Emerging Technologies Law

View Original

Insight on SEC Cyber Unit's First Enforcement Action

Cyber Unit's draws first blood. (public domain)

     The U.S. SEC's new Cyber Unit launched its first enforcement action since its creation in September 2017.

     The new Cyber Unit (part of the Enforcement Division) is the SEC's technical arm to crackdown on misconduct involving distributed ledger technology (blockchain) and initial coin offerings (ICOs), the spread of false information through electronic and social media, hacking and threats to trading platforms.

     In its complaint, the Cyber Unit levied charges against a known securities law violator and his company, PlexCorps alleging that he and PlexCorps marketed and sold securities called "PlexCoin" on the internet to investors in the U.S. and globally, claiming that their investments would yield a 1,354% profit in less than 29 days. The Cyber Unit obtained an emergency asset freeze to halt the ICO scam that raised up to U.S. $15 million from thousands of investors.

Ethereum founder Vitalik Buterin: 90% of ICO projects will flop. (CC0 Creative Commons license)

     This enforcement action underscores that current "ICO best practices" (at least in the Hong Kong legal community see here for example) are focusing on the opposite area of concern. Whereas the U.S. SEC is primarily concerned about protecting investors from ICO scam artists, many legal practitioners are advocating for stricter "KYC" or "know your client" anti-money laundering controls. Look, KYC controls help the ICO issuer vet the legitimacy of a potential investor. KYC controls have almost nothing to do with investor protection!

     Indeed, the complaint of the Cyber Unit's first enforcement action does not mention issues related to anti-money laundering or "KYC" because these concepts are, frankly, irrelevant from an investor protection perspective. If anything, investors need a way to vet the ICO issuer to make sure they are legitimate and creditworthy and not the other way around.  Also there are other much more substantive "ICO best practices" which usually are not discussed. See here

     So why is there a disconnect between industry focus (which at least in Hong Kong is fixated on "KYC") and the U.S. SEC's enforcement priority (cracking down on shady ICO issuers)? I have speculated that this disconnect originates from the fundamental lack of diversity in the service providers market for ICOs. Go to a major fintech conference and you will see that the speakers (especially for the keynote sessions) are usually law firms and accountant firms (who usually represent ICO issuers' interest as they are better able to afford their fees). Seldom do you see a major pension fund or labor union representative (who cares more about investor protection and not getting ripped off than "KYC") sitting on a "panel" of ICO experts. 

key regulatory concern: investors protection (Getty Images license)

     For example, on October 12, 2017, the U.S. SEC's Investor Advisory Committee (“Investor Committee”) held a public hearing on blockchain or distributed ledger technologies. The Investor Committee was established under section 911 of the Dodd-Frank Act to advise the U.S. SEC on regulatory priorities, the regulation of securities products, trading strategies, fee structures, the effectiveness of disclosure, and on initiatives to protect investor interests and to promote investor confidence and the integrity of the securities marketplace. Its members consists of senior executives from some of the world’s largest pensions and retirement schemes such as CALPERS and labor unions like the AFL-CIO, as well as academics (Harvard Law School) and consumer advocators. Certainly a very different crowd than the panelists sitting on fintech conferences. 

#ICO #capital raising #Cyber Unit