Top 5 SEC Enforcement Developments for January 2025

Each month, we publish a roundup of the most important SEC enforcement developments for busy in-house lawyers and compliance professionals. This month, we examine:

• Charges against a public company founder and CEO for executing settlements that bound the company without informing management and the board;
• AI washing charges against a restaurant technology company with no civil penalties in light of voluntary cooperation;
• A settlement with two investment companies for failing to fix algorithmic vulnerabilities and whistleblower violations;
• Investment companies, a CCO, and registered representatives charged with “selling away” violations; and
• A settlement with a private company following allegations of overstating revenue.

On January 17, 2025, a few days before the presidential inauguration, the SEC reported a record-breaking first quarter of fiscal year 2025 (October through December 2024) with 200 total enforcement actions, including 118 standalone cases and 75 actions in October 2024 alone. According to the SEC, this is the highest number of actions that the SEC has filed in a fiscal year first quarter since at least 2000.

On January 21, 2025, the day after the inauguration, the SEC announced the launch of a dedicated crypto task force, led by Commissioner Hester Peirce. According to the SEC, the task force “seeks to provide clarity on the application of the federal securities laws to the crypto asset market and to recommend practical policy measures that aim to foster innovation and protect investors.” This marks a shift from the agency’s previous approach to the digital asset space, which was widely criticized as “regulation by enforcement.”

1. WWE Co-founder Charged for Executing Settlements on WWE Without Informing the Board or Others

On January 10, 2025, the SEC settled with Vince McMahon, co-founder and former CEO of World Wrestling Entertainment (WWE), for allegedly failing to disclose two multimillion-dollar settlement agreements that he signed while he was the CEO, both individually and on behalf of WWE, with a former employee and a former independent contractor. According to the SEC, McMahon engaged in a personal relationship with the former employee and then told her that she should resign from WWE. The former independent contractor accused McMahon of unlawful conduct, including sexual assault.

The SEC alleged that McMahon signed the two settlement agreements, for $3 million and $7.5 million, respectively, without informing WWE’s board of directors, legal department, accountants, financial reporting personnel, or auditor. Accordingly, the SEC maintained that WWE’s accountants and auditor did not evaluate the impact of the agreements on WWE’s financial statements and that WWE could not evaluate its disclosure obligations or risk.

WWE’s board learned of the agreements in April 2022. WWE filed an amended 10-K for the year ending 2021 and restated its consolidated financial statements for the years 2019, 2020, and 2021, as well as its unaudited financials for the first quarter of 2022. McMahon resigned as CEO in June 2022.

The SEC charged McMahon with five separate violations, alleging that he knowingly circumvented WWE’s internal accounting controls and that he caused WWE to make false or misleading statements to its auditor and to have recordkeeping violations. Without admitting or denying the allegations, McMahon agreed to pay a $400,000 civil penalty and $1.3 million in reimbursement to WWE, among other relief.

2. Restaurant Technology Company Charged in Connection with AI Disclosures

On January 14, 2025, the SEC issued a cease-and-desist order against Presto Automation Inc. (“Presto”), a restaurant technology company, for allegedly making materially false and misleading statements about its “flagship” AI product, Presto Voice. According to the SEC, Presto initially failed to disclose that it relied on another company’s AI technology and then exaggerated what its own AI system could do, incorrectly claiming the AI system eliminated the need for a human to take restaurant orders.

The SEC alleged that from November 2021 to September 2022, the Presto Voice units that Presto commercially deployed were exclusively powered by AI technology owned and operated by an unnamed third-party supplier. During this period, the SEC claimed that Presto made public statements implying that Presto Voice was powered by Presto’s own technology. When Presto began deploying its own proprietary AI technology in September 2022, it falsely claimed that Presto Voice eliminated human order taking, when in reality, the system required substantial human intervention, with off-site workers processing the vast majority of drive-thru orders.

The SEC did not impose civil penalties on Presto in consideration of its voluntary cooperation, current financial condition, and remedial efforts (including corrective disclosures after learning of the investigation). Without admitting or denying the allegations, Presto consented to an order finding violations of Section 17(a)(2) of the Securities Act and Section 13(a) of the Exchange Act and Rules 13a-11 and 13a-15(a) thereunder.

3. Investment Companies Fined $90 Million for Alleged Failure to Address Algorithmic Vulnerabilities and Other Violations

On January 16, 2025, Two Sigma Investments, LP (TSI) and Two Sigma Advisers, LP (TSA), together referred to as “Two Sigma,” settled SEC charges in connection with their alleged failure to address known vulnerabilities in their algorithmic trading models, deficiencies in their policies and procedures, and whistleblower protection rule violations. The SEC also charged TSI with supervision failures arising out of unauthorized changes that an employee made to the investment model.

According to the SEC, between March 2019 and October 2023, Two Sigma recognized but failed to adequately address vulnerabilities in their computer-based trading models that could materially impact client returns. Two Sigma employees raised concerns that numerous personnel had unrestricted read and write access to a database storing model parameters and that the models could be changed without review or approval. According to the SEC, between November 2021 and August 2023, a Two Sigma employee changed the parameters for 14 models, which caused the models to perform differently and make investment decisions that Two Sigma would not have otherwise made. This resulted in certain funds overperforming by more than $400 million and others underperforming by approximately $165 million. Despite employees identifying these risks and proposing solutions as early as March 2019, Two Sigma failed to implement adequate controls until after an incident in May 2022, during which an employee overwrote an entire volume containing several model parameters.

The SEC also alleged that from April 2019 to February 2024, Two Sigma required departing employees to sign separation agreements that stated that they had not made complaints with any government agency. The SEC claimed this violated the whistleblower protection rule.

Without admitting or denying the allegations, Two Sigma agreed to violations of the Investment Company Act, the Investment Advisers Act, and Exchange Act Rule 21F-17(a). Two Sigma agreed to pay a $90 million civil penalty, to cease and desist from any future violations, and to fully cooperate with any additional investigations. The SEC acknowledged Two Sigma’s substantial cooperation and prompt remedial actions, including voluntarily repaying affected clients approximately $165 million, enhancing controls and compliance procedures, and revising their separation agreements.

4. Investment Companies, CCO, and Former Representatives Charged with “Selling Away” Violations

On January 17, 2025, the SEC filed a complaint in federal court charging investment advisors Arete Wealth Management LLC (“Arete Wealth”) and Arete Wealth Advisors LLC (“Arete Advisors”), together referred to as “Arete,” along with their General Counsel and Chief Compliance Officer UnBo (Bob) Chung, and several sales and investment adviser representatives, for failing to comply with important compliance and recordkeeping requirements and failing to maintain adequate compliance policies and procedures.

According to the SEC, between October 2018 and May 2020, three representatives, Joey Miller, Jeff Larson, and Randy Larson (together, the “Arete Representatives”), sold over $8 million in unapproved stock in Zona Energy, Inc. (“Zona”) to dozens of customers and clients, without approval or oversight from Arete—a prohibited practice known as “selling away.” The SEC alleged that the Arete Representatives received deeply discounted shares in return for their fundraising efforts, defrauded investors, and attempted to conceal these sales by using personal phones and email to avoid surveillance.

In April 2021, after discovering what the Arete Representatives had done, Chung directed them to obtain settlement agreements from affected clients. The SEC alleged that these agreements—which were signed by more than 100 clients and which Chung claimed he did not read—failed to disclose that the Arete Representatives had received discounted shares, offered much less compensation that what had been originally invested, and contained an illegal broad liability disclaimer that could mislead clients about waiving non-waivable causes of action. Chung had previously been warned by the SEC that there were deficiencies in the firm’s compliance program and none of the required annual reviews had been conducted.

The SEC has charged all defendants with violations of the Investment Advisers Act of 1940 and the Securities Exchange Act of 1934. The SEC is seeking permanent injunctions and civil penalties for all defendants, with additional conduct-based injunctions, penny stock bars, and officer and director bars against the Arete Representatives.

5. Private E-Commerce Company Pays $8 Million Civil Penalty Following Accusations of Overstating Revenue

On January 17, 2025, the SEC settled with GrubMarket Inc., a private California-based e-commerce food distributor, for providing investors with allegedly unreliable financial information that overstated its historical revenues by approximately $550 million.

According to the SEC, between November 2019 and February 2021, GrubMarket raised approximately $80 million from investors in a Series D financing round, while providing financial information that contained significantly higher historical revenues than those reported in the company’s tax filings and other corporate documents.

The SEC alleged that GrubMarket had multiple conversations with an investor between October 2020 and January 2021 and sent requested working financial information to that investor. In January 2021, the investor then committed to investing in the Series D round and promised to wire $19 million in mid-February. GrubMarket then completed and revised the financial information in February 2021 and the new information had materially lower revenue figures. This information was not shared with the investor until after they had wired the $19 million investment. The discrepancy amounted to $550 million over a five-year period.

Without admitting or denying the findings, GrubMarket consented to negligent securities fraud, agreed to pay an $8 million civil penalty, and agreed to cease and desist any further violations. The SEC considered GrubMarket’s remediation efforts, including that it retained an outside audit firm to assist with a new accounting system that follows GAAP standards.