- The U.S. Securities and Exchange Commission’s (SEC) Execution Division has announced that it will nearly double the size of its Crypto and Cyber Asset Unit, making the unit one of the largest within Enforcement.
- The decision reflects the SEC’s growing priority of implementing cryptocurrency and cybersecurity.
- Issuers of digital assets, cryptocurrencies and loan platforms, and other industry participants should expect more frequent investigations and enforcement actions.
- Public companies and investment advisers should anticipate greater scrutiny of the application of their cybersecurity controls and disclosures and an increase in infringements of alleged deficiencies in these areas.
As it further enforces the SEC’s increasingly harsh rhetoric on cryptocurrency and cybersecurity, SEC Enforcement recently announced that it will nearly double the size of its newly renamed Crypto Assets and Cyber Unit, the specialized unit that focuses on implementing regulations in those areas. This development is notable for the dramatic expansion of what was once one of Enforcement’s most prominent units.
Although cryptocurrency and cybersecurity have been the priorities set for the Application since the inception of the Unit in 2017, the SEC’s decision to allocate its limited resources to increasing the number of staff in the Unit has almost unambiguously indicated that the Application is intended. of increasing the number of investigations and enforcement actions against players in the cryptocurrency space, as well as public companies and investment advisers that the SEC considers to have taken inappropriate measures to prevent and disclose cybersecurity violations. The announcement also makes it clear that the SEC intends to play a leading, if not the leading, role among regulators and law enforcement agencies in these areas, including the U.S. Department of Justice, the Commodity Futures Trading Commission, and state regulators, among others.
Crypto Enforcement Front and Center
According to the SEC announcement, the agency will allocate an additional 20 posts to the Unit, which will grow to 50 dedicated posts, making it one of the largest Enforcement units. The SEC also specified that the expanded unit “will leverage the agency’s experience to ensure that investors are protected in the cryptocurrency markets,” with special attention to investigating violations related to:
- offers of cryptographic assets;
- cryptographic asset exchanges;
- loan products and participation in cryptographic assets;
- decentralized financing platforms (DeFi);
- non-fungible chips (NFT); e
- stable currencies.
The expansion comes in the context of an already vigorous cryptographic application and a series of public statements by SEC President Gary Gensler that point to the need for stricter regulation of industry participants. As noted in the SEC’s press release, since its inception, the Unit has carried out more than 80 enforcement actions related to allegedly fraudulent and unregistered offers and platforms of cryptocurrencies, and obtained more than $ 2 billion in monetary relief.
Gensler’s recent comments make it clear that the SEC remains very concerned about what it perceives as a continuing lack of protection for cryptocurrency investors. In a September 2021 interview with the Washington Post, for example, compared the stablecoins to “casino poker chips” and noted its intent to deploy the SEC’s “solid authorities” to reign in both stablecoins specifically and the cryptocurrency markets in general. Gensler reiterated that view at the Penn Law Capital Markets Association’s annual conference in April this year, noting that stable currencies in particular “raise three important sets of policy issues” that warrant further scrutiny by the SEC: (1) public policy around financial stability “. and monetary policy ”; (2) “issues of how they could potentially be used for illicit activities”; and (3) “investor protection issues.” Describing the third political consideration, Gensler expressed concern that “the three largest stablecoins were created by the trading or lending platforms themselves,” which, in his view, would lead to “conflicts of interest and market integrity issues that would benefit of greater supervision “.
The agency’s focus on cryptography can be expected to intensify further following the collapse of the TerraUSD stable currency in May 2022 and its sister token, Luna, an event that wiped out almost all of Luna’s $ 40 billion market capitalization and accelerated the loss. of $ 500 billion in the cryptocurrency economy. As expected, Gensler and colleagues have doubled their aggressive rhetoric since the crash of Luna and TerraUSD. Speaking at a FINRA conference in Washington, DC on May 16, 2022, Gensler described cryptocurrency as a “highly speculative asset class,” given what he perceives as its lack of market transparency, and advocated for basic protections for investors versus leaders. customers, manipulation and fraud. Just days before those comments, SEC Commissioner Hester Peirce (despite her vocal and repeated criticisms of what she perceives as over-regulation of the SEC industry) hinted that “a place where we can see some movement “with respect to tougher regulations” is about stable currencies. “
These observations coincided with a broader effort by the SEC to expand its enforcement activity beyond the issuance of cryptographic assets. In February this year, for example, Enforcement filed its first lawsuit against a cryptocurrency lending platform, earning $ 100 million in fines against BlockFi Lending LLC for its allegedly unregistered offering and sale of retail cryptocurrency products. In May, the SEC filed a lawsuit against NVIDIA Corporation over NVIDIA’s alleged inability to disclose that cryptographic mining was a significant part of the growth in its revenue from the sale of its graphics processing units designed and marketed for gaming. company accepted a $ 5.5. worth millions. More recently, the SEC has been conducting an investigation into insider trading in one or more major cryptographic exchanges.
Although a recently introduced Senate bill would reduce the SEC’s jurisdiction over cryptography, it does not appear that the measure will move forward in the near future. Meanwhile, with the expansion of the Crypto Asset and Cyber Unit, we expect the agency to continue to expand the scope of its application activity.
Cybersecurity is also in focus
The increasing application of the SEC in the space of cryptocurrencies has been accompanied by a flurry of enforcement and policy-making activities in the field of cybersecurity, especially with regard to the problem of data breaches. In the second half of 2021, the SEC accused two companies, Pearson plc and First American Financial Corporation, respectively, of failing to make appropriate disclosures about cybersecurity violations and of failing to maintain proper cybersecurity disclosure controls and procedures. The SEC has also been sanctioned in three coordinated actions against registered brokers and investment advisors for alleged failures in its cybersecurity policies and procedures, which the SEC has found to have led to email account takings exposing the personal information of thousands of clients.
In addition, the SEC proposed earlier this year important new rules for public companies and investment advisers regarding cybersecurity controls and disclosures. In February, the agency proposed rules and amendments for investment advisers, registered investment firms and business development firms that, among other things, would require advisors and funds to adopt written policies and procedures that include specific elements set out in proposed standard to: address cybersecurity risks; require advisors to report significant cybersecurity incidents to the SEC on a new ADV-C form; and improve the disclosure of cybersecurity incidents and risks by advisers and funds to current and potential investors.
The SEC continued in March with proposed changes to rules for public companies that, among other things, would require issuers to disclose information about cybersecurity incidents within four business days after the company was determined to have experienced a “material incident of cybersecurity.” cybersecurity “and would require an updated update. disclosures about previously reported cyber incidents. The proposed rules and amendments would thus provide the Crypto Assets and Enhanced Cybernetics Unit with an even wider arsenal to look for issuers and advisors.
We will continue to provide updates on this rapidly evolving regulatory landscape.