OVERVIEW

As regulators prepare for a more complex and technology-driven enforcement landscape in 2026, NASAA’s 2025 Enforcement Report offers an early view into the risks state examiners are prioritizing. Based on thousands of investigations conducted across 49 U.S. states and territories, the data shows a measurable escalation in digital-asset fraud, AI-driven schemes, social-media-based targeting, and cases involving senior and vulnerable investors.

For registered firms—RIAs and broker-dealers alike—the report underscores the importance of strengthening supervisory systems, revisiting written policies, and refining client-protection protocols to keep pace with both the sophistication of bad actors and the heightened expectations of state regulators.

CLIENT TARGETING: SOPHISTICATION IN SCAM TECHNIQUES

In 2024, state securities regulators opened 463 new investigations involving digital assets, 175 investigations involving social media fraud, and 81 investigations involving fraud perpetrated by impersonating legitimate securities industry firms and professionals. State securities regulators also opened investigations involving the sale of unregistered securities through smartphone apps, offerings and schemes related to blockchain-based metaverses, and other AI driven frauds.

Artificial intelligence is increasingly employed by fraudsters to reach a new level of deception. In each of the last three years, states have reported a small but consistent number of cases involving AI. In 2024, state securities regulators reported six investigations and two enforcement actions involving AI. These reported cases largely involved “AI washing,” where the perpetrators of a scam represent that their trading tool uses AI, or they otherwise imply that AI is being used to improve the success of the investment.

This year, NASAA collected information about the media platforms that were used by bad actors in cases involving alleged fraud and other misconduct perpetrated through social media. WhatsApp and Facebook were the platforms most commonly reported in the context of states’ investigations.

Although not mentioned in this report, social media platforms have indicated a willingness to work with regulators, law enforcement and industry firms in blocking platform access for unscrupulous actors.

STATE LICENSING: GATEKEEPERS AND REGULATORY MEASURES

In 2024, state securities regulators reported that top registrants’ violations and enforcement actions were based on:

Books and records
Failure to Supervise
Suitability
Dishonest or Unethical Business Practices
Unregistered Firms and Individuals
Fraud, Misrepresentations and Omissions

In addition to pursuing bad actors for violations of state securities laws, regulators play a critical gatekeeping role in preventing misconduct. In 2024, states:

Revoked the registration of 40 individuals and firms
Barred 54 individuals and firms from the industry.
Conditioned or suspended the registration of 100 individuals and 31 firms.
Denied nearly 500 individual and more than 150 firm applications for registration.
In excess of 4,600 applications for registration were withdrawn before states took formal action

VULNERABLE AND SENIOR ADULTS: AN INCREASING TARGET

In 2024, state securities regulators fielded 3,613 complaints of alleged financial misconduct against older investors. This resulted in states opening 1,652 investigations and filing 53 enforcement actions involving 676 senior victims.

In new investigations opened in 2024 that involved senior investors, the products and schemes most commonly reported by state securities regulators were digital assets (151), pig butchering (91), stocks and similar equities (75), social media fraud (69), and promissory notes (51).

PROTECTING VULNERABLE ADULTS FROM FINANCIAL EXPLOITATION

States reported receiving more than 6,500 reports of suspected exploitation of vulnerable adults in 2024, with the states opening 1,290 investigations. Many of the reports include scams that cannot be investigated because the nature of the conduct is outside securities regulators’ jurisdiction. In such cases, state securities regulators typically refer the matter to Adult Protective Services or another governmental agency with the appropriate jurisdiction.

The number of possible financial exploitation reports received by state securities regulators in 2024 reflects a 52% increase from 2023 and a 492% change from 2020.

ONGOING THREATS AND EVOLVING TRENDS

For the third consecutive year, digital assets and cryptocurrencies have ranked as the leading threat to investors, with so-called pig butchering scams—schemes where fraudsters build trust with victims before luring them into bogus investment opportunities, just behind. In some cases, multiple threats such as social media manipulation, unregistered offerings, and Ponzi schemes may be combined within a single securities offering, amplifying the risks to the investing public.

CALL TO ACTION FOR REGISTRANTS

Although the report centers on fraudulent activity by unregistered individuals and entities attempting to misappropriate client assets, industry firms should remain alert to similar risks within their own environments. Firms should strengthen controls to protect senior and other vulnerable investors, enhance monitoring and supervisory procedures, and ensure compliance, supervisory, and sales personnel are trained to recognize and respond to emerging scam tactics.

NASAA’s findings reinforce what many firms are already experiencing firsthand: fraud is evolving faster than traditional supervision frameworks. With state regulators sharpening their focus and leveraging more sophisticated analytical tools, firms will need to modernize their risk controls, strengthen internal governance, and ensure personnel are prepared to navigate an environment where digital-asset scams, AI-driven manipulation, and exploitation of seniors are becoming more common.

Compliance Risk Concepts (CRC) works alongside advisory firms and broker-dealers to translate these emerging enforcement trends into practical supervisory enhancements, modernized policies, and implementable risk-mitigation strategies. If your firm is reassessing its supervisory system or planning for 2026 examination readiness, we can help you get there with clarity, structure, and efficiency.

Website for the report: 2025-NASAA-Enforcement-Report_FINAL.pdf