Tag:Cybersecurity and Privacy

1
Australia: AI and Your Obligations as an Australian Financial Services Licensee
2
SEC Adopts Enhanced Privacy Safeguards
3
SEC Publishes Its 2024 Exam Priorities—Early
4
United States: We’re Not in Kansas Anymore: The SEC Proposes Rules for the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers
5
United States: New Conference, More Rulemaking?
6
United States: SEC Staff Finds Safeguarding Policies and Procedures Lacking at Branch Offices
7
United States: SEC Proposes Amendments to Broaden the Scope of Regulation S-P in Response to Digital Communications and Risks to Customer Personal Information
8
People’s Republic of China: CSRC Released New Cybersecurity and Data Privacy Rules for Securities and Futures Institutions
9
United States: A Record Year: SEC FY 2022 Enforcement Actions Bring Big Penalties
10
United States: SEC Reopens Comment Period for Eleven Significant Rulemaking Releases

Australia: AI and Your Obligations as an Australian Financial Services Licensee

By: Daniel Knight, Ben Kneebush and Madison Jeffreys

As Artificial intelligence (AI) continues to be adopted and used by Australian Financial Services (AFS) licensees broadly, it has become increasingly evident that many licensees’ deployment of AI falls short of their existing regulatory obligations and emerging best practices.

Read More

SEC Adopts Enhanced Privacy Safeguards

By: Rich Kerr, Sasha Burstein, and Brian Doyle-Wenger

On 16 May 2024, the US Securities and Exchange Commission (SEC) adopted amendments to Regulation S-P’s safeguards and disposal rules. The amendments are designed to address the expanded use of technology and corresponding risks that have emerged since the original adoption of Regulation S-P in 2000. The amendments expand the scope of information and broaden the number of customers protected under both rules. The safeguards and disposal rule will apply to “customer information”, which includes records that contain “nonpublic personal information” as defined in the existing rule. Additionally, the amended rule expands the applicability of the safeguards rule to include transfer agents, and the disposal rules to include all transfer agents including those registered with appropriate regulatory authorities other than the SEC.

Read More

SEC Publishes Its 2024 Exam Priorities—Early

By: Jennifer Klass and Wiley Cole

On 16 October 2023, the Division of Examinations (the Division) of the US Securities and Exchange Commission (SEC) released its examination priorities for the 2024 fiscal year. In an interesting twist, the SEC released the examination priorities early, changing the timing to correspond to the beginning of its new fiscal year.

Read More

United States: We’re Not in Kansas Anymore: The SEC Proposes Rules for the Use of Predictive Data Analytics by Broker-Dealers and Investment Advisers

By: Richard Kerr and Matthew Rogers

On July 26, 2023, the Securities and Exchange Commission (“SEC”) proposed new rules (“Proposal”) intended to address certain conflicts of interests associated with the use of “Covered Technology” (defined below) by broker-dealers and investment advisers (“firms”) in investor interactions. If adopted as proposed, firms will be required to (i) identify conflicts of interests when using Covered Technology in interactions with investors, and (ii) adopt policies and procedures to eliminate or neutralize those conflicts of interests.

Read More

United States: New Conference, More Rulemaking?

At the Conference On Emerging Trends In Asset Management sponsored by the US Securities and Exchange Commission (SEC) and held 19 May 2023, Chair Gary Gensler, and Director of the SEC’s Division of Investment Management, William Birdthistle, called for greater discourse with industry participants and highlighted the strengths of recent rulemaking activities of the SEC.

Mr. Birdthistle kicked off the conference by referring to funds and investment advisers as “critical agents” in the investment management industry and in advancing the SEC’s mission. He also acknowledged the need for the SEC and its staff to be open to different opinions. He did not, however, indicate how such different views have been—or would be—addressed in the rulemaking process or otherwise.

Read More

United States: SEC Staff Finds Safeguarding Policies and Procedures Lacking at Branch Offices

By: Keri Riemer and Brian Doyle-Wenger

On 26 April, 2023, shortly after the U.S. Securities and Exchange Commission (SEC) proposed rule amendments that would require broker-dealers and investment advisers (collectively, firms) to comply with enhanced compliance requirements relating to sensitive customer information, the SEC’s Division of Examinations (staff) issued a risk alert highlighting the need for firms to have written policies and procedures for safeguarding customer records and information at their branch offices.

Read More

United States: SEC Proposes Amendments to Broaden the Scope of Regulation S-P in Response to Digital Communications and Risks to Customer Personal Information

By: Trayne S. Wheeler, Brian Doyle-Wenger, and Gustavo De La Cruz Reynozo,

On March 15, 2023, the U.S. Securities and Exchange Commission (“SEC”) proposed amendments to Regulation S-P. The proposed amendments would require covered institutions to enhance protections of consumer information by requiring the adoption of written policies and procedures for an incident response program. The amendments would expand the scope of Regulation S-P by requiring covered institutions to provide timely notifications to individuals affected by data breaches and by extending the definition of the information covered by the regulation.

Read More

People’s Republic of China: CSRC Released New Cybersecurity and Data Privacy Rules for Securities and Futures Institutions

By Chloe Duan and Grace Ye

The China Securities Regulatory Commission (CSRC) released the Administrative Measures for Network and Information Security in Securities and Futures Sectors (Measures) on 27 February 2023, which will become effective on 1 May 2023.

Read More

United States: A Record Year: SEC FY 2022 Enforcement Actions Bring Big Penalties

By: Keri E. Riemer, Michael W. McGrath, Neil T. Smith, Hayley Trahan-Liptak, and Christopher F. Warner

On 15 November 2022, the U.S. Securities and Exchange Commission (SEC) announced its enforcement statistics for its 2022 fiscal year (FY 2022), noting that it filed 760 total enforcement actions — a 9% increase over fiscal year 2021.  This total was comprised of 462 new actions, 169 “follow-on” actions, and 129 actions for delinquent filings.  Money obtained in SEC actions, comprising civil penalties, disgorgement, and pre-judgment interest, totaled a record-breaking $6.439 billion (compared to $3.852 billion in fiscal year 2021).  Civil penalties, totaling $4.194 billion, were also the highest on record.

Read More

United States: SEC Reopens Comment Period for Eleven Significant Rulemaking Releases

By: Trayne S. Wheeler and Brian Doyle-Wenger

On October 7, 2022, the Securities and Exchange Commission (the “SEC”) announced that, due to a technological error, it was reopening the public comment periods for 11 pending rulemaking releases (“Rulemaking Releases”) and one request for comment. The comment periods will be reopened as of October 7th and will end 14 days after the publication of the release in Federal Register (if, for example, this release were to be published on October 15, then the comment periods would close on October 29, 2022). The SEC encouraged commenters that submitted a public comment through the internet comment process to check the SEC’s website, SEC.gov, to determine whether their comment was received and posted.

The SEC’s release did not elaborate on nature of the technological error but stated that a number of public comments submitted through the SEC’s internet comment form were not received. The SEC noted the majority of the affected comments were submitted in August 2022, but that the technological error is known to have occurred as early as June 2021.

The impact of the reopening of the public comment periods is not yet known, but will likely result in delaying the release of a number of highly anticipated SEC rules[1].  The Rulemaking Releases include the following proposals and request for comment:

• Reporting of Securities Loans

• Prohibition Against Fraud, Manipulation, or Deception in Connection with Security-Based Swaps; Prohibition against Undue Influence over Chief Compliance Officers; Position Reporting of Large Security-Based Swap Positions

• Money Market Fund Reforms

• Share Repurchase Disclosure Modernization

• Short Position and Short Activity Reporting by Institutional Investment Managers; see also Notice of the Text of the Proposed Amendments to the National Market System Plan Governing the Consolidated Audit Trail for Purposes of Short Sale-Related Data Collection,    

• Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

• Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews

• The Enhancement and Standardization of Climate-Related Disclosures for Investors

• Special Purpose Acquisition Companies, Shell Companies, and Projections

• Investment Company Names

• Enhanced Disclosures by Certain Investment Advisers and Investment Companies About Environmental, Social, and Governance Investment Practices

• Request for Comment on Certain Information Providers Acting as Investment Advisers

(Certain SRO rules, not covered here, also have comment periods that have been reopened.)


[1] SEC Release, Resubmission of Comments and Reopening of Comment Periods for Several Rulemaking Releases Due to a Technological Error in Receiving Certain Comments, October 7, 2022 (https://www.sec.gov/rules/proposed/2022/33-11117.pdf)

Copyright © 2024, K&L Gates LLP. All Rights Reserved.