In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. ("RRD") for its handling of a 2021 ransomware attack and resulting disclosure failures. The settlement represents the SEC's first application of its internal controls enforcement authority to include cybersecurity policies and procedures. The SEC's interpretation applying its internal controls provision to cybersecurity policies and procedures represents a significant expansion of its enforcement See more +

In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. ("RRD") for its handling of a 2021 ransomware attack and resulting disclosure failures. The settlement represents the SEC's first application of its internal controls enforcement authority to include cybersecurity policies and procedures. The SEC's interpretation applying its internal controls provision to cybersecurity policies and procedures represents a significant expansion of its enforcement authority.

In this Episode, Michael Volkov discusses the impact of the SEC-RR Donnelly Settlement.

See less -