SEC Enforcement Chief Remarks at the NYCBA Compliance Institute

This blog is cross-posted from Patty Tehrani’s Policy Patty blog

The top SEC enforcement cop, Gurbir Grewal, spoke at the New York City Bar Association Compliance Institute. Below are highlights.

Grewal started by focusing on ways the SEC and industry members could reverse the faltering public trust in governmental and various sector institutions, noting that no sector is immune from this trend. He referred to studies that showed only a small percentage of Americans are confident in banks, technology companies, or big business.

Grewal stressed that the decline in trust is bad for everyone and undermines the investor confidence needed for the fair, efficient, and orderly operation of our markets and capital formation. If the public doesn’t think the system is fair, at a minimum, they will not invest their hard-earned money. This hurts all those companies, professionals, and other market participants playing by the rules and doing the right thing. In response, he cited the record-breaking SEC enforcement efforts to date to enhance Americans’ trust in our financial institutions. But noted these efforts alone were not enough and that the Commission needed the help of the industry to work together to create what he called a culture of proactive compliance.

He called on compliance professionals, consultants, attorneys, accountants, and others to serve as the first lines of defense against misconduct. Working with firms to implement effective policies and procedures to ensure that those firms comply with their legal obligations on the front end so that, instead of reading about compliance failures, the public understands that organizations like yours are proactively doing what they can to be compliant.

He said that creating a proactive compliance culture requires educationengagement, and execution, and he went through each, as summarized below.


  • Educate yourselves about the law and external developments relevant to your business, particularly emerging and heightened risk areas.
  • Look at enforcement actions that often signal the misconduct’s basis to industry participants.
  • Review enforcement actions, examination priorities, or Commission rules relevant to your company to determine application to your firm.

Grewal used recent actions involving the SEC’s Whistleblower Program – Rule 21F-17 (see my prior posts on this) – and the number of actions charging firms for using employment agreements that expressly violated the rule’s plain language in various ways. Grewal noted that these actions convey that the SEC takes compliance with Rule 21F-17 very seriously. In response, Grewal called on the audience of lawyers and compliance professionals to:

  • Review these orders and the violations that led the Commission to take action.
  • Consider whether such actions could apply and may impact your firms.
  • And if they do, don’t wait – take the steps necessary now to effect compliance.

Grewal also recommended that using the high cost of non-compliance in the SEC charging documents empowers you in the compliance function by publicizing the cost of non-compliance, allowing you to advise your management or clients that proactive compliance is cheaper and better for business than facing a potential enforcement action.


Grewal noted that proactive compliance requires: 1) engaging with personnel inside your company’s different business units and 2) learning about their activities, strategies, risks, financial incentives, counterparties, and sources of revenues and profits. Compliance leaders, through proactive internal engagement, will be better prepared to discharge duties, designing and adopting meaningful policies and procedures by:

  • Working with different areas to ensure company forms and policies are up-to-date and compliant with relevant rules.
  • Delivering education and engagement must always be a continuing, ongoing effort.
  • Adopting meaningful policies and procedures is only part of the battle.


Grewal said that good policies are not enough but must also be effectively implemented. He cited as an example the SEC’s ongoing off-channel communications sweep to assess compliance with recordkeeping requirements (see my prior posts on this). He noted that since December 2021, these actions have resulted in charges against 40 firms and over $1.5 billion in civil penalties. Most have been for failing to maintain and preserve electronic communications. And in almost all cases, the widespread failures resulted from failure to implement those policies.

Grewal emphasized that adopting policies is the first step, not the last. Next, you need to implement them. And then, following implementation, you need leadership, training, constant oversight, and the right tone at the top.

Grewal also reminded the audience that, besides robust penalties, to look at how the Commission has been rewarding meaningful cooperation. He used an order that entailed detailed self-reporting and cooperation that reduced penalties substantially. He provided other types of behaviors that have resulted in reduced or zero penalties, including:

  • Preemptively remediating and ceasing the unlawful behavior;
  • Proactively providing compensation to victims;
  • Providing detailed financial analyses, explanations, and summaries of factual issues to the staff;
  • Proactively identifying key documents and witnesses that the staff has not yet identified; and
  • Facilitating interviews of former employees.

He said these orders help decide between coming forward or sitting back and assuming the violation will not be uncovered.

Compliance Officers

Finally, Grewal covered whether compliance officers are targets. Compliance Officers are not targets – Grewal noted that with the Commission filing over 1,000 standalone cases since becoming Enforcement Director, only a handful have involved charges against compliance officers. He emphasized that the SEC has no interest in pursuing enforcement actions against compliance personnel who undertake their responsibilities in good faith and based on reasonable inquiry and analysis. He covered three situations where the Commission typically brings enforcement actions against compliance personnel:

  • Where compliance personnel affirmatively participated in misconduct unrelated to the compliance function;
  • Where they misled regulators; and
  • Where there was a wholesale failure by them to carry out their compliance responsibilities.

He gave examples of each to clarify these three conditions further and indicated that none involved the SEC second-guessing good faith judgment calls. Rather, the exposure would be likely if there was deliberate conduct by the CCO designed to thwart the SEC’s ability to oversee the compliance function effectively.