The SEC's FY2025 Enforcement Report Is Not a Scorecard; It's a Policy Statement
What the numbers say, what they don't, and what every RIA, private fund manager, and digital asset participant needs to understand right now.
The Securities and Exchange Commission released its fiscal year 2025 enforcement results on April 7, 2026, and the document is doing something annual enforcement reports almost never do: it is making an argument. Not just about what the agency did, but about what enforcement means, what it should cost, and who it should target. For registered investment advisers, private fund managers, and participants in the digital asset space, reading this report purely as a statistical summary would be a significant misread.
The data tells one story; the framing tells another. And the gap between them is where a firm’s compliance risk lives.
The headline figure, $17.9 billion in total monetary relief, comprising $10.8 billion in disgorgement and prejudgment interest and $7.2 billion in civil penalties, is real, but it is also deliberately constructed to be interrogated. A significant portion of that figure, approximately $14.9 billion, arose from a single long-running matter originally filed in 2009. Strip out the Stanford Ponzi matter and amounts already satisfied through parallel criminal proceedings, and the adjusted total collapses to approximately $2.7 billion: $1.4 billion in disgorgement and $1.3 billion in civil penalties, an approximately 33% reduction year over year.
Similarly, the Division reported 456 total enforcement actions (the lowest number in at least 20 years) including 303 standalone actions, 69 follow-on administrative proceedings, and 84 actions against delinquent filers. To put that in context, FY2023 produced 784 total actions. FY2024 produced 583. The directional move is unambiguous.
But here is the nuance that most commentary is missing: the Commission is not just reporting fewer actions. It is affirmatively redefining what counts as a meaningful one.
The release reads, in places, less like a government press release and more like a corrective filing or an agency restating prior-period earnings under a new accounting standard. The Commission explicitly states that prior enforcement resources were "misapplied... to pursue media headlines and run up numbers," and describes FY2025 as a "unique period of transition... characterized by an unprecedented rush to bring a significant number of cases in advance of the presidential inauguration."
This is not boilerplate. A sitting Commission formally impugning the methodology of its predecessor in an official annual report is a significant institutional event. It signals that the current leadership views the prior enforcement posture not merely as aggressive, but as substantively incorrect and a misreading of the agency's congressional mandate. Chairman Atkins put it plainly: the Commission has "put a stop to regulation by enforcement and recentered its enforcement program on the Commission's core mission."
For practitioners and their clients, this matters because the repudiation is doctrinal, not just rhetorical. The report explicitly calls out three categories of prior enforcement activity as misallocated: off-channel communications cases, "definition of a dealer" actions, and crypto asset registration matters. The Commission characterized the 95 actions and $2.3 billion in penalties brought since FY2022 for off-channel communications violations as having "identified no direct investor harm... produced no investor benefit or protection," representing "a misinterpretation of the federal securities laws."
That is a remarkable statement. It does not retroactively void those penalties. But it does tell you, with unusual clarity, that the agency has no appetite to pursue that theory going forward, and that firms still building compliance programs around avoiding off-channel communications liability may be solving for a risk the regulator has effectively abandoned.
Underneath the ideological framing, the substantive enforcement priorities are coherent and, in several respects, more demanding than they might initially appear.
Securities offering fraud and insider trading together accounted for nearly 33% of FY2025 actions, up from 26% the prior year, while actions against public companies reached a record low. The enforcement energy has shifted from institutional and structural violations, the kind that generate large penalties from well-capitalized registrants, toward conduct-based fraud that harms individual investors directly.
Approximately two-thirds of standalone actions involved charges against individual bad actors, a 27% year-over-year increase, and nearly nine out of ten standalone actions filed under Acting Chairman Uyeda and Chairman Atkins involved individual charges. The Commission also obtained orders barring 119 individuals from serving as officers and directors.
This is the enforcement philosophy in its clearest form: fewer cases, more personal accountability, higher deterrence per action. The message to compliance professionals is subtle but important; the risk calculus has shifted from the enterprise to the individual. If you are a principal, CCO, or decision-maker at a registered firm, the personal exposure dimension of an enforcement action is more salient today than it has been in years.
The digital assets section of this report is significant not for what the Commission did, but for what it undid. Beginning in February 2025, the Commission dismissed seven enforcement actions brought by the prior Commission involving crypto assets, including actions against Coinbase, Kraken, Binance, Consensys, and others, characterizing that shift as a "necessary course correction."
Simultaneously, the Commission launched the Cyber and Emerging Technologies Unit in February 2025 to complement the work of the Crypto Task Force, focused on combating misconduct involving blockchain technology, AI, account takeovers, and cybersecurity.
The architecture here is deliberate. The SEC is not necessarily retreating from digital asset markets; it is retreating from the registration-as-enforcement theory that defined the prior administration's approach. The new posture accepts that many digital assets exist in a regulatory grey zone and declines to resolve that ambiguity through enforcement. Instead, the agency is concentrating its digital asset resources on fraud: the Division charged Unicoin, Inc. and four executives for allegedly false and misleading statements in a token offering, and PGI Global founder Ramil Palafox for allegedly orchestrating a $198 million crypto asset and foreign exchange fraud scheme.
For digital asset managers and participants, this recalibration is both an opportunity and a deferred risk. The opportunity is real: the registration gun has been holstered. Firms that were operating under the shadow of potential enforcement for offering unregistered securities now have meaningful breathing room. But the deferred risk is equally real: the absence of a clear regulatory framework, which Congress is still working to provide, means that conduct which feels permissible today could be re-characterized under a future administration. The current posture is a product of leadership, not law.
The report's treatment of investment advisers is, in some respects, the most instructive section for the private fund community, precisely because it is so understated. The headline cases are not about fee structures or fund-level conflicts. They are about basic fiduciary failures.
The Commission brought an action against Vanguard Advisers for failing to adequately disclose conflicts of interest when recommending clients enroll in a fee-based advisory service, and the Cutter Financial Group matter resulted in a trial verdict against an investment adviser for recommending insurance products that paid substantial upfront commissions without adequate conflict disclosure.
Neither of these is a novel theory. Both are core Section 206 Investment Advisers Act violations, the kind that have existed since the statute was enacted. What they signal, in the current context, is that while the Commission has stepped back from structural and policy-driven enforcement, it has not stepped back from fiduciary enforcement. The duty to disclose conflicts, to act in clients' best interests, and to avoid misleading representations remains fully intact and fully enforced.
For private equity and other private fund managers, this matters because the conflicts landscape is dense. Fee allocations, co-investment economics, GP-affiliated service providers, portfolio company transactions; these are areas where disclosure adequacy is genuinely fact-intensive and where the line between acceptable practice and actionable omission can be narrow. The Commission's relative quiet on the structural side of private fund regulation (following the vacatur of several Gensler-era private fund rules) should not be read as indifference to conduct-level violations.
One underreported element of the FY2025 report is its emphasis on cooperation and self-reporting. The Commission noted that some market participants self-reported violations, cooperated meaningfully with investigations, and remediated securities law violations, resulting in reduced civil penalties or declined enforcement actions.
This is not new doctrine, but the prominence given to it in this release suggests an intentional signaling effort. In an enforcement environment that is running fewer total actions but scrutinizing fraud more intensively, the cooperation credit framework becomes more valuable, not less. Firms that identify potential violations internally, self-report in good faith, and demonstrate genuine remediation are, under the current Commission's framework, buying themselves meaningful downside protection.
For RIAs and private fund managers with active compliance functions, this argues for investing in genuine self-assessment infrastructure, not just policies that satisfy examination criteria, but programs that actually surface issues before they become referrals.
The FY2025 enforcement results, read carefully, tell a consistent story: the SEC under Chairman Atkins has made a values-level commitment to fraud-first, individual-accountability enforcement, has formally rejected the structural and theory-driven enforcement model of its predecessor, and has signaled credibly that digital asset participants, off-channel communicators, and "dealer" designation targets are no longer in the crosshairs.
But the story has a flip side. Fiduciary duty is not deregulated. Disclosure is not optional. Fraud is, if anything, being pursued more aggressively on a per-case basis. And the elevated focus on individual wrongdoers means that the executives, principals, and compliance officers at registered firms carry more personal exposure per violation than at any recent point in the Commission's history.
The environment has changed; the fundamentals have not.
It would be a mistake, and a consequential one, to interpret this report as a regulatory exhale. The Commission's recalibration is real, but it is not a reduction in the underlying obligations that govern registered firms and their principals. At CRC-Oyster, our view is straightforward: this is precisely the kind of inflection point that tempts firms to ease their foot off the pedal, and precisely the moment they should not. Rigorous, meaningful compliance programs are not built for any single administration's enforcement priorities; they are built for the enduring principles that underlie the securities laws: putting client interests first, disclosing conflicts completely and honestly, and operating with integrity across every function of the business. The regulatory landscape will continue to shift. The firms that weather those shifts best are the ones that maintain strong compliance cultures independent of what the enforcement calendar looks like in any given year, cultures that treat fiduciary duty not as a legal floor to be managed, but as a genuine operating standard. Flexibility in response to regulatory change is a virtue; complacency is a liability.
At CRC-Oyster, we work closely with registered investment advisers, private fund managers, and participants across the digital asset landscape to translate regulatory shifts like these into practical, defensible compliance frameworks. Whether you are revisiting your conflicts disclosure practices in light of the Commission's continued fiduciary focus, assessing your digital asset activities against the new enforcement posture, stress-testing your self-reporting protocols, or preparing for examinations that will inevitably reflect these new enforcement priorities, we bring both the technical depth and the regulatory perspective to help you navigate this terrain.
The SEC has told you what it values and what it will prosecute. The question is whether your compliance program reflects that reality, or the one that existed three years ago.
We are here to help you answer that question honestly, and to build from there.
Reach out to the CRC-Oyster team to discuss what the FY2025 enforcement results mean for your firm specifically.
Anti-money laundering (AML) compliance has long been a foundational obligation for broker-dealers and a growing […]
State Trust Companies, Regulatory Evolution, and the Long Journey Toward Durable Digital Asset Markets How […]
Artificial intelligence and automated decision tools are rapidly becoming embedded in the operational and compliance […]
Anti-money laundering (AML) compliance has long been a foundational obligation for broker-dealers and a growing […]
State Trust Companies, Regulatory Evolution, and the Long Journey Toward Durable Digital Asset Markets How […]
Artificial intelligence and automated decision tools are rapidly becoming embedded in the operational and compliance […]
