SEC Investigations: A Primer

Receiving notice of an SEC investigation is not only a stressful moment for any public company—it is one that requires prompt and diligent action. This guide provides an overview of the stages of an SEC investigation and some key considerations along the way, including best practices to avoid regulatory scrutiny in the first instance.

How Does an SEC Investigation Start?

An SEC investigation can start in one of two ways: (1) a “matter under inquiry” (MUI) that may or may not lead to a formal investigation; or (2) a formal investigation without an MUI. An MUI is a more informal method of beginning an investigation. In an MUI, the SEC cannot subpoena companies or individuals. Instead, the SEC relies on voluntary cooperation to gather information and assess whether a securities law violation has occurred. After 60 days, the SEC must decide whether to close the MUI or convert it into a formal investigation.

A formal investigation starts with a formal order of investigation. A formal order is a short document outlining the securities law violations that the SEC believes have occurred and naming the SEC Staff members who have authority to issue subpoenas and compel testimony. Once a formal order has been entered, the SEC can, and will, issue subpoenas for documents and testimony. The SEC must provide the company or individual under investigation with a formal order of investigation upon request. Because the formal order is often the first chance to learn the SEC’s legal theory of the investigation, a company or individual should promptly request a copy of the formal order after receiving a subpoena.

Whether an investigation starts as an MUI or a formal investigation, a company must immediately act and consider the following issues:

• Retain Outside Counsel – SEC investigations are multifaceted, presenting complex issues at every turn. Outside counsel experienced with SEC investigations can help navigate these issues. While in-house counsel may be familiar with background securities law, outside counsel can help shape the outcomes of investigations through careful interaction with SEC Staff. Additionally, retaining outside counsel can expand a company’s attorney-client privilege protections. Often, in-house counsel provides privileged legal advice and unprivileged business advice in tandem, creating complicated privilege issues.
• Retain Documents – Once an investigation has commenced, a company or individual must act quickly to ensure that appropriate document retention policies are in place. SEC Staff will seek documents throughout the investigation, and the destruction of possibly important documents can create the adverse inference that a company is hiding something—which, in turn, may lead to additional fines and penalties. Ensure that all documents are being retained while counsel negotiates the scope of retention responsibilities with the SEC. Outside counsel can also provide eDiscovery support to maintain best practices of electronically stored information.
• Conduct an Internal Investigation – Companies, with their counsel’s assistance, should promptly gather the relevant facts. Upon hearing that a company is conducting an internal investigation, the SEC may defer its investigation pending the internal investigation’s conclusion. This can expedite the resolution of an investigation, minimizing cost and disruption. Further, providing accurate and thorough information to the SEC facilitates a smoother investigation and, often, less severe penalties. An internal investigation also helps counsel forecast the major issues ahead, providing time to strategize and prepare the strongest response.
• Consider the Duty to Disclose – There is generally no duty to disclose the fact of an SEC investigation in SEC filings. But situations arise during an investigation that may require disclosure of the investigation. The investigation may reveal that prior disclosures need to be amended, or that the costs of responding to the investigation could become a material financial burden. At the onset and throughout an investigation, it is important to regularly consider whether the investigation requires disclosure.

Responding to a Formal Investigation

Once a formal investigation begins, a company or individual will begin receiving subpoenas from SEC Staff. Subpoenas can seek both documents and testimony. How an entity under investigation responds to these subpoenas is critical to an investigation’s outcome. Though compliance is required, seasoned counsel can help respond to subpoenas cooperatively and strategically.

Producing Documents

Responding to the SEC’s document requests constitutes the bulk of an investigation. Document collection, review, and production is a time-consuming and expensive process. What is more, SEC document requests are often broad, vague, and accompanied by unrealistic production deadlines. Outside counsel can prove particularly beneficial in negotiating document production deadlines with SEC Staff. Counsel can lessen a document request’s burden by negotiating both the scope and the timing of production. For example, the SEC may agree to limit a document request to a certain date range or subject. It may also agree to push back a production deadline or allow the production of documents on a rolling basis.

While collecting and reviewing documents, companies and counsel must be mindful of privileges or blocking statutes. Attorney-client and work-product privileges allow a company to withhold certain documents, while blocking statutes in foreign jurisdictions can prohibit the production of other documents.

Maintaining a close eye on privileged documents is especially important to prepare for the possibility of parallel private lawsuits. Often, SEC investigations are followed by private lawsuits, usually in the form of shareholder class actions or derivative suits. Generally, once a privilege is waived in one proceeding, it is waived in all proceedings. This means that any privileged document produced to the SEC will also need to be produced in any eventual shareholder suit. Thus, balancing the assertion of privileges with projecting a cooperative attitude is important to maintaining an amicable relationship with SEC Staff and protecting a company’s interests.

The documents phase of an investigation is a long, iterative process. The flurry of activity while responding to a document request is often followed by a long period of silence while the SEC reviews produced documents and ponders its next steps. During these periods, companies should adhere to their retention obligations and continue to strategize with counsel about issues in the investigation.

Providing Testimony

After, or sometimes during, the document phase of an investigation, the SEC will decide whether it wants to speak with company employees or people who may have information about the alleged securities law violations. The SEC can either ask people to voluntarily appear for informal interviews or send subpoenas requiring recorded testimony. Once an investigation enters the testimony phase, companies need to work with the SEC to make personnel available for interviews. From C-suite executives to entry-level employees, anyone may be required to testify.

During this phase, counsel will assist in preparing witnesses to testify accurately and effectively. Effective preparation ensures that all testimony is honest, but it also strategically positions a company’s response to any enforcement action. This preparation requires a deep understanding of the important documents and issues, as well as the questions the SEC is likely to ask.

Negotiating the order of witness testimony is also an important consideration. Through internal investigation and review, a company and counsel are likely to have a sense of who is likely to be subpoenaed and what those people know. A company may be able to convince SEC Staff that interviews should be scheduled in a particular order. These negotiations can make the testimony phase more efficient by offering individuals who know the most information first, followed by individuals with more issue-specific testimony. In some cases, attorney proffers may limit the scope of testimony or number of witnesses needed.

A Chance to Be Heard: The Wells Submission

Once SEC Staff have gathered enough information, they make a recommendation on whether the SEC should pursue an enforcement action. If Staff recommend an enforcement action against a company or individual, the SEC usually provides a notice called a “Wells Notice.” A Wells Notice informs the recipient that SEC Staff have preliminarily determined to recommend an enforcement proceeding, and it identifies the securities law violations that Staff plan to include in the recommendation. Most importantly, a Wells Notice informs the recipient that it may submit a response to the proposed recommendation. This response is known as a “Wells Submission.”

A Wells Submission is a formal opportunity for the recipient of a Wells Notice to state its position and mount its defense. A Wells Submission should present the recipient’s strongest legal and policy arguments against the Staff’s preliminary recommendation. The most successful Wells Submissions persuasively argue that the SEC should reject the Staff’s enforcement recommendations, or that the SEC should bring lesser charges. The Wells Submission is a specialized legal brief that requires the care of experienced outside counsel. A well-crafted Wells Submission will be submitted to the SEC alongside the Staff’s recommendation. After the Staff’s recommendation is submitted, the SEC will decide whether to institute an enforcement action. An enforcement action can take the form of an administrative proceeding in front of the SEC, or a civil lawsuit in federal court.

Settlement vs. Litigation

While a Wells Submission is the most formal opportunity to explain a company’s position, it should not be the first or only time. Throughout an investigation, counsel should contact Staff to discuss the relative strengths of their legal positions and the practicability of enforcement.

Throughout an investigation, counsel and SEC Staff will discuss the possibility of settlement. Whether to accept a settlement offer is a strategic choice that requires careful consideration of the risks and costs associated with litigation. Often, it is in a company’s best interest to settle. The public announcement of an SEC action often leads to private shareholder litigation. And adverse findings in SEC litigation can become binding against a company, making private litigation more difficult to defend against. Conversely, parties can settle with the SEC without admitting wrongdoing and can often smooth the SEC’s subsequent descriptions of the settlement in public statements. These advantages of settlement are often crucial to companies seeking to maintain goodwill with shareholders and the public.

Companies and individuals should nonetheless remain mindful of the potential drawbacks of settlement. For example, to the extent the SEC requires an admission to settle, that admission could be admissible in other litigation and could have preclusive effects. This means the company or individual would be unable to argue a contrary position, impacting the ability to prevail and the settlement of any other litigation. Settlement also implicates disclosure obligations: public companies must carefully consider the appropriate and accurate public disclosure of a settlement. Additionally, a settlement may result in the loss of safe harbors from private actions alleging that certain forward-looking statements were materially untrue or incomplete. Outside counsel’s expertise is useful for identifying and navigating competing considerations.

The Types of Liability Imposed

Whether through settlement or an enforcement proceeding, the SEC can seek various sanctions against an investigated entity. First, the SEC can seek injunctive relief. Injunctive relief bars an entity from subsequent violations of the law, which are punishable by contempt-of-court sanctions. An injunction has other ancillary consequences, such as disclosure requirements or disqualifications. For individuals, this could mean that they are barred from becoming directors or officers in a public company. For companies, this could mean that their registrations are suspended or revoked.

The SEC can also seek monetary sanctions. Monetary sanctions can manifest in different forms. One category is civil penalties. The SEC has discretion to tailor civil penalties to the perceived seriousness of a violation, with the most severe penalties being reserved for violations that involve fraud and significant public harm.

Another category of sanctions is disgorgement. Where the SEC believes that an entity’s violation resulted in an unfair monetary gain, the SEC can try to either claw back or disgorge the company of those gains. While disgorgement should be limited to ill-gotten gains, the SEC’s estimate of those gains does not have to be exact. Thus, entities are often responsible for arguing down the amount. The SEC can also seek prejudgment interest on disgorgement, starting from the date of the unlawful gain. Because SEC actions can conclude years after the conduct that gave rise to the investigation, prejudgment interest can greatly increase the amount the SEC recovers.

The Benefits of Cooperation

An entity under investigation must comply with subpoenas. But there are strategic considerations to taking cooperation a step further. The SEC has a policy of rewarding companies or individuals who substantially assist throughout the course of an investigation. Such rewards can include lesser penalties and, in rare instances, a recommendation of no penalties.

Assistance can take many forms. SEC Staff appreciate an entity under investigation that voluntarily provides documents that Staff may not have discovered through document requests. Companies can also provide the SEC with the results of internal investigations, voluntary testimony, or lists of individuals who have relevant evidence. If an investigation reveals other, unrelated possible violations, prompt self-disclosure of these issues can help mitigate any downstream consequences of them. 

The SEC is also more likely to mitigate penalties for companies that proactively develop and implement a remediation plan. An effective remediation plan involves an appropriate combination of disciplining or dismissing suspected wrongdoers, updating internal procedures to prevent a violation’s recurrence, and compensating any harmed parties. An optimal remediation plan demonstrates a genuine desire to resolve any issues and avoid future violations. A strong remediation showing can significantly impact whether and to what extent the SEC pursues an enforcement action. Whether cooperation and/or remediation is the best route is a strategic choice that requires a careful risk-benefit analysis.

Internal Controls: Staying Off the SEC’s Radar

While it is not always possible to completely eliminate the risk of an SEC investigation, public companies can significantly reduce their exposure by maintaining rigorous compliance and governance practices. The SEC is more likely to investigate companies where red flags—such as inconsistent disclosures, delayed reporting, or whistleblower complaints—arise. Below are core elements of an effective prevention strategy.

Implement a Strong Sub-Certification Process for SEC Disclosures

One of the most effective ways to ensure the integrity of SEC filings is through a well-structured sub-certification process. This involves requiring key personnel—often at the business unit or functional level—to certify the accuracy and completeness of information they provide for public disclosures. This process should:

• Cascade from top-level certifiers (e.g., CFO, CEO) down through financial and operational personnel who contribute to SEC filings.
• Include documentation requirements, ensuring contributors maintain support for figures and statements they provide.
• Involve legal and internal audit review of sub-certifications to verify alignment with applicable accounting standards and disclosure rules.
• Be updated periodically to reflect changes in reporting structure, accounting standards, or SEC expectations.

A strong sub-certification process fosters accountability and helps identify inconsistencies or risks before disclosures are finalized, reducing the likelihood of misstatements that could trigger regulatory scrutiny.

Establish a Strong Whistleblower Program

A well-designed whistleblower program not only helps a company uncover misconduct early but also signals to the SEC that the company takes compliance seriously. The SEC’s Office of the Whistleblower actively encourages internal reporting, and companies with credible programs may avoid harsher enforcement outcomes. Best practices include:

• Maintaining multiple, confidential reporting channels (e.g., anonymous hotlines, secure email).
• Ensuring non-retaliation policies are clear and enforced so employees feel safe to report.
• Implementing a formal, well-documented investigation process for every complaint, including:
• Triage procedures to assess complaint severity.
• Assignment of impartial internal or external investigators.
• Clear protocols for evidence handling and escalation.
• Tracking and resolving complaints promptly, with feedback loops when appropriate.

A transparent, trusted whistleblower program helps management detect and correct issues internally before they can escalate into regulatory problems.

Empower an Effective and Independent Audit Committee

An experienced and proactive Audit Committee plays a critical role in corporate oversight and can serve as a line of defense against the types of control failures that lead to SEC investigations. Key characteristics of a strong Audit Committee include:

• Composed of independent directors with deep financial and compliance expertise, including at least one financial expert as defined by the SEC.
• Engages with internal and external auditors on a regular basis and is willing to challenge management when appropriate.
• Actively oversees risk management, whistleblower issues, and the integrity of financial reporting.
• Receives and reviews periodic compliance reports, including any material legal or regulatory concerns.
• Has the authority to initiate special investigations and retain independent advisors when necessary.

When the SEC evaluates whether to investigate or charge a company, it often looks at the strength and independence of the Audit Committee. A credible committee with a track record of active oversight can tilt the balance in favor of the company.

By combining rigorous disclosure controls, a credible whistleblower framework, and strong governance through an empowered Audit Committee, a public company can materially reduce the risk of becoming the target of an SEC investigation. These elements together demonstrate a company’s commitment to integrity, transparency, and accountability—values that resonate with regulators, shareholders, and the market alike. If a company is concerned about the quality of its internal controls, it should consult with outside counsel to determine where changes can be made.

Conclusion

SEC investigations are complex and costly. They will most likely involve lengthy document production processes, time-consuming interviews, and difficult strategic meetings. By understanding the ins and outs of an investigation, and the strategic considerations, investigated entities can help move an investigation along as quickly and smoothly as possible at every step.

If you have any questions regarding this or related subjects or if you need assistance, please contact the authors of this article, Dan Chaudoin and Caitlin Mandel, Partners, White Collar & Government Investigations, or your Winston & Strawn relationship attorney. You can also visit our White Collar & Government Investigations webpage and our Investigations, Enforcement, & Compliance Alerts for more information on this and related subjects.