The SEC announced two cyber-enforcement initiatives on September 25. The Commission will establish a Cyber Unit within the Enforcement Division to address misconduct like:

  • Market manipulation through social-media “fake news”;
  • Hacking to obtain material nonpublic information (ahem);
  • Blockchain- and bitcoin-like violations;
  • Dark web misconduct;
  • Hacking retail accounts;
  • Cyber-threats to trading and market infrastructure.

The Commission also announced a Retail Strategy Task Force to identify and respond to cyber-threats targeting retail investors.

The SEC’s release issued without apparent irony and did not mention Chairman Clayton’s disclosure, five days earlier, that the SEC “Edgar” filing system itself had been hacked last year. That earlier hack apparently came to light in the course of an Enforcement investigation.

The announcement was embarrassing for the market regulator, because it has been pressuring public companies and financial market participants to step up their own cyber-security game.

The news release is here.