SEC Boosts its Bandwidth, Nearly Doubles the Size of the Division of Enforcement’s Crypto Assets and Cyber Unit


On May 3, 2022 the Securities and Exchange Commission (the “SEC”) announced the addition of 20 new positions to the Division of Enforcement’s newly renamed Crypto Assets and Cyber Unit (formerly known as the Cyber Unit), expanding the Crypto Assets and Cyber Unit to 50 positions (the “Announcement”).[i] With its expanded numbers, the Crypto Assets and Cyber Unit will continue to identify cybersecurity disclosure and control issues and will focus on investigating:

·       Crypto asset offerings;

·       Crypto asset exchanges;

·       Crypto asset lending and staking products;

·       Decentralized finance (“DeFi”) platforms;

·       Non-fungible tokens (“NFTs”); and

·       Stablecoins.[ii]


This Announcement is the latest in a string of SEC initiatives aimed at policing the use of crypto assets and bolstering market participants’ cybersecurity measures. In 2022 alone, the SEC has proposed rules on cybersecurity preparation and disclosure (the “Proposal”),[iii] highlighted cybersecurity and crypto-assets in the Division of Examination’s Examination Priorities (the “Examination Priorities”),[iv] and issued at least four press releases in 2022 touting crypto-related enforcement actions.[v] We discussed the proposed rules and Examination Priorities in our blog posts, SEC’s Division of Examinations Releases 2022 Examination Priorities and Man the Cyber Forts! – SEC Proposes New Cybersecurity Regulations for RIAs and Funds.

The Announcement, combined with the SEC’s crypto-related enforcement actions, has sowed concern within the industry (and among the SEC commissioners) that the SEC is taking a “regulation by enforcement” approach to crypto assets.[vi] Voicing this concern and responding to the Announcement, SEC Commissioner Hester Pierce tweeted “The SEC is a regulatory agency with an enforcement division, not an enforcement agency.  Why are we leading with enforcement in crypto?”[vii] Regulation by enforcement often leaves market participants facing the threat of enforcement action while lacking appropriate SEC guidance. Market participants involved in crypto assets should carefully review their policies and procedures in light of the Crypto Assets and Cyber Unit’s focus areas (listed above) and the Examination Priorities.

Further, the Announcement crystalizes what was already quite clear – cybersecurity is a top priority for the SEC. Accordingly, we suggest that all market participants review and test their cybersecurity policies, procedures, and practices in light of the Proposal and Examination Priorities. Even though the Proposal is still pending, market participants should review its contents for insights into the SEC’s cybersecurity priorities.


For additional discussion on the Announcement and crypto-asset enforcement, please review the Legal Alert, Crpyto Enforcement Is Here, and Always Has Been, written by our Government and Regulatory Practice Team.


If you have any questions about the Announcement, or about the regulation of investment advisers, broker-dealers, and registered investment companies generally, please feel free to contact us.

By the Investment Management and Broker-Dealer Team at Kilpatrick Townsend & Stockton

This content is provided by Kilpatrick Townsend & Stockton LLP for informational purposes only and is not intended to advertise our firm’s services, to solicit clients, or to provide legal advice. Viewers should not rely on the posted materials as advice about specific legal problems. Such advice can be rendered only by competent counsel familiar with the particular facts and circumstances involved. Posting and viewing of the materials on our website or in printed form is not intended to constitute the rendering of legal advice or to create an attorney-client relationship with the viewer. If Kilpatrick Townsend & Stockton LLP does not already represent you, and you send us an e-mail, your e-mail will not create an attorney-client relationship and will not be treated as privileged or confidential.


Attorney Advertising – Kilpatrick Townsend & Stockton LLP, 1100 Peachtree Street NE, Suite 2800, Atlanta, GA 30309 | 404-815-6500.

For more information, please refer to our Terms of Use and Privacy Policy.

[i] Press Release, SEC, SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit (May 3, 2022), (the “Press Release”).

[ii] Press Release.

[iii] SEC Proposed Rules, Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies, SEC Release Nos. 33-11028; 34-94197; IA-5956; IC-34497, available at; SEC Press Release, SEC Proposes Cybersecurity Risk Management Rules and Amendments for Registered Investment Advisers and Funds, February 9, 2022, available at

[iv] SEC, Division of Examinations, 2022 Examinations Priorities, (March 30, 2022), at 15–16.

[v] See, e.g., SEC, Press Release, SEC Halts Fraudulent Cryptomining and Trading Scheme (May 6, 2022); SEC, Press Release, SEC Charges Siblings in $124 Million Crypto Fraud Operation that included Misleading Roadshows, YouTube Videos (March 8, 2022)

[vi] See Benjamin Pimentel, Gensler’s sending in the Crypto Cops, Protocol (May 5, 2022),; Toby M. Galloway & Gavin Fearey, SEC Expands and Renames Cyber Unit to “Crypto Assets and Cyber Unit”, Winstead PC (May 5, 2022),

[vii] Hester Pierce (@HesterPeirce), Twitter (May 3, 2022, 2:10 PM),


Latest Thinking

View more Insights
Insights Center
Knowledge assets are defined in the study as confidential information critical to the development, performance and marketing of a company’s core business, other than personal information that would trigger notice requirements under law. For example,
The new study shows dramatic increases in threats and awareness of threats to these “crown jewels,” as well as dramatic improvements in addressing those threats by the highest performing organizations. Awareness of the risk to knowledge assets increased as more respondents acknowledged that their