SEC Shifts Enforcement Focus With Launch of Cyber and Emerging Technologies Unit
On February 20, 2025, the Securities and Exchange Commission (SEC) announced the formation of the Cyber and Emerging Technologies Unit (CETU), replacing the Crypto Assets and Cyber Unit (CACU). This restructuring signifies a strategic shift in the SEC’s enforcement priorities, with a heightened focus on combating cyber-related misconduct and safeguarding retail investors from emerging risks in the technology sector. The move suggests a pivot away from some non-fraud crypto enforcement actions.
CETU’s Priorities
Acting SEC Chairman Mark T. Uyeda indicated that CETU will enable the SEC to allocate enforcement resources more effectively. He emphasized the SEC’s commitment to holding wrongdoers accountable while maintaining investor protection and market integrity in the face of technological advancements. According to the SEC, CETU will prioritize matters including:
-
Combatting Fraud Involving AI and Other Emerging Technologies: The SEC will emphasize the use of artificial intelligence and machine learning in fraudulent schemes, including “AI washing,” where misstatements are made regarding AI’s use in products and services.
-
Public Issuer Fraudulent Disclosures Relating to Cybersecurity: The SEC will focus on cybersecurity disclosures by public companies under its recent rules and regulations, with an emphasis on fraud related to material cybersecurity incidents. This will include disclosures that cause investor harm instead of technical or internal controls’ violations.
-
Regulated Entities’ Compliance with Cybersecurity Rules and Regulations: The SEC will prioritize enforcement involving broker-dealers, investment advisers, and investment companies, ensuring compliance with rules relating to the protection of customer information and data under Regulation S-P.
-
Tackling Online Deception: The SEC will focus on fraud conducted via social media, the dark web, and fake websites that acutely impact retail investors.
-
Protecting Against Cyber Intrusions: The SEC will prioritize enforcement related to hacking incidents used to obtain material nonpublic information used for securities trading.
-
Preventing Retail Account Takeovers: The SEC will scrutinize broker-dealers and regulated entities to ensure adequate cybersecurity controls prevent unauthorized access to retail brokerage accounts.
-
Ensuring Blockchain and Crypto Integrity: A significant shift as CETU will focus on fraud involving blockchain technology and cryptocurrency assets, as opposed to the various non-fraud registration cases the Crypto Assets and Cyber Unit had filed. For instance, there will be less emphasis on enforcement involving “meme coins,” leaving it to other regulators if fraud or other misconduct occurs.
Staffing and Leadership
CETU comprises approximately 30 fraud specialists and attorneys, a reduction from the CACU’s roughly 50 enforcement roles. Laura D’Allaird, the former co-chief of the Crypto Assets and Cyber Unit, leads the CETU. CETU will complement efforts of the SEC’s Crypto Task Force, launched in January 2025 and led by Commissioner Hester Peirce. Whereas the Task Force aims to create a comprehensive regulatory framework for digital assets, CETU will handle enforcement related to crypto matters, cybersecurity incidents, and AI.
Takeaways and Implications
CETU’s formation signals the SEC’s intention to focus on fraud involving retail investors. Companies should prioritize the assessment of their cybersecurity compliance and controls, given that lapses resulting in investor harm could lead to SEC scrutiny. Regulated entities and issuers should regularly evaluate their incident response practices and procedures to align with SEC cybersecurity rules. As companies incorporate AI and machine learning, they should also evaluate the risks of these new technologies and ensure marketing material is accurate, especially when soliciting or managing investments.
