On May 3, the Securities and Exchange Commission (SEC) announced that it will greatly expand its cryptocurrency and cybersecurity unit by adding 20 positions. The additional positions will bring the unit’s total members to 50, nearly doubling its size. The new hires will include supervisors, staff attorneys, trial counsel, and fraud analysts.
SEC Chair Gary Gensler said that ”[b]y nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity.”
The announcement also reveals a name change for the unit, from “Cyber Unit” to “Crypto Assets and Cyber Unit.”
According to the announcement, the unit will focus on crypto asset offerings, crypto asset exchanges, crypto asset lending and staking products, decentralized finance (DeFi) platforms, non-fungible tokens (NFTs), and stablecoins.
Formed in 2017, the unit “has brought more than 80 enforcement actions related to fraudulent and unregistered crypto asset offerings and platforms, resulting in monetary relief totaling more than $2 billion.”
It is too early to tell what types of cases the expanded unit will undertake. However, the last three years has seen an explosion in NFTs and DeFi that the unit could target. During the 2021 Aspen Security Forum, Gensler stated that DeFi “platforms not only can implicate the securities laws-some platforms but also can implicate the commodities laws and the banking laws.” Additionally, in March 2022, Bloomberg reported that the SEC has issued subpoenas, probing whether NFTs (specifically fractional NFTs) are being used to raise money like traditional securities.
The unit’s significant expansion should put all cryptocurrency companies on alert. The SEC’s decision to bulk up its enforcement resources means that companies cannot wait for new rules to analyze how they utilize cryptocurrency. Public companies, as well as brokers, dealers, investment companies, and investment advisors, also need to enhance their cybersecurity and disclosures relating to such efforts. Companies must take proactive steps to ensure they are up to date with the SEC’s guidance regarding crypto and cybersecurity.