Complex and Divided Securities Enforcement Falling to States

The Bottom Line

• States have “blue sky” laws dating back more than a century that empower them to fill enforcement gaps as they see fit.
• One “blue” state has already sensed the Trump administration’s pivot away from tough enforcement and has sued a major cryptocurrency exchange.
• Forceful action by states cracking down on securities fraud—particularly related to cryptocurrencies—could increase tensions with the Trump White House.

The Trump administration is bringing significant personnel and policy changes across the federal government’s financial regulators. President Donald Trump has signed an executive order putting agencies and regulators—such as the Securities and Exchange Commission—under direct presidential oversight.

Cryptocurrency regulation is already undergoing a significant change in enforcement priorities. The Trump administration appears to have reversed the SEC’s course on aggressively pursuing crypto market participants as part of the president’s promise to make the US the “world capital” of crypto.

As firms and issuers contemplate adjustments in response to these and other anticipated changes in federal enforcement priorities, they should also prepare for the expansion of state enforcement activity. State and territorial law enforcement agencies retain significant power under blue sky laws to investigate and enforce their own securities statutes.

These powers are greatest when it comes to preventing and punishing securities fraud, giving state-level jurisdictions a formidable tool to respond to perceived changes in federal enforcement priorities—or to pursue even broader policy agendas.

A good case in point is the Oregon attorney general’s April 18 lawsuit against Coinbase alleging violation of Oregon’s securities laws in connection with the availability of products on Coinbase’s exchange that Oregon claims are unregistered securities. Public issuers, broker-dealers, and financial services firms should be aware of the extent of state authority to regulate securities fraud in the face of changing federal priorities.

Blue Sky Laws

Following a series of congressional reforms in the 1990s, securities enforcement against large issuers and broker-dealers is governed almost exclusively by federal law. The Securities Litigation Uniform Standards Act of 1998 ended most enforcement of state law by private litigants against nationally regulated securities. And the National Securities Market Improvement Act of 1996 preempted states from enforcing most of their substantive laws as to offerings, transactions, and registration of federal covered securities.

Despite these reforms, states expressly retained the power to enforce the anti-fraud provision of their blue sky laws, giving them significant authority over those issuing and dealing in securities of all kinds.

All 50 states; Washington, D.C; and the territories of Guam, Puerto Rico, and the US Virgin Islands have blue sky laws and securities regulators. Pre-dating federal securities statutes by two decades, the first one was enacted in Kansas in 1911 to prevent “speculative schemes which have no more basis than so many feet of ‘blue sky.’”

One of these laws’ functions is to regulate those securities left unregulated by federal authorities, such as securities only offered and sold within one state or offered by state or local governments. Another function overlaps with federal authority: preventing and punishing securities fraud.

State statutory definitions of securities fraud are substantially the same as federal law, which prohibits deceptive statements and omissions in connection with securities transactions. The widely adopted Uniform Securities Act uses nearly identical language to that of SEC Rule 10b-5.

However, state laws may reach more broadly than federal law for three reasons.

First, state law definitions may be interpreted differently than similar federal law. For example, while securities fraud under federal law requires scienter for liability to attach, New York’s Martin Act has been judicially interpreted not to require ill intent, despite similarities between the texts of New York state and federal law.

And California courts have developed a test other than the federal Howey test to determine whether nontraditional instruments—such as, in a 1961 case, a future membership in a yet-to-be-built country club—are securities under state law. Blue sky laws may reach cryptocurrency products, real property lending contracts, and other instruments that federal securities laws arguably don’t.

Second, securities enforcement authority varies significantly from state to state, yielding inconsistent results across jurisdictions. Some states, such as Florida, vest nearly all their securities enforcement authority with administrative regulators.

Other states, such as New York and South Carolina, empower attorneys general to enforce securities law, either exclusively or in parallel to specialized state securities regulators. With so many state-level actors facing different political incentives and wielding independent enforcement authority, one state’s fair dealing may be another state’s failure to disclose.

Finally, the decision about which types of conduct constitute fraud under state securities laws is heavily influenced by state regulators’ policy goals. Without private enforcement to generate stabilizing precedents under state law, state regulators hold all the cards for when and how to bring state-law fraud claims for securities transactions. As a result, some state attorneys general have expansively applied state laws, including consumer protection or deceptive trade practice statutes, to securities transactions.

In contending with 50 state jurisdictions, issuers, broker-dealers, and others involved in securities transactions face the risk of overlapping enforcement action or investigations under state securities laws. Widely adopted model legislation shows that state securities regulators and attorneys general possess sweeping powers, especially under fraud theories, to investigate parties involved in securities transactions—including subpoena power to examine documents and question witnesses.

They may also initiate administrative proceedings and bring civil or criminal enforcement actions. Their authority also typically extends over any entity or person engaged in the offering or sale of securities within a state’s jurisdiction, without regard to an entity’s state of incorporation or a person’s domicile.

Awareness of how different states use these powers today is critical to navigating the complicated patchwork of securities laws going forward.

Federal Enforcement Gaps

Blue sky law enforcement can be broadly categorized in three ways, each of which poses risks to large issuers and firms in the wake of changing priorities at the federal level.

State regulators have traditionally focused on perceived “gaps” in federal enforcement that result from certain securities transactions not being covered by federal law, requiring states to devote local resources to prevent and punish fraudulent conduct by small issuers or dealers.

Other gaps result from federal regulators using their discretion to only investigate and enforce securities violations above a certain dollar amount. For instance, according to a 2023 study, states bring nearly 2 1/2 times the number of administrative and civil enforcement actions brought by the SEC, many against small-dollar fraudsters that federal regulators don’t have the bandwidth to investigate.

As the second Trump administration implements its deregulatory agenda, Democratic-led states such as New York may perceive gaps in enforcement, generating more state-led investigations and administrative actions. Given the SEC’s apparent move away from pursuing non-fraud cryptocurrency issues, crypto is an area ripe for state-level focus both under fraud and non-fraud theories.

States such as California have typically used their blue sky laws to pursue alleged fraud that happens to involve crypto, and mostly for small-dollar misconduct not investigated by federal regulators. In the past three years, roughly half of all securities fraud enforcement actions disclosed on the California Department of Financial Protection and Innovation website have been cryptocurrency-related.

In 2018, the North American Securities Administrators Association formed a task force to enforce state securities laws against cryptocurrency-linked companies and individuals, only a few of which were jointly investigated by the federal government. To date, the task force’s efforts have resulted in at least 85 enforcement actions, generally for conduct alleged to be fraudulent.

Considering increased attention brought on the crypto industry because of the role it played in the presidential race (and the Ohio Senate race), the potential for increased non-fraud oversight of crypto by state securities regulators and state attorneys general shouldn’t be overlooked.

Specifically, if the SEC continues to move away from pursuing non-fraud crypto issues, states may argue NSMIA no longer precludes them from imposing their own ex ante substantive registration and qualification requirements on crypto issuers and dealers.

Comments from Oregon Attorney General Dan Rayfield in connection with the filing of his suit against Coinbase are a good example: “states must fill the enforcement vacuum being left by federal regulators who are giving up under the new administration and abandoning these important cases.”

Coordinated Action

State-securities regulators have often coordinated with each other or federal agencies in large scale enforcement actions in recent decades to address enforcement gaps or to help states with fewer resources.

In 2023, a 30-state coalition of securities regulators coordinated with the SEC and Commodity Futures Trading Commission to obtain a $68 million settlement and consent order against Safeguard Metals for alleged precious-metals fraud. These multijurisdictional actions create efficiencies for state regulators and for enforcement targets seeking to reach global settlements, but they can also raise defense, operations, and settlement costs as state regulators bring actions they otherwise might not have.

Expect state regulators to continue to form such coalitions even if changes in federal enforcement priorities alter the targets of coordinated action.

Policy Agendas

The third category is perhaps the most recent, involving states using their securities-regulation authority to pursue broader policy agendas that may diverge from traditional securities enforcement.

States have begun to use their securities fraud enforcement authority to stake a position on “hot-button” political issues, including climate change; the role of environmental, social, and governance factors in investment decision-making; and even foreign policy.

In 2018, New York brought a (now-dismissed) state-law action against fossil fuel companies using its securities statutes as part of a strategy to fight climate change. And Massachusetts made similar allegations in a suit brought under its consumer protection statute in 2020.

While the SEC previously promoted the use of ESG factors in corporate governance and disclosures, Mississippi and Indiana’s securities regulators have issued cease-and-desist orders for alleged conduct amounting to securities fraud based on ESG disclosures. Two other states’ attorneys general brought similar allegations under their states’ consumer protection and deceptive trade practices acts, respectively.

In 2023, Republican attorneys general from 21 states issued a joint letter to 53 major asset managers alleging their ESG policies could constitute fraudulent violations of state securities law for failure to properly disclose investment risks. Earlier this year, 17 states issued a similar letter concerning securities-laws ramifications from asset managers’ investments in China.

As federal regulators pursue the Trump administration’s policy agenda, Democratic state-level regulators may be tempted to use state-securities enforcement powers to advance their own political priorities.

Federal regulators are changing their enforcement priorities in the early days of the Trump administration, but state securities regulators have powerful tools to respond to evolving federal oversight. To mitigate the risk of state investigations and enforcement based on state securities-fraud statutes, financial services providers and issuers should remain mindful of how their public disclosures may be received in today’s complex and often politically divided enforcement environment.

This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Author Information

Paul Connell and Swain Wood are co-chairs of WilmerHale’s state attorneys general practice.

Ben Neaderland is a partner in WilmerHale’s securities department.

Write for Us: Author Guidelines