Go Back

Understanding SEC Rules and Regulations in Financial Markets 

The U.S. Securities and Exchange Commission (SEC) is one of the bodies that plays an important role in regulating financial markets. Since the stock market crash in 1929, its purpose has been to create guidelines for the stock market, financial institutions, and traders to promote a fair, transparent, and secure financial market. 

Organizations participating in financial markets must follow the SEC rules and regulations. The SEC levies fines and other penalties to organizations that don’t comply with financial regulations—and companies that violate the rules may be liable. 

The SEC presents many proposed and finalized rules each year, and the onus is on companies to maintain compliance. This process starts with understanding the SEC’s functions and regulations—and the industry best practices for staying in compliance with them. 

Historical evolution of the SEC 

The SEC started in 1934 as a result of the stock market crash in 1929. The devastation caused by the crash led many retail traders to distrust the financial markets, and many were hesitant to get involved again after banks ran out of money. The U.S. government believed regulations were necessary to restore market trust and provide investors with a more transparent and secure environment. 

The two initial pieces of legislation driving the SEC were the Securities Act of 1933 and the Securities Exchange Act of 1934. The Securities Act required investors to receive information about new securities offered for public sale and prohibited deceit and fraud in securities sales. The Securities Exchange Act granted the SEC the broad power to oversee all aspects of the financial securities industry on the secondary market—such as regulating brokerage firms, clearing agencies, and other financial institutions—and investigate potential misconduct. 

Since then, the SEC has continued to evolve to address changing conditions in the financial markets. For example, the EDGAR system was proposed in 1984 to create an electronic database to make information more easily accessible to the public. The Office of Credit Ratings in the SEC was created through the Dodd-Frank Act and oversees credit agencies to ensure they provide accurate information to the parties they examine. 

Important SEC rules and regulations 

The penalties for non-compliance—and, often, the public fallout that follows—can cause serious damage to financial organizations, and it’s the sole responsibility of every company to understand the regulations and monitor for compliance. Here are a few of the important SEC regulations firms must be familiar with in order to reduce risks. 

Regulating Best Interest 

The Regulating Best Interest (Reg BI) sets standards on how brokers and dealers interact with their retail customers. Reg BI requires organizations to keep in mind the best interests of their customers—not their own best interests—when making recommendations. These rules also demand transparent communication and disclosure of any relationships or conflicts of interest. 

Regulation Fair Disclosure 

The Regulation Fair Disclosure (Reg FD) governs how publicly traded companies disclose information to the public. These regulations help prevent unfair advantage by barring public companies from selectively providing information to individual investors or analysts before they disclose it to the general public. If a company inadvertently gives investors information before it’s available to all, the information must be publicly disclosed as soon as possible. 

Sarbanes-Oxley Act 

The Sarbanes-Oxley Act was created in response to accounting scandals in the corporate world. Its purpose was to enforce stricter accounting standards for public financial institutions to ensure accurate accounting and reliable corporate disclosures. These SEC guidelines don’t lay out the exact procedures organizations must follow, but they outline the types of records companies should keep on file and for how long. This act imposes criminal penalties for organizations that don’t comply with its strict accounting requirements. 

Dodd-Frank Wall Street Reform 

The Dodd-Frank Wall Street Reform was a response to the 2008 financial crisis. Its targets were the financial institutions believed to play a role in causing the crisis. Dodd-Frank established agencies to oversee financial institutions deemed “too big to fail” and to protect consumers from predatory lending. The reform also restricts banks’ investments in speculative trading to avoid exposing individual consumers to unnecessary risk.  

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure 

The Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules are the SEC cybersecurity rules governing financial institutions’ responsibilities for handling cybersecurity events. These rules require companies to disclose their actions on cybersecurity strategy annually to protect investors, and they make it clear that incidents may be material to investors—meaning companies must now disclose any that occur. 

Recent big enforcements 

The SEC doesn’t just create regulations for financial markets and trust financial institutions to comply with them—it actively monitors the markets and the actions of companies to ensure compliance. 

The last several years have seen many significant SEC enforcement actions that illustrate what can happen if an organization falls out of compliance. In 2023 alone, the SEC announced 784 enforcement actions, levied $5 billion in fines, and saw to it that $1 billion was returned to investors. 

Here are a few examples of impactful enforcements in recent years: 

  • Danske Bank: This bank misled investors about its anti-money laundering program. As a result, Danske Bank investors suffered exposure to more risk because of questionable transactions. Danske Bank agreed to settle with the SEC and paid $400 million in fines. 
  • ABB Group: The SEC found ABB engaged in a bribery scheme with foreign governments. They were found to have colluded with an electricity company in South Africa and funneled bribes through a third-party company. ABB Group settled with the SEC to pay a fine of $75 million. 
  • Kraken: The SEC found the company Kraken offered cryptocurrency securities to its customers without registering as an exchange, broker, dealer, and clearing agency—helping to lay out ground rules for other cryptocurrency companies that may not have done so in the past. In failing to register with the SEC, Kraken denied its customers the protections offered by that and other financial institutions. Kraken agreed to pay a $30 million settlement to the SEC. 

The importance of monitoring electronic communications 

The widespread use of digital communication channels has led to an increased focus on communication monitoring for financial institutions. Business owners and employees can now communicate in many ways—including phone, text message, email, chat applications, and more—and financial institutions may encounter issues with employees communicating on personal devices and accounts.  

Organizations without an effective electronic communications monitoring solution will likely fall out of compliance with SEC regulations. For instance, on October 29, 2023, the SEC issued several enforcement actions against off-channel communications. Ten firms had employees handling company communication on personal devices and didn’t maintain records of those interactions. The firm that self-reported the issue was given the lowest fine of $2.5 million. 

To stay compliant and minimize risk, financial organizations must invest in strong communication surveillance strategies and software to monitor all forms of communication. Companies should also consider creating their own internal regulations around what devices and platforms employees can conduct business on. 

Invest in communication surveillance to stay compliant 

Communication surveillance plays an essential role in helping financial organizations maintain compliance within complex digital environments. Modern surveillance tools help organizations track, store, and audit their business communications and activities to make it easier to comply with SEC regulations and report non-compliant behaviors—without increasing internal workloads. 


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.