As a significant step in its ongoing initiatives on the disclosure, management, and oversight of cybersecurity risks and incidents, on July 26, 2023, the US Securities and Exchange Commission (SEC or Commission) adopted rules...more
7/31/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Foreign Private Issuers ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Smaller Reporting Companies ,
Third-Party Risk ,
XBRL Filing Requirements
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally.
On March 15, 2023, the SEC...more
4/14/2023
/ Broker-Dealer ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Disposal Protocols ,
Financial Industry Regulatory Authority (FINRA) ,
Incident Response Plans ,
Mutual Funds ,
Personal Information ,
Policies and Procedures ,
Proposed Rules ,
Registered Investment Advisors ,
Regulation S-P ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that...more
The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
2/15/2022
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
Financial Services Industry ,
Investment Adviser ,
Investment Companies ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-P ,
Regulation SCI ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment...more
2/11/2022
/ Comment Period ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Companies ,
Investment Company Act of 1940 ,
New Rules ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
9/16/2021
/ Broker-Dealer ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Breach Plans ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Information Security ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Firms ,
Personally Identifiable Information ,
Phishing Scams ,
Policies and Procedures ,
Regulation S-P ,
Safeguards Rule ,
Sanctions ,
Securities and Exchange Commission (SEC)
On 21 April 2021, the European Commission unveiled a proposal for an EU Artificial Intelligence Regulation (“Proposal”). The Proposal recognizes that AI offers significant benefits and opportunities for the EU market, but...more
4/27/2021
/ Artificial Intelligence ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Distributors ,
EU ,
European Commission ,
Fines ,
Importers ,
Member State ,
Proposed Regulation ,
Recordkeeping Requirements ,
Registration Requirement ,
Regulatory Oversight ,
Transparency
On 31 March 2021 the Dutch Data Protection Authority (DPA) announced that it fined the online reservation platform Booking.com €475,000 for failing to notify the DPA of a data breach within the timeline established in the...more
In early March, the New York State Department of Financial Services (“NYDFS”) announced a consent order that required Maine-based mortgage servicer Residential Mortgage Services, Inc. (“Residential”) to pay a $1.5 million...more
3/23/2021
/ Banking Sector ,
Business E-Mail Compromise (BEC) ,
Consent Order ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Failure to Report ,
Financial Institutions ,
Financial Services Industry ,
Mortgage Servicers ,
Non-Public Information ,
NYDFS ,
Personally Identifiable Information ,
Sensitive Personal Information