Published on: May 4, 2022
The US Securities and Exchange Commission (SEC) announced in a press release on Tuesday that it will almost double the Crypto Assets and Cyber Unit in order to combat cryptocurrency fraud and protect investors from “cyber-related threats.”
The SEC said it will add an extra 20 positions to the cyber team (including supervisors, investigative staff attorneys, trial counsels, and fraud analysts) to increase it to 50 employees focused on fighting crypto-based cybercrime.
“By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity,” SEC Chair Gary Gensle said in the press release.
Since its inception in 2017, the SEC Enforcement Division’s cyber team has fought against and investigated cyber threats targeting retail investors (individuals investing in securities through third parties like brokerage firms).
Up to this point, SEC’s cryptocurrency authorities have “brought more than 80 enforcement actions related to fraudulent and unregistered crypto-asset offerings and platforms, resulting in monetary relief totaling more than $2 billion.”
The expanded cybercrime unit will protect users investigating in crypto markets by investigating securities law violations connected to crypto exchanges and multiple crypto products, including non-fungible tokens (NFTs), decentralized finance (DeFi) platforms, and stablecoins.
The SEC cyber team can also take action against public companies and SEC registrants who fail to report cybersecurity incidents and maintain proper cybersecurity defenses against them.
“The bolstered Crypto Assets and Cyber Unit will be at the forefront of protecting investors and ensuring fair and orderly markets in the face of these critical challenges,” added Gurbir S. Grewal, the Director of the SEC’s Division of Enforcement.
Additionally, the SEC recently proposed rule amendments requiring publicly traded companies to report data breaches and cybersecurity incidents within four business days “after they’re determined as being a material incident.”