The U.S. Securities and Exchange Commission (SEC) has revamped its approach to tackling cyber risks and crypto-related issues with the creation of the Cyber and Emerging Technologies Unit (CETU), announced on February 20, 2025. This significant shift reflects the SEC’s strategic pivot from broad cryptocurrency registration enforcement to a sharper focus on fraud, traditional cybersecurity challenges, and safeguarding investors amid rapidly evolving technologies. 

For investment advisers navigating today’s complex regulatory landscape, understanding CETU’s priorities is essential. This blog breaks down what this new unit means and how investment advisers should adapt to stay compliant and protect their clients. 

The Evolution from Crypto Assets and Cyber Unit to CETU 

Previously, the SEC’s Crypto Assets and Cyber Unit concentrated heavily on cryptocurrency enforcement, including non-fraud registration issues. The new Cyber and Emerging Technologies Unit (CETU) broadens the scope, signaling the SEC’s priority to combat fraud more effectively while addressing emerging risks across broader technological domains. 

This restructuring embodies a more balanced approach — moving away from minor registration enforcement toward enhanced investor protection. 

CETU’s Top Priorities Explained 

1). Cybersecurity Disclosures for Public Companies

Following new SEC cybersecurity disclosure rules, CETU will emphasize enforcement against fraudulent or misleading statements related to cybersecurity. However, it will deprioritize minor internal control weaknesses—marking a clear distinction between material misstatements and procedural shortcomings. 

2). Compliance of Regulated Entities Under the Safeguards Rule

Broker-dealers, investment advisers, and investment companies remain in CETU’s spotlight regarding cybersecurity compliance. This includes: 

• Implementing and updating policies to protect customer information 

• Developing robust incident response plans 
• Meeting notification obligations when cyber incidents happen

3). Fighting Fraud Targeting Retail Investors

CETU is increasing its vigilance on scams exploiting emerging technologies aimed at retail investors. These efforts align with similar crackdowns by the Commodity Futures Trading Commission (CFTC), focusing on protecting vulnerable individual investors from sophisticated fraud schemes. 

4). Cryptocurrency Fraud Enforcement

While the focus on non-fraud crypto registration enforcement has reduced, CETU will intensify enforcement against fraud related to blockchain technology and crypto assets, ensuring fraudsters can’t leverage these innovations for illicit gains. 

5). Combating Hacking for Material Nonpublic Information (MNPI)

CETU continues to prioritize cases involving unauthorized cyber intrusions to access sensitive, nonpublic information. This includes attacks on newswire services, law firms, EDGAR filings, and public companies, safeguarding market integrity and investor trust. 

6). Addressing Retail Brokerage Account Takeovers

Another key focus is on incidents where hackers gain unauthorized access to retail brokerage accounts to manipulate markets or steal assets. CETU aims to shut down such threats to individual investors and maintain fair market practices. 

What Investment Advisers Need to Do Now 

The SEC’s revamped priorities have direct implications for investment advisers. Here are key steps to stay ahead: 

• Maintain and Update Cybersecurity Policies: Ensure compliance with the Safeguards Rule by regularly reviewing and enhancing cybersecurity protocols designed to protect client data. 

• Monitor Risks Around MNPI and Account Security: Be vigilant in detecting unauthorized access to sensitive information and retail accounts, adopting proactive monitoring and detection tools. 

• Collaborate with Legal and Compliance Teams: Work closely to review disclosures, cybersecurity controls, and incident response strategies—making sure all documentation is aligned with SEC expectations. 

Conclusion 

The launch of the SEC’s Cyber and Emerging Technologies Unit marks a turning point in how cyber and technological risks are regulated. By shifting focus away from low-impact crypto enforcement and zeroing in on fraud, cybersecurity, and investor protection, CETU reflects the evolving challenges of today’s financial markets. 

For investment advisers, understanding and adapting to CETU’s priorities is crucial—not just for regulatory compliance but also to safeguard clients and sustain trust in an increasingly digital investment environment. 

Stay proactive, stay secure, and align your practices with the SEC’s evolving enforcement landscape! 

Download the complete First Quarter 2025 Regulatory Update today to find out more.