FSI Calls for Guardrails on SEC Enforcement Practices
Commentary by Steven Lofchie
The Financial Services Institute urged the SEC to adopt formal procedures designed to prevent "regulation by enforcement" in the agency’s oversight activities.
In a supplemental letter to SEC Chair Paul S. Atkins, FSI followed up on its 2024 White Paper recommendations calling for a codified procedural framework to deter unfair enforcement practices and ensure due process for regulated entities. FSI noted recent leadership changes and policy statements signaling a shift toward clearer, rules-based oversight but emphasized the need for permanent reforms.
FSI urged the Commission to (i) embed procedural safeguards in the SEC Rules of Practice, (ii) evaluate and document key factors before pursuing novel cases (e.g., whether there was fair prior notice of the standard being enforced, whether the staff had long been aware of the practice without acting, and whether alternative approaches—such as rulemaking or staff alerts—would be fairer and more effective), and (iii) conduct periodic "fairness" audits to confirm compliance with procedural safeguards and to identify potential instances of unfair enforcement.
FSI cited several recent enforcement actions to illustrate the dangers of "regulation by enforcement." The association highlighted cases where inconsistent judicial outcomes and coercive settlement pressures revealed the unpredictability of SEC theories and the imbalance faced by firms unable to litigate. FSI also criticized the SEC’s off-channel communications initiative, which imposed more than $2 billion in penalties without prior guidance or rulemaking, calling the approach "inherently unfair." Further, FSI drew parallels to crypto and digital-asset enforcement, arguing that reliance on ad hoc actions to address emerging technologies stifles innovation.
Commentary
While it is not so evident that the off-channel communications cases were based on a novel theory, FSI is quite right to criticize the fine amounts in these cases as unfair. This is because (i) the circumstances leading to the violations were the result of the introduction of novel communications technologies that leapfrogged communications retention technologies; (ii) the SEC never demonstrated any investor harm from the violations; (iii) the SEC never demonstrated that the purpose of the rule violations was nefarious (i.e., to hide communications from the SEC, as opposed to just making use of a cool new technology that firms' customers used); and (iv) in light of the prior factors, the fines imposed by the SEC were so disproportionate to the violations as to be wholly outrageous.
Of course, there is an inherent incentive for regulators to charge big fines, even where those fines may be disproportionate to the underlying violations; it makes for dramatic press releases. Under the prior Administration, the SEC repeatedly published impressive press releases. (See, e.g., SEC Announces Record Enforcement Actions Brought in First Quarter of Fiscal Year 2025; SEC Announces Enforcement Results for Fiscal Year 2024; SEC Announces Enforcement Results for Fiscal Year 2023; SEC Announces Enforcement Results for FY 22; SEC Announces Enforcement Results for FY 2021.) To read these without real context, one would be impressed not only with the size of the penalty amounts, but with the ingenuity of the SEC in holding off the barbarian hordes of Wall Street.
The demands of being a behind-the-scenes, effective regulator, however, conflict with the desire for self-congratulatory press releases (or, perhaps, the desire to be feted like Shohei Ohtani). That said, there is a deeper concern here. In order to justify the penalty amounts, the regulator must portray the regulated entities as bad, and thus as deserving of the massive penalties, even where no harm was done or intended. This, then, may have the impact of creating a loss of confidence or trust in the regulated entities. Creating a loss of confidence may seem antithetical to the purpose of the regulator, but it actually has the effect of increasing the power of the regulator. It is self-reinforcing. If the regulated entities are really bad, of course the regulator must have more power.
It is notable that such "loss of confidence" was cited as justification for many of the rule proposals put forward by the SEC under the prior Administration. The proposed rules were meant to be the cure. Assuming that there was such a loss of confidence, and it is not clear that there has been any more than in any other business, one has to ask whether it may have been inspired by the regulator for its own ends. For example, in adopting its rule to expand dealer registration (a rule that was eventually struck down by the courts), the SEC justified its expanded authority by arguing that "Improved regulatory oversight would ... promote investor confidence" and "strengthen[] investor confidence in U.S. markets." These rule proposals show that a regulator knocking the ethics of the regulated can serve the interests of the regulator, in a way that is fundamentally unhealthy for a free economy.