Key Insights into the 2025 Fraud Landscape

Here’s what boards should know about recent SEC and PCAOB enforcement actions, and how they will impact compliance oversight moving forward.

Understanding the fraud risk landscape within the financial reporting ecosystem is essential for preserving trust in capital markets and protecting investors. As financial reporting becomes more complex, so do the ways in which fraud can be perpetrated; vigilance is more important than ever. The entire financial reporting ecosystem—preparers, internal and external auditors, audit committees, and regulators—play a critical role in identifying, mitigating, and responding to these evolving risks.

The Center for Audit Quality and the Anti-Fraud Collaboration released a comprehensive review of Public Company Accounting Oversight Board (PCAOB)- and US Securities and Exchange Commission (SEC)-settled disciplinary actions from 2021 through 2024 to uncover key enforcement trends and regulatory insights for the coming years. Analyzing matters that have been the subject of enforcement actions can serve as a helpful indicator for future enforcement priorities in this dynamic, regulatory climate.

Trends in Enforcement Actions

Below are the most recent themes in fraud risk, prevention, and enforcement actions identified in the report that boards should be aware of.

Revenue recognition. Revenue recognition has been, and will likely remain, a significant area of focus for auditors and regulators of public companies, given its importance to investors and its high susceptibility to fraud. According to the report, approximately 27 percent of the PCAOB’s and 33 percent of the SEC’s settled disciplinary orders were associated with improper accounting for revenue and related accounts.

From 2021 to 2024, the SEC brought actions against companies that accelerated revenue through “pull-forward” or “bill-and-hold” practices aimed at maximizing revenue, meeting internal sales targets or analysts’ consensus earnings, or otherwise narrowing a gap in other key performance indicators. These practices conceal a company’s true financial performance and often violate generally accepted accounting principles (GAAP), internal controls, and disclosure controls and procedures.

Moreover, the SEC has consistently demonstrated its commitment to holding executives accountable for their role in perpetrating revenue recognition schemes, recognizing that such misleading practices and disclosures erode investor confidence and undermine the integrity of financial markets.

During the review period, more than 50 SEC enforcement actions involved executive liability for revenue recognition schemes. For example, in 2023, the SEC pursued numerous actions against former executives who facilitated the improper use of bill and hold accounting as the pretense for improperly recognizing revenue that did not adhere to GAAP.

Merger and acquisition (M&A) activity. In recent years, there has been a steady trend in enforcement actions from the PCAOB and the SEC arising from inconsistent accounting practices after M&A activity.

Between Jan. 1, 2021, and Dec. 31, 2024, the PCAOB published 16 settled orders related to violations that involved M&A activity audit procedures. Of these settled orders, 75 percent were related to acquisition accounting and 25 percent were related to goodwill or intangible evaluations. The PCAOB focused on auditors’ inadequate audit of management’s accounting for an acquisition or other strategic transaction, insufficient audit procedures with a lack of audit evidence to support valuations, and inadequate quality control systems that provided reasonable assurance that personnel met professional standards and regulatory requirements.

In the same timeframe, there were 43 SEC actions related to M&A. The SEC has addressed company and executive misconduct regarding internal control deficiencies uncovered after mergers or acquisitions.

An August 2024 SEC enforcement order highlights the importance of performing risk-based due diligence on legacy internal control systems when entering into an acquisition. The SEC announced settled charges against a former special purpose acquisition company that acquired companies in the Middle East and North Africa after the company failed to detect systemic internal control deficiencies in the acquired companies. This led to a restatement of three years of financial statements due to reliance on the acquired companies’ inadequate financial reporting practices.

The company was charged with violations in financial reporting, accounting, and internal controls, and was ordered to pay a $400,000 civil penalty. Furthermore, the SEC order included a “springing penalty,” which outlines that if the company does not remediate its controls in a timely manner, the SEC will levy an additional $1.2 million civil penalty.

The SEC’s use of a springing penalty in this action signals to companies that failing to remediate control deficiencies will lead to even larger monetary consequences than those initially ordered.

Executive accountability. Among SEC enforcement actions, accounting violations often involve someone at a company directing misconduct, being aware of misconduct but not doing anything to resolve it, or being unaware of misconduct they should have known about. These factors often, but do not always determine when the SEC charges executives in addition to, or instead of, companies.

For example, the CEO may be heavily invested in a company’s performance. If the CEO directs misconduct to occur to improve the appearance of performance, it will likely result in an enforcement action against this individual. If the chief financial officer (CFO) is aware of any potential misconduct, or should have been aware of it, the CFO may also be found liable.

However, as many instances of more subjective accounting decisions may occur at companies (e.g., through the use of non-GAAP metrics), the SEC may not proceed with charges against individuals if a company made a good-faith effort to comply with GAAP and other relevant financial reporting and disclosure rules but lacked proper internal controls. These decisions are based on numerous factors the SEC considers, as well as the facts and circumstances presented in the investigation.

Increased SEC and PCAOB enforcement. Over the past several years, the SEC and PCAOB have increased enforcement efforts. The SEC has focused on both new and repeat offenders, with penalties against large public companies, investment firms, executives, auditors, and even social media influencers ranging from thousands to millions of dollars. The SEC has recognized meaningful cooperation from those subject to enforcement investigations.

The PCAOB has increased the use of sweeps, or investigations across numerous companies at once, to bring compliance-oriented enforcement actions for issues such as audit committee communication and form disclosure inadequacies, especially as they pertain to Form AP and Form 3). The SEC has done the same for off-channel communications.

Outlook: 2025 and Beyond

While there is some uncertainty around PCAOB and SEC enforcement under the new administration, accounting and auditing professionals should remain vigilant as both agencies will continue to pursue fraud-based investigations, and the underlying expectation for auditors remains the same: Audit quality should not be negatively affected by a dynamic regulatory climate. Monitoring regulatory enforcement trends sheds light on what future enforcement priorities might look like and provides key observations for issuers, auditors, and audit committees on how to strengthen their anti-fraud programs and practices in an environment of uncertain and challenging market conditions and political developments.

The views expressed in this article are the author's own and do not represent the perspective of NACD.

The Center for Audit Quality is a NACD partner, providing directors with critical and timely information, and perspectives. CAQ is a financial supporter of the NACD.