for guidance from Chair Atkins and Judge Ryan on the agency’s enforcement priorities. Current SEC staff members referenced a renewed openness under the current administration for staff to engage in early conversations with corporations that have rooted out an error or bad actor and are seeking swift resolution. Private practitioners noted that under prior administrations, the benefits of cooperation and self-reporting were less clear.
While there have been far fewer actions brought under the Chair Atkins SEC so far, based on statements from the panelists, we anticipate that the SEC will remain focused on garden variety fraud. This prediction is supported by the SEC’s most recent actions announcing charges against individuals for alleged Ponzi schemes and material misstatements.
2. Social media risks and emerging technologies
Multiple panels highlighted both the use of, and the risks associated with, social media and emerging technologies such as AI, with respect to SEC enforcement.
A. Artificial intelligence and emerging technologies
Panelists noted that the rise in AI use doesn’t present novel issues for SEC enforcement, but rather, it creates risks for registrants – something the SEC is used to evaluating. Registrants should work to ensure that any representations regarding the use of AI by their business are accurate. There are instances in which companies, particularly in the start-up space, claim to rely on AI for their operations, when in reality, operations remain mostly manual. AI can also create a variety of compliance risks. First, if AI or any other emerging technology is employed in furtherance of compliance, regulators will want to understand the technology being used and whether any programs employed are actually doing what the company thinks and claims it is doing. Second, registrants need to understand the AI tools they are using, including whether the tool is trained solely on company information and inputs. Third, as third-party programs a company may already use start to implement AI into their platforms, counsel will need to verify that the use of these programs comports with applicable laws. For example, many programs have implemented auto transcription of meeting notes, but some states require two-party consent for the use of these tools. Finally, many emerging technology products are being brought to the market quickly and lack the necessary security and audit tools that registrants require to ensure compliance. Counsel should vet any potential programs to evaluate whether they are suitable from a compliance perspective.
SEC staff noted that the Commission is taking a technology-neutral approach to enforcement, meaning that neither the use of an emerging technology nor the absence of one will be an indicator to staff that misconduct occurred. Staff also noted that the SEC continues to implement new technology to root out misconduct and currently uses AI. For information related to the SEC’s use of AI, you can visit the website.
B. Social media
Social media continues to play a role in SEC enforcement and remains a frequently named forum for SEC violations. While the SEC’s rules were promulgated before this technology existed, their application is simple: If you are making a statement about the company, you need to ensure that the statement is true; otherwise, the SEC can and will charge it as a fraudulent misstatement, regardless of where the statement is made.
Panelists acknowledge that some industries, particularly those in crypto, require building rapport with their customer base by frequent engagement on social media. And, in fact, private practice experts generally agreed that the majority of traditional social media use by a company CEO should not be a red flag for the SEC. For example, a CEO who wants to post on social media about the market generally, or about their travels, would not create enforcement risk. However, posts launching a new product or commenting on earnings prior to an earnings announcement would absolutely raise concern with the SEC.
Social media activity specifically discussing share prices or trading activity also carries a huge risk of potential enforcement action. For example, on September 19, 2025, the SEC successfully secured a violation for securities fraud and manipulative trading against Steven M. Gallagher. Gallagher used his social media account to encourage followers to buy stocks in which he had already amassed holdings. He then sold those stocks while continuing to recommend others buy them, never disclosing that he was selling the stocks, amassing profits of over $2.6 million.
3. Establishing a culture of compliance
Panelists indicated that while the SEC has taken a step back, compliance remains critically important. Indeed, the SEC taking a step back from its enforcement of technical violations and broad market sweeps means that registrants have the opportunity to beef up their internal compliance practices to prevent problems from developing, and to be ready when the SEC or private litigants bring action. In-house counsel should continue to work on their internal relationships to establish a strong culture of compliance. Indeed, the media attention touting a slimmed-down SEC could give companies the wrong impression that there will be no enforcement. That’s not realistic. Further, given the five-year statute of limitations for SEC enforcement, wrongdoing today could lead to enforcement actions later in this administration, or under a new administration. In-house counsel should use this time to get their compliance in order, ensuring a robust program and strong relationships that ensure they are the first point of contact when a potential issue or violation occurs.