The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) released a National Examination Program Risk Alert (Risk Alert) on August 7, 2017 regarding observations from...more
8/22/2017
/ Best Practices ,
Broker-Dealer ,
Corporate Governance ,
Cybersecurity ,
Data Loss Prevention ,
Incident Response Plans ,
Internal Controls ,
Investment Adviser ,
Investment Companies ,
OCIE ,
Regulation S-P ,
Right of Access ,
Risk Alert ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Training Requirements ,
Vendors
President Donald J. Trump issued an Executive Order on May 11, 2017 aimed at “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (the “Order”). The Order mandates federal governmental review of...more
5/24/2017
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Executive Orders ,
Information Technology ,
Networks ,
NIST ,
OMB ,
Popular ,
Risk Management ,
Trump Administration
The Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (SEC) issued a National Exam Program Risk Alert (Risk Alert) on May 17, 2017 in response to “WannaCry,” the ongoing...more
5/22/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Financial Industry Regulatory Authority (FINRA) ,
Investment Adviser ,
Microsoft ,
OCIE ,
Popular ,
Ransomware ,
Risk Alert ,
Risk Assessment ,
Risk Mitigation ,
Securities and Exchange Commission (SEC)
On 27 April 2016, following a prolonged legislative process over some four years, the European Council and Parliament finally adopted a new data protection law: the General Data Protection Regulation (GDPR). The GDPR was...more
While companies may be aware of the threats posed to their businesses by a data breach, they should also have a concrete plan in place so that they can respond effectively should one occur. In a recent webinar, attorneys from...more
President Obama signed into law on December 4, 2015 a bill that amended Section 503 in Title V of the Gramm-Leach-Bliley Act (G-L-B Act), with the result that financial institutions – including investment companies and...more
The Financial Industry Regulatory Authority (“FINRA”) released its annual Regulatory and Examination Priorities Letter on January 5, listing cybersecurity as a 2016 examination priority. This letter broadly identifies new and...more
The National Futures Association (NFA) adopted on October 23, 2015 an “Interpretive Notice to NFA Compliance Rules 2-9, 2-36, and 2-49: Information Systems Security Programs” (Notice). The Notice requires each NFA Member to...more
11/6/2015
/ Brokers ,
CFTC ,
Commodity Pool ,
Commodity Trading Advisors (CTAs) ,
CPOs ,
Cybersecurity ,
Dealers ,
Employee Training ,
Information Systems Security Program (ISSP) ,
Major Swap Participants ,
National Futures Association ,
NFA ,
Parent Corporation ,
Popular ,
Recordkeeping Requirements ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Swap Dealers ,
Third-Party Service Provider
Before committing resources to a potential investment, private equity firms should aggressively evaluate a target company’s cyber risks and cyber preparedness. Some target companies are naturally more exposed to cyber risk...more
10/12/2015
/ Chief Information Security Officer (CISO) ,
Cyber Insurance ,
Cybersecurity ,
Data Collection ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Global Marketplace ,
Incident Response Plans ,
Information Security ,
Popular ,
Privacy Notice Rule ,
Privacy Policy ,
Private Equity ,
Risk Assessment ,
Target Company ,
WISP
The Securities and Exchange Commission’s (SEC or Commission) Office of Compliance Inspections and Examinations (OCIE) announced in a September 15, 2015 Risk Alert (2015 Risk Alert) that it will be conducting a second round of...more
The Division of Investment Management (Division) of the U.S. Securities and Exchange Commission (SEC) issued a Guidance Update on April 28, 2015 (Guidance) relating to the cybersecurity of registered investment companies and...more
Following a year of high-profile data breaches, the Securities and Exchange Commission (SEC) announced on January 13, 2015 that, for the second consecutive year, its Office of Compliance Inspections and Examinations (OCIE)...more
President Obama issued an Executive Order (the “Order”) on April 1, 2015 that authorizes financial sanctions against certain “persons” (including both individuals and entities) designated by the Treasury Secretary to be...more
The Securities and Exchange Commission’s (the “SEC” or the “Commission”) Office of Compliance Inspections and Examinations (“OCIE”) announced in an April 15, 2014 Risk Alert (the “Alert”) that it will be conducting...more
Executive Summary: Federal Trade Commission v. Wyndham Worldwide Corp.
A U.S. District Court has ruled this week that the Federal Trade Commission (FTC) has authority under Section 5 of the FTC Act to bring enforcement...more
The SEC and CFTC recently issued joint Identity Theft Red Flags Rules (the “Rules”), which are rules and guidelines requiring certain financial institutions worldwide to adopt comprehensive data security programs to detect...more
With the rise in targeted, sophisticated, malicious attacks on corporate America’s electronic infrastructure, companies are increasingly focused on their cybersecurity disclosure obligations. There is a growing concern that...more
The Obama Administration has long expressed concerns about the vulnerability of America’s critical infrastructure to cyber-attack. On February 12, 2012, the day of the President’s State of the Union address, the...more
3/1/2013
/ Barack Obama ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Framework ,
Department of Homeland Security (DHS) ,
Executive Orders ,
Fair Information Practice Principles ,
Information Sharing ,
Infrastructure ,
NIST ,
OMB