SEC FY2025 Enforcement Report: The Lowest Case Count in 20 Years—and What It Actually Means for Your Program

TL;DR

• The SEC filed just 456 enforcement actions in FY2025—the fewest in at least 20 years, down 22% from 583 in FY2024
• The headline $17.9 billion in monetary relief is misleading: $14.9B came from a single 2009 Ponzi case; adjusted relief was ~$2.7 billion, a 33% YoY drop
• Off-channel communications enforcement (WhatsApp, iMessage) is effectively over; seven crypto cases were dropped outright
• New focus: fraud, market manipulation, insider trading, and cybersecurity—update your risk program accordingly

On April 7, 2026, the SEC’s Division of Enforcement published its annual results report—and for the first time in memory, a regulator issued a press release explicitly criticizing its own predecessor’s enforcement strategy. The message for compliance officers wasn’t subtle: what got you in trouble for the past three years may not be the priority anymore, and what you’ve been ignoring might be exactly where the next exam goes.

Here’s what actually changed, what it means for your program, and what to do about it.

The Numbers, Decoded

456 total enforcement actions is the headline. That’s down from 583 in FY2024—a 22% drop—and the lowest total in at least two decades. Standalone actions fell from 432 to 303. The SEC also closed 1,095 investigations without taking any action.

The monetary relief number requires a longer footnote. The SEC reported $17.9 billion, which sounds enormous—until you learn that $14.9 billion came from a single case: the Allen Stanford Ponzi scheme, originally filed in 2009 and just now hitting a final judgment. Strip that out, and you’re looking at approximately $2.7 billion in actual FY2025 enforcement receipts ($1.4 billion disgorgement + $1.3 billion civil penalties). That’s a 33% reduction from the prior year, according to analysis from Sidley Austin.

For public companies specifically, the decline was even sharper. Cornerstone Research found that only 56 actions were filed against public companies and subsidiaries—a 30% drop from FY2024. Of those 56, 52 were filed before the administration change in January 2025. Only 4 actions came from the new administration in the remaining months of FY2025.

That stat alone tells you everything about the directional shift.

What the SEC Is Done Doing

The FY2025 report is unusual in one important way: it reads like a post-mortem of the prior administration. The Division of Enforcement stated directly that resources had been “misapplied in prior years to pursue media headlines and run up numbers.” Three specific initiatives were called out:

Off-Channel Communications (WhatsApp, iMessage, Signal)

Since December 2021, the SEC brought 95 enforcement actions and collected $2.3 billion in penalties from firms for failing to preserve employee communications on personal devices. This sweep hit everyone: JPMorgan, Goldman Sachs, Morgan Stanley, and dozens of smaller broker-dealers and advisers. The January 2025 batch—12 firms, $63 million in penalties—was almost certainly the final wave.

The new SEC’s position is that these cases “identified no direct investor harm” and represented a “misallocation of resources.” Chair Atkins has been explicit: book-and-record enforcement for its own sake is not the mission.

Practical implication: If your compliance program has been heavily focused on off-channel surveillance tools and recordkeeping certifications, that investment isn’t wasted—FINRA, state regulators, and internal audit still care—but calibrate your exam prep accordingly. An examiner coming in under the Atkins-era SEC is not going to treat your WhatsApp policy as the opening move.

Crypto Registration Cases

Seven enforcement actions brought under Chair Gensler were dismissed outright: Coinbase, Binance, Cumberland DRW, Consensys, Kraken (Payward), Dragonchain, and Balina—all beginning in February 2025. The SEC established a dedicated Crypto Task Force and is pursuing a more disclosure-focused regulatory framework.

For compliance teams at crypto-native or crypto-adjacent firms: this isn’t a green light for anything. The SEC still has a Cyber and Emerging Technologies Unit (launched February 2025) focused on fraud in the crypto space. The posture shifted from “is this asset a security?” to “is there investor harm here?” That’s different exposure, not no exposure.

”Dealer Definition” Actions

Six cases pursuing a novel interpretation of who qualifies as a securities “dealer” under the Exchange Act were similarly abandoned. These represented novel liability theories the new leadership viewed as regulatory overreach. For prop trading firms and certain HFT participants, this is a notable relief.

What the SEC Is Now Focused On

The pivot isn’t “less enforcement”—it’s different enforcement. Securities offering fraud and insider trading together accounted for 33% of FY2025 actions, up from 26% the prior year. These are the SEC’s original core competencies, and they’re back in the spotlight.

What’s being prioritized:

• Ponzi schemes and securities fraud targeting retail investors
• Market manipulation—pump-and-dump schemes, spoofing, wash trading
• Insider trading—particularly with a cyber/AI angle (hacking before trading)
• Cybersecurity-related securities fraud—account takeovers, AI-enabled scams, blockchain fraud

The new Cyber and Emerging Technologies Unit is the most concrete organizational signal of where resources are going. This isn’t the same thing as the old Cyber Unit—the scope now explicitly includes AI-enabled fraud, deepfakes used in investor communications, and account takeover schemes.

Meet the New Enforcement Director

David Woodcock was appointed Director of Enforcement effective May 4, 2026. His background matters: he’s a CPA, a former Exxon Mobil in-house attorney, and most recently co-chair of Gibson Dunn’s Securities Enforcement Practice. From 2011 to 2015, he ran the SEC’s Fort Worth Regional Office—the same office that oversaw Allen Stanford’s Ponzi scheme (the case responsible for that $14.9B headline number).

Fort Worth is historically an SEC office known for fraud work, not compliance sweeps. Woodcock has been explicit about his priorities: fraud, insider trading, market manipulation, and cybersecurity. He’s also a CPA—which typically means he cares about financial statement fraud in a way that pure litigators don’t.

For investment advisers and broker-dealers: Woodcock’s CPA background makes him attentive to revenue recognition irregularities, undisclosed conflicts, and fee mischaracterization—exactly the category of cases we’ve seen hit advisers hard in recent years like the AG Morgan/Camarda case that brought $160 million in disgorgement.

The DOGE Factor

The FY2025 report didn’t hide the staffing reality. Approximately 18% of enforcement division personnel departed under the DOGE initiative. The SEC went from roughly 1,300 enforcement staff to closer to 1,100. Former Enforcement Director Margaret Ryan resigned after six months, citing the division’s rapid downsizing.

What does a smaller enforcement team mean in practice?

1. Fewer sweeps. Coordinated multi-firm actions like the off-channel sweep require significant coordination capacity. Smaller teams prioritize high-impact single-firm cases.

2. Longer exam cycles. With fewer investigators, expect longer gaps between routine exams at lower-risk registrants.

3. But not a free pass. The SEC is explicitly prioritizing quality over quantity. Whistleblower tips, referrals from FINRA, and self-reports are now a higher proportion of how cases get opened. If there’s a problem in your firm, the path to the SEC’s desk runs through your own employees or counterparties—not necessarily through an exam.

What Compliance Officers Should Actually Do

Stop treating all risk categories equally

The SEC’s shift gives you cover to rebalance. If your annual risk assessment currently weights off-channel communications at the same level as securities fraud and insider trading, that’s now a misallocation relative to where enforcement is going. Update your risk assessment to reflect FY2025 signal.

Sharpen your fraud controls, specifically

“Fraud” isn’t one thing. Run through this list and ask when your last control test was on each:

• Outside business activities (OBA) monitoring — undisclosed conflicts are still a top adviser fraud signal
• Revenue and fee calculation controls — Woodcock’s CPA background makes fee mischaracterization a material risk
• Material non-public information (MNPI) procedures — insider trading is up as a proportion of enforcement; your MNPI policy should be tested, not just documented
• Customer account oversight — account takeover and unauthorized trading are in the new Cyber Unit’s scope

Reassess your cyber/AI exposure

The Cyber and Emerging Technologies Unit is new and looking for cases to bring. Think through:

• Do you have AI tools customer-facing? What’s the fraud/misrepresentation surface?
• Are you disclosing AI use in ways that are accurate and not misleading?
• Do you have account takeover detection in place for high-value or elderly clients?

Document your internal examination posture

Exam-readiness now matters differently than it did three years ago. The areas examiners will now probe hardest: fraud detection controls, insider trading procedures, and whether your disclosures to clients are accurate. Update your exam preparation materials to reflect these priorities.

30/60/90 Day Checklist for Compliance Officers

In the next 30 days:

• Pull your most recent risk assessment; flag every control that maps primarily to recordkeeping/off-channel vs. fraud/insider trading/cyber
• Confirm your MNPI procedures have been tested in the last 12 months
• Review your most recent fee calculation audit; identify any undisclosed revenue streams

In the next 60 days:

• Run a tabletop on your insider trading response procedures: if someone reports a tip internally, who gets notified, in what order, and what gets documented?
• Update your annual risk assessment scoring to weight fraud detection controls higher than recordkeeping controls
• Brief senior management on the enforcement shift; document that you did

In the next 90 days:

• Conduct a focused test of account oversight procedures for AI-related or cyber fraud scenarios
• Update your compliance program annual review to note the changed enforcement environment and any program adjustments
• If you have crypto exposure, schedule a fresh review of disclosure language and any remaining regulatory posture questions

The SEC’s FY2025 report is, at its core, a compliance roadmap written in negative space. What they stopped doing is as informative as what they started. The firms that use this moment to recalibrate—rather than assuming “less enforcement = less risk”—will be better positioned when the next exam cycle comes around.

If your RCSA or risk assessment hasn’t been updated to reflect the new enforcement environment, now is the moment. Use the RCSA Template to run a structured reassessment against current SEC priorities and identify where your program is over- or under-invested.

Sources: SEC FY2025 Enforcement Results | David Woodcock Appointment | Sidley Austin Analysis | Cornerstone Research