Top 5 SEC Enforcement Developments for Q4 2025

We publish a periodic roundup of the most important SEC enforcement developments for busy in-house lawyers and compliance professionals. Despite the longest government shutdown in U.S. history, which ran from October 1 to November 12, 2025, the SEC closed out 2025 with a series of consequential enforcement developments and policy signals. Here, we examine:

• Notable statements from SEC Chairman Paul Atkins outlining reforms to the Wells process, a recalibration of the SEC’s approach to digital assets, and a broader vision for revitalizing U.S. capital markets;
• The voluntary dismissal of a high-profile cybersecurity enforcement action;
• A final judgment entered in an SEC suit for a broker dealer’s internal control deficiencies around material non-public information;
• An action against former company executives for concealing that a barred individual served as an executive; and
• Recent developments in crypto-related enforcement.

1. Chairman Atkins Signals Procedural Reform, Crypto Recalibration, and a Broader Pro-Markets Agenda

Chairman Atkins’s Q4 2025 statements relayed an enforcement philosophy focused on procedural fairness, regulatory clarity, and capital formation.

Wells Process Reform

In an October 7, 2025 keynote address at Fordham School of Law, Chairman Atkins announced significant reforms to the SEC’s Wells process, emphasizing the need to enhance procedural integrity, transparency, and due process in enforcement investigations. Key themes included providing respondents with clearer notice of the SEC’s theories under consideration, improving engagement between enforcement staff and counsel, and ensuring that Wells submissions meaningfully inform Commission decision-making. Chairman Atkins also outlined expectations for expanded timeframes for Wells submissions (at least four weeks) and the sharing of key investigative materials. Although the remarks suggest a deliberate shift away from a perception of the Wells process as pro forma and toward a more balanced pre-charging framework, it remains to be seen how it will function in practice. 

“Project Crypto” and Digital Asset Clarity

On November 12, 2025, Chairman Atkins unveiled additional details about “Project Crypto,” signaling a substantive shift in the SEC’s approach to digital assets. As discussed in our November 19, 2025 client alert, the initiative aims to provide clearer standards for determining when digital assets constitute securities and to develop viable registration pathways for crypto firms operating in U.S. markets. The speech reflects an effort to move beyond regulation-by-enforcement toward more predictable compliance expectations for market participants.

Revitalizing America’s Markets

On December 2, 2025, Chairman Atkins closed the quarter with remarks at a New York Stock Exchange event focused on “revitalizing America’s markets” as the country approaches its 250th anniversary. Framed in historical terms, the speech underscored the SEC’s role in promoting efficient capital formation, market integrity, and global competitiveness. In particular, Chairman Atkins emphasized that disclosure requirements and other regulations have proliferated beyond their original purpose, creating “regulatory creep” that increases cost and complexity without proportionate investor benefit, and that reform is needed. These remarks provide further detail about Chairman Atkins’ “Make IPOs Great Again” initiative and appear to reinforce that the SEC’s enforcement policy is being situated within a broader pro-markets agenda.

2. SEC Voluntarily Dismisses SolarWinds Cybersecurity Enforcement Action

On November 20, 2025, the SEC voluntarily dismissed its high-profile enforcement action against SolarWinds Corporation and its Chief Information Security Officer. In late 2020, certain SolarWinds customers discovered that nation state threat actors had accessed the Company’s systems and inserted malicious code into its Orion software platform (the “SUNBURST attack”). The SEC alleged that SolarWinds and its CISO engaged in scienter-based securities fraud by making false or misleading statements about the company’s cybersecurity practices and risks, including statements concerning “multiple successful intrusions” into Orion, which the SEC described as the company’s “crown jewel.” The case had been closely watched as a test of the SEC’s willingness to pursue individual liability and expansive disclosure theories in the cyber context. 

As discussed in our July 23, 2024 client alert, Judge Engelmayer of the Southern District of New York previously dismissed nearly all of the SEC’s claims against SolarWinds arising from the Company’s Forms 8-K disclosing the SUNBURST attack, cybersecurity risk disclosures in its annual and other SEC filings, and its internal accounting controls. As a result, the case was narrowed to a few remaining fraud claims based on a security statement published on the company’s website.

As discussed in our November 24, 2025 client alert, while a single voluntary dismissal does not define future enforcement policy, the conclusion of the SolarWinds case is notable. The SEC’s dismissal suggests that it may exercise increased caution in bringing cybersecurity fraud cases without a material misstatement in an SEC filing or comparable investor-focused disclosure.

3. SEC Enters Consent Judgment Against Broker Dealer for Internal Control Deficiencies

On December 2, 2025, the U.S. District Court for the Southern District of New York entered a final consent judgment in the SEC’s enforcement action against broker-dealer Virtu Americas LLC for failing to establish, maintain, and enforce policies and procedures reasonably designed to prevent the misuse of customers’ material nonpublic information (“MNPI”). Virtu Americas consented to entry of the judgment without admitting or denying the SEC’s allegations.

The SEC’s amended complaint alleged that from at least January 2018 to April 2019, deficiencies in Virtu’s controls created an unreasonable risk that customer MNPI could be accessed or misused in proprietary trading activities. In particular, the SEC claimed that a relevant database was accessible to employees, including proprietary traders, “through two sets of widely known and frequently shared generic usernames and passwords,” even though defendants told the public that the broker-dealer used “systemic separation between business groups” to safeguard customer MNPI.  The complaint asserted that these practices violated Sections 17(a)(2) and (a)(3) of the Securities Act and Section 15(g) of the Exchange Act. 

The final consent judgment permanently enjoins Virtu Americas from violating Section 15(g) of the Exchange Act and orders it to pay a civil monetary penalty of $2.5 million. Pursuant to the settlement terms, the SEC agreed to dismiss all other claims against Virtu Americas and its parent company.

This case reflects the SEC’s continued insider trading focus as seen in other final consent judgments recently obtained by the SEC, including against Bryan Scott McMillan, charged with insider trading for trading securities based on MNPI involving Apollo Endosurgery, and Anthony Viggiano, a former financial industry analyst who the SEC alleged learned of M&A transactions before public disclosure and tipped off his friends. 

4. SEC Charges Former Public Company Executives with Concealing Management Role and Financial Misstatements

On December 15, 2025, the SEC announced charges against three former executives of Ammo, Inc. (now Outdoor Holding Co.), alleging accounting and disclosure fraud. According to the complaint, two of the executives repeatedly made materially false and misleading statements in the company’s public SEC filings and financial statements to conceal unfavorable information about management and operations, including the undisclosed executive role of co-founder Christopher D. Larson, who was barred by a 2020 federal court order from serving as an officer or director of a public company for five years.  The SEC further alleges that Larson’s undisclosed involvement enabled him to lead major business operations and arrange transactions benefiting himself or family members, and that Ammo’s financial reports contained fundamental accounting errors that the other defendants knowingly certified.

The complaint charges all defendants with violations of the Securities Act and Exchange Act antifraud provisions, and two of the defendants with falsifying books and records, lying to auditors, false certifications, and Sarbanes-Oxley reimbursement requirements. The SEC seeks injunctions, penalties, officer/director bars, disgorgement, and reimbursements. 

Separately, Ammo agreed in a related administrative proceeding to cease and desist from violations of multiple securities laws and to an undertaking requiring it to implement compliance recommendations within two years.

5. Crypto Enforcement Continues Alongside Policy Reorientation

While Chairman Atkins has emphasized regulatory clarity and registration pathways for digital assets, the SEC continued to pursue enforcement actions targeting alleged fraud and misconduct in the crypto markets.

FTX-Related Final Judgments

On December 19, 2025, the SEC filed proposed final consent judgments in two related enforcement actions against former FTX executives Gary Wang and Nishad Singh, as well as Alameda Research’s former CEO, Caroline Ellison. The underlying complaints, originally filed in the U.S. District Court for the Southern District of New York in December 2022 and February 2023, alleged that these defendants participated in schemes to defraud investors by falsely representing the safety and risk management of FTX’s crypto trading platform and by exempting Alameda from risk mitigation controls, allowing diversion of customer funds. Without admitting or denying the allegations, the defendants consented to injunctions against future violations of the federal securities laws and agreed to conduct-based injunctions and officer-and-director bars as part of the final judgments, subject to court approval. The judgments resolve longstanding enforcement actions arising from the collapse of FTX.

SEC Targets Social Media-Driven Crypto Investment Scheme

On December 22, 2025, the SEC charged three purported crypto asset trading platforms and four investment clubs with operating schemes that defrauded U.S. retail investors of at least $14 million. According to the SEC’s complaint, from at least January 2024 through January 2025, the investment clubs solicited investors via social media and WhatsApp groups, using purported AI-generated investment tips to gain trust and then directed them to fund accounts on the fake trading platforms, which falsely claimed government licenses and offered nonexistent “Security Token Offerings.”  When investors attempted withdrawals, they were allegedly charged advance fees, and funds were misappropriated and routed overseas. The complaint, which the SEC filed in the U.S. District Court for the District of Colorado, alleges violations of the anti-fraud provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934, and the SEC seeks permanent injunctions, civil penalties, and disgorgement with prejudgment interest.