Recently, the Securities and Exchange Commission announced the creation of a Cyber and Emerging Technologies Unit (CETU), a group of 30 fraud specialists and attorneys spread across the SEC's offices around the country to protect retail investors. This new unit, which replaces the former Crypto Assets and Cyber Unit, has a mandate to combat misconduct in the following "priority areas":
- Fraud committed using emerging technologies, such as artificial intelligence and machine learning
- Use of social media, the dark web, or false websites to perpetrate fraud
- Hacking to obtain material nonpublic information
- Takeovers of retail brokerage accounts
- Fraud involving blockchain technology and crypto assets
- Regulated entities' compliance with cybersecurity rules and regulations
- Public issuer fraudulent disclosure relating to cybersecurity
Acting Chairman Mark Uyeda commented that the new unit will "not only protect investors but will also facilitate capital formation and market efficiency by clearing the way for innovation to grow. It will root out those seeking to misuse innovation to harm investors and diminish confidence in new technologies."
The CETU will also "complement" the work of the Crypto Task Force, headed by SEC Commissioner Hester Peirce. That task force, also announced this year, is working toward a "comprehensive and clear regulatory framework" for blockchain technology and crypto assets. Their mission is to help the SEC draw "clear regulatory lines" and "deploy enforcement resources judiciously," reflecting broader policy changes in the Trump administration regarding cryptocurrencies.
These announcements are in line with the SEC's change in position regarding crypto and the SEC's move away from regulation by enforcement. As set forth in the CETU's priorities, however, the SEC is not ceding enforcement of fraud in connection with blockchain technology and crypto assets. Instead, the SEC is refocusing its enforcement resources to investigate potential harm to retail investors in clearly fraudulent behavior—e.g., hacking to obtain material nonpublic information, fraudulent disclosures, and using new technologies to perpetuate fraud.
Companies should proactively implement robust controls and regularly evaluate risks associated with these emerging technologies to prevent potential misconduct. We anticipate that the SEC's Division of Enforcement will be active in investigating and ultimately bringing enforcement actions in these priority areas.