U.S. Securities and Exchange Commission building in Washington. Photo by Diego M. Radzinschi/ALM


The U.S. Securities and Exchange Commission spent 2018 cracking down on cryptocurrency and cybersecurity issues, according to a new report.

Gibson, Dunn & Crutcher’s 2018 Year-End Securities Enforcement Update said the federal agency focused strongly on cryptocurrency and digital asset regulations last year. That’s in part because of crypto’s popularity, media coverage and fluctuating value in 2018, said Mark Schonfeld, the co-chairman of Gibson Dunn’s securities enforcement practice group.

“I think the challenge going forward is how the SEC does more than just say no, but finds ways in which to help companies take advantage of digital assets in a way consistent with [its] regulatory mission,” Schonfeld said.

The SEC had a number of “firsts” this year: charging an unregistered broker-dealer for selling digital assets, finding that a hedge fund manager’s digital asset investments were an investment company registration violation, and finding that a digital token-trading platform operated as an unregistered national securities exchange.

According to the report, the SEC went after initial coin offerings claiming to be registered with the SEC and celebrities failing to disclose they were being paid to promote these offerings.

Schonfeld said in-house counsel at crypto companies should take caution when offering digital currencies or tokens because it is “an area fraught with risk if you’re not doing it with the right guidance.”

“The biggest risk is not complying with the SEC registration requirements when offering a digital token,” Schonfeld said. “The SEC has expressed the view … that in most cases if not all, digital tokens have qualified as securities under the securities laws, and the offering of digital tokens, initial coins, requires registration with the SEC. And so, thus far, that has been the biggest risk that companies in this space have faced.”

The SEC also pushed for companies to get cybersecurity measures in place, publicly cautioning nine public companies breached by fraudulent emails. Schonfeld said it’s increasingly important for companies to put adequate policies in place to prevent cyberattacks.

It’s also important to give whistleblowers a place to report internally, and to take internal reports seriously. Schonfeld said the SEC gave an award of $39 million to a whistleblower in 2018. Growing reward sizes “are a significant incentive” for whistleblowers whose claims aren’t being handled by their employer.

“It emphasizes again the need for companies to have a mechanism by which whistleblowers or potential whistleblowers can bring issues to the attention of the company,” he said. “And for the company to react to those complaints by looking into them and keeping an adequate record of the actions taken, remedial steps taken to address any issues.”

Read More:

SEC to Examine Cybersecurity, Digital Assets and Anti-Money Laundering Efforts in 2019

SEC Files Suit Over False Endorsement of ICO

Cyberattack on SEC Holds Warnings for All Organizations About Data Theft