Securities and Exchange Commission

Subscribe to Securities and Exchange Commission

The SEC Awakens to Cybersecurity With the Zeal of a Convert

By Edward McNicholas & Briana Fasone on May 12, 2023

Since 2000, technological advances have transformed how customers interact with financial institutions and how such firms store, process and protect personal information. The proliferation of large-scale hacks and data breaches throughout this time simultaneously demonstrated the difficulty of data protection given the ever-evolving nature of cybercrime. Despite these developments, the SEC has failed to update…

SEC Publishes Proposed Amendments to Regulation S-P; Comment Period Ends May 22

By Jason Brown, Joel Wattenbarger & Edward McNicholas on March 21, 2023

On March 15, 2023, the SEC issued a release (the “Release”) containing proposed amendments to Regulation S-P (the “Proposals”). These Proposals were published in the Federal Register today, March 21. If adopted, the Proposals would require broker-dealers, registered investment companies (with business development companies, “registered funds”) and investment advisers to adopt written policies and…

Solving the Cybercrime Collective Action Problem

By Edward McNicholas, Christine Moundas & Briana Fasone on March 13, 2023

Blackbeard may not be the first name that comes to mind when considering cybercrime, but prior international efforts to stop stateless rogue actors can point us toward the proper focus for cybersecurity—governments taking responsibility to solve a classic collective action problem by direct action, supporting existing industry defense measures, and leading multilateral cooperation efforts. This…

The SEC’s Proposed Outsourcing Oversight Requirements for Investment Advisers

By Jennifer Gordon on November 7, 2022

On October 26, 2022, in a divided 3-2 vote, the Securities and Exchange Commission (“SEC”) proposed a new rule, 206(4)-11, under the Investment Advisers Act of 1940 and related amendments (the “Proposed Rule”) requiring SEC-registered investment advisers to exercise effective and sufficient oversight over their service providers so as to fulfill the adviser’s fiduciary duty, comply with the federal securities laws and protect investors from potential harm. Notably, the Proposed Rule prohibits advisers from outsourcing certain services or functions to service providers without meeting minimum diligence and monitoring requirements. …

Continue Reading The SEC’s Proposed Outsourcing Oversight Requirements for Investment Advisers

Federal Court Orders New Trial to Consider Whether Cryptocurrency Constitutes a “Security”

By Amy Longo, Mark Cianci & Helin Azizoglu on July 14, 2022

A federal court recently rejected a jury’s verdict concluding that a disputed digital asset was not a security, and ordered a new trial to reconsider the issue. In November 2021, a federal jury in the District of Connecticut had become one of the first to deliver a verdict on the frequently discussed issue of whether…

SEC Issues Proposed Rules on Public Company Cybersecurity Disclosures

By Edward McNicholas & Kevin Angle on March 16, 2022

On March 9, 2022, the Securities and Exchange Commission (“SEC”) proposed updates to its disclosure rules intended to “enhance and standardize” public company disclosure regarding cybersecurity risk management, strategy, governance, and incident reporting (the “Proposed Rules”). The Proposed Rules may require issuers to update their disclosure controls and procedures, in particular with respect…

SEC Proposes Cybersecurity Risk Management Rules for Registered Funds and Advisers

By Edward McNicholas, Fran Faircloth & Briana Fasone on February 22, 2022

On February 9, 2022, the SEC published a release addressing Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies (“Release”). The Release contained proposed new rules under the Advisers Act (Rules 206(4)-9 and 204-6) and the Investment Company Act of 1940 (Rule 38a-2) and amendments (collectively, the “Proposals”), which would require…

The Future of SEC Cybersecurity Enforcement

By Fran Faircloth & May Yang on December 22, 2021

In 2021, the U.S. Security and Exchange Commission (SEC) continued to stake its claim as a lead regulator for cybersecurity. Going into 2022, we expect the SEC will continue to aggressively scrutinize and pursue enforcement actions related to cybersecurity disclosures by public companies and cybersecurity practices of SEC-regulated entities like broker-dealers and investment advisers. Moreover, Chair Gensler has announced that the SEC is currently working on a proposal for clearer cybersecurity governance rules, including topics such as “cyber hygiene and incident reporting.”

In many cases, the alleged faults that the SEC has found in the cybersecurity disclosures and practices of these entities go beyond the requirements of any other state or federal cybersecurity regulations. By making itself a leader in its expectations from regulated businesses, the SEC may become the agency that sets industry standard guidance for cybersecurity risk through the SEC mandates formed during its investigations and enforcement actions.…

Continue Reading The Future of SEC Cybersecurity Enforcement

SEC Advances Broad Theory of Required Disclosures of Security Incidents

By Edward McNicholas, Fran Faircloth & Nameir Abbas on September 1, 2021

A recent SEC settlement has again demonstrated the Commission’s continued attention to public companies’ disclosures of cybersecurity incidents and its commitment to a broad notion of what constitutes such an incident. On August 16, the SEC entered a settlement agreement with Pearson plc, a UK-based educational publishing company that is publicly traded on both the…

MENU

RopesDataPhiles