On May 3, 2022, the U.S. Securities and Exchange Commission (SEC) announced in a press release that it is nearly doubling the size of its enforcement unit overseeing cryptocurrency markets and cyber-related threats to 50 dedicated positions. The SEC is also renaming the unit within the Division of Enforcement as the Crypto Assets and Cyber Unit (formerly known as the Cyber Unit). SEC Chair Gensler states that, with the allocation of 20 additional positions to this unit, “the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity.” This unit has brought more than 80 enforcement actions relating to crypto asset offerings and platforms since 2017.
In his speech on April 4, 2022, Chair Gensler stated his desire for the SEC to play an increasing role in the oversight of crypto platforms, stablecoins, and tokens, and asked the SEC staff to propose appropriate new regulations in each of these areas. See April 7 GT Alert. Today’s announcement further solidifies and expands this stated intent, with the SEC marking six areas on which the expanded unit will focus:
- Crypto asset offerings
- Crypto asset exchanges;
- Crypto asset lending and staking products;
- Decentralized finance (DeFi) platforms;
- Non-fungible tokens (NFTs); and
Given President Biden’s March 9, 2022, Executive Order on Ensuring Responsible Development of Digital Assets (see March 15 GT Alert) seeking a coordinated interagency approach to promote a “whole-of-government” policy of “responsible financial innovation,” the SEC continues to be in front of these issues, some of which may ultimately fall outside the scope of its jurisdiction as the Biden administration develops broader policy goals. For example, the secretary of the Treasury is charged with producing a report by July 7, 2022, on the future of money and payment systems, including the role of stablecoins.
The unit is also charged with continuing to tackle cyber-related threats. The release notes that the unit has brought numerous actions against SEC registrants for failing to maintain adequate cybersecurity controls or for failing to provide adequate disclosure in their registration statements and periodic reports of cyber-related risks and incidents.
As the regulatory scrutiny continues to evolve in the United States in response to both the March executive order and individual agency initiatives, market participants may wish to heighten their attention to existing regulatory guidance as well as dicta in press releases to reduce the risk of running afoul of U.S. regulators while the overall industry seeks clarity.