Podcast: Private Fund Regulatory Update – Network and Cloud Storage
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
The SEC’s amended Regulation S-P, adopted last year, will soon enhance data privacy protections for broker-dealers, investment companies, registered investment advisors, and transfer agents. The updated rule requires these...more
Throughout 2024, financial sector regulators sharpened their focus on data protection and cybersecurity issues impacting financial institutions and the public. Key federal agencies like the Securities and Exchange Commission...more
In the second part of this legal update series, we summarize the key takeaways from the Division of Examinations’ (Division) 2025 priorities report released on October 21, 2024. The Division remains focused on mainstays like...more
On October 21, 2024, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (“EXAMS”) announced its 2025 Examination Priorities (the “2025 Priorities”), highlighting areas that it expects to target...more
On May 16, 2024, the Securities and Exchange Commission (SEC) adopted final amendments to Regulation S-P, one year after issuing the proposed amendments (discussed here). Regulation S-P is a set of privacy rules that govern...more
On November 27, 2023, the New York State Department of Financial Services (“DFS”) and First American Title Insurance Company (“First American”) entered into a consent order1 that resolved litigation over First American’s...more
The SEC remains laser-focused on cybersecurity, with the agency recently reopening the comment period on a sweeping rule for investment advisers and investment companies. In addition, the SEC issued proposed enhancements to...more
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
REGULATORY UPDATES - Recent SEC Leadership Changes - On January 10, 2023, the Securities and Exchange Commission (the “SEC”) announced the appointment of Cristina Martin Firvida as director of the Office of the Investor...more
On March 15, 2023, the Securities Exchange Commission (“SEC”) issued three additional proposed rules that would expand the reach of the agency’s current cybersecurity guidance to new entities and augment existing...more
On March 15, 2023 the Securities and Exchange Commission (“SEC”) proposed three new sets of rules (the “Proposed Rules”) which, if adopted, would require a variety of companies to beef up their cybersecurity policies and data...more
On March 15, 2023, the SEC issued proposed amendments and a proposed rule addressing cybersecurity. Specifically, the SEC proposed Rule 10, which addresses cybersecurity risks, and proposed to amend Regulation SCI and...more
The Securities and Exchange Commission (SEC or Commission) voted on March 15, 2023, to propose three new sets of rules for data security, cybersecurity, and IT operational resilience. The newly proposed rules would, among...more
In this Weekly Roundup Issue. The Securities and Exchange Commission (SEC) proposed changes to Reg S-P to enhance protection of customer information, and reopened the comment period on proposed cybersecurity rules and...more
If adopted, these proposed rules would (i) enhance protection of customer information under Regulation S-P, (ii) add new requirements addressing cybersecurity risk to the U.S. securities markets, and (iii) expand the types of...more
On March 15, 2023, the Securities and Exchange Commission (SEC) proposed three rule changes that demonstrate its continued focus on cybersecurity. One of these proposals, and the only one to be unanimously approved (the...more
In its efforts to address cybersecurity risks, the U.S. Securities and Exchange Commission (“SEC”) continues to propose rules on cybersecurity. Most recently, on March 15, 2023, the SEC announced its proposal of three...more
The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
On February 9, 2022, the Securities and Exchange Commission ("SEC") proposed new rule 38a-2 ("Proposed Rule 38a-2") under the Investment Company Act of 1940, as amended ("1940 Act"), which would require registered investment...more
A cyber breach can have serious legal, financial, and reputational consequences for a fund sponsor, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT...more
SEC Tells Firms to Stop Missing the Basics on Cybersecurity - The SEC’s Office of Compliance Inspections and Examinations (OCIE) reported in a recent Risk Alert that many investment advisers and broker-dealers are failing to...more
REGULATORY UPDATES - Investors Continue to Press Regulators for Disclosure of Environmental, Social, and Governance (“ESG”) Risks...more
Are You Ready for Canada’s New Privacy Breach Rules? Mandatory privacy breach notification, reporting, and record-keeping obligations under Canada’s federal data protection law, the Personal Information Protection and...more
On May 23, 2019, the United States Securities and Exchange Commission (“SEC”)’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert entitled “Safeguarding Customer Records and Information in Network...more
It should not be surprising to anyone that cybersecurity and data protection remain top priorities for regulators of the financial services industry. Indeed, cybersecurity has been regularly identified as a key priority by...more