Securities Enforcement Roundup – November 2025

In this issue of our monthly Securities Enforcement Roundup, we highlight top securities enforcement developments from November 2025.

In November 2025:

• The Division of Examinations of the Securities and Exchange Commission (SEC or Commission) announced its fiscal year 2026 examination priorities, which provide valuable insight into the SEC’s focus areas for the coming year.
• The SEC continued to shift personnel at the leadership level in the Division of Enforcement.
• After the government shutdown ended, the SEC lifted the stay on ongoing and new administrative proceedings.
• The SEC filed several new matters during the government shutdown, underscoring the Commission’s focus on traditional fraud-based claims.
• The SEC sued six investment advisers for alleged misrepresentations in Form ADV filings.
• The SEC voluntarily dismissed its high-profile enforcement case against SolarWinds and its chief information security officer (CISO).
• The SEC secured a summary judgment win against two pharmaceutical companies and their founder for material misrepresentations in connection with securities offerings.
• Chairman Paul Atkins delivered a speech revisiting his announcement of “Project Crypto.”
• The SEC settled a lawsuit alleging failure to protect customer data.
• A broker-dealer was fined by Financial Industry Regulatory Authority (FINRA) for allegedly violating Regulation SHO.

SEC’S DIVISION OF EXAMINATIONS ANNOUNCES FISCAL YEAR 2026 EXAMINATION PRIORITIES

The publicly released priorities identify strategic focus areas to guide the work of the Division of Examinations in the upcoming year and provide valuable insights into the SEC’s approach to promoting compliance, preventing fraud, and monitoring risk in US capital markets.[1] The fiscal year 2026 priorities are as follows:

• Investment Advisers: Heightened Scrutiny of Fiduciary Standards – The Division will place particular scrutiny on investment advisers’ adherence to fiduciary standards of conduct. Examiners will review investment advice and disclosures for consistency with fiduciary obligations, especially regarding the management of financial conflicts of interest, product recommendations, and execution quality. Special attention will also be paid to complex and alternative investment products (including, specifically, private credit and other private funds with extended lock up periods), recommendations to older investors and those saving for retirement, and advisers with potential conflicts (including fee-related conflicts) resulting from dual registration or recent merger and acquisition activity (e.g., advisers that have recently merged with, acquired, or been acquired by, another adviser). In line with these exam priorities, we understand that the exam staff is running a marketing rule sweep on alleged endorsement activity in connection with adviser merger and acquisition activity. The effectiveness of compliance programs will also be assessed, including whether policies and procedures are reasonably designed to address conflicts of interest and prevent advisers from putting their own interests ahead of those of clients.
• Investment Companies: Emphasis on Compliance and Governance – Registered investment companies (RICs), including mutual funds and ETFs, will be a primary focus. Examinations will assess compliance programs, disclosures, governance, fund fees and expenses, portfolio management, and adherence to the amended fund “Names Rule,” the first compliance date for which is not until June 2026. The Division will monitor RICs engaged in mergers, those employing complex strategies or holding illiquid investments, and those with novel strategies, which aligns with recent trends toward increased access for retail investors to alternative strategies via registered closed-end funds. Never-before-examined and recently registered RICs will also be high-priority targets.
• Broker-Dealers: Financial Responsibility and Retail Sales Practices – Broker-dealer examinations will focus on compliance with key financial responsibility rules, including the net capital rule and customer protection rule, as well as operational resiliency programs and risk management controls. Trading-related practices—such as best execution, pricing and valuation of illiquid instruments, and compliance with Regulation SHO and Regulation ATS—will be under review. The Division will also scrutinize retail sales practices, including compliance with Reg BI, the identification and mitigation of conflicts, and recommendations involving complex or tax-advantaged products. Examinations will further assess dual registrants’ practices and the accuracy of disclosures in Form CRS.
• Self-Regulatory Organizations: Oversight of Regulatory Obligations – The Division will assess national securities exchanges, FINRA, and the Municipal Securities Rulemaking Board for their compliance with regulatory obligations. The focus will be on investor protection initiatives and the effectiveness of risk assessment processes implemented by these self-regulatory organizations.
• Clearing Agencies: Systemic Risk and Regulatory Compliance – Pursuant to Title VIII of the Dodd-Frank Act, the Division will conduct annual examinations of systemically important clearing agencies. These examinations will focus on risk management frameworks, remediation of prior deficiencies, and compliance with the Commission’s Standards for Covered Clearing Agencies. Other areas of focus will include security-based swap data repositories and entities exempted from clearing agency registration.
• Other Market Participants: Broader Regulatory Coverage – The Division will examine a range of other market participants, including municipal advisors, transfer agents, funding portals, security-based swap dealers, and security-based swap execution facilities. Examinations will focus on compliance with fiduciary duties, recordkeeping, regulations such as Reg S-P and Reg SBSR – Reporting and Dissemination of Security-Based Swap Information, and risk management practices.
• Risk Areas Impacting All Market Participants: Cybersecurity and Technology – Information security and operational resiliency remain critical priorities. The Division will focus on cybersecurity, compliance with Regulations S-ID and S-P, and the implementation of incident response programs. The use of emerging financial technology, including artificial intelligence and automated investment tools, will be scrutinized to ensure fair and accurate representations, consistency with disclosures, and adequate supervisory controls. Regulation Systems Compliance and Integrity entities will be reviewed for incident response and third-party vendor risk management. Anti-money laundering (AML) compliance will also remain a focus, with examinations assessing the design and implementation of AML programs, independent testing, customer identification, and compliance with Office of Foreign Assets Control sanctions.

The 2026 priorities signal the SEC’s continued emphasis on robust compliance programs, effective risk management, and the protection of investors across the financial markets. In particular, the focus on investment advisers’ fiduciary standards of conduct as it relates to alternative investments is consistent with increased retail investor interest in and acceptance of private equity and other alternatives in more traditional portfolios.

The diagram below provides a comparison between some of the key areas in the 2025 and 2026 examination priorities:

SEC EXPERIENCED ADDITIONAL LEADERSHIP CHANGES

As noted in our August 2025 monthly enforcement roundup, Judge Margaret Ryan became the SEC’s Director of the Division of Enforcement starting September 2, 2025. Shortly after Judge Ryan started in this role, the government shut down due to the lapse in appropriations. Since the government shutdown ended, there have been other leadership changes in the Division of Enforcement. On November 13, 2025, the SEC announced that, Antonia Apps, who oversaw the New York, Boston, Philadelphia, and Chicago regional offices as a Deputy Director, would be departing the agency on December 1, 2025.[2]

The SEC’s publicly available staff directory for the Division of Enforcement now lists Samuel Waldon, the former acting Director of Enforcement and former chief counsel for the Division, as deputy director.[3] The staff directory also lists Mark Cave as the new chief counsel for the Division. Cave previously served as an associate director in the Washington, DC headquarters. Both Waldon and Cave are veteran members of the Division of Enforcement and are expected to serve as close counselors to Judge Ryan.

SEC LIFTS STAY ON ADMINISTRATIVE PROCEEDINGS AND CLARIFIES EXTENSIONS

On November 13, 2025, the SEC lifted the stay of administrative proceedings that had been in place since the government shutdown on October 1, 2025.[4] The SEC order adjusted procedural timelines and provided guidance for further extensions. The Commission’s order clarified that the 43-day period from October 1 to November 12, 2025, is excluded from the computation of all deadlines prescribed under the Commission’s Rules of Practice or any order issued by the Commission or a hearing officer.

Additionally, the Commission automatically imposed an additional 10-day extension on top of the 43 days, to “any period, deadline, or other date extended by the October 1, 2025 order.”

SEC BROUGHT CASES FOCUSED ON INVESTOR FRAUD DURING THE SHUTDOWN

Notwithstanding the government shutdown, the SEC filed several new cases, primarily against individuals, alleging intentional fraud. These matters reflect the Commission’s focus on protecting investors from fraudulent schemes. For example, in the Southern District of New York, the SEC charged co-founders, their companies, and the former CFO with defrauding investors, alleging that the defendants had made misrepresentations to investors regarding the use of funds and financial condition of their companies, by concealing a $300 million overdraw of a credit facility.[5]

Other cases included a complaint filed in the Southern District of Texas against an individual for a “fraudulent ‘free-riding’ scheme,”[6] a complaint filed in the Southern District of New York against the founder of a hedge fund for allegedly perpetrating a Ponzi-like scheme,[7] and multiple cases filed in the Central District of California against individuals who allegedly defrauded investors through various misrepresentations and Ponzi-like schemes, including a former tech-startup founder.[8] Many of the cases were filed in parallel with criminal indictments brought by the US Department of Justice.[9]

One of the individuals sued by the SEC during the pendency of the government shutdown has responded to that suit by claiming that the SEC’s complaint violated the Anti-Deficiency Act. The Anti-Deficiency Act prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation.[10]

The defendant argues that the SEC violated this act by pursuing its claims against him by expending government funds during the shutdown even though his alleged actions did not provide an emergent threat to the United States securities markets because he is “retired, living abroad, and holds no leadership role with any publicly traded company.”

He also claims that the SEC’s allegations relate to a time period more than five years ago and that the SEC had been pursuing its investigation of him for years before the government shutdown occurred. Consequently, he argues that the SEC created its own “emergency” by not pursuing the case earlier and should not be able to claim that an emergency created the need for the agency to work on the matter during the government shutdown. The case was just recently filed and awaits the SEC’s response. 

SEC VOLUNTARILY DISMISSES ENFORCEMENT CASE AGAINST SOLARWINDS AND ITS CISO

The SEC voluntarily dismissed its high-profile lawsuit against SolarWinds and its CISO, which arose in the aftermath of the 2020 SUNBURST cyberattack, in which nation-state actors accessed SolarWinds’ systems and inserted malicious code into its Orion software platform.[11]

The SEC alleged that SolarWinds and its CISO engaged in scienter-based securities fraud by allegedly misrepresenting their cybersecurity practices and risks, including making statements about “multiple successful intrusions against Orion,” which the SEC called the company’s “crown jewel.” Notably, this was the first time the SEC sued a CISO in connection with a cybersecurity incident, sending shockwaves through the CISO community and public companies nationwide.

The complaint targeted not only disclosures in the company’s Forms 8-K and annual filings but also statements made in a technical “Security Statement” posted on SolarWinds’ website, which was issued for customers nearly a year before the company’s IPO. The SEC’s case thus hinged on proving that the company and its CISO knowingly or recklessly deceived investors through a document not originally intended for them, presenting a particularly high bar for the agency’s success at trial.

In July 2024, the Southern District of New York dismissed most of the SEC’s claims, including the novel application of internal accounting controls statutes to non-financial cybersecurity controls.[12] What remained were highly specific claims related to the Security Statement. SolarWinds moved for summary judgment in April 2025, and by July 2025, the parties announced a settlement pending SEC commissioner approval.

The SEC ultimately agreed to voluntarily dismiss the case without admission of wrongdoing by SolarWinds or its CISO, a move described as an “exercise of its discretion” and not necessarily reflective of its stance in other matters.

SEC SUES INVESTMENT ADVISERS FOR ALLEGED MISREPRESENTATIONS IN FORM ADV FILINGS

In similar complaints, the SEC initiated six enforcement actions against investment advisers following the government shutdown, alleging misrepresentations in the firms’ Form ADV filings.[13] The SEC’s complaints, filed in federal courts in New York and Colorado, center on alleged misrepresentations made by the investment advisers in their Form ADV submissions.

Specifically, the Commission alleges that the entities claimed in Form ADV filings that they operated from fake addresses, were run by CEOs who did not exist, that a separate registered investment adviser reported information about private funds purportedly advised by the firms, and the firms qualified for an exemption from registration under the Investment Advisers Act. According to the SEC, none of these claims could be substantiated and the advisers failed to respond to requests by Commission attorneys to provide records to substantiate the information on the Forms ADV. The SEC’s complaints charge the advisers with violations of Sections 204(a) and 207 of the Investment Advisers Act of 1940.

The timing and volume of these cases underscore the Commission’s intent to reassert its regulatory presence in the adviser sector and is in keeping with the SEC’s prioritization of actions involving fraudulent misrepresentations to retail investors.

SEC SECURES SUMMARY JUDGMENT WIN IN SUIT ALLEGING MATERIAL MISREPRESENTATIONS IN CONNECTION WITH SECURITIES OFFERINGS

On November 24, 2025, the US District Court for the Central District of California granted the SEC’s motion for summary judgment in SEC v. Vivera Pharmaceuticals Inc., et al., 22-cv-1792 (C.D. Cal.). The SEC’s September 2022 action alleged that Vivera Pharmaceuticals Inc. falsely claimed to hold an “exclusive global license” to a sublingual drug-delivery technology for the pharmaceutical use of CBD and THC.[14]

The SEC further alleged that Vivera omitted that (1) its founder and CEO, Paul P. Edalat was the controlling shareholder of both Vivera and the ostensible licensor, Sentar Pharmaceuticals, (2) there was an ongoing dispute around the validity of Vivera’s license due to Sentar’s prior conveyance of the same license to a third party; and (3) $10 million of investor funds would be used to pay Sentar a license fee, personally benefitting Edalat.

The court granted the SEC’s motion for summary judgment, concluding that these statements were material misrepresentations.[15] The court held that materiality was established in part because five investors in Vivera stock declared that they would not have invested in Vivera had they known the truth. As a result, no reasonable jury could conclude that this information would not significantly alter the total mix of information available.

The court also found that, based on the evidence before it on the SEC’s motion for summary judgment, no reasonable jury could find other than that Edelat acted with scienter. On this basis, the court concluded that the defendants violated Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b–5 promulgated thereunder, as well as Section 17(a) of the Securities Act of 1933. Notably, the court concluded that the dissemination of private placement memoranda that included the misrepresentation and omission described above was sufficient to find that the defendants engaged in a “scheme” for purposes of subsections (a) and (c) of Rule 10b–5.

SEC CHAIRMAN ATKINS REVISITED ‘PROJECT CRYPTO’

As we previously described in our July issue of the Securities Enforcement Roundup, the SEC launched “a Commission-wide initiative to modernize the securities rules and regulations to enable America’s financial markets to move on-chain” called “Project Crypto.”[16] In a speech delivered on November 12, 2025, Chairman Atkins laid out plans for the next phase of the initiative.

Chairman Atkins underscored that enforcement actions will continue to focus on fraud and illicit conduct. He emphasized that securities and commodities anti-fraud statutes remain applicable to misstatements and omissions made in connection with the sale of an investment contract, even where the underlying asset is not a security.

He reiterated his view that “most crypto tokens trading today are not themselves securities” because they are based on expired investment contracts. Crypto tokens are digital representations of assets on existing blockchains.

In contrast, the chairman confirmed that “tokenized securities,” which are traditional financial assets (like stocks, bonds, or real estate) represented as digital tokens on a blockchain to permit fractional ownership, are and will continue to be securities. This is because these crypto assets represent the ownership of a financial instrument enumerated in the definition of security.

The chairman also reaffirmed continued application of the Howey test to determine whether a cryptoasset constitutes an investment contract under federal securities laws.

Chairman Atkins outlined several key categories within the proposed token taxonomy of categories of cryptoassets and clarified which of them are securities:

• Digital commodities or network tokens are not securities, as their value is tied to a decentralized network rather than managerial efforts.
• Digital collectibles (e.g., artwork, in-game items) are not securities, since purchasers are not expecting profits from managerial efforts.
• Digital tools (e.g., membership, tickets, credentials) are not securities, for similar reasons as above.
• Tokenized securities are securities, as they represent ownership in traditional financial instruments.

Chairman Atkins also previewed a forthcoming “Regulation Crypto” proposal, which aims to establish tailored disclosure requirements, exemptions, and safe harbors for cryptoasset distributions that involve investment contracts.

Finally, Chairman Atkins noted that a proposed “innovation exemption” would allow companies to test new business models under principles-based regulatory safeguards rather than full compliance with existing rules. Participants would be required to report periodically to the SEC in exchange for greater flexibility to innovate within defined guardrails. While not yet formally proposed, Chairman Atkins identified this as a top priority, and rulemaking may begin by late 2025 or early 2026.

SEC SETTLES SUIT FOR FAILURE TO PROTECT CUSTOMER DATA

On November 21, 2025, the SEC notified the Southern District of New York that it had settled its case against a broker-dealer for failing to protect customer data for $2.5 million civil money penalty.[17] The SEC had filed its initial complaint on September 12, 2023, alleging that for a 15-month period “virtually all employees at [the broker-dealer] and its affiliate broker-dealers could access MNPI regarding its customers’ trades.”[18]

Specifically, the SEC critiqued the broker-dealer allegedly only having a widely shared and generic username and password protecting its database that contained all post-trade information generated from customer orders, and the lack of tracking on who had accessed the database or what information was extracted. The SEC also alleged that the broker-dealer had made false and misleading statements regarding the information barriers that were in effect and failed to have reasonable policies and procedures in place.

The SEC had filed an amended complaint on January 12, 2024, after the defendants had filed a motion to dismiss.[19] The amended complaint made similar allegations but added additional information regarding the allegedly misleading statements.[20] The Southern District of New York entered the final judgment on December 2, 2025.[21] This case is noteworthy as the current SEC chose not to dismiss it and settled it by imposing a civil money penalty even though there was no alleged financial harm to any investor. 

BROKER-DEALER FINED BY FINRA FOR ALLEGED VIOLATION OF REGULATION SHO

FINRA has continued its enforcement of alleged trading rules violations. FINRA’s recent settlement with a broker-dealer of a Japanese company over violations of Regulation SHO Rule 200(f) and FINRA supervisory standards shows FINRA covering enforcement in a stated area of focus for the SEC.[22] The broker-dealer, over a six-year period, allegedly included securities positions of two affiliates in the net position calculations of an independent trading unit, in violation of Rule 200(f). Those affiliates lacked self-regulatory oversight and were not subject to SEC examination. This allegedly led to inaccurate net position calculations, improper order marking, and failures to locate securities for short sales where required, constituting alleged violations of Regulation SHO Rule 200(f).

The firm was also found to have failed in establishing and maintaining a supervisory system and written procedures reasonably designed to ensure compliance with Regulation SHO Rule 200(f), and FINRA highlighted that the firm delayed remediation for six years. The broker-dealer was censured, fined $625,000, and mandated to provide certification of compliance with regulatory requirements, as a result of the settlement.