SEC Increases The Size Of Their Crypto Assets and Cyber Unit

On May 3, 2022, the U.S. Securities and Exchange Commission ("SEC" or "The Commission") announced the addition of twenty positions to their Crypto Assets and Cyber Unit (formerly known as the Cyber Unit). This brings the total dedicated positions in the unit to 50, strengthening their team with new supervisors, investigative staff attorneys, trial counsels, and fraud analysis.

"The U.S. has the greatest capital markets because investors have faith in them, and as more investors access the crypto markets, it is increasingly important to dedicate more resources to protecting them." - Gary Gensler, SEC Chair

The SEC notes that since the unit’s creation in 2017, it has brought actions against several registrants and public companies who failed to maintain adequate cybersecurity controls and/or failed to properly disclose cyber-related incidents and risks. In addition, as the crypto marketplace grows (assets totaling $1.7 trillion as of May 5, 2022), it has brought more than 80 enforcement actions against fraudulent and unregistered crypto asset platforms or offerings, totaling more than $2 billion in monetary relief. With the new challenges and risks crypto poses to investors, the unit endeavors to dedicate more resources to protect market participants from securities law violations related to:

• Crypto asset exchanges.
• Crypto asset lending and staking products.
• Decentralized finance ("DeFi") platforms.
• Non-fungible tokens ("NFTs").
• Stablecoins.

Implications for Registrants

The SEC identified crypto assets and information security as key focus areas in its 2022 examination priorities. The recently announced increase in staffing is evidence of the Division’s commitment to these priorities, as it better equips them to regulate misconduct in the crypto markets while continuing to identify cybersecurity disclosure and control issues. Accordingly, registrants should prepare for more exhaustive regulatory examinations and document request lists regarding their cybersecurity and crypto activities. 

On top of the Division of Examination’s focus, policymakers have introduced cyber and crypto proposals, laws, and initiatives that further complicate the regulatory landscape and organizations’ compliance programs. The SEC has proposed new cybersecurity rules for both investment advisors, their companies, and public companies. In addition to the SEC’s efforts, both the executive and legislative branches of the United States government have placed the spotlight on crypto assets and cybersecurity. Earlier this year, President Joe Biden issued the first-ever executive order for government oversight and research of digital assets (like cryptocurrency), and new cybersecurity legislation passed in the Senate to require critical infrastructure companies to report substantial cyber-attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. This measure still needs passed in the House of Representatives.

How we help

ACA Aponix^® can help your firm develop, implement, and maintain the required information security program to meet the SEC's evolving regulatory requirements with the following services.

• Risk assessments to assess an organization’s technology-related risks and provide recommendations to close any identified gaps.
• Mock regulatory cyber exams to help an organization to prepare for an SEC, NFA, or FINRA cyber exam. For more information on the SEC’s 2022 cyber exam priorities, click here.

Learn more

For questions about this alert, or to find out how ACA can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us.