Last week, the Securities and Exchange Commission imposed expanded privacy and cybersecurity obligations on fund managers and sponsors registered with the SEC as investment advisers. While many registered investment advisers...more
5/21/2024
/ Breach Notification Rule ,
Customer Information ,
Cybersecurity ,
Fund Managers ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
Policies and Procedures ,
Privacy Laws ,
Private Funds ,
Recordkeeping Requirements ,
Regulation S-P ,
Securities and Exchange Commission (SEC) ,
Sponsors
On April 12, 2024, the U.S. Supreme Court issued an important decision in the case of Macquarie Infrastructure Corp. v. Moab Partners, L.P., No. 22-1165. Justice Sotomayor, writing for a unanimous Court, ruled that “pure...more
Key Takeaways -
With the SolarWinds enforcement action, the SEC continues to ratchet up its enforcement against companies that fail to properly disclose their cybersecurity incidents and risks. By naming the SolarWinds CISO...more
11/22/2023
/ Chief Information Security Officer (CISO) ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
Fraud ,
Incident Response Plans ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SolarWinds
Welcome to the September edition of Akin Intelligence. As the U.S. Congress reconvenes after the August recess, we continue to see bipartisan interest in artificial intelligence (AI) regulation. In the executive branch,...more
9/18/2023
/ Age Discrimination ,
Artificial Intelligence ,
Biden Administration ,
China ,
Class Action ,
Consumer Financial Protection Bureau (CFPB) ,
Copyright ,
Copyright Office ,
Cybersecurity ,
Deep Fake ,
Department of Defense (DOD) ,
EU ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
Federal Election Commission (FEC) ,
Foreign Investment ,
Healthcare ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Jurisdiction ,
NDAA ,
Outbound Transactions ,
Preliminary Injunctions ,
Rulemaking Process ,
Securities and Exchange Commission (SEC) ,
Thought Leadership ,
UK ,
USPTO
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules that generally require public companies to disclose (i) material cybersecurity incidents within four business days after determining the...more
In 2018, an investment professional sued the firm he co-founded for wrongful termination and federal privacy law violations associated with the former employer’s remote accessing into a desktop computer it had purchased for...more
On March 15, 2023, the U.S. Securities and Exchange Commission (SEC) voted to propose three measures to protect customer information and hold covered institutions accountable for cyberattacks....more
Key Points -
Fourth Circuit points to SEC guidance on “less is more” approach to cybersecurity disclosures, while finding such disclosures did not violate federal securities laws.
Omissions of data vulnerabilities were...more
Key Points -
Proposed amendments bolster cyber disclosure and incident reporting requirements to better inform investors about a company’s risk management, strategy and governance relative to cyber issues.
Under the...more
Key Points -
Proposed amendments bolster cyber disclosure and incident reporting requirements to better inform investors about a company’s risk management, strategy and governance relative to cyber issues. ...more
The Federal Trade Commission (FTC) issued a surprisingly strong warning to companies that they may face potential regulatory action if they fail to address known vulnerabilities, focusing in particular on the Log4j...more
Gary Gensler, Chair of the U.S. Securities and Exchange Commission (SEC), signaled a new era of cybersecurity law (and accompanying enforcement) in his keynote address “Cybersecurity and Securities Laws” on January 24, 2022,...more
On August 30, 2021, the Securities and Exchange Commission announced three enforcement actions against registered investment advisers for alleged cybersecurity failures involving cloud-based email systems. All three actions...more
On April 14, 2021, the New York Department of Financial Services (DFS) announced it settled an enforcement action against National Securities Corporation (“National Securities”) related to claims under the Cybersecurity...more
Amendments Come on the Heels of Supreme Court Decisions on SEC Disgorgement -
On January 1, 2021, Congress passed the National Defense Authorization Act (NDAA). Embedded in the NDAA’s more than 1,400 pages is Section...more
- The OCIE of the SEC highlights that responses to COVID-19 present important regulatory and compliance issues for SEC registrants, including “heightened risks of misconduct” tied to recent market volatility.
- The Risk...more
8/21/2020
/ Asset Management ,
Broker-Dealer ,
Business Continuity Plans ,
Business Operations ,
Compliance ,
Conflicts of Interest ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Protection ,
Fees ,
Financial Transactions ,
Investment Adviser ,
Investment Fraud ,
Investment Management ,
Investors ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Alert ,
Securities and Exchange Commission (SEC) ,
Supervision
- In the age of broad corporate teleworking brought on by COVID-19, OCIE of the SEC has observed during recent examinations that investment advisers, broker-dealers and investment companies are subject to an increased threat...more
7/16/2020
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Financial Services Industry ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Investment Management ,
Malware ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Securities and Exchange Commission (SEC)
• On May 23, 2019, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert describing its observations in past examinations of weaknesses and best practices...more
5/29/2019
/ Broker-Dealer ,
Cloud Storage ,
Customer Information ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Data Storage Providers ,
Identity Theft ,
Identity Theft Red Flags Rule ,
Investment Adviser ,
OCIE ,
Policies and Procedures ,
Regulation S-ID ,
Regulation S-P ,
Regulatory Requirements ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider ,
Vendors
• The SEC released a Risk Alert summarizing key areas in which it continues to see compliance deficiencies related to Regulation S-P, the primary SEC rule regarding privacy notices and safeguard policies of investment...more
4/29/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Training ,
Incident Response Plans ,
Investment Adviser ,
Notice Requirements ,
OCIE ,
Opt-Outs ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Privacy Policy ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Vendors
• The United States Supreme Court held that a disseminator of a false statement with intent to defraud can be held liable under subsections (a) and (c) of Rule 10b-5, §10(b) of the Exchange Act and §17(a)(1) of the Securities...more
4/2/2019
/ Appeals ,
Enforcement Actions ,
False Statements ,
Fines ,
Intent to Defraud ,
Investment Banks ,
Lorenzo v SEC ,
Material Dissemination ,
Misleading Statements ,
Reaffirmation ,
Rule 10b-5 ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Suspensions
• The SEC issued guidance in the form of a rare “21(a) report” this week after investigating a series of email frauds impacting 9 unnamed companies.
• These email-based frauds, referred to as “CEO scams” or “vendor scams,”...more
10/19/2018
/ Accounting Controls ,
Business E-Mail Compromise (BEC) ,
CEOs ,
Corporate Finance ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Email ,
Enforcement Actions ,
Internal Controls ,
New Guidance ,
Policies and Procedures ,
Popular ,
Publicly-Traded Companies ,
Scams ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act ,
Spoofing ,
Wire Fraud
• SEC ALJs are “Officers of the United States” within the meaning of the Appointments Clause and therefore must be appointed directly by the SEC. The Court’s decision may permit litigants in prior and pending administrative...more
6/26/2018
/ Administrative Agencies ,
Administrative Law Judge (ALJ) ,
Administrative Proceedings ,
Appeals ,
Appointments Clause ,
Constitutional Challenges ,
Enforcement Actions ,
Final Written Decisions ,
Lucia v SEC ,
Officers of the United States ,
Remand ,
Reversal ,
SCOTUS ,
Securities and Exchange Commission (SEC) ,
Securities Violations ,
Special Trial Judges (STJs)
• Disclosures must inform investors about material cybersecurity risks and incidents, including addressing material cybersecurity risks for cyber-attacks that have not yet occurred.
• Comprehensive policies and procedures...more
3/1/2018
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Disclosure Requirements ,
Financial Statements ,
Insider Trading ,
Investors ,
Materiality ,
MD&A Statements ,
New Guidance ,
Non-Public Information ,
Policies and Procedures ,
Regulation FD ,
Risk Assessment ,
Securities and Exchange Commission (SEC)
The SEC has taken a new enforcement action, demonstrating its expectations of industry and the willingness to use the variety of tools at its disposal to address concerns with cybersecurity previously signaled by an...more
On April 12, 2016, the U.S. Securities and Exchange Commission (“SEC”) continued its enforcement of reasonable cybersecurity controls, announcing cease and desist proceedings against a broker-dealer and two of its principals...more