After nine years inside the SEC's Division of Enforcement, I know exactly what patterns cause an investigation to open. I reviewed thousands of tips, referrals, and trading data anomalies. I sat in the rooms where enforcement attorneys decided whether to open a formal investigation, issue a subpoena, or refer a matter to the Department of Justice. The decision framework is not mysterious, but it is also not what most compliance officers think it is.
This is not a checklist. Compliance checklists are written for people who want to feel safe. What I am describing here is the analytical framework that enforcement attorneys actually use — the pattern recognition that comes from years of watching fraud develop, escalate, and eventually collapse under the weight of its own contradictions.
The Tip Intake Process: Where Investigations Actually Begin
Most people assume that SEC investigations begin with a dramatic whistleblower revelation or a front-page news story. That happens, but it is not the primary source. The majority of investigations that I worked on during my tenure at the Southeast Regional Office began with one of three triggers: a referral from the SEC's Office of Market Intelligence, an anomaly flagged by the Division of Economic and Risk Analysis, or a complaint filed by a market participant who noticed something wrong.
The Office of Market Intelligence processes an enormous volume of tips, complaints, and referrals every year. Most of them go nowhere. The ones that get attention share a common characteristic: they are specific. A complaint that says "I think this company is committing fraud" gets filed. A complaint that says "the company disclosed 50,000 customers in its Form 10-K but I have documentation showing the actual customer count is under 3,000" gets assigned to an enforcement attorney within days.
Specificity is what separates a complaint that opens a file from one that does not. When I evaluated incoming tips, I was asking one question: does this give me something I can verify? If the answer was yes, the investigation moved forward.
Trading Pattern Anomalies: The Algorithm That Never Sleeps
The SEC's surveillance systems monitor trading activity across every exchange and OTC market continuously. The algorithms are looking for statistical deviations — trades that cluster in the days before a material announcement, options activity that is inconsistent with normal volume patterns, accounts that have no prior history of trading a particular security suddenly taking large positions.
These systems generate alerts. Enforcement attorneys review those alerts and make a judgment call: is this explainable by public information, or does it suggest access to material nonpublic information?
The threshold for opening an inquiry is low. The question is not "did this person commit insider trading?" The question is "is there enough here to justify asking questions?" That is a much lower bar, and it is the bar that matters for purposes of whether your trading activity will attract attention.
What triggers the alert is not just the size of the trade. It is the timing, the account history, the relationship between the trader and the issuer, and the nature of the announcement that followed. I have seen investigations open based on a single options trade for a few thousand dollars because the timing was so precise and the trader's connection to the issuer was so clear that the pattern was impossible to explain away.
Disclosure Inconsistencies: The Paper Trail That Builds Itself
One of the most reliable investigation triggers is a disclosure that contradicts itself across filings. Companies file a Form 10-K, then a Form 10-Q, then a proxy statement, then an 8-K. Each of those documents contains representations about the company's financial condition, operations, and risk factors. When those representations are inconsistent — when the 10-K says one thing and the 10-Q says something that cannot be reconciled with it — enforcement attorneys notice.
The inconsistency does not have to be dramatic. I have seen investigations open because a company's revenue recognition methodology changed between quarters without adequate disclosure of the change. I have seen investigations open because a company described a contract as "binding" in one filing and "preliminary" in another. I have seen investigations open because the risk factors in a registration statement described a risk as hypothetical when internal documents showed the company already knew the risk had materialized.
The common thread is that the company knew something it was not telling investors. The disclosure was technically present but structured to obscure rather than illuminate. Enforcement attorneys are trained to read disclosures the way a prosecutor reads a contract — looking for what is missing, what is buried, and what cannot be reconciled with other known facts.
Related-Party Transactions: The Disclosure That Invites Scrutiny
Related-party transactions are one of the highest-risk disclosure areas in SEC practice. When a public company enters into a transaction with an officer, director, significant shareholder, or entity controlled by any of those parties, the disclosure requirements are specific and the scrutiny is intense.
The reason is straightforward: related-party transactions create obvious conflicts of interest, and the history of securities fraud is full of cases where those conflicts were exploited. Officers who sold assets to their own companies at inflated prices. Directors who steered contracts to entities they controlled. Founders who borrowed money from their companies and never repaid it, disguising the loans as compensation or consulting fees.
When I reviewed a company's proxy statement or annual report and found related-party transactions, my first question was always: was this disclosed adequately, and was the transaction fair to shareholders? The second question was: what did the audit committee do? If the audit committee approved the transaction without meaningful review, or if the transaction was structured in a way that made it difficult to evaluate fairness, that was a flag.
The disclosure itself is not enough. The SEC expects companies to explain why the transaction was in the best interest of shareholders, what process was used to evaluate it, and whether comparable terms were available from unrelated parties. Boilerplate language that simply identifies the transaction without explaining the rationale invites comment letters and, in cases where the transaction looks particularly favorable to insiders, formal inquiries.
Regulation D Offering Failures: Where Small Companies Create Large Problems
Regulation D exemptions from SEC registration are the lifeblood of private capital formation. They are also one of the most common sources of enforcement actions against small and mid-size companies. The exemptions are not self-executing. They require compliance with specific conditions, and the failure to meet those conditions can convert what was supposed to be an exempt offering into an unregistered securities offering — a federal violation.
The most common failure patterns I saw during my time at the SEC were: selling to investors who did not qualify as accredited investors, failing to file the required Form D within the required timeframe, using general solicitation in a Rule 506(b) offering where it is prohibited, and failing to provide adequate disclosure to non-accredited investors in offerings where they are permitted to participate.
Each of these failures, standing alone, can be the basis for an enforcement action. Combined with other problems — misrepresentations in the offering materials, undisclosed conflicts of interest, or use of proceeds that deviated from what was disclosed — they become the foundation for a fraud case.
The enforcement risk in Regulation D offerings is compounded by the fact that many of the companies using these exemptions are early-stage, under-resourced, and operating without experienced securities counsel. They rely on templates and online resources rather than attorneys who understand how the exemptions actually work. The result is offerings that are technically defective from the start, creating liability that may not surface until years later when the company tries to go public or when an investor loses money and files a complaint.
Audit Failures and Auditor Changes: The Signal That Precedes the Storm
When a public company changes its auditor, the SEC pays attention. When a company changes its auditor and the prior auditor issued a going concern opinion, the SEC pays very close attention. When a company changes its auditor, the prior auditor issued a going concern opinion, and the new auditor is a small firm with a history of enforcement actions against its clients, the SEC opens an inquiry.
Auditor changes are disclosed in Form 8-K filings, and enforcement attorneys review those filings. The question is always the same: why did the company change auditors, and what does the change signal about the company's financial condition or its willingness to accept aggressive accounting positions?
I have worked on cases where the auditor change was the first visible sign of a problem that had been developing for years. The company had been pressuring its auditor to approve accounting treatments that the auditor was uncomfortable with. When the auditor finally refused, the company found a more accommodating firm. The SEC noticed the change, reviewed the prior filings, identified the accounting issues, and opened a formal investigation.
The lesson for issuers is that auditor changes are never invisible. They are disclosed, they are reviewed, and they invite questions that the company needs to be prepared to answer.
The Anatomy of a Referral to DOJ
Not every SEC investigation results in an enforcement action. Many investigations are closed without any action. But some investigations are referred to the Department of Justice for criminal prosecution, and understanding what drives that referral is important for anyone facing an SEC inquiry.
The referral decision is driven by two factors: the severity of the conduct and the quality of the evidence. The SEC refers matters to DOJ when the conduct involves intentional fraud — not negligence, not aggressive accounting, not poor judgment, but deliberate deception of investors. And the referral happens when the evidence is strong enough to support a criminal prosecution, which requires proof beyond a reasonable doubt rather than the preponderance standard that applies in civil SEC proceedings.
During my time at the SEC, I was involved in several matters that were referred to DOJ. In each case, the referral was preceded by a period of intensive investigation during which the enforcement team built a detailed evidentiary record. By the time the referral was made, the team had trading records, emails, financial documents, and witness testimony that told a coherent story of intentional fraud.
The referral is not the end of the SEC's involvement. The SEC and DOJ typically coordinate their investigations, and the SEC often continues its civil proceedings in parallel with the criminal case. Companies and individuals who are the subject of both a civil SEC action and a criminal DOJ investigation face the most serious consequences in securities enforcement — consequences that can include disgorgement of profits, civil penalties, criminal fines, and imprisonment.
What This Means for Issuers and Their Counsel
The practical implication of everything I have described is this: the SEC's enforcement apparatus is systematic, data-driven, and patient. It does not rely on dramatic revelations or lucky breaks. It relies on patterns — patterns in trading data, patterns in disclosure, patterns in auditor behavior, patterns in related-party transactions. Those patterns accumulate over time, and when they reach a threshold that justifies the investment of enforcement resources, an investigation opens.
For issuers and their counsel, the lesson is that disclosure quality is not a compliance exercise. It is a risk management decision. Every filing that obscures rather than illuminates, every related-party transaction that is disclosed but not explained, every auditor change that is not accompanied by a candid explanation of the circumstances — each of these creates a data point that may eventually be part of a pattern that attracts enforcement attention.
I have spent more than twenty-five years in private practice helping companies navigate the disclosure process with the rigor and precision that the SEC expects. The companies that avoid enforcement problems are not the ones that have the best compliance programs on paper. They are the ones whose disclosures are genuinely transparent — whose filings tell the same story that their internal documents tell, and whose management teams understand that the SEC will eventually see both.
Frederick M. Lehrer served as an enforcement attorney in the SEC's Division of Enforcement at the Southeast Regional Office from 1991 through 2000, and concurrently as a Special Assistant United States Attorney in the Southern District of Florida from 1997 through 1999, prosecuting securities-related financial crimes. He has practiced securities and corporate law in private practice for more than twenty-five years, advising issuers worldwide on SEC registration, disclosure obligations, Regulation D private placements, Regulation A offerings, and going public transactions. The firm is based in Florida and serves clients internationally.