It is the Justice Department and local United States attorneys' offices, not the SEC, that have the authority to bring criminal prosecutions. Under Section 32(a) of the Securities Exchange Act of 1934, as amended by the Sarbanes-Oxley Act of 2002, individuals face up to 20 years in prison for criminal securities fraud and/or a fine of up to $5 million for each "willful" violation of the act and the regulations under it. Only fines, not imprisonment, apply if the defendant can demonstrate "no knowledge" of the rule or regulation that is violated. Corporations face penalties of up to $25 million.

In addition, violators are usually charged with mail and wire fraud (which can lead to a sentence of up to 20 years in prison), more general "securities fraud" (up to 25 years in prison), and possibly even racketeering, tax evasion, and/or obstruction of justice. You can also expect civil penalties to result from the SEC's enforcement action.

Prison terms for insider-trading convictions have lengthened in recent years. According to The Wall Street Journal, from 2009 to 2011 the median jail sentence was 30 months, up from a median term of 18 months during the 2000s. From 1993 through 1999, the median length of prison terms was only just under a year.