Cybersecurity and Privacy – Global Investment Law Watch

Europe: National Regulators Announce Digital Operational Resilience Act Reporting Windows

Feb 26 2025

By: Shane Geraghty, Dr. Ulrike Elteste, and Ruth Hennessy

EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as 31 March 2025. ROIs are reports by in-scope EU financial entities on all contractual arrangements on the use of information and communication technology (ICT) services provided by ICT third-party service providers. The financial entity must differentiate between providers who are not critical and providers who are considered critical and important.

Australia: AI and Your Obligations as an Australian Financial Services Licensee

Nov 20 2024

By: Daniel Knight, Ben Kneebush and Madison Jeffreys

As Artificial intelligence (AI) continues to be adopted and used by Australian Financial Services (AFS) licensees broadly, it has become increasingly evident that many licensees’ deployment of AI falls short of their existing regulatory obligations and emerging best practices.

United States: SEC Adopts Enhanced Privacy Safeguards

May 17 2024

By: Rich Kerr, Sasha Burstein, and Brian Doyle-Wenger

On 16 May 2024, the US Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P’s safeguards and disposal rules. The amendments are designed to address the expanded use of technology and corresponding risks that have emerged since the original adoption of Regulation S-P in 2000. The amendments expand the scope of information and broaden the number of customers protected under both rules. The safeguards and disposal rule will apply to “customer information”, which includes records that contain “nonpublic personal information” as defined in the existing rule. Additionally, the amended rule expands the applicability of the safeguards rule to include transfer agents, and the disposal rules to include all transfer agents including those registered with appropriate regulatory authorities other than the SEC.

United States: SEC Publishes Its 2024 Exam Priorities—Early

Oct 23 2023

By: Jennifer Klass and Wiley Cole

On 16 October 2023, the Division of Examinations (the Division) of the US Securities and Exchange Commission (SEC) released its examination priorities for the 2024 fiscal year. In an interesting twist, the SEC released the examination priorities early, changing the timing to correspond to the beginning of its new fiscal year.

United States: We’re Not in Kansas Anymore: The SEC Proposes Rules for the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers

Jul 27 2023

By: Richard Kerr and Matthew Rogers

On July 26, 2023, the Securities and Exchange Commission (“SEC”) proposed new rules (“Proposal”) intended to address certain conflicts of interests associated with the use of “Covered Technology” (defined below) by broker-dealers and investment advisers (“firms”) in investor interactions. If adopted as proposed, firms will be required to (i) identify conflicts of interests when using Covered Technology in interactions with investors, and (ii) adopt policies and procedures to eliminate or neutralize those conflicts of interests.

United States: New Conference, More Rulemaking?

May 22 2023

At the Conference On Emerging Trends In Asset Management sponsored by the US Securities and Exchange Commission (SEC) and held 19 May 2023, Chair Gary Gensler, and Director of the SEC’s Division of Investment Management, William Birdthistle, called for greater discourse with industry participants and highlighted the strengths of recent rulemaking activities of the SEC.

Mr. Birdthistle kicked off the conference by referring to funds and investment advisers as “critical agents” in the investment management industry and in advancing the SEC’s mission. He also acknowledged the need for the SEC and its staff to be open to different opinions. He did not, however, indicate how such different views have been—or would be—addressed in the rulemaking process or otherwise.

United States: SEC Staff Finds Safeguarding Policies and Procedures Lacking at Branch Offices

May 01 2023

By: Keri Riemer and Brian Doyle-Wenger

On 26 April, 2023, shortly after the U.S. Securities and Exchange Commission (SEC) proposed rule amendments that would require broker-dealers and investment advisers (collectively, firms) to comply with enhanced compliance requirements relating to sensitive customer information, the SEC’s Division of Examinations (staff) issued a risk alert highlighting the need for firms to have written policies and procedures for safeguarding customer records and information at their branch offices.

United States: SEC Proposes Amendments to Broaden the Scope of Regulation S-P in Response to Digital Communications and Risks to Customer Personal Information

Mar 17 2023

By: Trayne S. Wheeler, Brian Doyle-Wenger, and Gustavo De La Cruz Reynozo,

On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) proposed amendments to Regulation S-P. The proposed amendments would require covered institutions to enhance protections of consumer information by requiring the adoption of written policies and procedures for an incident response program. The amendments would expand the scope of Regulation S-P by requiring covered institutions to provide timely notifications to individuals affected by data breaches and by extending the definition of the information covered by the regulation.

People’s Republic of China: CSRC Released New Cybersecurity and Data Privacy Rules for Securities and Futures Institutions

Mar 13 2023

By Chloe Duan and Grace Ye

The China Securities Regulatory Commission (CSRC) released the Administrative Measures for Network and Information Security in Securities and Futures Sectors (Measures) on 27 February 2023, which will become effective on 1 May 2023.

United States: A Record Year: SEC FY 2022 Enforcement Actions Bring Big Penalties

Nov 16 2022

By: Keri E. Riemer, Michael W. McGrath, Neil T. Smith, Hayley Trahan-Liptak, and Christopher F. Warner

On 15 November 2022, the U.S. Securities and Exchange Commission (SEC) announced its enforcement statistics for its 2022 fiscal year (FY 2022), noting that it filed 760 total enforcement actions — a 9% increase over fiscal year 2021. This total was comprised of 462 new actions, 169 “follow-on” actions, and 129 actions for delinquent filings. Money obtained in SEC actions, comprising civil penalties, disgorgement, and pre-judgment interest, totaled a record-breaking $6.439 billion (compared to $3.852 billion in fiscal year 2021). Civil penalties, totaling $4.194 billion, were also the highest on record.

Tag:Cybersecurity and Privacy