SEC repurposes Crypto Assets and Cyber Unit

On February 20, 2025, the SEC formally announced the creation of the Cyber and Emerging Technologies Unit (CETU), a repurposed version of the Crypto Assets and Cyber Unit. The announcement signals a changed focus in crypto enforcement, prioritizing fraud cases over non-fraud registration cases. It also suggests a return to traditional cybersecurity issues identified when the SEC created the unit in 2017, such as cybersecurity controls at regulated entities and different types of hacking cases. The unit also is being reduced in size, down to about 30 staff from 50, with some personnel transferring back to general enforcement work. The shift aligns with the SEC’s recent announcement of a Crypto Task Force, which will work to develop a comprehensive and clear regulatory framework for crypto assets and to foster a regulatory environment that supports innovation.

Notable areas of focus from the announcement

Public company cybersecurity disclosures. The prior administration had a relatively aggressive posture in evaluating cybersecurity disclosures by public companies, as evidenced by several enforcement settlements and a mixed result in litigation. In the wake of new SEC cybersecurity disclosure rules, the SEC statement referring to “fraudulent disclosures” may signal a focus on egregious misstatements, a reliance on more conventional theories of materiality and less attention to cases involving only internal controls weaknesses.

Regulated entities’ compliance with cybersecurity rules. The announcement said that the SEC would continue to prioritize cases involving “[r]egulated entities’ compliance with cybersecurity rules and regulations.” The SEC has brought several enforcement actions against broker-dealers and investment advisers in recent years and, in May 2024, expanded the cybersecurity requirements of the Safeguards Rule. This rule requires broker-dealers, investment advisers and investment companies to have reasonably designed policies and procedures to protect customer information. The amendments added requirements for incident response programs, customer notifications and regulatory obligations.

Fraud on retail investors. The announcement said the unit will focus on fraud involving emerging technologies. The announcement’s emphasis on protecting retail investors could mean increased attention to the use of trendy industries and technology to attract retail investors in offering frauds. Similarly, the CFTC recently announced that it would focus on helping retail victims and not following an approach of regulation by enforcement. The CFTC announced two new enforcement task forces, the Retail Fraud and General Enforcement Task Force and the Complex Fraud Task Force. 

Crypto fraud. The unit also will focus on fraud involving blockchain technology and crypto assets. The mention of “fraud” likely previews reduced emphasis on non-fraud registration cases. In particular, the prior administration dedicated substantial resources to litigating cases concerning the application of the Securities Exchange Act of 1934 to secondary crypto trading markets. The SEC has requested delays in certain cases to consider its litigation position. It bears watching whether the SEC backs away from the theories it has pursued to date.

Hacking to obtain material nonpublic information. This is a continued focus from prior administrations. Previous enforcement actions related to MNPI extracted from newswire services, law firms, the SEC’s own EDGAR filing system and directly from public companies’ computer systems.

Retail brokerage account takeovers. This is another priority area from prior administrations, which filed cases involving takeovers of retail brokerage accounts to perpetrate market manipulation and drain assets from retail accounts.

Overall, the announcement demonstrates a reallocation of enforcement resources toward identifying fraud that impacts retail investors. Additional developments may come when a permanent Chairman is confirmed; former Commissioner Paul Atkins was nominated and is awaiting a Senate hearing.