SEC changes enforcement focus with new Cyber and Emerging Technologies Unit.
In a recent announcement on February 20, 2025, the Securities and Exchange Commission (SEC) has revealed the establishment of the Cyber and Emerging Technologies Unit, or CETU, which will be taking over the responsibilities of the former Crypto Assets and Cyber Unit (CACU).
The primary goal of CETU is to address the rising instances of cyber-related misconduct and provide protection for retail investors against emerging malpractices within the technology sector. This move by the SEC signifies a notable shift in its focus, particularly away from non-fraud crypto enforcement actions like alleged violations of securities laws related to registration or technical issues.
Acting SEC Chairman Mark T. Uyeda outlined that CETU is intended to enhance the allocation of enforcement resources. Additionally, he emphasized the SEC’s commitment to holding wrongdoers accountable while upholding traditional investor protection efforts. This indicates that the SEC will continue its mission to safeguard investors and maintain market integrity in light of technological advancements.
CETU’s priorities include combatting fraudulent activities involving artificial intelligence (AI) and other emerging technologies. The SEC will pay close attention to instances of ‘AI washing,’ where companies make misleading claims about the use of AI in their products and services. Furthermore, the unit will focus on public issuer fraudulent disclosures related to cybersecurity, with a specific emphasis on fraudulent disclosures that may harm investors. CETU will also prioritize enforcement against regulated entities to ensure compliance with cybersecurity regulations, customer data protection rules, and related compliance policies.
Another key area of focus for the SEC’s new unit is tackling online deception, including fraud conducted through social media, the dark web, and fake websites targeting retail investors. Additionally, CETU will prioritize addressing cyber intrusions that result in obtaining material nonpublic information for illicit trading activities and preventing retail account takeovers by scrutinizing cybersecurity controls of broker-dealers and regulated entities. The unit will also work towards maintaining the integrity of blockchain technology and cryptocurrency assets, particularly in addressing fraudulent activities in this sector.
CETU is staffed with approximately 30 fraud specialists and attorneys from various SEC offices, led by Laura D’Allaird, the former co-chief of the Crypto Assets and Cyber Unit. The unit’s leadership aims to complement the efforts of the SEC’s newly formed Crypto Task Force, which focuses on establishing a comprehensive regulatory framework for digital assets. While the Crypto Task Force focuses on regulatory aspects, CETU’s role is primarily focused on enforcement related to cybersecurity incidents, AI, and cybersecurity controls.
In conclusion, the establishment of CETU underscores the SEC’s commitment to addressing fraud in the technology sector and protecting retail investors. Companies are advised to prioritize cybersecurity compliance and controls to avoid potential SEC scrutiny and enforcement actions due to lapses that may result in investor harm or loss. Regulated entities should also continuously evaluate their incident response practices to align with SEC cybersecurity regulations and assess the risks associated with new technologies like AI and machine learning to ensure accurate public representations and compliance with relevant regulations.
