Skip to main content

Testimony on “Oversight of the SEC’s Division of Enforcement” Before the United States House of Representatives Committee on Financial Services Subcommittee on Investor Protection, Entrepreneurship, and Capital Markets

Gurbir Grewal photo

Gurbir S. Grewal
Director, Division of Enforcement

July 21, 2022

Chairman Sherman, Ranking Member Huizenga, and Members of the Subcommittee:

Thank you for inviting me to testify today on behalf of the Division of Enforcement (“Enforcement” or the “Division”) of the U.S. Securities and Exchange Commission (“SEC” or the “Commission”).

Since its founding more than 85 years ago, the SEC has stayed true to its three-part mission of protecting investors, maintaining fair, orderly, and efficient markets, and facilitating capital formation. Central to that mission is the work of the SEC’s Division of Enforcement. The Division conducts investigations into possible violations of the federal securities laws and prosecutes the Commission’s civil suits in the federal courts and in administrative proceedings. And each year, the Commission brings hundreds of civil enforcement actions and obtains meaningful relief, including disgorgement of ill-gotten gains and civil monetary penalties – which are frequently returned to harmed investors – as well as injunctions and other prophylactic relief.

During fiscal year 2021, which ended on September 30, 2021, despite the challenges presented by the global pandemic and the increasing complexity of our investigations, the SEC filed 434 new enforcement actions, representing a seven percent increase over the prior year. Seventy percent of these new or “stand-alone” actions involved at least one individual defendant or respondent.[1] In addition, the SEC’s whistleblower program had a record-breaking year, with the SEC awarding a total of $564 million to 108 whistleblowers, compared to 39 whistleblowers in fiscal year 2020,[2] and surpassing $1 billion in awards over the life of the program.[3]

Since my appointment approximately one year ago, I have been amazed by the talent and unique expertise of the Division’s staff of dedicated professionals in our twelve offices across the country. They work tirelessly day in and day out to hold those who violate our securities laws accountable, return money to harmed investors, and protect the fairness and competitiveness of our capital markets. Yet, many Americans’ trust in our financial markets and institutions is at near historic lows.[4] While there is no single cause for this decline, repeated lapses by large businesses, gatekeepers, and other market participants, coupled with the perception that we – the regulators – are failing to hold them appropriately accountable have contributed to this decline. And, some believe that there are two sets of rules: one for the big and powerful and another for everyone else. As a result, one of my goals as Director is to help restore the public’s trust in our financial markets and institutions and to make clear that there is only one set of rules. The Division aims to enhance Americans’ trust through robust enforcement, robust remedies, and robust compliance.


Robust Enforcement

Robust enforcement requires the Division to be the cop on the beat and cover the entire securities waterfront, investigating and litigating every type of case within our remit with a sense of urgency. It also requires us to keep pace with new areas of importance for investors, as well as the continually evolving risks facing investors and the markets. For example, the Division is taking proactive steps to police areas such as crypto assets and cybersecurity and brought a number of first-of-their-kind enforcement actions over the past calendar year.[5]

The SEC also recently announced the allocation of 20 additional positions to our Crypto Assets and Cyber Unit.[6] Since its creation in 2017, the unit has brought more than 80 enforcement actions related to fraudulent and unregistered crypto asset offerings and platforms, resulting in monetary relief totaling more than $2 billion, as well as numerous actions against SEC registrants and public companies for failing to maintain adequate cybersecurity controls and appropriately disclose cyber-related risks and incidents. The expanded unit will leverage the agency’s expertise to ensure investors are protected in the crypto markets and from cyber-related threats, with a focus on investigating securities law violations related to crypto asset offerings, exchanges, broker-dealers, and lending and staking products; decentralized finance (“DeFi”) platforms; non-fungible tokens (“NFTs”); and stablecoins.

Robust enforcement also includes a focus on gatekeeper accountability. Gatekeepers, such as accountants and attorneys, are often the first lines of defense against misconduct. When they fail to live up to their obligations, investors and the integrity of our markets suffer. The SEC has brought enforcement actions against gatekeepers who engaged in wrongdoing themselves or attempted to cover up wrongdoing, engaged in conduct that crossed a clear line, or failed meaningfully to implement compliance programs, policies and procedures for which the gatekeeper had direct responsibility. For example, the SEC recently charged Ernst & Young LLP (“EY”) in connection with cheating by a significant number of its audit professionals on exams required to obtain and maintain Certified Public Accountant (“CPA”) licenses, and for withholding evidence of this misconduct from the Division during our investigation of the matter. EY admitted the facts underlying the SEC’s charges and agreed to pay a $100 million penalty and to undertake extensive remedial measures to fix the firm’s ethical issues.[7] We will continue to take a hard look at gatekeepers to ensure that they are fulfilling their own professional responsibilities and not giving cover to corporations or executives engaged in possible misconduct.

Robust Remedies

Restoring trust in our financial markets and institutions also requires the use of robust remedies. In addition to punishing wrongdoers for violations of the securities laws, our remedies must deter those violations from happening in the first place. They must be viewed as more than the cost of doing business. The public must have confidence in knowing that financial institutions and other market participants are being held accountable by regulators such as the SEC when they are not playing by the rules.

The factors that guide our penalty recommendations are no secret – we assess the conduct at issue, in light of the statutory tier factors and judicial opinions, and look to comparable cases. In arriving at our recommendations to the Commission, we are assessing whether penalties in prior comparable cases have been sufficient to appropriately deter the misconduct at issue. Where they have not been, we will seek stiffer penalties, both in settlement negotiations and, if necessary, in litigation. We are also seeking heightened penalties for recidivists because prior penalties clearly have not had the appropriate deterrent effect.

In addition, prophylactic relief – such as officer and director bars, associational bars, suspensions, conduct-based injunctions, and undertakings – is an important part of robust remedies. Such relief directly protects investors and market integrity by preventing a violator of the securities laws from engaging in future misconduct and occupying a core gatekeeper role in the securities markets. These tools also enhance the public’s trust that all financial institutions and market participants are playing by the same rule set. We take an especially hard look at whether we need to deploy prophylactic tools if the specific offender is a recidivist.

Although we will continue to recommend no-admit-no-deny settlements in the majority of cases, we will seek admissions from wrongdoers in appropriate cases, where heightened accountability and acceptance of responsibility are in the public interest.[8] When it comes to accountability, few things rival the magnitude of wrongdoers admitting that they broke the law. Admissions also give greater clarity regarding the facts of the violations and send a strong deterrent message to other market participants and are, therefore, important to building public trust.

Robust Compliance

Finally, robust compliance is critical to restoring trust. Robust compliance is a responsibility shared by all market participants. We are in a time of rapid and profound technological change. While this has the potential to amplify the dynamism of our markets and increase access and transparency for our investors, it also creates new avenues for misconduct. Public companies and other market participants therefore need to think rigorously about how their specific business models and products interact with both emerging risks and their obligations under the federal securities laws, and tailor their internal controls and compliance practices and policies accordingly. In other words, they cannot rely on check-the-box compliance policies, but should consider, where appropriate, developing bespoke policies tailored to their businesses and the associated risks. Where they fall short, we have not hesitated in holding them accountable.[9]

Firms also need to respond appropriately to red flags and make timely and accurate required disclosures, which are essential to investor protection and enhancing trust and confidence in the markets. And, gatekeepers must foster a proactive culture of compliance and responsibility – both for themselves and for their clients. The Division will vigorously enforce the securities laws and rules that go to the heart of robust compliance, including those concerning required disclosures, misuse of nonpublic information, cybersecurity, and the violation of record-keeping obligations.[10]


Despite the successes and priorities outlined above, the number of Enforcement employees has decreased over time. The Division faces significant and mounting challenges, as described in more detail in the FY 2023 budget request that the SEC submitted to Congress earlier this year.[11] Some of the challenges are obvious, such as the broad spectrum of securities law violations that occur across the United States each year and the unexpected and unprecedented market events such as the global pandemic, market volatility in early 2021, and more recent volatility across crypto assets and offerings that require significant Enforcement resources.

But, others are less obvious, though still highly meaningful, such as the significant growth of the financial markets and the increasing sophistication of securities products and market structure. For example, in the past five years, the number of registered entities has grown by 12 percent (from 26,000 to 29,000).[12] The volatile and speculative crypto marketplace has attracted tens of millions of American investors and traders.[13] Moreover, many of our investigations are becoming more difficult as fraudsters find new ways to communicate that require us to review ever-broader sources of evidence. To protect investors and the markets, we must continuously evolve and adapt as wrongdoers and products, particularly in new and emerging areas – like the crypto markets – become increasingly sophisticated and the related misconduct becomes harder to detect and increasingly complex and international in nature.

Internally, the Division is also required to analyze a massive volume of data each year, including, for example, approximately 46,000 tips, complaints, and referrals from, among others, members of the public during fiscal year 2021.[14] At any given time, the Division has approximately 1,500 open investigations.[15] The Division also handles an expansive docket of difficult and complex litigation and trials, often against well-funded adversaries. We have seen an uptick in the number of cases that are litigating and going to trial, and during fiscal year 2021, the Division had approximately 2,000 pending civil litigations and 1,200 pending administrative proceedings.[16]

These challenges require the Division to constantly assess and re-assess how best to allocate the Division’s limited resources in the most effective manner to address the most significant and pressing risks facing investors and the financial markets. The SEC’s FY 2023 budget seeks additional staff to enable Enforcement to meet these mounting challenges and to maintain an effective investigative capacity and deterrent presence for the benefit of our markets and investors.

* * *

Through robust enforcement, robust remedies, and robust compliance, we will aim to do our part in restoring public trust in our financial markets and institutions. Thank you for inviting me here today to discuss the Division of Enforcement. I am happy to answer any questions you may have.

[1] Press Release 2021-238, SEC Announces Enforcement Results for FY 2021 (Nov. 18, 2021), available at

[2] See“SEC Division of Enforcement Publishes Annual Report for Fiscal Year 2020” (Nov. 2020),available at

[3] Press Release 2021-238, SEC Announces Enforcement Results for FY 2021 (Nov. 18, 2021), available at

[4] See “Americans’ Confidence in Major U.S. Institutions Dips” (July 14, 2021), available at (finding that, in 2021, 33% of respondents have “a great deal” or “quite a lot” of confidence in banks; 29% in technology companies; and 18% in big business); “Confidence in Institutions,” available at

[5] See, e.g., Press Release 2022-110, SEC Charges Firm and Five Brokers with Violations of Reg BI (June 16, 2022), available at; Press Release 2022-70, SEC Charges Archegos and its Founder with Massive Market Manipulation Scheme (Apr. 27, 2022), available at; Press Release 2022-26, BlockFi Agrees to Pay $100 Million in Penalties and Pursue Registration of its Crypto Lending Product (Feb. 14, 2022) (settled), available at; Press Release 2021-176, SEC Charges App Annie and its Founder with Securities Fraud (Sept. 14, 2021) (settled), available at

[6] Press Release 2022-78, SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit (May 3, 2022), available at

[7] Press Release 2022-114, Ernst & Young to Pay $100 Million Penalty for Employees Cheating on CPA Ethics Exams and Misleading Investigation (June 28, 2022) (settled), available at

[8] See, e.g., Press Release 2022-84, SEC Charges Allianz Global Investors and Three Former Senior Portfolio Managers with Multibillion Dollar Securities Fraud (May 17, 2022) (settled as to Allianz Global Investors and litigating against three former senior portfolio managers), available at; Press Release 2021-262, JPMorgan Admits to Widespread Recordkeeping Failures and Agrees to Pay $125 Million Penalty to Resolve SEC Charges (Dec. 17, 2021) (settled), available at

[9] See, e.g., Press Release 2021-241, McKinsey Affiliate to Pay $18 Million for Compliance Failures in Handling of Nonpublic Information (Nov. 19, 2021) (settled), available at; Press Release 2022-114, Ernst & Young to Pay $100 Million Penalty for Employees Cheating on CPA Ethics Exams and Misleading Investigation (June 28, 2022) (settled), available at

[10] See, e.g., 15 U.S.C. § 80b-4a; 15 U.S.C. § 78q(a).

[11] See “Fiscal Year 2023CongressionalBudget Justification, Annual Performance Plan; Fiscal Year 2021 Annual Performance Report” (p. 25),available at

[12] See Testimony at Hearing before the Subcommittee on Financial Services and General Government U.S. House Appropriations Committee (May 17, 2022), available at

[13] See Testimony at Hearing before the Subcommittee on Financial Services and General Government U.S. House Appropriations Committee (May 17, 2022), available at Andrew Perrin/Pew Research Center, “16% of Americans say they have ever invested in, traded or used cryptocurrency” (Nov. 11, 2021),available at

[14] See “Fiscal Year 2023CongressionalBudget Justification, Annual Performance Plan; Fiscal Year 2021 Annual Performance Report” (p. 25),available at

[15] See id.

[16] See id.

Return to Top