POMERANTZ MONITOR | MAY JUNE 2023

By Thomas H. Przybylowski

On January 4, 2023, the United States Office of Information and Regulatory Affairs (“OIRA”) released the Fall 2022 Unified Agenda of Regulatory and Deregulatory Actions (the “Agenda”). The Agenda, which outlines the short- and long-term regulatory actions planned by various administrative agencies, includes rules submitted by the U.S. Securities and Exchange Commission (“SEC”) in the proposed or final rule-making stage. In a statement published that same day, SEC Chair Gary Gensler stated, in relevant part:

I support this agenda as it reflects the need to modernize our ruleset, moving deliberately to update our rules in light of ever-changing technologies and business models in the securities markets. Our ability to meet our mission depends on having an up-to-date rulebook—consistent with our mandate from Congress, guided by economic analysis, and shaped by public input.

The SEC’s regulatory actions on this unified agenda would help make our markets more efficient, resilient, and fair, including through rulemaking items we have been directed by Congress to implement. Taken together, the items on this agenda would advance our three-part mission: to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.

The SEC’s contributions to the Agenda include proposed rules designed to enhance company disclosures regarding human capital management and corporate board diversity, changes to registered investment companies’ fees and fee disclosure, and rules focusing on “cybersecurity and [the] resiliency of certain commission registrants.” Furthermore, the SEC is considering amendments to “modernize rules related to equity market competition and structure such as those relating to order routing, conflicts of interest, best execution, market concentration, pricing increments, transaction fees, core market data, and disclosure of order execution quality statistics.”

Perhaps most relevant to the current economic climate are the SEC’s proposals related to the cryptocurrency industry. For example, in March 2023, the SEC released a draft proposed rule pertaining to “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.” The draft rule specified that the SEC is proposing, inter alia, “amendments to require current reporting about material cybersecurity incidents,” and “proposing to require periodic disclosures about a registrant’s policies and procedures to identify and manage cybersecurity risks, management’s role in implementing cybersecurity policies and procedures, and the board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk.” The intention behind the proposed rule, the draft indicates, is to “better inform investors about a registrant’s risk management, strategy, and governance and to provide timely notification of material cybersecurity incidents.”

Similarly, in an April 14, 2023 press release, the SEC announced that it was reopening the comment period for proposed amendments to the definition of “exchange” under Rule 3b-16 of the Securities Exchange Act of 1934 (the “Exchange Act”). The proposed amendment concerns the applicability of existing rules to platforms that trade crypto asset securities and would “provide supplemental information and economic analysis for systems that would be included in the new, proposed exchange definition.” In support of the reopening, Gensler stated that the supplemental release would help answer questions and comments raised by various market participants, and added, in relevant part, “[m]ake no mistake: many crypto trading platforms already come under the current definition of an exchange and thus have an existing duty to comply with the securities laws. Investors in the crypto markets must receive the same time-tested protections that the securities laws provide in all other markets.”

The SEC’s cryptocurrency-related proposals are particularly pertinent given the recent failure of several “crypto-facing” banks. In November 2022, cryptocurrency exchange FTX collapsed among allegations of fraud and mishandled customer funds, resulting in a wide-ranging disruption of the cryptocurrency markets. By March 2023, the disruption spread to various banks that had cultivated crypto-heavy deposit bases, such as Silvergate Bank and Signature Bank, significantly undermining their financial stability. As a result, Silvergate was forced to voluntarily wind down its operations and Signature experienced a bank run that ultimately lead to receivership. Accordingly, the fall of FTX and subsequent bank failures signaled to the SEC and the market at large that cryptocurrency remains inherently volatile and must be closely monitored.

Following the announcement of its proposals, the SEC was met with harsh criticism from representatives of the Republican party. Specifically, in a House Financial Services Committee (the “Committee”) hearing held on April 18, 2023, Republican lawmakers claimed that the SEC was rushing the pace of its rulemaking in the areas of climate change risks and cryptocurrency. Moreover, Republican representatives criticized the number of enforcement actions the SEC has recently brought against cryptocurrency firms and accused Gensler of refusing to provide clarity on the applicability of securities laws on cryptocurrency and how cryptocurrency firms should comply with those laws. In addition to Republican lawmakers, several business groups have also expressed disagreement with the SEC’s 2023 proposed rules. For example, the National Association of Manufacturers sent a letter to the Committee arguing that “over the last two years the SEC has instead advanced an ambitious policy agenda that will impose costly regulatory burdens on manufacturers and hamper long-term value creation for shareholders.”

In response to these criticisms, Gensler defended the SEC’s authority to regulate the cryptocurrency industry and argued that the U.S. capital markets are as profitable and secure as they are because of federal oversight. Indeed, Gensler stated that he was “trying to drive [the digital asset industry] to compliance and if [digital asset firms are] not complying with the laws then they shouldn’t be offering their products to U.S. investors.” Noncompliance, Gensler asserted, “not only puts investors at risk, but also puts at risk the public’s trust in our capital markets.” Gensler was joined by Democratic lawmakers who also advocated for heightened regulation of the cryptocurrency industry. Representative Brad Sherman, for example, reasoned that legislation categorizing all crypto assets as securities would make it clear that “investors in crypto get the same protection as investors in stock, bonds and other intangible assets acquired for an investment purpose.” Likewise, in her opening statement at the April 18, 2023, Committee hearing, Representative Maxine Waters stated that, in the wake of the collapses of Silicon Valley Bank and Signature Bank, she “[couldn’t] believe that [the] Committee [was] rushing to take off more guardrails when we should be adding them.”

A 2022 study published by the CFA Institute revealed that 94% of state and government-sponsored pension funds are invested in one or more cryptocurrencies despite the obvious risks. Former SEC attorney Edward Seidle, in an October 3, 2022 article in Forbes, wrote:

According to Anessa Allen Santos, a Florida attorney and Special Magistrate who specializes in blockchain and fintech, one glaring reason why no pension fund should be toying with cryptocurrencies right now is “the rapid increase in regulatory hostility exercised without restraint toward cryptocurrency issuers by several federal administrative agencies.”

Whether or not the SEC’s proposed rules are adopted, it is evident that companies should pay attention to them. This is particularly relevant to businesses in the cryptocurrency industry, given the inherent volatility of digital assets and the plurality of enforcement actions the SEC has recently taken against crypto companies. As such, it would be prudent for companies to review their cybersecurity policies, procedures, controls, and response measures. This includes an analysis of a company’s governance structure to determine if any changes need to be made to the composition of boards or committees, including identifying any members that could be considered cybersecurity experts. In addition, companies may engage an outside third-party cyber penetration testing firm to review the company’s current procedures or retain a Cyber Managed Services Provider to conduct external monitoring to supplement the company’s internal processes. Ultimately, the current economic and regulatory climates, especially within the cryptocurrency industry, suggest a company is likelier to be in compliance with the SEC’s proposed rules for 2023, should they be enforced, the greater the number of preventive measures that company takes.

It remains to be seen whether the SEC’s proposed regulations for cryptocurrencies will help investors sleep better at night.