Overview

The 2026 Securities Docket Conference West on May 21, 2026, in San Francisco brought together former SEC and DOJ officials, defense practitioners, forensic accountants, and in-house counsel for a full day of panels examining the rapidly shifting enforcement landscape. Across every session, a clear theme emerged: federal securities enforcement is at historic lows, yet the risk environment has not diminished. State regulators, private plaintiffs, and international authorities are increasingly filling the void left by reduced federal activity, while emerging areas such as artificial intelligence, prediction markets, digital assets, and cyber threats are creating new categories of enforcement exposure. The following summarizes the key topics and perspectives discussed by panelists throughout the day.

The SEC Under New Leadership: Back to Basics, Quality Over Quantity

The appointment of David Woodcock as Director of Enforcement marks one of the most significant leadership developments of the year. A former CPA, auditor, and head of the SEC's Financial Reporting and Audit Task Force, Woodcock has framed the division's direction around two core priorities: a return to fundamentals focused on real investor harm and a deliberate shift toward quality over quantity in case selection.

SEC enforcement actions are down 22% from 2024,¹ with only a handful of actions brought against public companies in the first half of fiscal 2026, roughly 80% below historical averages.² Nearly 1,100 legacy cases were closed without action in 2025.³ Despite this decline, panelists uniformly cautioned against complacency, stating that nothing is categorically off the table. Cases involving intentional or reckless conduct, material misstatements, and demonstrable investor harm will continue to be pursued, and individual accountability remains a stated priority. Financial reporting, insider trading, and offering fraud are the expected near-term focus areas, with private funds and private credit receiving specific attention in Woodcock's first public remarks.

The SEC enforcement manual was updated for the first time in eight years, introducing meaningful Wells process reforms, including director-level approval of Wells notices and a guaranteed minimum four-week response period. Practitioners broadly welcomed these changes as long overdue improvements to consistency and fairness in the investigative process.

Who Is Filling the Void

With federal enforcement contracting, multiple actors are stepping in, and companies cannot afford to treat reduced SEC activity as a sign of a less active enforcement environment overall.

State Attorneys General on both sides of the political spectrum are pursuing what are effectively securities fraud claims under consumer protection and public nuisance theories. Texas has sued multiple firms over ESG-related conduct, while New York has secured significant settlements involving crypto market manipulation. The California Department of Financial Protection and Innovation (DFPI), armed with independent litigation authority, subpoena power, and its own digital asset regulatory framework is actively expanding its enforcement footprint under new leadership and is expected to play an increasingly prominent role.

Private Securities Litigation remains steady at approximately 200 core filings per year, but individual cases have grown dramatically in size.⁴ Aggregate disclosure dollar losses reached nearly $700 billion in 2025, a 62% increase over the prior year with median settlements rising 20% to $17 million.⁵ Panelists also discussed that AI-related securities cases are on pace to double in 2026, spanning AI-washing claims, failures to disclose AI-related business risks, and AI product performance failures.

International Regulators are expanding enforcement activity in areas where the US is pulling back, particularly in ESG and crypto. Germany’s Frankfurt Public Prosecutor’s Office secured a landmark greenwashing fine against DWS (€25 million),⁶ and foreign regulators are demonstrating an increasing willingness to act where the SEC will not.

How to Handle a Major Internal Investigation

When a significant internal complaint surfaces, whether involving a potential accounting irregularity, a whistleblower allegation, or evidence of possible misconduct that could impact financial reporting, panelists agreed that generally the immediate priority is straightforward: take it seriously and escalate it without delay, regardless of the complainant's credibility or employment history.

From a structural standpoint, the audit committee, not senior management, should retain outside counsel to lead the investigation, with forensic accounting consultants engaged under an arrangement that preserves attorney-client privilege and work product protection. Panelists shared that generally auditors should typically be brought in early and kept informed throughout, working in parallel with the investigation team rather than being notified after the fact. Delays in doing so create friction, erode trust, and jeopardize the timely completion of required filings. Importantly, auditors now maintain their own whistleblower hotlines, and it has become increasingly common for complainants to simultaneously report through the auditor's channel as well as the company's, meaning auditors may already be aware of a complaint and monitoring how promptly the company informs them.

Panelists cautioned that internal management, including general counsel, should generally not be present during witness interviews. Beyond protecting the legal integrity of the process, their absence sends a clear signal to employees that the investigation is being conducted with genuine objectivity, that the company is committed to uncovering the truth, and that retaliation will not be tolerated. That message directly affects the quality of information witnesses are willing to provide and shapes the company's long-term credibility with its workforce. Boards are increasingly attuned to this point, recognizing that a well-run investigation reflects a strong governance culture throughout the organization and that the converse is equally true. A poorly managed investigation can itself become the central issue and can create conditions for the inappropriate use or abuse of the whistleblower reporting process going forward.

Finally, panelists agreed that internal complainants raising financial reporting concerns should generally be treated as potential SEC whistleblowers from the outset. Companies should recognize that SEC cooperation and DOJ self-disclosure are distinct obligations requiring separate analyses and that cooperation with civil regulators does not automatically satisfy criminal self-disclosure requirements. Companies that respond decisively, maintain genuine independence throughout the process, and present regulators with a clear and well-documented account of both the underlying conduct and the remedial steps taken are consistently better positioned for a favorable outcome.

A Closer Look: The New SOX Group and What It Means for Issuers

One of the more consequential and underappreciated structural developments discussed at the conference was the SEC's formation of a dedicated Sarbanes-Oxley Act (“SOX”) enforcement group, intended to assume certain aspects of the PCAOB's enforcement functions as that body is scaled back. Panelists noted that the group has not yet been confirmed as fully operational, and companies should treat its formation as an "if and when" development rather than an established fact. That said, the implications of its eventual launch are significant and warrant attention now.

Critically, the SOX Group should not be viewed narrowly as an auditor-focused initiative. When investigators assess whether auditors fulfilled their professional obligations, they will inevitably examine how auditors obtained the information they relied upon, and whether that information was complete, accurate, and provided in a timely manner. That inquiry leads directly back to the issuer. In practice, an examination of auditor conduct is simultaneously an examination of whether the company gave its auditors everything they needed, when they needed it. Companies facing restatements or financial reporting reviews should therefore anticipate that any auditor-focused inquiry will have direct implications for their own conduct and disclosures and should plan their response strategies accordingly.

When fully constituted, panelists discussed that the SOX Group within SEC enforcement is expected to be staffed with deep technical accounting and auditing expertise, where that level of specialized knowledge has historically been housed elsewhere within the SEC. The result should be SEC investigations that are more focused, sophisticated, and technically rigorous than what companies have typically encountered. While that is a positive development for the integrity of the process, it also raises the bar considerably for companies on the receiving end of those investigations and underscores the importance of engaging forensic accounting firms with the appropriate technical expertise in financial reporting matters—including seasoned technical accounting resources well-versed in GAAP, SEC reporting requirements, and ICFR—and doing so at the earliest possible stage.

AI: Accelerating Everything, Including Risk

Artificial intelligence dominated virtually every panel in some form throughout the day. Regulators are deploying AI to analyze filings, identify disclosure inconsistencies, process tips, and detect trading patterns. Defense and forensic firms are using AI to compress document review timelines, generate chronologies, and build investigation frameworks, but with important guardrails that companies and their counsel must understand.

For corporations and regulated entities, AI introduces significant new risks that are not always immediately apparent. AI agents embedded in widely used enterprise systems can silently disrupt critical internal controls, including segregation of duties—often without management realizing that they have even been activated. At the board level, AI governance is no longer optional. It is a regulatory expectation, an auditor concern, and an emerging source of both enforcement exposure and fiduciary risk.

Panelists discussed how the SEC's examination priorities signal continued scrutiny of AI-related disclosures. Companies are expected to ensure that AI representations across annual reports, websites, press releases, and investor communications are consistent, accurate, and supported by a reasonable factual basis — with the SEC specifically cautioning against overstating the autonomy, scalability, or commercial maturity of AI technologies.

On the private litigation front, panelists identified three emerging categories of AI-related securities claims: i) misrepresentation of AI capabilities or the extent of actual AI use; ii) failure to disclose AI as a material risk to an existing business model, particularly where an impact had already begun to materialize; and iii) investor harm resulting from AI systems that failed to perform as represented.

Crypto and Cyber: Regulation Resets, Risk Remains

Chairman Atkins has declared crypto ‘job one,’ signaling that the era of regulation by enforcement is over. The GENIUS Act established a comprehensive stablecoin framework, and the Digital Asset Market Structure Clarity Act is advancing through the Senate with meaningful bipartisan support. Coinbase CLO Paul Grewal, a panelist participating in the conference, predicted passage before the next election, with years of rulemaking to follow. The CFTC and SEC are coordinating closely, having published joint taxonomy guidance widely viewed as a preview of the forthcoming legislative framework.

Nonetheless, fraud and manipulation enforcement in the digital asset space continues unabated. Classification questions remain relevant even in fraud-focused cases, and the growing number of registered entities with crypto exposure means examination activity in this space is increasing even as registration-based enforcement declines.

On the cyber front, 2025 saw approximately one million reported incidents, with financial losses approaching $21 billion.⁷ Ransomware has evolved into double and triple extortion schemes. Credential theft and supply chain attacks have become the dominant threat vectors, and nation-state actors pursue intellectual property theft and financial crimes with a level of sophistication that significantly exceeds commercially motivated attackers. The DOJ bulk data rule, which prohibits certain data transactions involving countries of concern, carries both criminal and civil liability and represents a meaningful new compliance obligation for companies operating in this space.

Conference Highlights: Key Takeaways for Practitioners and Corporates

The consistent message across all sessions was that the current moment represents both a window of opportunity and a period of genuine risk. The following themes warrant immediate attention:

• Self-Reporting and Cooperation: Recent DOJ guidance has clarified the benefits of voluntary self-disclosure, and the new administration has signaled its intention to treat companies that provide meaningful cooperation fairly and with tangible benefits. That window may not remain open indefinitely.
• Low Enforcement Volume Does Not Equate to Low Risk: The five-year statute of limitations means that conduct occurring today can be examined well into the next administration. Individual accountability remains a stated and active priority.
• Investigation Quality Matters: Recent DOJ self-reporting guidance and the structural changes underway at the SEC enforcement division underscore that organizations that conduct high-quality internal investigations, supported by experienced technical accounting and financial auditing expertise are significantly better positioned to achieve a favorable regulatory outcome.
• Build AI Governance Programs Now: Regulators are actively asking questions, and auditors are increasingly focused on this area. Human-in-the-loop review must be substantive, documented, and conducted at regular intervals —not nominal or perfunctory.
• Update Compliance Programs for Prediction Markets and Crypto: These are not emerging or hypothetical risks, they represent current and active compliance gaps that demand attention.
• Leverage the New Wells Process: Defense counsel should seek maximum access to the investigative file, make full use of the four-week response period, engage senior SEC leadership early, and consider submitting pre-Wells white papers when the facts and circumstances support doing so.

A&M Leadership Group In Attendance

• Steve Spiegelhalter, Managing Director, North America Investigations Practice Leader – Washington DC
• Jon Marshall, Managing Director, Global Forensic Technology Services Practice Leader – Washington, DC
• Brett Kumm, Managing Director – San Francisco
• Mike Malloy, Managing Director – New York
• Mark McGrath, Managing Director – Chicago
• Kora Dusendschon, Senior Director – Los Angeles

References

[1] US Securities and Exchange Commission, Press Release, SEC Announces Enforcement Results for Fiscal Year 2025 (Apr. 7, 2026) (reporting 456 enforcement actions in FY 2025); U.S. Securities and Exchange Commission, Press Release, SEC Announces Enforcement Results for Fiscal Year 2024 (Nov. 22, 2024) (reporting 583 enforcement actions in FY 2024).

[2] Cornerstone Research and NYU Pollack Center for Law and Business, SEC Enforcement Against Public Companies and Subsidiaries in 1H FY 2026 (May 14, 2026) (reporting five actions in the first half of FY 2026); Patrick Donachie, SEC Enforcement Actions Drop to 16-Year Low in First Half, Wealth Management (May 18, 2026) (reporting first-half counts of 15, 23, 22, and 53 for prior fiscal years).

[3] US Securities and Exchange Commission, Press Release, SEC Announces Enforcement Results for Fiscal Year 2025 (Apr. 7, 2026) (reporting 1,095 matters that were investigated and closed without enforcement action).

[4] Cornerstone Research and Stanford Law School Securities Class Action Clearinghouse, Securities Class Action Filings—2025 Year in Review (2026) (reporting 207 filings in 2025 and that Disclosure Dollar Loss increased from $429 billion in 2024 to a record $694 billion in 2025, representing an increase of 62%).

[5] Cornerstone Research, Securities Class Action Settlements—2025 Review and Analysis (2026) (reporting that the median securities class action settlement increased from $14.4 million in 2024 to $17.3 million in 2025, representing an increase of 20% year over year).

[6] Panel: "Securities Enforcement by States and Private Litigants – Filling the Void," Securities Enforcement Forum West 2026 

[7] Federal Bureau of Investigation, Internet Crime Report 2025 (2026) (reporting that the Internet Crime Complaint Center received 1,008,597 complaints in 2025, with reported losses of approximately $20.9 billion).