It's "regulation-by-enforcement". Instead of defining clear rules, the SEC just waits and brings actions against the activities it doesn't want to happen. Sen Toomey and others have called out Gensler for doing this:
That was a reasonable argument to make in 2013 or 2017. But Gensler's administration alone has issued more than 1,500 actions. At this point, the SEC should be able to codify their interpretations and publish guidance.
One example: a decade after the white paper was published, the SEC still won't say if Ethereum is a security or not. Gensler was literally asked this in front of congress and refused to answer:
This is a project that's 10 years old, has a $250B market cap, and has had tens of thousands of other projects built on it. There's no excuse for the SEC to not have a position on it.
The SEC has no power to decide that crypto shouldn't be allowed. That would require legislation from congress. Legislation that is not forthcoming. The SEC is currently doing an end run around this fact by saying that it is a security (which is explicitly legal) but that it can't be registered (which effectively means nobody can sell it). It is a naked power grab by an unelected bureaucracy.
This is how a lot of safety regulation comes about - from a disaster or a problem that previously nobody knew or understood.
The SEC is likely operating under this sort of outlook.