OODA Loop – Crypto Enforcement Actions, the SEC Crypto Assets and Cyber Unit, and National Security Risk


In two recent posts, we attempted to quantify crypto and digital asset enforcement and regulatory impacts and outcomes as they emerge in 2023:

We are also on the lookout for stakeholders and new organizations with enforcement and regulatory mandates. So far, we’ve highlighted the following organizations for your decision intelligence and risk awareness efforts:

  • New York’s Department of Financial Services (DFS)
  • The Treasury Department’s Financial Crimes Enforcement Network (FinCEN):
  • The Commodities Futures Trading Commission; and
  • The Department of Justice’s National Cryptocurrency Enforcement Team (NCET).

This research effort is an extension of topics discussed in the “The Year Past and Looking into the Future” discussion at the December 2022 OODA Network Member Meeting. In this post, we look at the recent headlines and the organizational behavior of the Securities and Exchanges Commission (SEC), namely the SEC’s Division of Enforcement’s Crypto Assets and Cyber ​​Unit.

Recent OODA Loop News Briefs on the SEC, Crypto, Regulation and Innovation

The recently expanded SEC Division of Enforcement’s Crypto Assets and Cyber ​​Unit

In May, the SEC’s Office for the Protection of Investors in Cryptocurrencies and Other Digital Assets was expanded and renamed. Formerly known as The Cyber ​​Unit, it is now the Crypto Assets and Cyber ​​Unit, with 20 new positions – including investigative staff attorneys, trial counsel and fraud analysts, the SEC said in a news release: “By nearly the size of this key unit, the SEC will be better equipped to police violations in the cryptomarkets as it continues to identify disclosure and control issues related to cybersecurity,” (1)

According to The Record: ” The SEC created the unit in 2017, and since then the range of digital assets available to investors has expanded far beyond just cryptocurrencies like bitcoin. The agency said the expanded unit would be better equipped to enforce securities laws as they relate to products such as decentralized finance (DeFi) platforms, non-fungible tokens (NFTs) and stablecoins linked to traditional currencies such as the US dollar. is. The unit, which is part of the SEC’s Division of Enforcement, has brought more than 80 enforcement actions related to fraudulent and unregistered crypto-asset offerings and platforms, resulting in monetary relief totaling more than $2 billion,’ the SEC said. Last week alone, the agency announced the prosecution of two separate cases. Last year, Gensler called cryptocurrency markets ‘the Wild West’ of the financial world. In addition to policing digital assets, the Crypto Assets and Cyber ​​Unit can also bring cases against public companies for failing to properly maintain cybersecurity controls and disclose security incidents. Gensler led an effort for the SEC to create new rules for incident disclosure by public companies.’” (2)

Richard Gardner at The Daily Hodl captures concerns we share about overregulation – and extends his concerns to those of the China threat and privacy, concerns we also share. Although Gardner’s framework is not necessarily the point we have taken so far in our analysis of these issues, his amalgamation of the threat vectors is interesting:

“While securing the market is a laudable goal and one necessary for promoting mainstream investment there is a risk looming around the corner. As central banks begin to consider introducing their own Central Bank Digital Currencies (CBDCs), there is a real risk of regulatory bodies taking an authoritarian approach. Looking at the CBDC rollout in China, it should be a rude awakening that with the wrong regulations in place, financial privacy could very well be greatly reduced. With the SEC improving its enforcement, what could be a positive in terms of cybersecurity could turn into a concern if the government mishandles privacy rights.”

Gardner introduces his argument for a landing more in line with our primary concern – that of over-regulation stifling innovation from the crypto ecosystem:

“The industry needs investors to have confidence in the market. We do need to devote more resources to protecting them. We do need to be better at policing violations in crypto markets and we definitely need a better handle on ensuring that exchanges use a quality technology apparatus to improve cyber security. All of these things improve the long-term viability of the digital asset space. That said, we must remain vigilant about investors’ privacy rights. A CBDC with authoritarian tendencies is no substitute for cash, and the citizenry will not stand for it. It’s time for the government to come together with the industry to develop an approach that keeps the citizenry safe from bad actors, while maintaining privacy and still allowing crypto-preneurs to do what they do best innovate.” (3)

What next? The future of crypto, money, blockchain and national security

We have four tracks on which we curate and synthesize information streams on the topics of cryptoassets, cybersecurity and national security risk:

  1. The Global Crypto and Digital Currency Initiatives Series: we track the global adoption rate of these technologies and platforms – and their long-term impact on the traditional global financial system. In 2023, we will continue to track the global adoption rate of crypto-assets and digital currency efforts worldwide. We will also continue our blockchain tracking effort – hoping to launch a series on sector/industry blockchain initiatives that differentiate and delineate blockchain as separate from the crypto collapse – focusing on “the long view” and the true promise of web3/blockchain and exponential innovation.
  2. Enhanced security measures: Our series of posts in 2021 entitled The New Normal (case studies of some of the most significant cyber incidents in 2021) included in our analysis at the time were new threat vectors created by new corporate, government and legal mechanisms for responding to cyber incidents of all types (cyber fraud, crypto theft, data breach, ransomware, etc.). This trend in this ecosystem has continued over the course of 2022. Look out this year for a series of posts on trends in enhanced cybersecurity measures specific to the future of bitcoin and crypto exchanges.
  3. Regulation (or over-regulation?) and National Security Risk: Finally, the most important filter we will apply to this ecosystem in 2023 is regulation and over-regulation related to national security. Matt Devost, CEO of OODA Loop, put a ‘stake in the ground’ on the topic last year in his post – Is Bitcoin a National Security Risk? – who expressed his general concern that over-regulation of bitcoin will stifle American innovation and the strategic opportunities for benefit through the “future of money” and the underlying blockchain technology. The collapse of FTX since Matt’s initial post will unfortunately seriously turn regulators towards something that either feels incredibly similar to or is a clear move towards an environment of over-regulation (which in turn could have an impact and may hinder innovation).

Various perspectives on “crypto’s threat to national security” were also expressed by the DOJ crypto chief, the CEO of Coinbase (“crypto is up there with chips and 5G as a matter of “national security”), and the chairman of the Commodities Futures Trading Commission (CFTC). And DARPA is of course on the scene with research efforts that we looked at in November. We will synthesize these perspectives regarding Matt’s initial concerns in the weeks and months ahead. We’re also following the recent crypto bankruptcies and the FTX saga – with its ongoing investigations, criminal charges and trials at the state, federal and civil levels – including the bipartisan bill aimed at cracking down on money laundering via cryptocurrency companies occurs (among other US cryptocurrencies). , Digital Assets and National Security Policy Efforts).

Web3 Cyber ​​​​Incident Database: Tracks more than $62 billion dollars worth of incidents related to cryptocurrency

With Coinbase Investigation and $100M Settlement, New York is the Tip of the Crypto Regulatory Spear