Subject to Inquiry

Subject to Inquiry

THE LATEST ON GOVERNMENT INQUIRIES AND ENFORCEMENT ACTIONS

Government Investigations and White Collar Litigation Group
Enforcement and Prosecution Policy and Trends

SEC Enforcement Speaks in 2026: Enforcement Division Moves “Full Steam Ahead” with Focus on Quality over Quantity, Procedural Fairness, and Targeted Pursuit of Non-Fraud Violations

By E. Andrew Southerling, Gary Leung, David Aladdin Mollenkamp and James Hornsby

At the 2026 SEC Speaks Conference held in Washington, D.C., Acting Enforcement Director Sam Waldon declared that the Commission’s Enforcement Division is moving “full steam ahead” by focusing on quality over quantity and bringing actions against those who “lie, cheat, and steal.” With case quality as the Division’s benchmark, Waldon rejected traditional metrics—case counts, penalty totals, and aggregate dollar amounts—as effective measures of the SEC’s enforcement program.

In their remarks, Waldon and senior Enforcement leaders emphasized the Division’s commitment to transparency and procedural fairness, as embodied by recent revisions to its Enforcement Manual.[1] The more prominent revisions are intended to foster robust two-way engagement with defense counsel during the Wells process, and articulate clearer guideposts for the Staff’s assessment of public company cooperation under the Seaboard factors and corporate penalties under the Commission’s 2006 Penalty Statement.[2] Waldon also confirmed that the Division will continue to bring non-fraud cases in the right circumstances, but with a more thoughtful approach that distinguishes between an entity that makes “an honest mistake, recognizes the mistake, fixes the mistake, takes steps to remediate and improves internal controls”—circumstances unlikely to yield an enforcement action—and one that “engages in multiple mistakes, doesn’t think it’s a mistake, covers up the mistake, [and] didn’t take steps to remediate.”

Quality over Quantity: Prioritization of Fraud that Harms Investors or Imperils Market Integrity

Acting Director Waldon reaffirmed that investor protection is the Division’s guiding principle. The Division will focus on core case types including insider trading, financial accounting and disclosures, offering fraud, market manipulation, and fiduciary duty violations by investment advisers. Waldon also highlighted the continued work of the Division’s cross-border task force, a group focused on pump-and-dump schemes involving certain exchange-traded foreign-based U.S. issuers, and potential misconduct by the gatekeepers—including auditors, underwriters, and other capital markets participants—who assisted those companies in accessing the U.S. capital markets.  

When detailing this “back to basics” approach to enforcement, senior Enforcement leaders referred to Chairman Atkins’ Keynote Address at the October 2025 A.A. Sommer, Jr. Lecture, where he defined the Division’s primary enforcement remit as vigorously responding to misconduct that distorts capital raising and victimizes investors. Examples cited by senior Enforcement leaders included enforcement actions charging defendants with defrauding retail investors, seniors, and other vulnerable individuals,[3] AI-washing misrepresentations by a privately-held startup company,[4] a private company offering fraud that involved the defendant’s dissemination of fake financial statements and audit reports, and abusive trading practices that detrimentally impact market integrity, such as insider trading by employees of a company that assisted clients with their SEC EDGAR filings.[5]

As for financial accounting fraud, the Enforcement Division’s Chief Accountant Ryan Wolfe made clear that SEC accounting cases are “not dead.” He echoed, however, the Staff’s persistent theme that even in this enforcement lane, the Division does not dwell on numbers but rather the message that an action will send to public companies, their executives, and audit gatekeepers. According to Wolfe, those message cases are ones that involve a fundamental disconnect between how management internally views its financial results, and how those results are externally communicated to investors. The Staff will be investigating misstatements that affect multiple areas of public company disclosure—filed financial statements, earnings calls, investor days, and other components of a company’s SEC filings. When the c-suite falls down on its responsibility to foster a culture of compliance, and there is top-down pressure to create a false financial narrative, registrants should expect robust SEC enforcement activity. Wolfe also opined that non-GAAP disclosure may often be material to investors—after all, management has seen fit to make such public disclosure—and that he views reasonable controls around non-GAAP disclosure as a must. Enforcement Chief Accountant Wolfe highlighted that the Division has recently been approved to create a new SOX Group which “will investigate and litigate matters involving potential violations of auditing and related professional standards and provisions of the Sarbanes-Oxley Act and other relevant federal securities laws.”[6] The authorization of spending for this group demonstrates that financial reporting and auditor cases will likely be a Division priority moving forward.

Senior Enforcement leaders further delineated the Commission’s enforcement approach to investigating broker-dealers and investment advisers. Key factors that drive the decision to investigate are whether the conduct-at-issue amounts to fraud, the intentionality of that conduct, the duration of the securities law violations, the magnitude of harm to brokerage customers or advisory clients, and whether individual accountability is warranted. For broker-dealers, the Enforcement Staff is prioritizing matters involving misappropriation of customer funds, cherry-picking, churning, and unauthorized trading. As to investment advisers, the Staff is focused on matters involving misappropriation of client funds, the failure to safeguard their assets, undisclosed conflicts of interest, including those that arise from private fund fees and expenses, misleading investment strategy disclosures, cherry-picking schemes, prohibited principal trades, and fraudulent valuation practices. Senior Enforcement leaders discussed matters involving fiduciary breaches arising from an adviser’s conflicted investment of client assets in a SPAC offering,[7] a private fund adviser’s breach of both his duty of care and duty of loyalty when investing fund assets in a Ponzi scheme despite his conflicts of interest and awareness of red flags,[8] AML violations by an OTC securities market maker who failed to file SARs because the broker-dealer did not review or investigate activity that was flagged by its own exception reports and then falsified documentation to cover up those failures,[9] and a policies and procedures charge against the NYSE in connection with its failure to conduct opening auctions for over 2,800 securities due to a critical systems disruption.[10]

Transparency and Procedural Fairness: Changes to the Wells Process and Clarity Around Seaboard Cooperation and the Commission’s 2006 Corporate Penalty Statement

Acting Director Waldon and senior Enforcement leaders expanded upon the Division’s renewed commitment to transparency and fairness, which Waldon described as the motivating force behind recent changes to the Enforcement Manual.[11]

Senior Enforcement leaders highlighted two aspects of its refined Wells process: first, the Enforcement Manual’s general statement that the Staff should provide salient and probative evidence to a Wells recipient when they have reason to believe that the recipient is unaware of that material, and second, an explicit four-week time period for the recipient to make a Wells submission, subject to further extension for good cause, and a post-Wells meeting with senior Staff that must occur no later than four weeks after the Staff’s receipt of the Wells submission.

Cautioning that outcomes may differ but emphasizing that the Staff will strive for uniformity, the Division’s Chief Counsel, Mark Cave, articulated ground rules for the Staff’s provision of salient and probative evidence to a Wells recipient. Absent obstruction by the Wells recipient or circumstances showing that the party is seeking an unfair advantage (for example, requesting access to the SEC’s investigative file before sitting for investigative testimony), the Staff should provide key documents evidencing the relevant misconduct, particularly evidence in a fraud case showing what the asserted misrepresentations or misleading statements are, the Wells recipient’s culpable state of mind or conduct as to scienter or negligence, and the materiality of those misstatements. Further, Staff should provide investigative testimony transcripts and marked exhibits, or excerpts of those materials when anonymity is required. However, these prescribed rules of the road are subject to the Staff’s considerable discretion over what materials to turn over. The need to preserve the integrity of the Staff’s investigative record (e.g., where provision of documents risks witness tampering, the disclosure of PII or trade secrets, or would subject a witness to retaliation), and the need to move forward efficiently (i.e., this aspect of the Wells process does not permit an investigated party to conduct a lengthy reverse-fishing expedition into the record), are two broad and less than fully defined circumstances that warrant less, rather than more, disclosure by the Staff. Finally, unlike a criminal proceeding, the SEC has no Brady obligation to produce exculpatory evidence in a federal court civil enforcement action.[12] Nonetheless, senior Enforcement leaders announced that during the Wells process, Enforcement should provide, if salient, exculpatory evidence to a Wells recipient, although this does not mean the Staff will undertake a scouring of the record for such evidence.

The revised Enforcement Manual sets a consistent timetable for Wells submissions and the subsequent Wells meeting with senior Staff—four weeks from the notice for Wells submissions, and no longer than four weeks from the submission for the Wells meeting. Senior Enforcement leaders urged that this new timing allows for a full ventilation of the relevant issues, sets clear expectations for both sides that will allow them to operate on a common timeline, and thus move through the Wells process with efficiency that benefits both parties. As for the SEC attendees at a Wells meeting, Deputy Director David Morrell stressed that senior Staff means an Associate Director or Specialized Unit Chief, Deputy Director, or the Director of Enforcement. Wells recipients are not guaranteed a particular SEC senior officer, nor are they guaranteed multiple meetings. According to Morrell, Wells submissions will be fully considered and escalated all the way up the reporting chain, whether all stakeholders attend the Wells meeting itself.

In tandem with their discussion of fair process at the Wells stage, Waldon and senior Enforcement officers sought to provide industry with greater clarity on the Enforcement Division’s approach to corporate penalties. Chief Counsel Cave anchored his remarks to the Commission’s 2006 Statement Concerning Financial Penalties, which he described as containing evergreen, or continuing, principles.[13] Under the 2006 Penalty Statement, the Division’s primary threshold considerations for public company penalties are the presence or absence of a direct benefit to the corporation from the violations and the degree to which the penalty will recompense or further harm the injured shareholders.[14] Thus, Staff will examine whether the company benefited by going public or conducting a secondary offering using material misrepresentations, acquiring a company with fraudulently inflated shares, or artificially maintaining a credit rating to issue debt at favorable terms. The feasibility of a fair fund that would eventually distribute penalties to harmed investors is also a significant factor. It is notable that the revised Enforcement Manual now specifically incorporates the 2006 Penalty Statement framework. According to Chief Counsel Cave, that penalty statement operates in tandem with the Seaboard factors that the Staff must credit when determining whether a company’s cooperation should factor when assessing corporate penalties.

Of the four Seaboard factors—self-policing, self-reporting, remediation, and cooperation—the senior Enforcement leaders’ messaging centered on remediation. Examples of effective remediation included clawing back compensation from responsible corporate executives, making prompt corrective disclosures, and devoting additional resources to compliance and training such as hiring new accounting staff to address the subject failures. To provide a concrete illustration, the senior Enforcement leaders discussed a recent enforcement action charging a public company with concealing its management by a previously barred executive, undisclosed related party transactions, and fraudulent financial reporting.[15] Despite this extensive corporate misconduct, the Commission’s settled order did not impose a corporate penalty. As found by the Commission’s order, the company’s remedial efforts were extensive: it replaced senior management officials, increased accounting staff, addressed problems leading to stock compensation expenses, increased training for accounting staff, amended accounting policies, created a new process for identifying and disclosing related-party transactions, and established a formal disclosure committee including key management members.

Enforcement of “Non-Fraud” Securities Law Violations in the Appropriate Circumstances

Although fraud cases remain the division’s highest priority, Waldon emphasized that certain non-fraud requirements of the federal securities laws serve a critical prophylactic function and in the right circumstances may be the proper subject of an enforcement action. Senior Enforcement leaders articulated the circumstances that may warrant charging non-fraud violations: where a regulated entity’s compliance failures pose a risk to investors or market integrity, and when that break down in compliance – while not constituting securities fraud – allows the entity to obtain a material benefit. Additional factors include regulatory violations that negatively impact the fairness or liquidity of the U.S. securities markets, violations by securities law recidivists, and violative conduct that is a widespread industry practice thereby heightening risk to market integrity and investors. On the other hand, the senior Enforcement leaders signaled that further investigation of non-fraud violations may not be an efficient use of enforcement resources when a registrant has already worked with the SEC’s Division of Examinations to effectively address and remediate any compliance deficiencies within the confines of an examination. However, a lack of cooperation with the Exams Staff and the failure to remediate to their satisfaction could tip the scale towards an enforcement referral and consequent investigation. Senior Enforcement leaders highlighted recent non-fraud enforcement actions charging broker-dealer violations of the net capital requirements,[16] an investment adviser’s violation of the custody rule,[17] and violations of the securities and broker-dealer registration provisions by a promoter who did not engage in fraud but had participated in a $160 million Ponzi scheme.[18]

Open Questions about the Legal Standard for Disgorgement

Chief Litigation Counsel Nicholas Grippo addressed the open legal question regarding what showing the SEC must make to justify a disgorgement order. The Supreme Court granted certiorari in one of the circuit court cases discussing the issue. That case will be argued on April 20th with a decision expected by the end of the term. Chief Litigation Counsel Grippo highlighted the Second Circuit’s decision in Govil. In that case, the Second Circuit opined on whether disgorgement requires a showing of pecuniary harm to investors, holding that disgorgement must be tethered to actual investor harm. In so doing, the Second Circuit adopted a narrow reading of the Supreme Court’s decision in Liu v. SEC, 591 U.S. 71 (2020). Under the Govil court’s view, disgorgement orders without a showing of actual investor harm risk becoming a de facto penalty. This standard requires the SEC to make a greater showing against parties in the Second Circuit than in other circuits. The First Circuit’s decision in SEC v. Navellier upheld the SEC’s authority to seek disgorgement without proof of pecuniary harm, as did the Fifth Circuit’s decision in SEC v. Hallam, which emphasized that Congress’s 2021 enactment of 15 U.S.C. § 78u(d)(7) authorized disgorgement as a legal remedy freed from traditional equitable constraints. In Sripetch v. SEC, in which the Supreme Court granted certiorari, the Ninth Circuit sided with the First and Fifth Circuits.[19] The outcome of the Supreme Court’s decision will have significant implications for the scope of monetary remedies available to the SEC.

Key Takeaways

  • A more balanced Wellsprocess—but expect negotiation.The revised Enforcement Manual and the Division’s stated commitment to transparency provide defense counsel with a stronger foundation for requesting and obtaining access to key portions of the investigative record. Counsel should be prepared to affirmatively request access to salient documents and testimony, frame requests in terms of the principles articulated by Chief Counsel Cave and expect a more consistent process across offices. However, senior Enforcement leaders have made clear they retain discretion over what portions of the record to share, and outcomes may differ from case to case. Notably, the staff is not undertaking to scour the record for exculpatory material, though salient exculpatory documents considered by the Staff in making its own preliminary determination should be made available. As a practical matter, defense counsel should anticipate meaningful negotiation with the Staff over the scope of access under the revised manual guidelines.
  • Cooperation and remediation matter more than ever. The Division’s emphasis on quality over quantity signals that entities which self-report, remediate, and improve internal controls will likely be better positioned to avoid enforcement action.
  • Frame corporate penalty arguments around the 2006 Penalty Statement and the Seaboard factors. The Division has made clear that corporate penalty recommendations will be evaluated through the lens of the 2006 guidance and that defense counsel should engage with the Staff using that framework. Arguments focused on the absence of corporate benefit, harm to current shareholders, and the availability of a fair fund will be most effective.
  • Accounting cases remain a priority as are certain “non-fraud” violations. Companies should not assume a diminished enforcement focus on financial reporting. The Division is actively pursuing accounting and disclosure cases and evaluating the “total package of information” presented to investors as evidenced by the SEC’s ongoing hiring of a new SOX Group, including non-GAAP measures and disclosures outside of Commission filings. Similarly, when an investment adviser or broker-dealer’s compliance failures are pervasive, are not remediated, pose a risk to investors or market integrity, and materially benefit a registrant, the violations are not a mere “foot fault” that the Enforcement division will categorically ignore.

About McGuireWoods’ Securities Enforcement & Regulatory Counseling Team

McGuireWoods is a national leader in securities enforcement defense. The team is comprised of former senior SEC and FINRA enforcement attorneys and litigators, as well as high-level federal prosecutors, and are experienced at managing every stage of complex regulatory investigations. Our team builds upon decades of experience of practicing before government agencies and regularly represents financial firms, audit committees, public companies, and their members, professionals and executives in internal and government criminal and civil investigations. For more information about the article, please contact any of the authors.

[1] For more information about the updates to the Enforcement Manual, please see McGuireWoods’ article “SEC Division of Enforcement Announces Significant Updates to Enforcement Manual,” https://www.mcguirewoods.com/client-resources/alerts/2026/2/sec-division-of-enforcement-announces-significant-updates-to-enforcement-manual/.

[2] Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934 and Commission Statement on the Relationship of Cooperation to Agency Enforcement Decisions (“Seaboard Report”), Securities Exchange Act of 1934 Release No. 44969 (Oct. 23, 2001); Statement of the Securities and Exchange Commission Concerning Financial Penalties, SEC Release No. 2006-04 (Jan. 4, 2006).

[3] SEC Release No. 2025-98; SEC Litigation Release No. 26298 (Apr. 30, 2025).

[4] Securities and Exchange Commission v. Albert Saniger, No. 1:25-cv-02937 (S.D.N.Y. filed Apr. 9, 2025).

[5] SEC Litigation Release No. 26380 (Aug. 21, 2025).

[6] Supervisory General Attorney (SOX Group), U.S. Sec. & Exch. Comm’n, Announcement No. 26-EX-12903718-MJB, USAJOBS, https://www.usajobs.gov/job/861178200 (last visited Apr. 2, 2026).

[7] SEC Investment Advisors Act of 1940 Release No. 6940 (Jan. 16, 2026).

[8] SEC Litigation Release No. 26375 (Aug. 15, 2025).

[9] SEC Administrative Proceeding File No. 3-22609 (Mar. 6, 2026).

[10] SEC Administrative Proceeding File No. 3-22608 (Mar. 6, 2026).

[11] For more information about the updates to the Enforcement Manual, please see McGuireWoods’ article “SEC Division of Enforcement Announces Significant Updates to Enforcement Manual,” https://www.mcguirewoods.com/client-resources/alerts/2026/2/sec-division-of-enforcement-announces-significant-updates-to-enforcement-manual/.

[12] See SEC v. Pentagon Capital Management PLC, 2010 WL 4608681, *2 (S.D.N.Y. Nov. 12, 2010) (“In light of the right to conduct extensive pretrial discovery afforded defendants in SEC civil enforcement actions, and the extensive discovery that Defendants have been able to conduct in this proceeding, there is no basis for extending Brady or Giglio to this proceeding.”). In contrast, enforcement proceedings litigated as an SEC administrative proceeding do not provide for the same wide-ranging discovery as that available in federal court, and the SEC’s Rules of Practice have adopted a Brady requirement for that forum. See In the Matter of Options Express, Inc., et al., SEC Release No. 9466, 2013 WL 5635987, *3 (Comm’n op.) (Oct. 16, 2013).

[13] SEC Release No. 2006-4 (Jan. 4, 2006).

[14] See id. (first stating this principle using a similar phrase).

[15] SEC Securities Act of 1933 Release No. 11397 (Dec. 15, 2025).

[16] SEC Administrative Proceeding File No. 3-22504 (Aug. 6, 2025) (in which MUFG settled by paying a $9.8M penalty in a no-admit, no-deny settlement).

[17] SEC Investment Advisors Act of 1940 Release No. 6941 (Jan. 20, 2026).

[18] SEC Litigation Release No. 26490 (Feb. 24, 2026).

[19] U.S. Securities and Exchange Commission v. Ongkaruck Sripetch, et al., 154 F.4th 980 (9th Cir. 2025).

Enforcement and Prosecution Policy and Trends, Fraud, Deception and False Claims, Government Contracts

New Executive Order Targets DEI Practices by Federal Contractors, Imposes Mandatory Contract Clause and FCA Liability

By Edwin O. Childs, Abram J. Pafford, Jack White, John Adams, Elissa Baur, James Dougherty, Brett Barnett, Michael J. Podberesky, David Greenspan, John E. Thomas, Jr., WIlliam Doyle, Elena Marcuss, Michael R. Phillips, Jason M. Vespoli, John Sullivan and Sophie Marsh

Continuing his Administration’s efforts to eliminate diversity, equity, and inclusion (DEI) activities, President Donald Trump signed an executive order, “Addressing DEI Discrimination by Federal Contractors,” on March 26, 2026 that directs all executive departments and agencies to include a new clause in all federal contracts and subcontracts prohibiting what the order defines as “racially discriminatory DEI activities.” The order represents another escalation of the Administration’s efforts to restrict DEI programs in the federal contracting space — building on Executive Order 14173 and the Department of Justice’s May 2025 Civil Rights Fraud Initiative — and carries substantial enforcement implications, including potential liability under the False Claims Act (FCA).

This alert summarizes the key provisions of the new executive order, analyzes the practical implications for federal contractors and subcontractors, and outlines recommended steps for compliance.

Continue Reading

Anti-Bribery and Corruption

$300 Million Reasons to Talk: FinCEN Proposes a Whistleblower Reward Program for AML and Sanctions Violations

By Lauren Mann, Garen S. Marshall and Justin Givens

On March 30, 2026, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) submitted a Notice of Proposed Rulemaking (“NPRM”) for publication in the Federal Register that would, for the first time, establish a comprehensive framework for paying monetary awards to individuals who report violations of the Bank Secrecy Act (“BSA”), U.S. sanctions programs administered by the Office of Foreign Assets Control (“OFAC”), and several other laws critical to safeguarding the financial system and national security.  The proposed rule is the culmination of a multi-year legislative effort to create financial incentives and protections comparable to the longstanding whistleblower programs administered by the U.S. Securities and Exchange Commission (“SEC”), U.S. Commodity Futures Trading Commission (“CFTC”), Internal Revenue Service (“IRS”), and other agencies.  Although FinCEN has accepted tips since launching a dedicated whistleblower portal in February 2026, the NPRM, if adopted as a final rule, would allow for the payment of substantial monetary awards from a $300 million revolving fund.  This alert summarizes the proposal’s key provisions, compares the proposed program to its federal counterparts, and identifies practical implications for financial institutions, compliance professionals, and potential whistleblowers.

Key Takeaways

  • Financial institutions subject to BSA/anti-money laundering (“AML”) and sanctions obligations should be aware that the NPRM would create a financial incentive for insiders and outsiders alike to report compliance failures directly to the government.
  • Unlike the SEC’s whistleblower program, FinCEN’s proposed framework would not impose the same eligibility restrictions on compliance officers and internal auditors.  AML and sanctions compliance personnel may qualify for awards more broadly, meaning the employees tasked with managing a firm’s compliance program could theoretically report deficiencies to FinCEN rather than escalate them internally.  While the NPRM does exclude individuals convicted of a criminal violation related to the covered action, the absence of broader culpability-based restrictions, at least as reported to date, is notable and differs from the approach taken by several other federal whistleblower programs.  Because the rule remains a proposal, additional restrictions could be introduced during the comment period or in the final rule.
  • The NPRM arrives against the backdrop of record-setting whistleblower activity across all federal programs, including more than $2.2 billion in SEC whistleblower awards since 2011, approximately $390 million in CFTC awards since 2014, and more than $1.3 billion in IRS awards since 2007.  
  • Financial institutions and other entities should treat the NPRM as a catalyst for reassessing internal whistleblower and compliance infrastructure, with a particular focus on ensuring that internal reporting channels are accessible, credible, and responsive, so that employees are more likely to raise concerns internally before turning to a financially incentivized federal program.

The Proposed Framework

The NPRM would implement the whistleblower provisions codified at 31 U.S.C. § 5323 by establishing: (1) procedures for submitting tips, including through the whistleblower portal FinCEN launched in February 2026; (2) eligibility criteria, including the requirement that the whistleblower’s information lead to a successful enforcement action resulting in monetary penalties exceeding $1 million; (3) awards of 10 to 30 percent of collected penalties; and (4) whistleblower protections, including confidentiality safeguards and anti-retaliation remedies such as reinstatement and back pay.

Covered conduct spans violations (or conspiracies to commit violations) of the BSA, the International Emergency Economic Powers Act (“IEEPA”), the Trading with the Enemy Act (“TWEA”), and the Foreign Narcotics Kingpin Designation Act.  In practice, this sweeps in BSA/AML compliance failures, inadequate suspicious activity report (“SAR”) filings, deficient customer due diligence, sanctions evasion, and fraud schemes involving virtual assets or cross-border transactions.  FinCEN has flagged specific priority areas including fraud schemes involving virtual currency or “pig butchering” scams (long-term, relationship-based investment fraud schemes in which bad actors cultivate trust with victims before inducing them to transfer funds to fraudulent platforms), falsified trade documentation concealing sanctions-related ties, and inadequate controls to detect structuring, smurfing, or other evasion tactics.

Eligibility, at least at the outset, is expansive.  For example, both U.S. and non-U.S. residents may submit tips, employees are not required to report internally first, and, as noted, compliance officers and other AML/sanctions professionals are eligible for awards.  Anonymous submissions are permitted through counsel, provided the whistleblower’s identity is disclosed before any award is paid.  However, individuals convicted of criminal violations related to the covered judicial or administrative action for which the whistleblower could otherwise receive an award are ineligible.

Awards would be paid from the Financial Integrity Fund, a $300 million revolving fund financed by monetary penalties collected under the BSA and IEEPA.

The public comment period will remain open for 60 days following the NPRM’s publication in the Federal Register.

The Federal Whistleblower Landscape

FinCEN’s proposed rule does not exist in isolation.  It enters a federal enforcement landscape in which whistleblower programs have become an established and increasingly utilized tool for reporting alleged misconduct across virtually every regulated industry.  A review of the track records of existing programs underscores the enforcement potential that FinCEN’s proposal is designed to unlock.  Similar agency programs that have expanded in recent years include:

  • SEC Whistleblower Program. Established in 2011 under the Dodd-Frank Act, the SEC’s program is the most established federal whistleblower incentive framework.  Since inception, the SEC has awarded more than $2.2 billion to 444 individual whistleblowers, with annual payouts reaching significant levels, including approximately $600 million in FY 2023, driven by a single $279 million award—the program’s largest to date.  In FY 2024, the SEC awarded a total of $255 million to 47 whistleblowers, which included a single award of approximately $98 million split between two whistleblowers.  In FY 2025, the SEC awarded a total of more than $60 million to 48 individual whistleblowers, and 82 preliminary determinations were made recommending awards.  The SEC now receives nearly 27,000 tips per year, though it has noted that a significant portion of recent tips are attributable to a small number of individuals. 
  • CFTC Whistleblower Program.  The CFTC’s program, also created under the Dodd-Frank Act, has awarded approximately $390 million since 2014, headlined by individual awards of $200 million (2021), $15 million (2023), and $42 million (2024).  In FY 2025, the program produced approximately $4.6 million in awards despite more than 1,600 tips, largely because a statutory cap on the Customer Protection Fund has required repeated emergency congressional fixes.  
  • IRS Whistleblower Program.  The IRS program has paid more than $1.3 billion in awards since 2007, generating approximately $7.4 billion in collections from noncompliant taxpayers, approximately a 6:1 return on investment.  In FY 2024, the IRS paid whistleblower awards totaling $123.5 million.  FY 2025 data is not yet available.
  • DOJ Corporate Whistleblower Awards Pilot Program.  DOJ’s Criminal Division launched its own whistleblower pilot in August 2024, and expanded it in May 2025 to cover sanctions offenses, trade and customs fraud, and material support of terrorism.  The program has attracted significant interest, receiving more than 1,100 submissions since its launch.  DOJ’s Antitrust Division followed suit, announcing its own program in July 2025 and issuing its first $1 million award in January 2026.  

Practical Implications and Recommendations

The NPRM carries significant strategic implications for financial institutions, their boards and senior management, compliance professionals, and individuals considering whether to report potential violations.  Companies should be evaluating the following areas now, rather than waiting for a final rule.

  • Strengthen internal reporting channels.  The NPRM would broadly permit AML officers, sanctions compliance staff, and financial crime investigators to receive awards between 10 to 30 percent of collected penalties, giving insiders with the deepest visibility into compliance deficiencies a direct financial incentive to report externally.  The most effective counterweight is an internal reporting program that is accessible, protective of anonymity, backed by anti-retaliation policies, and, critically, demonstrably responsive to escalated concerns.
  • Pressure-test AML and sanctions controls.  With the NPRM arriving just weeks after a record $80 million BSA penalty on a broker-dealer, compliance gaps may be more likely to reach regulators via financially motivated whistleblowers before firms can self-remediate.  Companies should review AML controls, surveillance parameters, and staffing levels now.
  • Prepare for multi-agency parallel risk.  FinCEN would share tips with OFAC, DOJ, and other enforcement agencies, meaning a single disclosure could trigger parallel investigations by agencies with independent penalty authority.  Incident response protocols should be calibrated accordingly.

Conclusion

FinCEN’s proposed whistleblower rule marks a significant expansion of the federal government’s approach in identifying alleged financial crime.  The proposal draws on a model that has generated billions of dollars in enforcement recoveries across existing federal programs, and financially incentivized whistleblower programs have expanded across multiple regulators in recent years.  Companies should treat this NPRM as an occasion to: (1) strengthen internal reporting channels, particularly for compliance personnel now eligible for substantial awards; (2) pressure-test AML and sanctions controls before a whistleblower exposes gaps; and (3) calibrate incident response protocols for multi-agency parallel risk.

McGuireWoods will continue to monitor developments related to FinCEN’s whistleblower program, including the comment period, the issuance of a final rule, and the program’s interaction with ongoing enforcement trends at the SEC, CFTC, IRS, and DOJ.  For questions about AML and sanctions compliance program design, whistleblower risk mitigation strategies, internal investigation protocols, or regulatory enforcement response, please contact the authors of this article or another McGuireWoods attorney with whom you work.

Enforcement and Prosecution Policy and Trends

White House Releases AI Legislative Recommendations—Congress Has the Blueprint, but Questions Remain

By Anthony Q. Le, Aaron R. Marienthal, Garen S. Marshall, Janet P. Peyton and David Hirsch

On March 20, 2026, the White House unveiled its National Policy Framework for Artificial Intelligence, providing a blueprint on legislative recommendations and urging Congress to act. It recommends that Congress create a unified federal standard to reduce the regulatory friction of competing state AI regimes, promote AI innovation and develop an AI-ready workforce, while ensuring the protection of children, consumers and intellectual property rights.

The framework is a serious, if incomplete, attempt to bring coherence to an enforcement landscape that has been improvising. Congress has been handed a blueprint, but whether it is able to enact comprehensive federal legislation is another matter.

Read on to learn more about the framework and how companies using AI should prepare.

Fraud, Deception and False Claims, Government Contracts

New GSA Proposal Could Expose Federally Funded Institutions With Programs Perceived as DEI-Related

By Brandi G. Howard, Farnaz Farkish Thompson, Jack White, Sarah Wake, Michael J. Podberesky, Edwin O. Childs, Maricris Prendingue and John Sullivan

The General Services Administration has proposed requiring all federal funding recipients to certify that they do not maintain diversity, equity, inclusion and accessibility programs. Recipients also would also need to certify they are not knowingly hiring or recruiting undocumented staff.

The GSA estimates the proposal would impact approximately 222,760 entities — including colleges and universities. If enacted, the certification requirements would expose grant recipients to potential liability under the False Claims Act. The deadline for public comments is March 30, 2026.

Read on to learn more about the GSA proposal and its potential impacts on federally funded institutions.

Anti-Bribery and Corruption

SEC and FinCEN Hit Broker-Dealer for Sweeping AML Compliance Failures

By Lauren Mann, Garen S. Marshall and Justin Givens

On March 6, 2026, the SEC and FinCEN announced parallel enforcement actions against a New York-based registered broker-dealer for systemic anti-money laundering (“AML”) failures, imposing combined penalties of $80 million – the largest ever imposed against a broker-dealer for BSA violations. FinCEN’s $80 million headline penalty includes credits of $20 million each to the SEC and FINRA, with $35 million payable directly to the Treasury; the SEC separately imposed a $20 million penalty and a censure. This alert summarizes the key findings, penalties, and practical takeaways for broker-dealers and other financial institutions.

Key Takeaways

  • Broker-dealers in higher-risk markets (i.e., over-the-counter (“OTC”), microcap, and penny stocks) face steep consequences for underinvesting in AML surveillance.
  • Unreviewed surveillance reports can constitute willful BSA and Exchange Act violations.
  • Customer due diligence (“CDD”) must be individualized and risk-based, not simply a box-checking exercise.
  • Firms that acknowledge AML deficiencies to regulators – whether in examination responses, corrective action plans, or consent agreements – but fail to follow through with meaningful remediation can expect regulators to treat those unaddressed findings as evidence of willfulness and an aggravating factor in penalty calculations.
  • Facially adequate AML infrastructure – such as collecting onboarding documents, generating surveillance reports, and cataloguing exception data – may be treated as no controls at all absent meaningful analysis, effective critical review, and timely follow-up on flagged activity.

Key Regulatory Findings

Inadequate AML Program

Both actions center on the broker-dealer’s underinvestment in AML controls relative to the risks of its OTC business. Key surveillance reports were not reviewed, reports that were reviewed relied on arbitrary filters and unreasonable thresholds that rendered them ineffective, and just four employees – none with AML experience or formal training – were responsible for over 100 unique surveillance reports.

Customer Due Diligence Failures

The firm risk-rated account types rather than individual customers, treated CDD as a document-collection exercise rather than an analytical tool, and failed to verify beneficial ownership or resolve obvious inconsistencies.  

Failure to File Suspicious Activity Reports

These failures resulted in at least 160 unfiled SARs across dozens of OTC securities and thousands of suspicious transactions.

Sanctions and Remedial Measures

FinCEN imposed an $80 million penalty ($5 million suspended pending a SAR Lookback), with $20 million each credited to the SEC and FINRA, leaving $35 million payable directly to Treasury.  The SEC separately ordered a $20 million penalty and a censure.

The FinCEN order requires the firm to complete a SAR Lookback Review by an independent consultant, deliver a report to FinCEN within 180 days, and file SARs on all covered transactions within 90 days after that. The firm must also cooperate with regulators on an ongoing basis and retain all relevant records for six years.

The SEC credited several remedial steps: additional AML compliance staffing, updated exception reports, revised SAR processes, retention of third-party consultants, new supervision and review protocols, and new trade surveillance tools. FinCEN, however, noted that most of these measures came late and their effectiveness remains unproven.

Practical Implications and Recommendations

Broker-dealers and other financial institutions – particularly those in higher-risk product areas – should be confident the following controls are both in place and followed:

  • Conduct a holistic review of AML controls. Firms should assess whether surveillance reports use risk-based parameters, staffing and expertise match the complexity of surveillance obligations, and quality control programs can catch gaps before regulators do. As this action illustrates, the mere existence of surveillance reports and exception-tracking systems is insufficient; regulators will expect firms to demonstrate that flagged activity is subject to meaningful analysis, timely investigation, and appropriate escalation.
  • Strengthen CDD processes. CDD programs must go beyond document collection to include individualized, risk-based assessments at onboarding and on an ongoing basis. This includes verifying beneficial ownership, investigating red flags, and updating customer risk profiles when anomalies arise.
  • Remediate regulatory findings promptly. Regulators will treat a history of acknowledged-but-un-remediated deficiencies as evidence of willfulness and an aggravating factor in penalty determinations.

Conclusion

With $80 million in combined penalties, these parallel actions rank among the most significant AML enforcement actions against a broker-dealer in recent years. The message is clear: regulators will hold firms accountable for prolonged underinvestment in AML infrastructure, and the cost of inaction far exceeds the cost of compliance.  Notably, these actions also underscore that merely having the basic infrastructure in place (i.e., collecting onboarding documents, generating surveillance reports, cataloguing exception data) is not enough; without meaningful analysis, effective critical review, and timely follow-up, those facially adequate controls may be treated as no controls at all. Firms should treat this as an occasion to pressure-test their own programs and to remediate gaps before regulators find them.

McGuireWoods will continue to monitor developments in AML enforcement involving broker-dealers, including any further actions stemming from the SEC and FinCEN’s parallel proceedings, related regulatory guidance on surveillance staffing and CDD expectations, and broader BSA compliance trends affecting firms in the OTC, microcap, and penny stock markets. For questions about AML program design and governance, SAR filing obligations, customer due diligence processes, or regulatory examination and enforcement response strategies, please contact the authors of this article or another McGuireWoods attorney with whom you work.

Fraud, Deception and False Claims

DAAG Provides Views on FCA Enforcement Focus: Targeting Discrimination, Not DEI Programs Per Se

By Edwin O. Childs, Brett Barnett, John Adams, Jack White, Brandi G. Howard, Elissa Baur, John S. Moran, Michael J. Podberesky, Jason M. Vespoli, Maura Naehr, Sophie Marsh and John Sullivan

At the Federal Bar Association’s 2026 Qui Tam Conference on February 19, 2026, Brenna Jenny, Deputy Assistant Attorney General (DAAG) in the U.S. Department of Justice’s (DOJ) Commercial Litigation Branch, delivered a keynote speech on enforcement priorities under the False Claims Act (FCA) with respect to diversity, equity, and inclusion (DEI) programs.  Jenny’s reported remarks provided insight into DOJ’s enforcement priorities and viewpoints on FCA enforcement.  A key takeaway from Jenny’s presentation is that, from her perspective, DOJ is not investigating federal contractors and grant recipients for having DEI programs, but rather for potentially engaging in discrimination through their implementation of those programs.  She emphasized that companies can engage in discrimination with or without DEI programs and can also operate DEI programs without engaging in discrimination.

Continue Reading

Enforcement and Prosecution Policy and Trends, Securities and Commodities

When AI Isn’t Privileged, Confirmed: SDNY’s Written Opinion Elaborates on Confidentiality, Work Product, and Waiver

By Garen S. Marshall, David Hirsch, Aaron R. Marienthal, Jeffrey P. Ehrlich, Elizabeth Peters and Alice Moscicki

On February 10, 2026, U.S. District Judge Jed Rakoff of the Southern District of New York issued a bench ruling holding that a defendant’s use of generative AI to analyze legal exposure is not protected under attorney-client privilege or the work product doctrine. See When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected. On February 17, 2026, Judge Rakoff issued a written opinion confirming the bench ruling and adding important analysis. This client alert outlines what the written opinion adds on confidentiality, work product, and waiver, and details the practical implications and open questions left by Judge Rakoff’s opinion.

Continue Reading

Enforcement and Prosecution Policy and Trends, Miscellaneous

OFAC Enforcement Action Against Academic Institution Provides Important Compliance Guidance

By Patrick Rowan, Alex J. Brackett, Farnaz Farkish Thompson and Sarah Wake

On February 12, 2026, Treasury’s Office of Foreign Assets Control (OFAC) announced the settlement of an enforcement action against IMG Academy (“IMG”) that highlighted the sanctions risks that U.S. academic institutions face and the steps OFAC recommends the institutions to take the address the risks.  The enforcement action stemmed from IMG accepting tuition payments from two Specially Designated National (“SDN”) individuals who had been sanctioned under the Foreign Narcotics Kingpin Designation Act for providing support to a sanctioned Mexican Drug Trafficking Organization (“MDTO”).

IMG is an elite sports training and boarding school for grades 6-12 that is located in Bradenton, Florida.  IMG’s student body includes athletes from all over the world. In two separate instances, SDNs enrolled their children in IMG’s boarding programs, entering into yearly tuition contracts for each academic year. One child of an SDN attended IMG for five academic years, from 2018 until graduation in 2023.  The other child attended IMG for two academic years, from 2020 to 2022. Tuition for each child was around $100,000 a year.

Continue Reading

Enforcement and Prosecution Policy and Trends, Securities and Commodities

When AI Isn’t Privileged: SDNY Rules Generative AI Documents Not Protected

By Garen S. Marshall, David Hirsch, Aaron R. Marienthal, Jeffrey P. Ehrlich, Elizabeth Peters and Alice Moscicki

Executive Summary

  • Independent, unsupervised use of generative AI to analyze legal exposure may not be privileged. A federal court held that a defendant’s AI prompts and outputs relating to a criminal investigation of his conduct were not protected after they were seized pursuant to a search warrant.
  • Platform terms matter. If an AI provider reserves rights to retain, train on, or disclose user inputs, courts may find confidentiality—and therefore privilege—compromised.
  • Structure AI use under counsel’s direction. The ruling leaves open whether counsel-directed enterprise AI use on a secure platform with strong confidentiality terms may be treated differently. Governance and process may be outcome-determinative.

Continue Reading

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.

Agree