- The U.S. Securities and Exchange Commission (SEC) Division of Enforcement (Enforcement) announced that it will nearly double the size of its Crypto and Cyber Assets Unit, making the Unit one of the largest within Compliance.
- The decision reflects the SEC’s increasing prioritization of cryptocurrency enforcement and cybersecurity.
- Digital asset issuers, cryptocurrency exchanges and lending platforms, and other industry participants should expect more frequent investigations and enforcement actions.
- Public companies and investment advisers should anticipate increased scrutiny of the application of their cybersecurity controls and disclosures, and an increase in alleged breaches for alleged deficiencies in these areas.
In a move that further runs on the SEC’s increasingly harsh rhetoric on cryptocurrency and cybersecurity, SEC Enforcement recently announced that it will nearly double the size of its newly renamed Crypto Assets and Cyber Unit, the specialized unit that focuses on law enforcement in those areas. This development is notable for the dramatic expansion of what was already one of Enforcement’s most high-profile units.
While cryptocurrency and cybersecurity have been declared priorities for Compliance since the Unit’s establishment in 2017, the SEC’s decision to allocate its limited resources to nearly double the number of Unit employees indicates unambiguously that Compliance has the intent to increase the number of investigations and enforcement actions against players in the cryptocurrency space, as well as public companies and investment advisers that the SEC believes have taken inadequate steps to prevent and disclose cybersecurity breaches. The announcement also makes clear that the SEC intends to play a leading, if not the leading, role among regulators and law enforcement agencies in these areas, including the US Department of Justice, the Commodity Futures Trading Commission and state regulators, among others.
Front and center of crypto application
Per the SEC announcement, the agency will allocate an additional 20 positions to the Unit, which will grow to 50 dedicated positions, making it one of the largest units within Enforcement. The SEC also specified that the expanded Unit will “leverage the agency’s expertise to ensure that investors are protected in the crypto markets,” with a particular focus on investigating violations related to:
- crypto asset offerings;
- crypto asset exchanges;
- crypto asset lending and staking products;
- decentralized finance (DeFi) platforms;
- non-fungible tokens (NFTs); Y
- stable coins
The expansion comes against the backdrop of already vigorous crypto enforcement and a series of public statements by SEC Chairman Gary Gensler signaling the need for tighter regulation of industry participants. As the SEC press release notes, since its inception, the Unit has initiated more than 80 enforcement actions related to allegedly fraudulent and unregistered crypto asset offerings and platforms, and has obtained more than $2 billion in monetary compensation.
Gensler’s recent comments make it clear that the SEC remains highly concerned about what it perceives to be a continued lack of protection for crypto investors. In a September 2021 interview with the Washington Post, for example, likened stablecoins to “casino poker chips” and signaled his intention to deploy the “robust authorities” of the SEC to reign both in stablecoins specifically and in cryptocurrency markets in general. Gensler reiterated that view at the Penn Law Capital Markets Association Annual Conference in April of this year, noting that stablecoins in particular “raise three important sets of policy questions” that warrant further scrutiny from investors. the SEC: (1) “public policy considerations around financial stability and monetary policy”; (2) “issues about how they can potentially be used for illicit activities”; and (3) “investor protection issues.” Describing the third policy consideration, Gensler expressed concern that “the three largest stablecoins were created by the trading or lending platforms themselves,” which, in his opinion, raises “conflicts of interest and issues of market integrity that would benefit from increased oversight.
The agency’s focus on cryptocurrencies can be expected to intensify further in the wake of the May 2022 crash of cryptocurrency stablecoin TerraUSD and its sister token Luna, an event that wiped out nearly the entire market capitalization of $ 40 billion Luna and accelerated the loss. $500 billion worth of cryptocurrency economy. Unsurprisingly, Gensler and his colleagues have doubled down on their aggressive rhetoric since the fall of Luna and TerraUSD. Speaking at a FINRA conference in Washington, DC on May 16, 2022, Gensler characterized cryptocurrencies as a “highly speculative asset class,” given what he perceives as their lack of market transparency, and advocated protections. investors’ basics against early trades. customers, manipulation and fraud. Just days before those comments, SEC Commissioner Hester Peirce (despite her vocal and repeated criticism of what she perceives as excessive regulation of the industry by the SEC) hinted that “a place in the that we could see some movement “with respect to stricter regulations” is around stablecoins.
These comments have coincided with a broader effort by the SEC to expand its enforcement activity beyond the issuance of crypto assets. In February of this year, for example, Enforcement filed its first action against a crypto lending platform, obtaining $100 million in fines against BlockFi Lending LLC for its allegedly unregistered offering and sale of retail crypto lending products. In May, the SEC brought a settled action against NVIDIA Corporation for NVIDIA’s alleged failure to disclose that crypto mining was a significant element of its material revenue growth from the sale of its graphics processing units designed and marketed for games, and the company agreed to a $5.5 million penalty payment. More recently, it is reported that the SEC has been conducting an investigation into anti-insider trading security measures at one or more major crypto exchanges.
Although a recently introduced Senate bill would reduce the SEC’s jurisdiction over cryptocurrencies, the move does not appear to be moving forward in the near future. Meanwhile, with the expansion of the Crypto and Cyber Assets Unit, we expect the agency to continue to broaden the scope of its enforcement activity.
Cybersecurity also in the spotlight
The rise in SEC enforcement in the cryptocurrency space has been accompanied by a flurry of enforcement and rulemaking activity in the cybersecurity arena, particularly as it relates to the issue of data breaches. In the second half of 2021, the SEC charged two companies, Pearson plc and First American Financial Corporation, respectively, with failing to properly disclose cybersecurity breaches and maintaining adequate cybersecurity disclosure controls and procedures. The SEC also secured sanctions in three coordinated actions against registered broker-dealers and investment advisers for alleged flaws in their cybersecurity policies and procedures, which the SEC found resulted in takeovers of email accounts that exposed personal information. of thousands of customers.
Additionally, earlier this year, the SEC proposed important new rules for public companies and investment advisers regarding cybersecurity controls and disclosures. In February, the agency proposed rules and amendments for investment advisers, registered investment companies, and business development companies that would, among other things: require advisers and funds to adopt written policies and procedures that include specific elements set forth in the rule proposal to address cybersecurity risks; require advisers to report significant cybersecurity incidents to the SEC on a new Form ADV-C; and improve disclosures of cybersecurity risks and incidents by advisers and funds to current and potential investors.
The SEC followed up in March with proposed rule amendments for public companies that, among other things, would require issuers to disclose information about cybersecurity incidents within four business days of a determination that the company has experienced a “security incident.” material cyber security” and require up-to-date information. disclosures relating to previously disclosed cyber incidents. Therefore, the proposed rules and amendments would provide the strengthened Crypto and Cyber Assets Unit with an even broader arsenal to seek out issuers and advisers.
We will continue to provide updates on this rapidly evolving regulatory landscape.