SEC Closes $50 Million Ozy Media Fraud Case: What Compliance Teams Must Learn

TL;DR

• On March 18, 2026, a federal court issued final consent judgments against two former Ozy Media executives, closing the SEC’s civil fraud case that began in 2023.
• The scheme: inflating annual revenue by at least 100%, fabricating business relationships, and impersonating a YouTube executive during an investor call.
• For compliance teams, this case is a masterclass in what happens when internal controls, issues escalation, and board reporting all fail at once.

---

Ozy Media was supposed to be the next big thing in digital media. Founded in 2013, it attracted marquee investors, landed celebrity interviews, and raised tens of millions with a story that sounded almost too good to be true.

It was.

On March 18, 2026, the U.S. District Court for the Eastern District of New York entered final consent judgments against Ozy Media’s former COO Samir Rao and former Chief of Staff Suzee Han — the last chapter of an SEC civil fraud case that exposed one of the more brazen investor deception schemes of the past decade. The judgments permanently bar both from future antifraud violations and close the books on the SEC’s action (Litigation Release No. 26506, March 24, 2026).

Carlos Watson, Ozy’s founder and CEO, already got his reckoning on the criminal side: convicted in 2024 on securities fraud and wire fraud charges, sentenced to nearly 10 years in prison. (Trump commuted that sentence in March 2025 — but the fraud itself was never in dispute.)

The SEC case is closed. The compliance lessons are just opening.

---

What Actually Happened at Ozy Media

The SEC’s complaint, filed February 23, 2023 (SEC Press Release 2023-37), laid out a scheme that ran from at least January 2019 through September 2021 — nearly three years of sustained deception:

Revenue fabrication on an industrial scale. Prospective investors were given financial documents showing Ozy’s annual revenue inflated by at least 100 percent. Not rounding up. Not optimistic projections. Doubling the actual numbers. Year after year.

Fake investor commitments. Watson and Rao repeatedly told prospective investors that sophisticated, well-known institutional investors were coming in — when they weren’t. The goal was to create social proof, manufacturing FOMO to close deals faster.

The Goldman Sachs impersonation. This is the one that broke the story open. In early 2021, Goldman Sachs was considering a $40 million investment in Ozy. During a call between Ozy and Goldman executives, Rao impersonated a senior YouTube executive to support the false claim that YouTube was paying Ozy licensing revenue — revenue that didn’t exist. When Goldman Sachs discovered the ruse (they had existing relationships with the real YouTube executive), the scheme unraveled. Watson’s response? He told both Goldman and Ozy’s own board that Rao had suffered a “mental health crisis.” He used that cover story with investors and with directors.

The company shut down in September 2021. Investors lost approximately $50 million.

---

Three Simultaneous Control Failures

What makes Ozy Media instructive isn’t that one thing went wrong. It’s that three categories of controls failed at the same time — and each failure enabled the others.

1. Financial Reporting Controls Were Nonexistent

Inflating revenue by 100% annually for three years requires either the complete absence of independent financial controls, or executives who actively circumvented them. Investor-facing financial documents weren’t run through any meaningful independent validation. There was no CFO functioning as a check on Watson and Rao’s narrative.

What this looks like in practice: Investor decks and financial summaries prepared by the CEO and COO, reviewed by no one independent, distributed directly to investors without board financial committee sign-off.

The control that was missing: Any version of management representation letters, board-level financial review, or audit committee oversight of investor-facing materials. Even basic controller-level review of the numbers being sent externally.

2. Issues Escalation Broke Down (Or Never Existed)

The Goldman Sachs impersonation didn’t stay secret for long — but the response to discovering it reveals a second catastrophic failure. Watson’s decision to cover the incident with a false “mental health crisis” story, told to both the defrauded investor and Ozy’s own board, means one of two things: either no one on the board had a channel to receive legitimate escalation from other executives, or the board received it and couldn’t independently investigate.

Either way, the issue was killed at the point of escalation.

The control that was missing: A real issues management process — one where concerns can be raised anonymously, where the board has independent access to information beyond what the CEO feeds them, and where material issues are documented, tracked, and resolved through a formal process rather than buried in verbal explanations.

This is exactly why issues management frameworks matter. When your only escalation path runs through the person committing the fraud, you have no escalation path.

3. Board Oversight Was Captured

Watson told Ozy’s Board of Directors that Rao’s impersonation was a mental health incident. And the board apparently accepted this. That’s not a board failure in isolation — it reflects a governance structure that gave the CEO total information control.

Independent directors need independent information channels: direct access to the CFO, controller, and general counsel; audit committee reporting that doesn’t route through the CEO; and the ability to commission independent inquiries when something doesn’t add up.

At Ozy, the board had none of that in any functional sense.

---

What Compliance and Risk Teams Should Take from This

This case isn’t just about fraud. It’s about the conditions that allowed fraud to persist for three years at a well-capitalized, highly visible company. Those conditions exist in other organizations right now.

Audit investor-facing materials like you’d audit a financial statement. If your company raises capital, any document describing revenue, business relationships, or investor commitments should go through independent review before it leaves the building. This means someone other than the deal team signs off on the numbers. At minimum: controller review and legal sign-off. At scale: audit committee review of any materials sent to investors.

Your issues management process must bypass the C-suite. If a concern about executive misconduct can only be raised to other executives, you don’t have an issues management program — you have a suggestion box. Effective escalation channels reach the board directly. That means a direct hotline to the audit committee chair, an independent ombudsman function, or third-party whistleblower platforms with direct board reporting.

Document everything that gets escalated — and document the resolution. At Ozy, when the Goldman incident came to light, the “resolution” was a verbal explanation that was itself a lie. In a functioning issues management system, that incident would have been logged, an investigation would have been triggered, and the finding would have been documented. The paper trail is what makes cover-ups hard.

Board independence requires independent information. Directors should periodically meet with the CFO and general counsel without management present. The audit committee should have a direct reporting relationship with the external auditor that doesn’t run through the CEO’s office. These aren’t formalities — they’re the structural conditions under which genuine oversight is possible.

Verify business relationships independently. When Watson and Rao claimed YouTube was a revenue-generating partner, Goldman Sachs was the one who caught the lie — because they had their own relationships at YouTube. Most investors don’t. Your third-party due diligence on key business partners should include some form of independent verification rather than relying solely on management representations.

---

The Issues Management Failure Is the Central Story

Most post-mortems on Ozy focus on the audacity of the fraud — the impersonation, the brazenness of it all. But the more instructive lens for compliance practitioners is the issues management failure.

The Goldman Sachs impersonation was discoverable. It was reported — to Watson, who then lied to cover it. The cover story went to the board, who accepted it. Three separate actors had the information needed to stop the fraud: Goldman Sachs executives (who discovered it), Rao and Han (who were complicit), and the board (who were deceived).

A functioning issues management program would have broken one of those links. If Goldman Sachs had a direct channel to Ozy’s audit committee — which institutional investors often do — the cover story doesn’t work. If any Ozy employee had seen the impersonation and had a way to report it independently, the cover story doesn’t work. If the board had independently verified the Goldman relationship, the cover story doesn’t work.

Issues management isn’t bureaucracy. It’s the infrastructure that makes cover-ups structurally difficult.

---

So What Do You Do with This?

If you’re a compliance officer or risk manager reading this, here’s what the Ozy case tells you to do this quarter:

1. Map your escalation paths. Where do issues go when they involve the CEO or CFO? If the answer is “nowhere independent,” that’s your gap. Fix it.

2. Audit investor-facing financial documents. Pull the last investor deck or materials sent to any outside investor. Who reviewed the financial figures in that document? Who signed off? Document the answer — and if no one independent reviewed them, that’s an action item.

3. Check whether your board can receive direct reports. Does your audit committee chair have a direct contact path for employees and executives below the CEO level? Is it published internally? Is there a whistleblower mechanism that reports to the board, not to management?

4. Create an issues register if you don’t have one. Every material concern raised internally should be logged, assigned, tracked through resolution, and reviewed by the audit committee. Not occasionally — on a defined schedule.

5. Verify key business relationships in your due diligence process. For significant business relationships cited in investor materials, get independent confirmation — not just management representation.

---

FAQ

What were the final penalties against Rao and Han?

The March 18, 2026 final consent judgments permanently enjoin both from violating antifraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934. Rao also received a three-year bar from serving as officer or director of any public company (reduced from the 10-year bar imposed in the earlier 2023 judgment). Civil monetary penalties were determined separately.

Was Ozy Media itself charged?

Yes. The SEC charged Ozy Media Inc. as an entity, along with Watson, Rao, and Han. Ozy Media shut down in 2021 before the charges were filed, making collection of penalties against the entity largely academic.

What happened to Carlos Watson criminally?

Watson was convicted in 2024 on three criminal counts: conspiracy to commit securities fraud, conspiracy to commit wire fraud, and aggravated identity theft. He was sentenced to 116 months (nearly 10 years) in December 2024. President Trump commuted his sentence in March 2025, hours before Watson was due to report to prison.

---

The compliance lesson from Ozy isn’t that some executives are dishonest. You already knew that. The lesson is that three years of fraud requires three years of failed controls, failed escalation, and failed oversight — all running simultaneously. Build systems that make that kind of sustained deception structurally harder.

If your issues management process has gaps, the Issues Management Tracker is a ready-to-use template with escalation workflows, issue logging, and board-level reporting built in. Or grab the free Issues Management Guide to start mapping your current state.