SEC Discusses New Cyber Unit to Combat Cyber-Related Misconduct

On October 26, 2017, Stephanie Avakian, Co-Director of the SEC’s Division of Enforcement gave a speech regarding Enforcement’s initiatives, in particular, regarding cybersecurity.

Ms. Avakian identified cybersecurity as one of the SEC’s “key priorities” necessitating a strategic focus and allocation of resources in order to fulfil the SEC’s “investor protection mission.”[1]  In order to effectuate these initiatives, the SEC created a Cyber Unit to combat cyber-related misconduct.[2]  According to Ms. Avakian, the increasing frequency coupled with the increasing complexity of these matters is what fueled the creation of the Cyber Unit.

The SEC identified three types of cases that have caught Enforcement’s interest:

Hacking to access material, nonpublic information in order to trade in advance of some announcement or event, or to manipulate the market for a particular security or group of securities;

Account intrusions in order to conduct manipulative trading using hacked brokerage accounts; and

Disseminating false information through electronic publication, such as SEC EDGAR filings and social media, in order to manipulate stock prices.[3]

Specifically addressing the second area of Enforcement’s interest, Ms. Avakian identified specific SEC Rules—Regulations S-P, S-ID, SCI, among others—which are risk based and, notably, flexible, that apply to failures by registered entities to take the necessary precautions to safeguard information.  These situations often involve coordination with OCIE, where the SEC will consult with OCIE at the outset in order to determine which entity is better suited to lead an investigation.

Interestingly, in efforts to combat the third area of Enforcement’s interest, the SEC  has not yet brought a case.  Despite identifying the importance of the disclosure requirements, Ms. Avakian states that “[w]e recognize this is a complex area subject to significant judgment, and we are not looking to second-guess reasonable, good faith disclosure decisions, though we can certainly envision a case where enforcement action would be appropriate”—seemingly indicating that of the three areas of interest, cyber-fraud in disclosures and the like may be of the least importance in Enforcement’s new cyber-initiatives.

The Cyber Unit will also spearhead the blockchain technology investigations, as the emerging issues in this area necessitate a “consistent, thoughtful approach.”  Although Initial Coin Offerings and Token Sales may be a new and legitimate platform to raise capital, this virtual currencies and offerings may also serve as “an attractive vehicle for fraudulent conduct.”[4]

Prior to the creation of the Cyber Unit, much of the cyber-related investigations have been led by the Market Abuse Unit, as there is a significant overlap between insider trading schemes and cyber-related schemes.  The risk, however, that cyber-related incidents pose is too great and, according to the SEC, warrants its own investigative unit.

[1] Stephanie Avakian, The SEC Enforcement Division’s Initiatives Regarding Retail Investor Protection and Cybersecurity, U.S. Securities and Exchange Commission (Oct. 26, 2017),

[2] Press Release 2017-176, SEC Announces Enforcement Initiatives to Combat Cyber-Based Threats and Protect Retail Investors (Sept. 25, 2017), available at

[3] Avakian, supra note 1.

[4] Avakian, supra note 1.

New Disguised Sales Rules

On November 10, 2017, P&D Special Counsel Dan M. Smolnik gave a presentation before the Federal Tax Institute regarding the new changes to the Disguised Sales Rules.  The presentation also identified key points for entities to consider in light of these changes.

With new changes in the Disguised Sale Rules, partnerships, including LLCs treated as partnerships, will need to consider the following:

  1. Revisions to operating agreements to reflect suitable debt allocation mechanisms in light of the restriction to use only  of “partners’ share of the profits” method of debt allocation. Economic risk of loss and the other methods articulated in Reg Section 1.752-3(a)(3) are now explicitly excluded;
  2. Immediate review of agreement terms to assure that Deficit Restoration Obligation terms do not threaten to violate the ban on Bottom Dollar Guarantees. As DROs are required to access the PIP safe harbor (and, thereby, provide the partnership agreement the required substantial economic effect to be respected by IRS) it will take some care to prepare these terms now;
  3. Trial calculations of tax effects of anticipated contributions of appreciated capital property;
  4. Advisability of placing debt at the entity level instead of the asset level.