The Investments And Securities Act 2025: What You Should Know About The SEC's Expanded Enforcement Powers

One of the most significant features of ISA 2025 is the strategic expansion of the SEC's regulatory powers to encompass emerging market activities and technologies that were previously outside the scope of capital market regulation. This reflects a recognition of the evolving nature of financial markets and the need to proactively address innovations with systemic risk implications.

While the SEC has, since 2022 regulated digital assets and virtual tokens such as "securities", the ISA 2025 reinforces this position by providing express statutory backing, giving the SEC stronger footing to act against violations in the digital asset space and reducing room for legal ambiguity.

Additionally, the SEC now regulates commodities infrastructure, such as warehouse operators, collateral managers, and electronic warehouse receipts, improving the governance of commodity exchanges and reducing fraud risks. Online forex trading platforms and intermediaries are also now subject to SEC regulation, requiring licensing and compliance to operate legally Corporate entities operating in these sectors must ensure full compliance with the ISA and SEC rules by obtaining relevant licences or risk sanctions such as asset freezes, or regulatory shutdowns.

Under the ISA 2007, the SEC's express power to intervene in governance matters was primarily framed around capital market operators, with the provisions focused on individuals deemed no longer "fit and proper". The Commission could direct a suspension pending investigation but was generally required to give prior notice and reasons. While the SEC did, in practice, intervene in public companies, in certain circumstances, such actions were based on broader interpretations of its investor protection mandate rather than clearly defined statutory authority.

The ISA 2025 introduces a more assertive enforcement framework. Notably, the SEC now has expanded powers to suspend or remove directors associated with misconduct or mismanagement, appoint independent directors, and place existing directors on probation (where necessary), all with fewer procedural constraints.

This evolution marks a shift from a regime where the SEC's intervention in governance matters was primarily exercised through regulatory instruments, such as the SEC Code of Corporate Governance and general enforcement discretion, to one where those powers are now clearly codified in statute. Under ISA 2025, the SEC's authority to intervene in the management of public companies and regulated entities is no longer implied or practicebased but expressly provided for. In light of this, corporate entities, particularly public companies and regulated entities must maintain strong corporate governance practices and ensure strict compliance with applicable rules. Board and management decisions are well-documented and defensible, and a strong compliance culture is maintained, particularly with respect to disclosures and conflict of interest management.

The ISA 2025 significantly enhances the investigative powers of the SEC, enabling it to operate with greater reach and precision in uncovering capital market infractions. While the SEC previously had authority to investigate capital market operators and request relevant records, the new Act introduces a broader legal framework that facilitates deeper scrutiny and more technology-driven enforcement. Most notably, the ISA 2025 now expressly empowers the SEC to audit and compel the production of records and documents not only from capital market operators but also from public companies and other regulated entities. Furthermore, the ISA 2025 significantly widens the SEC's authority to investigate any person suspected of violating securities laws or engaging in unregistered investment activities.Additionally, the ISA 2025 empowers the SEC to obtain subscriber and communications data from telecom and internet service providers, marking a substantial expansion into digital surveillance and data-driven enforcement.

These innovations reflect a shift toward data-driven enforcement, allowing the Commission to more effectively trace insider trading, market manipulation and regulatory evasion. Accordingly, corporate entities must ensure their compliance, communication, and data-handling practices are audit-ready and fully transparent. Internal controls should be strengthened to support swift and accurate responses to SEC inquiries. Companies should also ensure third-party service providers, such as IT and telecom partners, adhere to security and disclosure standards. Legal and compliance teams must be trained to handle regulatory investigations involving data requests, electronic communications, and cross-party transactions. Most critically, proactive compliance reviews can help detect and correct issues before they attract regulatory scrutiny.

The ISA 2025 significantly expands the SEC's enforcement power, allowing it to take direct and immediate action against suspected violators without the procedural constraints present under the ISA 2007. While the SEC had limited ability under the ISA 2007 to initiate asset freezes or seizures (typically relying on court orders or referrals to law enforcement agencies), the ISA 2025 now empowers the SEC to impose administrative cautions and liens on assets (including shares and bank accounts) of persons or firms that have committed capital market infractions, seize property of persons (individuals and corporates) illegally carrying on capital market operations and investment schemes and seek an order of forfeiture for the recovered assets, and compel access to audit working papers and communications from external auditors during investigations. These powers are complemented by the establishment of a National Confiscation Wallet and Multi-Party Wallets to manage and safeguard forfeited digital assets.

Corporate entities must reassess their legal and compliance exposure, particularly in light of the SEC's expanded enforcement tools under ISA 2025. Internal policies should be reviewed to ensure that they align with the applicable SEC rules and the ISA, especially in high-risk areas such as licensing, disclosure, and investment structuring.

Where non-compliance occurs, whether knowingly or inadvertently, entities face the risk of significant enforcement measures, including asset freezes, office closures, or compelled production of documents.

Accordingly, beyond meeting statutory requirements, companies should also enhance their regulatory response preparedness by maintaining proper documentation, securing financial records, and establishing clear internal protocols for responding to SEC investigations. Legal and compliance teams should also be trained to handle enforcement scenarios, and auditors and external advisers should be engaged on terms that enable timely and effective cooperation with regulatory authorities. Corporate entities should also actively monitor high-risk transactions and counterparties and regularly review insurance and indemnity arrangements for directors and officers to ensure sufficient protection in the event of enforcement-related liabilities.

Previously, the SEC lacked direct prosecutorial powers and was required to refer criminal matters to external bodies such as the Attorney-General or the Economic and Financial Crimes Commission (EFCC), often delaying enforcement. Under the ISA 2025, in-house SEC lawyers may now initiate or defend criminal proceedings, with the consent of the Attorney-General of the Federation, on matters relating to the Nigerian capital market. The ISA 2025 also affirms the SEC's authority to engage private legal practitioners to prosecute offences on its behalf, further strengthening its ability to respond promptly and effectively to violations.

With the SEC now able to pursue criminal enforcement more directly, the risk of immediate prosecution for regulatory breaches has increased. Corporate entities must prioritise robust internal compliance and legal oversight, as infractions could rapidly escalate from regulatory inquiries to criminal proceedings. Legal departments should be prepared to engage early and strategically if enforcement action is initiated. Infractions should be identified by internal compliance teams, reported to senior management in accordance with the entity's internal risk escalation policy and applicable law, and remediated promptly. companies should also seek immediate legal advice at the first indication of regulatory scrutiny.

The ISA 2025 introduces the concept of prohibited schemes, including Ponzi and pyramid structures, which rely on funds from new investors to pay earlier participants and often promise unrealistically high returns with minimal risk. The ISA 2025 gives legislative support to the power of SEC to take direct enforcement action against such schemes which includes sealing off premises and obtaining court or tribunal orders to freeze and forfeit assets to the Federal Government. Notably, the ISA 2025 allows the SEC to recover enforcement costs from both the scheme's assets and the personal assets of those involved, regardless of how those assets were acquired. The SEC may also recover investigation costs through the Attorney General's office. These measures significantly enhance the Commission's ability to clamp down on fraudulent investment operations and bolster investor protection.

Corporate entities, particularly fund managers, fintechs, and investment platforms, must now exercise greater care in how they raise capital and market investment opportunities. Overly aggressive promotions, exaggerated return projections, or poorly structured offerings, especially when targeting retail investors, may fall within the regulatory radar. Robust governance, transparent fund use, and legal compliance are critical to avoid being classified as or associated with a prohibited scheme under the new framework.