Governance & Risk Management

SEC Chairman Seeks More Cyber Risk Disclosure

Wall Street Regulator Eyes Cyber Shortfalls, Plus Initial Coin Offerings
SEC Chairman Seeks More Cyber Risk Disclosure
SEC Chairman Jay Clayton (Photo: via Flickr/CC)

The chief of Wall Street's top regulator says publicly traded U.S. businesses must better describe to investors the cybersecurity risks their firms face.

See Also: OnDemand | Identity Under Siege in the EU: How to Combat Data Breaches with Proactive Measures

"I am not comfortable that the American investing public understands the substantial risks that we face systemically from cyber issues," Jay Clayton, head of the U.S. Securities and Exchange Commission, said Tuesday, Reuters reports. "I'd like to see better disclosure around that."

Clayton, who holds degrees in engineering, economics and law, and was previously a partner at Sullivan & Cromwell LLP, was nominated in January by President Donald Trump to chair the SEC - the main federal agency that regulates Wall Street. He was confirmed by the U.S. Senate in May.

Speaking Tuesday on a panel discussion in Washington co-hosted by the SEC and New York University, Clayton said he will continue the SEC's focus on cybersecurity as a top enforcement priority, Reuters reports (see SEC Reportedly Probing Yahoo's Breach Notification Speed).

The SEC already requires companies to report cyber incidents that may have an impact on corporate finances. Last year, furthermore, the SEC signaled a more hands-on approach to reviewing privacy and data protection practices at all publicly traded companies (see SEC Prepares for More Cybersecurity Oversight).

Joining Clayton on the panel were Stephanie Avakian and Steven Peikin, co-directors of the SEC's enforcement division.

Avakian said the agency's other areas of focus would include ensuring that firms' cybersecurity practices are up to snuff, pursuing any organizations that fail to disclose cyber-related challenges or failures, as well as tackling the sharp increase in "initial coin offerings," or ICOs, Reuters reports.

ICOs refer to ventures that attempt to raise funds for a new cryptocurrency venture. Many of these virtual currencies tie into the blockchain called Ethereum.

Peikin cautioned that the SEC is investigating a number of ICOs that appear to be little more than scams.

"As with any kind of newsworthy event, roaches kind of crawl out of the woodwork and try to scam money off of investors," Peikin said of the spike in ICOs, Reuters reports.

Avakian also said the SEC has seen a rise in schemes involving hackers stealing information that they can use to gain a market-moving advantage. But such attacks are not new. In 2010, for example, NASDAQ was hacked and data was stolen. The American stock exchange said the breach affected Director's Desk, an information-sharing system used by hundreds of boards of directors to share information that is often of a sensitive or confidential nature.

Initial Coin Offering Warnings

This isn't the first time the SEC has urged ICO caution.

In July, the SEC also issued a report warning that ICOs, aka "token sales," are securities and therefore subject to federal securities laws, unless a "valid exemption" applies. In response, many ICOs banned U.S. residents from participating.

"Issuers of distributed ledger or blockchain technology-based securities must register offers and sales of such securities unless a valid exemption applies," the SEC said in a news release at the time. The SEC had launched an investigation into ICOs following the 2016 ICO for cryptocurrency called Ether, backed by Ethereum.

After concluding the investigation earlier this year, the SEC said that it "decided not to bring charges in this instance ... but rather to caution the industry and market participants: The federal securities laws apply to those who offer and sell securities in the United States, regardless whether the issuing entity is a traditional company or a decentralized autonomous organization, regardless whether those securities are purchased using U.S. dollars or virtual currencies, and regardless whether they are distributed in certificated form or through distributed ledger technology."

Moves by Singapore, China

ICO-related concerns are not limited to U.S. regulators. Last month, the Monetary Authority of Singapore warned that "ICOs are vulnerable to money laundering and terrorist financing risks due to the anonymous nature of the transactions, and the ease with which large sums of monies may be raised in a short period of time."

The regulator said all such offers must comply with Singapore's money laundering and terrorist financing monitoring regulations.

On Monday, China's central bank went even further and declared new ICOs to be illegal.

China's central bank announced a freeze on all ICOs, warning that they're too often used for financial scams, including "pyramid schemes and other criminal activities." The central bank also said it would be investigating all ICO offerings to date, and regulators are planning to conduct investigations of 60 Chinese cryptocurrency exchanges, TechCrunch reports.

Ongoing Surge in New ICOs

China's crackdown and the SEC and Singapore's alerts follow a massive increase in new ICOs.

Already this year, more than $1.8 billion has been raised via just the 135 initial coin offerings listed at CoinSchedule - a partial list of ICOs worldwide.

Cryptocurrency ICO Stats (2017)

Source: ICOs listed at CoinSchedule, which is a partial list of all ICOs.

LydianCoin's Pitch

One of the latest ventures, for example, is an ICO for LydianCoin, which is being offered by a Singapore-based subsidiary of a company called Gravity4, led by Gurbaksh Chahal, that seeks to raise $100 million.

Miami-based Gravity4 bills Lydian as "the first AI big data marketing cloud for blockchain," and it is pitching Lydian as a way to pay for its online advertising services.

But LydianCoin may be best known for being backed by hotel heiress and high-profile socialite Paris Hilton.

In a white paper, Gravity4 says its Lydian tokens are designed to be used with its "existing neural net AI MonaLisa," and that it plans to introduce MonaChain - a blockchain designed to work with MonaLisa - as well as MonaBrowse, which will allow people to spend their Lydia tokens to access "an ad-free browsing experience and across multiple platforms and devices." Gravity4 cautions, however, that Lydia tokens are not "any kind of currency," and that the company "does not have significant experience" with blockchain projects.

But there are concerns over Gravity4's leadership. Chahal is a former Silicon Valley high-flier who was CEO of online advertising network RadiumOne until he was fired after pleading guilty in San Francisco superior court to two misdemeanor battery charges of domestic violence.

He subsequently founded Gravity4, but temporarily stepped down from his role as CEO after a judge found that he had violated his probation.

Analysis: Paying in Advance

Leadership aside, some market watchers have questioned the usefulness of ICOs, including Lydian.

"We've often talked about how ICOs are like buying funfair tickets for a funfair that hasn't been built yet," according to an analysis published by Financial Times. "This is like buying tokens for rides at a funfair when you could just use your money to pay for the rides directly. All that's really happening here is people are paying for services in advance of receiving them, like purchasing a gift card."

In other words, when it comes to participating in ICOs, caveat emptor - except in China, where it's now illegal.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.