Few topics in the financial news have gotten more attention recently than the rise of cryptocurrency and initial coin offerings (ICOs), which allow startups to raise money from users in exchange for digital currency. In 2017, ICOs raised more than $3 billion in funding, surpassing early-stage venture capital funding for internet companies, and solidifying ICOs as a financing strategy among tech entrepreneurs.

But with surging popularity comes increasing attention and scrutiny from regulators, most notably the US Securities and Exchange Commission (SEC or Commission). Previously, the SEC had adopted a more cautionary approach, advising potential investors to perform due diligence, and issuing trading suspensions for certain issuers that made questionable claims regarding ICO investments. As we have previously reported, however, the SEC has recently taken a more aggressive stance toward ICOs.

This stance is continuing apace. On January 25, the Commission filed an enforcement action against AriseBank, a Dallas-based firm that purports to be the world’s first “decentralized” bank supporting more than 700 different currencies. AriseBank claims to have raised more than $600 million by distributing its digital currency, AriseCoin. If such claims are true, then this enforcement action halted what may have been the largest ICO ever. The Commission alleges that AriseBank violated Sections 10(b) and 17(a) of the Securities Act by falsely claiming to purchase an FDIC-insured bank, fraudulently offering an AriseBank-branded VISA card, and failing to disclose the criminal histories of the bank’s officers. The Commission further alleges a violation of Section 5(a), claiming that the ICO was an unregistered security offering.

The AriseBank action shows the Commission is not hesitant to challenge large-scale ICOs if it believes fraudulent activity is present. The AriseBank action comes on the heels of increased warnings from Chairman Jay Clayton regarding ICOs, whose testimony last week before the Senate Committee on Banking, Housing, and Urban Affairs made clear that those who engage in ICOs must take appropriate steps to ensure compliance with the federal securities laws.

In addition, the SEC’s new Cyber Unit, created specifically to focus on misconduct involving blockchain technology and ICOs, is also taking action. The unit brought its first enforcement action in the Eastern District of New York against Plexcorps, an ICO that claimed to have raised $15 million and was largely publicized on social media. Most recently, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published its 2018 examination priorities, and listed cryptocurrency and ICOs as an area of focus. According to its program document, OCIE will analyze “whether financial professionals maintain adequate controls and safeguards to protect these assets from theft or misappropriation, and whether financial professionals are providing investors with disclosure about the risks associated with these investments, including the risk of investment losses, liquidity risks, price volatility, and potential fraud.”

As cryptocurrency and its related products are an emerging new asset class, there is scant judicial precedent on how federal securities laws apply to ICOs. However, the Commission’s recent enforcement actions make clear that it expects those engaging in ICOs, as well as those advising on them, to comply with existing laws and regulations. The SEC’s increasingly aggressive approach will most likely result in more enforcement actions in 2018.