Crypto has been a very hot topic and many commentators have been noting the aggressive approach of regulating the digital asset industry by the Securities and Exchange Commission (SEC), according to Teresa Goody Guillén, Partner and a co-leader of the BakerHostetler’s Blockchain team.
Guillén, a former litigation counsel for the U.S. SEC in its Office of the General Counsel was speaking at the Bulls, Bears, and Blockchain – Special Edition: Former SEC Speaks webinar on July 17 together with four former Commissioners.
The event included a discussion regarding the SEC’s approach to digital asset regulation and enforcement, the cyber rules the SEC proposed last year on the disclosure of material cyber incidents, and cybersecurity practices for public companies.
Jimmy Fokas, Partner at BakerHostetler and former senior counsel in the Division of Enforcement in the New York regional office of the SEC, said the proposed rules would require disclosure of material cybersecurity incidents within four business days of determining that an event is material and to require periodic reporting of updates about previously reported cybersecurity.
This proposal has raised a lot of concerns from public companies and those in the incident response world because the disclosures may be required before an issuer has been able to complete its investigation in the matter and it’s also cannot be delayed to facilitate an investigation by law enforcement or the company’s remedial efforts, he added.
Michael Piwowar, Executive Vice President, Finance, Milken Institute, Acting SEC Chairman (2017), SEC Commissioner (2013 – 2018), said “the public companies and banks have been struggling with this”.
“On the one hand, they have regulatory obligations to report this stuff. On the other hand, a lot of times law enforcement agencies are saying, please stay quiet on this,” he said.
“I think the Treasury Department can play a pivotal role in helping to resolve that,” he added.
Troy Paredes, Founder, Paredes Strategies, SEC Commissioner (2008 – 2013) added that one of the general takeaways is that “disclosure isn’t necessarily without its own costs”.
“In the context of cyber there’s a unique set of potential implications,” he stressed.
Adding to Piwowar’s point, he said: “I think it’s an area where other parts of the government certainly have to contribute in terms of how the SEC approach is ultimately trying to strike the right balance.”
Meanwhile, Daniel Gallagher, Chief Legal and Corporate Affairs Officer, Robinhood, SEC Commissioner (2011 – 2015), argued that the rules on the books apply.
“They’re hard enough and you’re speaking from the real world, not the philosophical world of the 10th floor of the SEC,” he said.
“It’s hard enough to process all this stuff with a four day arbitrary timeline sitting on it,” he stressed.
“Believe me, when you’re a public company and you have a breach, you feel a gun to your head as you go through this process,” he added.
Paul Atkins, Chief Executive and Founder, Patomak Global Partners, SEC Commissioner (2002 – 2008), agreed, saying that “this is one thing that keeps people up at night all the time.”
“Lots of money and time is being spent to try to shore up the fences,” he said.
“They’re the rules on the books, requiring disclosure for material events. People struggle with that. They also want to collaborate with the authorities to make sure that perpetrators can be caught. So it’s a very fine line, and I’m not sure if this rule would advance,” he added.