December 7, 2017

Securities and Exchange Commission's (SEC) Cyber Unit’s Maiden Enforcement Action

by: John Araneo



Photo Credit: © panandrii -

In the first formal proceeding launched by the SEC Enforcement Division’s new “Cyber Unit,” the Commission announced it had secured a court order in Brooklyn, NY federal court, to freeze the assets of individuals behind an apparently fraudulent initial coin offering (“ICO”). The Cyber Unit was set up by the Commission in September, with a heavy focus on blockchain distributed ledger technology and ICOs, the spread of false information online and cyber-attacks. “This first Cyber Unit case hits all of the characteristics of a full-fledged cyber scam and is exactly the kind of misconduct the unit will be pursuing,” said Robert Cohen, chief of the SEC’s Cyber Unit. This matter targets a known veteran fraudster and alleges the two principals duped investors out of $15 million by claiming that investments into its flavor of a digital token (called “PlexCoin”) would increase over 1300% inside of month.

Indeed, this enforcement action is a sign of the times in many respects, as the complaint encompasses many of the prevailing trends in the asset management space, including Cybersecurity, ICOs, blockchain technology and cryptocurrency assets, all at once. Consider the following facts, all of which occurred in what seems just moments ago. Cybersecurity threats pose a demonstrable systematic risk facing all market participants, including the Commission itself, which only recently disclosed its own breach that occurred in 2016. So much so, that it added an enforcement unit, specifically focused on cyber-based violations, to work hand-in-hand with its existing examination unit that has already conducted at least two Cyber Sweeps. In response to the meteoric rise of both the investor community’s interest in, and the value of cryptocurrency assets, which are estimated to have raised over $3 billion to date, the Commission has issued a report (the “DAO Report”). This report discloses opinions on whether an ICO will be deemed a “security,” or a threshold legal issue (the ramifications of which exceed the scope of this article). Additionally, the Commission has created its own Distributed Ledger Technology Working Group. 

In the end, this PlexCoin matter seems to be well-rooted in good, old-fashioned fraud and thus, it seems unlikely that it will deliver a reasoned analysis that applies the principals espoused in the DAO Report or provide a legal precedent, that fleshes out a clear legal test for determining whether an ICO is a security. We’ll have to wait for that. It does, however, provide insight to some of the regulatory headwinds for the investment management industry, as it becomes more immersed in all things digital.

Align CybersecurityTM offers tailored, layered and advanced cybersecurity solutions encompassing Vulnerability Assessments/Penetration Testing, Cybersecurity Risk Management as a Service (Align Risk CSR), Customized Cybersecurity Programs, Third Party Management, Managed Threat Protection (Align Guardian), Cybersecurity Training and more.

Interested in Learning More? 

Check out Align's National Cybersecurity Awareness Month Article Series

Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC