An SEC Enforcement Program For Policing WEB3

By | September 13, 2022

We are living in the golden age of investment fraud.

Never before have so many dangerous investment schemes become so prevalent, so rife with dire externalities, and so laden with global financial systemic risk. The reason? The large-scale deceitful shilling and hype pertaining to so-called “Web3.”

Along these lines, the U.S. Securities and Exchange Commission (SEC) has stepped up its Web3 enforcement efforts and, on May 3, 2022, announced the allocation of twenty additional positions to the unit responsible for protecting investors in crypto markets and from cyber-related threats. The newly renamed Crypto Assets and Cyber Unit (formerly known as the Cyber Unit) in the SEC Division of Enforcement will grow to 50 dedicated positions. The SEC is also just about to name a new chief and deputy chief of the unit, who will surely hit the ground running.  (Per a recent report from CoinDesk, though not formally announced by the SEC, the new chief is to be David Hirsch, currently Counsel to Commissioner Caroline Crenshaw, who was appointed by President Trump for a Democratic SEC seat in June, 2020.)

The expanded Crypto Assets and Cyber Unit will leverage the agency’s expertise to ensure investors are protected in the crypto markets, with a focus on investigating securities law violations related to:

  • Crypto asset offerings;
  • Crypto asset exchanges;
  • Crypto asset lending and staking products;
  • Decentralized finance (“DeFi”) platforms;
  • Non-fungible tokens (“NFTs”); and
  • Stablecoins.

This Web3 regulatory awakening should come as no surprise. Given the growing laundry list of perilous Web3 externalities, dangerous Web3 societal costs, and potential systemic and calamitous Web3 financial consequences, the engagement of U.S. financial regulators, especially the SEC, was inevitable. But now what?

This article proposes a multi-faceted SEC Web3 enforcement program focusing on 1) aggressive enforcement, with sweeps, SWAT teams, and the use of expedited and omnibus formal orders; 2) heightened Web3 surveillance; 3) coordinated regulatory cooperation and law enforcement liaison efforts; 4) nationwide educational initiatives; and 5) incentivized self-policing.

About 25 years ago, during the early days of the Internet, when I served as the SEC’s Special Counsel for Internet Projects and later became Chief and Founder of the SEC’s Office of Internet Enforcement, online securities fraud had, almost overnight, emerged as a significant threat to investors and to financial markets.

In response, we implemented a similar five-prong enforcement program as a preemptive strike to stop the growth of Internet-related fraud dead in its tracks. This article recycles, recalibrates and re-applies that successful programmatic approach, which not only helped protect investors in the unchartered realm of cyberspace but also helped pave the way for mammoth technological innovation and unprecedented economic growth and prosperity.

Some Background

Over the past several years, a wide-ranging array of developments have triggered escalating regulatory concerns about crypto, decentralized finance (DeFi), non-fungible tokens (NFTs), stablecoins, and the rest of Web3, including:

In short, Crypto, DeFi, NFTs, stablecoins, and the rest of Web3 tout the same tired and faux libertarian notions of innovation and decentralization, except with even less protection, even more fraud, and even more unlicensed, unregulated, and suspect money-sucking intermediaries.

Hence, a call to action and immediate need for a sophisticated, cohesive, coordinated, and well-organized all-inclusive SEC approach of enforcement, surveillance, liaison, education, and self-policing has rapidly emerged.

Aggressive Enforcement

Since its creation in 2017, the SEC Cyber Unit has brought 100 or so crypto-related enforcement actions, resulting in monetary relief totaling more than $2 billion. But their work has just begun.

Web3 spawns dangerous variants almost quarterly, from unregistered initial coin offerings and unregulated digital asset trading platforms to wildly secretive and risky crypto-lending programs, to celebrity-shilled NFT products rife crafted by profit-seeking promoters and traders with gargantuan conflicts of interest.

To counter the rapid-fire growth of Web3 fraudulent iterations, SEC Web3 enforcement efforts must be carried out swiftly, efficiently, and calibrated for maximum market impact. The SEC should use all available tools, including expedited and omnibus formal orders; SWAT teams; and nationwide sweeps.

Expedited and Omnibus Formal Orders

Before SEC staff can subpoena persons and companies for testimony and documents, the staff must draft an action memorandum seeking a formal order of investigation from the SEC Commissioners, who must approve that request.

Pursuant to delegated authority, certain senior SEC enforcement officials may, in their discretion, issue a formal order when a formal order of investigation is appropriate and necessary to determine whether a violation of the federal securities laws may have occurred or may be occurring.

The formal order serves two important functions. First, it generally describes the nature of the investigation that the SEC Commissioners have authorized. Second, it designates specific staff members as officers for the investigation and empowers them to administer oaths and affirmations, subpoena witnesses, compel attendance, take evidence, and require the production of documents and other materials. Formal investigation proceedings are non-public unless otherwise ordered by the Commission.

To expedite Web3-related matters needing formal order approval, once the SEC Senior Officers have clearly authorized the formal investigation of a particular Web3 modus operandi, they should expedite and streamline that same process for similar matters. For example, once the Commission authorizes a formal order of investigation for potential securities violations relating to the operations of a digital asset trading platform, SEC Senior Officers should, going forward, exercise delegated authority and approve future similar formal order requests expeditiously.

Whenever appropriate, the SEC should also go one step further and use so-called omnibus formal orders that capture both past and future witnesses and companies. For example, instead of approving a formal order designating the investigation of one specific entity, such as an NFT trading platform, and then returning to the Commission seeking a formal order every time the staff discovers a new NFT trading platform, the staff should consider using a continuing omnibus formal order. This omnibus formal order should be revisited quarterly by the SEC Commissioners and would apply to any NFT trading platform. The SEC has used similar previous omnibus formal orders for prime bank frauds, online violations of Section 17(b) of the Securities Act, and online unregistered securities offerings.


One historically effective SEC investigatory tool that seems ideally suited for Web3 enforcement is the use of SEC “sweeps.” Sweeps are when the SEC investigates and then initiates a large number of filed enforcement actions simultaneously, involving violations of the same regulation, which can send a powerful message to the crypto-marketplace.

The SEC has previously brought sweeps involving online fraud, microcap fraud, Regulation FD misconduct, municipal bond underwriting schemes, and a range of other categories of securities violations.

Sweeps enable SEC enforcement staff to pool investigative capital, collaborate more easily, avoid duplicative efforts, better leverage in-house expertise, and act far more efficiently during investigation and litigation. Sweeps also garner headlines and social media attention, which can better spread the message about SEC enforcement efforts. This ultimately allows for a greater bang for the buck of SEC resources.

For example, the SEC has become increasingly concerned about unregistered digital asset trading platforms. Along these lines, in a recent Wall Street Journal op-ed article, SEC Chair Gary Gensler sounded the alarm about unregistered crypto-trading platforms operating unlawfully and the danger these firms pose to investors. A sweep of digital asset trading platforms allows SEC staff to leverage its resources exponentially with weekly meetings, joint research, nationally harmonized documentary and testimonial subpoenas and techniques, and other concerted tactics and approaches.

By capitalizing on the internal coordination and improved efficiency of sweeps, the SEC will not only orchestrate a rapid and effective crackdown upon rogue crypto-firms, but the SEC will also deter future misconduct by sending a powerful message to the crypto-ecosystem about the serious nature of securities violations.

SWAT Teams

Securities fraud investigations start abruptly for a variety of reasons, such as a high-quality complaint from a member of the public, a cataclysmic financial event, a referral from another regulator, or even a media headline.

In these kinds of situations of expedited investigations, SEC staff must mobilize quickly for two reasons. First, investor funds may be at risk, and preserving and protecting those funds becomes paramount. Second, the trigger for the SEC investigation will also likely prompt criminal prosecutorial interest, and the initial investigatory work in the early days is typically a mad scramble to gather evidence and act swiftly.

The best way to manage “expedited investigations” is to prepare for them before they happen by organizing uniquely designated investigatory, litigation, and regulatory staff from all SEC divisions, specially trained to mobilize quickly and on call 24-7.

For example, an SEC SWAT team should be particularly well-trained in bringing emergency litigation actions, like temporary restraining orders and asset freezes, and coordinating with and supporting federal law enforcement investigators and federal prosecutors.

Just like the SWAT team of a police force can save lives, the SWAT team of the SEC could become remarkably effective for saving the funds of the growing mass of crypto-swindled investors.

Heightened Surveillance

With many changes in technology and marketplaces, surveillance at the SEC has remained constantly in flux and revision. Naturally, technology has grown, and the SEC has correspondingly beefed-up surveillance activity, assigning staff members to monitor online activities, including social media discussions. Along these lines, the SEC has an entire group called the Office of Market Intelligence, which runs its own computer lab to tap into whatever surveillance sources become relevant, including from other federal and state agencies and a broad range of other sources.

As an aside, the SEC does not actually conduct primary surveillance of specific market trading data like stock and options trades. That role is left to the Financial Industry Regulatory Authority (FINRA), which surveils registered financial markets for suspicious activity such as manipulation and other types of fraud and refers those matters accordingly. But with crypto and other Web3 trading, none of the so-called crypto-platforms, wallets, exchanges, etc., are registered with the SEC. Thus, there exists little to no traditional transparency into crypto goings-on.

However, a new generation of blockchain data now exists, and the SEC should step up and surveil it, including publicly available blockchain data, Reddit forums, Twitter feeds, and all the rest of social media. Indeed, several private blockchain analytics companies have emerged in recent years that can detect and investigate crypto fraud. As the FBI has already done, the SEC should build in-house crypto-tracking abilities and partner with the private sector whenever possible.

For example, consider the recent criminal DOJ action and an SEC enforcement action against former Coinbase product manager Ishan Wahi, his brother, and his friend. The SEC and DOJ allege that Wahi knew which assets Coinbase was planning to list and the timing of those announcements — and tipped his brother or his friend ahead of those listings so they could place trades and profit ahead of the announcements. The SEC alleges that the three men purchased “at least 25 crypto assets, at least nine of which were securities,” and the trio allegedly generated nearly $1 million in profits over ten months.

Per Bloomberg, the alleged insider trading at Coinbase involved altcoins and was evidently first spotted by crypto influencer Jordan Fish. On April 12, 2022, Fish, who tweets under the pseudonym Cobie (short for Crypto Cobain), observed and posted about suspicious trading activity in altcoins, apparently catching the attention of federal prosecutors who tied the trading to Wahi. Fish had reportedly been complaining publicly for months about insider trading on Coinbase.

Along these lines, critics such as bitcoin analyst Sam Callahan have observed a pattern in which Coinbase promotes exceedingly volatile currencies to customers, who seem to be engaging in their own private pump-and-dump scheme. Per Callahan, Coinbase touted Axie Infinity, the troubled crypto video game, just before its parent company was hacked and its token price crashed. To make matters worse, Axie Infinity’s CEO reportedly made a $3 million transfer of AXS tokens to Binance before it disclosed the $622 million Ronin hack to the public. Around the same time, a Coinbase Twitter account was promoting Luna, the “stablecoin” project that subsequently went bust, losing over $40 billion in value, and is now completely worthless.

The surveillance program at the SEC has grown sophisticated and detailed, while technological advances have even allowed for some automation of surveillance. The next step is becoming far more nimble and agile, developing the same skills and using the tools necessary to analyze the same data and leads as Fish and Callahan did. These tools include public block explorers like Blockchair, BscScan, Etherscan, AlgoExplorer, and several others.

Of course, given its infinite territory, no surveillance program is guaranteed to cover every nook and cranny. However, most of the misconduct pertaining to Web3 takes place in plain view. Moreover, unlike traditional thieves, Web3 grifters typically face a double-edged sword: they want the investor to find their materials and promotions, but they also want to keep the federal authorities from noticing their activities. They want investors to contact them, but they also want to hide their identities and location. When they surface, which they typically must do sooner or later, the SEC surveillance or surveillance by others can detect them.

SEC staff should also be encouraged to keep their eyes and ears open at all times, just like the cop on the beat, whose responsibilities do not fade while off duty. The only restriction is that the SEC cannot participate in any undercover operation because, before communicating with any potential witness, The Privacy Act mandates that a staff person must identify themselves, state their principal purpose for the communication, and conform with a range of other important due process requirements.

Amplified Liaison Efforts

Given the breadth of illicit activities relating to Web3, jurisdictional crossover happens at every turn. Securities violations, in particular, are often federal and state criminal fraud violations, as well as violations of a host of local, state, and federal criminal and civil statutes, rules, and regulations.

Historically, the SEC has succeeded in coordinating its efforts with nearly every existing law-enforcement and regulatory authority, and the SEC’s policing of Web3 should follow a similar path of cooperation, joint action, and teamwork.

This liaison work can be done formally via special agreements like the Memorandum of Understanding (MOU) between the SEC and the CFTC, which sets forth a framework for sharing investigatory information or a special letter permitting controlled access to outside U.S. databases like Suspicious Activity Reports (SARs) from FinCEN.

But even better, the liaison work can be done informally via joint task forces and weekly meetings and briefings to facilitate the personal relationships that are critical to inter-agency information sharing and cooperation. Joint efforts already include DOJ’s Financial Fraud Enforcement Task Force, the Securities and Commodities Fraud Working Group, Operation Canadian Eagle/Project Emptor, the Financial Institution Fraud Task Force, the Bankruptcy Fraud Working Group, and the Identity Theft Task Force. Crypto enforcement efforts should leverage these pre-existing alliances.

What works best is when cooperation goes even one step further, and members of the FBI or other state and federal law enforcement agencies work short-term or lengthy details in residence at the SEC Enforcement Division. Immediate access and strong personal ties will always facilitate successful liaison work more than any treaty or MOU ever could.

For crypto-prosecutions, cooperation and liaison work among federal and state agencies are critical both to work investigations more efficiently and expeditiously, and for law enforcement and regulatory agencies to leverage resources and avoid duplication of efforts.


A critical aspect of every SEC enforcement program has always been education. The best defense against any security scam is an informed and wary investing public. This means more than merely harping on the old outage that if an offer sounds too good to be true, it probably is.

The SEC must work with the investing community and alert potential victims to types of investment fraud relating to Web3. In this regard, the SEC has published a slew of extraordinarily useful and blunt crypto-related investor alerts and other publications and has also used social media to spread the word about its enforcement actions.

But the SEC needs to go one step further – and launch a national campaign of investor protection educational initiatives with some blunt talk about the perils of Web3 investing. The perils of cryptocurrency should be set forth much more starkly – in a manner more akin to the  bold and courageous crypt-related initiatives and announcements from the U.S. Department of Labor, the Office of the Comptroller of the Currency and the U.S. Federal Deposit Insurance Corporation.

Web3 users pride themselves on the ability to discern and publicly debunk or dox securities scams or illicit hype. Until the freedom issues inherent in online speech are definitively worked out, the SEC must add to the dialogue of Web3 investors by intensely publicizing the absurdity and mammoth risks of Web3 investing, including via speeches, the availability of its online information sources, and explaining that the infinite regulatory vacuum of Web3 creates a danger zone for investors like never before.

Although neither the First Amendment nor any other law on the books confers the right to commit fraud, the free-speech concerns of Web3 users will require the SEC to be as active and informing in building public opinion as it will be in winning favorable judicial precedent.

As an aside, town hall meetings, where SEC officials, local political officials, regulators, and the public meet to discuss investor issues, which have proven highly successful in the past, would normally make sense. But not with crypto, NFTs, DeFi, and the like. Crypto has become almost cult-like, and a town hall meeting could turn into a dangerous public riot. For instance, in the SEC enforcement action involving Ripple, Ripple’s defense team created such a dangerous online mob that a judge ordered the SEC to redact personal info relating to an SEC expert because threats to the expert had become so severe.


Historically, self-policing has always served as an important part of every SEC enforcement program, not merely because it encourages responsibility and ethical behavior amongst investors, but also because it serves as yet another useful tool for patrolling an increasingly large and complicated crypto-marketplace.

In line with these traditions, self-policing in the context of Web3 securities fraud has proven a valuable source of help in discovering Web3-related frauds. A remarkable online culture of self-policing exists among individual users who resent the intrusion of crooks and thieves. The SEC must tap into this culture, encouraging users to report dubious Web3-related conduct, offerings, or other suspicious behavior.

Along these lines, the SEC’s robust online complaint handling capabilities have increased exponentially over the last decade, allowing users to contact the SEC directly, even anonymously. People from all over the world now easily communicate with the SEC in various ways, and user complaints have thus far resulted in a vast supply of leads for investigations and referrals while also keeping the SEC apprised of the latest trends and methods of Web3 grifters.

Not only do users typically include the relevant names, addresses, phone numbers, and other pertinent information concerning the persons and entities involved, but complainants have also often undertaken some cyber sleuthing of their own (using all the latest available Internet tools), adding digital reams of useful and even inculpatory evidence).

For example, while Reddit, Telegram, and Twitter initially helped drive the meme-stock craze, now users on the sites channel that same energy into helping victims. Users routinely report diligently on several crypto bankruptcy cases, including Celsius and Voyager, “tapping into the huge social media communities that already exist for both platforms, urging users to write letters to the judge overseeing Celsius’s case, pooling funds for legal representation as well as sharing news and advice.”

Eager complainants, gregarious informants, and immunity-seeking witnesses undoubtedly abound amid any sort of crypto-meltdown – and will be more than willing to aid SEC staffers in scrutinizing the fallout.

The most important development of all relating to self-policing is the SEC’s whistleblower rewards program, which has become an extraordinary success and a notable supplement to the SEC’s investigative wherewithal. The SEC’s whistleblower provisions have even spawned the creation of a cottage industry of former SEC lawyers who now work on a contingency fee basis, helping whistleblowers navigate the complaint submission process.

The SEC should create a special form and develop a custom process to streamline and expedite all Web3-related complaints from whistleblowers and act swiftly to investigate whistleblower allegations, especially if the allegations come from insiders at any Web3-related organization.

A Note about RBE

Not surprisingly, the SEC’s Web3 enforcement efforts have prompted the usual 30-year-old pivot and refrain of RBE, i.e., that the SEC will crush innovation via regulation by enforcement.

And it is not just defense attorneys carping the ancient and tired RBE catchphrase. In a rare rebuke of a sister agency, Commissioner Caroline Pham of the U.S. Commodity Futures Trading Commission issued a public statement criticizing the Wahi insider trading charges as “a striking example of “regulation by enforcement.”

Pham’s criticism echoed similar condemnations by SEC Commissioner Hester Peirce, who frequently invokes RBE, even tweeting along those lines when the SEC announced the creation of its expanded crypto enforcement unit, stating: “The SEC is a regulatory agency with an enforcement division, not an enforcement agency. Why are we leading with enforcement in crypto?

Peirce, dubbed “Crypto mom” by the media, is not only a frequent crypto-promoter but also a frequent SEC-basher and powerful ally for “Big Crypto” within the secret chambers of the SEC’s closed commission meeting room.

“Big Crypto” is the now popular epithet for the extraordinarily well-funded and well-organized group of cryptocurrency lobbyists, “educational groups,” and other crypto, DeFi, NFT, and Web3 supporting organizations who are all funded by, or invested in, various crypto iterations and determined to promote the notion that their ideas are not a means of wealth extraction and deception.

Consequently, witnesses to crypto-related investigations and defendants to crypto-related enforcement actions will undoubtedly cry RBE to rally Peirce, Pham, and other crypto-sympathizers to their cause.

Thankfully, SEC Chair Gary Gensler refuses to buy into such RBE nonsense. Along these lines, Gensler has said he encourages crypto companies to “come in and talk to us” but has also implied that most cryptocurrencies – outside of bitcoin – are securities, and he remains committed to expanding the SEC’s enforcement division. “Some market participants may call this regulation by enforcement,” Gensler said in a November speech, “I just call it enforcement.”

Gensler is spot-on. The RBE argument is sorely misguided; litigation is precisely how securities regulation works. SEC staff should ignore the predictable and tired RBE slogan. Litigation and SEC enforcement are actually how securities regulation works. The flexibility of SEC statutory weaponry is an SEC hallmark, enabling SEC enforcement to keep fraud in check.

In 1998, when the SEC Office of Internet Enforcement was created, critics harped on the same humdrum of complaint, i.e., the vagueness of SEC regulation; the lack of clarity about what is a security; and “regulation via SEC enforcement” would stifle the growth of the Internet.

In response, I co-authored an article entitled “The SEC’s Statutory Weaponry to Combat Internet Fraud,” laying out the SEC’s crucial common sense strategy of ramped-up Internet-related enforcement efforts. My thesis then was nothing new. The same notions had already been championed by:

  • Famed Georgetown Law School professor Donald Langevoort in 1993, in Rule 10b-5 as an Adaptive Organism (“Rule 10b-5s survival is largely due to the flexibility of its language which has enabled the rule to embrace malleable social perceptions of the securities market and the securities business.”); and
  • Legendary former SEC Enforcement Director Bill McLucas and then SEC staffer Mark Lewis in 1996, in Common Sense, Flexibility and Enforcement of the Securities Laws (“Those whose behavior is challenged cry foul, and the lawyers who represent them argue that even offensive conduct which is not expressly prohibited, must be permitted. Somewhere between a literal approach to enforcing the law, and the obvious unfairness that would accompany the wholesale retroactive application of newly announced standards, is a reasoned middle ground.”).

In hindsight, relying upon the flexibility of securities regulation to police the Internet cleared out the more egregious instances of early online securities fraud. Moreover, vigorous online SEC enforcement efforts also paved the way for legitimate technological innovations to flourish, rendering markets more efficient and transparent, thereby allowing investors more opportunities for success.

From policing foreign bribery payments (before the Foreign Corrupt Practices Act), to municipal securities fraud, to derivatives scams and unlawful insider trading, to fictional prime bank instruments and subprime grifts, to non-existent eel farms and bogus ostrich farms, the SEC has addressed emerging issues without the benefit, or the hindrance, of precise prescriptions. Instead, the SEC has relied on the general principle of federal securities laws and applied them practically and with common sense.

With every new high-tech advancement, those whose behavior was questioned have quipped: “Where is it specifically written that this behavior is illegal?” They argue that if there is no blackletter rule, the government’s efforts amount to ex post facto punishment, reflecting the bureaucratic proclivity to expand power and broaden jurisdiction.

But the SEC’s approach was rarely improperly expansive, nor did it involve after-the-fact regulation. Rather, the SEC typically adopted a reasoned, common sense application of the basic requirements of the federal securities laws to new and evolving market conditions and technologies.

In hindsight, relying upon the flexibility of securities regulation to police the Internet cleared out the more egregious instances of early online securities fraud. Moreover, vigorous online SEC enforcement efforts also helped facilitate legitimate fintech innovations to flourish, rendering markets more efficient and transparent, thereby allowing investors more opportunities for success.

The same should go for SEC enforcement relating to crypto and all the rest of the increasingly dangerous Web3 variants, many of which threaten not just individual investors but all global capital markets. The mission is critical, but the SEC, given its dedicated and fiercely independent staff and its undefeated crypto-track record to date, is clearly up to the task.

Looking Ahead

As the SEC addresses the excitement and challenges of technical innovations, so must the SEC find its way as it reconciles its mission with Web3’s dangerous investment opportunities.

Along these lines, the constant state of influx of Web3 iterations will continue to create a formidable task for the SEC to police this newly sprung turf. The synergy created by joining Web3 with global capital markets creates an everchanging and developing investment emporium that has changed not only the way the players think but also the way the lawbreakers think.

Part of the difficulty that the SEC and other law enforcement will have with policing Web3 is its libertarian ethos. Not only do Web3 users presume anonymity, but they also expect to control whatever they transmit. Web3’s informal, uncensored, and (falsely) touted mantra of decentralization, together with its often presumed pseudonymous environment, encourages an undeniable anti-governmental zeal among crypto-enthusiasts. What results is a treacherous, Wild Westmentality among the philosophers and venture capitalists who bestow upon Web3 its ideological direction.

In addition, Big Crypto, like Big Pharma, Big Oil, and the rest, is well organized, well-financed, and well-staffed and can mobilize with lightning speed and agility. Big Crypto is not only more mission-oriented than any other political faction in history, but it is also fortified by a bevy of captured” former regulators, hustled by a reckless new class of billionaire egomaniacs. The SEC is taking on a formidable opponent in Big Crypto, who will undoubtedly capitalize on the realities of a static SEC budget, a too often laissez-faire and bickering Congress, and an angry, eleutheromaniacal electorate.

Hence, it is not surprising that assertions of crypto-related regulatory authority by the SEC and other agencies often face vigorous public opposition. Some users of Web3’s anarchical fringe even believe Web3 to be 100% free terrain, immune from all laws of geographically bounded countries.

Given such an unlevel public relations playing field, the SEC’s Web3 enforcement program must proceed forcefully yet maintain inherent flexibility with a multi-faceted approach of emphasizing surveillance, prosecution, education, and coalition building, facilitating a sound basis to battle securities crimes relating to Web3.

SEC staff must also be more than enforcers – they must become evangelists. The SEC’s Web3 enforcement program is not a foray into a new regulatory area. Rather, it is the typical application of adaptive and evolving enforcement efforts, not just incumbent in, but also mandated by, U.S. securities regulation and wholly consistent with the SEC’s overall commitment to investor protection and fair markets.

The SEC’s message to the crypto ecosystem must be loud, clear and threefold. First, that the SEC’s honorable and sacrosanct mission never changes. Second, that the SEC staff never relents. Third, that the SEC is always on the beat, whether in the corrupt smoke filled rooms of an old Wall Street building, in the perilous dark web pastures of a borderless cyberspace landscape, or in the treacherous black holes of an infinite and ever-expanding metaverse.

John Reed Stark is president of John Reed Stark Consulting LLC, a data breach response and digital compliance firm. Formerly, Mr. Stark served for almost 20 years in the Enforcement Division of the U.S. Securities and Exchange Commission, the last 11 of which as Chief of its Office of Internet Enforcement. He currently teaches a cyber-law course as a Senior Lecturing Fellow at Duke University Law School. Mr. Stark also worked for 15 years as an Adjunct Professor of Law at the Georgetown University Law Center, where he taught several courses on the juxtaposition of law, technology, and crime, and for five years as managing director of global data breach response firm, Stroz Friedberg, including three years heading its Washington, D.C. office. Mr. Stark is the author of “The Cybersecurity Due Diligence Handbook.”


Leave a Reply

Your email address will not be published. Required fields are marked *