On January 27, 2020, the U.S. Securities and Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued examination observations related to cybersecurity and operational resiliency practices (“Examination Observations”). The observations highlight a set of best practices by market participants in the following areas: (1) governance and risk management, (2) access rights and controls, (3) data loss prevention, (4) mobile security, (5) incident response and resiliency, (6) vendor management and (7) training and awareness. Cybersecurity has been a key priority for OCIE since 2012. Since then, it has published eight cybersecurity-related risk alerts, including an April 2019 alert addressing mobile security. OCIE has perennially included cybersecurity practices as part of its examination priorities (“Examination Priorities”) and listed all but mobile security as “particular focus areas” in the “information security” priority for 2020.
Continue Reading OCIE Cybersecurity and Resiliency Observations and Best Practices
SEC Zeroes in on MD&A Disclosures
Yesterday the Securities and Exchange Commission took two significant actions relating to the MD&A disclosures in annual and quarterly reports of public companies.
First, it proposed amendments to MD&A requirements that would, if adopted, make significant and long-overdue improvements to a central disclosure requirement of the U.S. securities laws. Second, it issued guidance on the
Task Force Led By Preet Bharara and Cleary Gottlieb’s Joon H. Kim Issues Report Recommending Reforms to Insider Trading Law
Insider trading law has remained a subject of significant debate and attention, including with a recent Second Circuit decision addressing the use of 18 U.S.C. §§ 1343 (wire fraud) and 1348 (securities fraud) in insider trading cases[1] and a new insider trading bill that passed the U.S. House of Representatives in December by an overwhelming majority. Yesterday, a blue ribbon task force headed by Preet Bharara, the former U.S. Attorney for the Southern District of New York, published a report studying the history and current state of insider trading law and proposing reforms that would bring greater clarity and certainty to the law.
Continue Reading Task Force Led By Preet Bharara and Cleary Gottlieb’s Joon H. Kim Issues Report Recommending Reforms to Insider Trading Law
Key Considerations for Companies in Deciding Whether to Institute Anti-Fraternization Policies
In recent years, numerous senior executives have resigned or been terminated for engaging in undisclosed consensual relationships with subordinates. Such relationships are gaining particular attention in the wake of the heightened scrutiny around workplace behavior, because they raise concerns relating to, among other things, potential power imbalances and conflicts of interest in the workplace. Thus,
Latest FTC Data Privacy Settlement May Signal More Direct Approach to Regulating Data Security
On Tuesday, November 12, 2019, the U.S. Federal Trade Commission (“FTC” or “Commission”) announced a proposed settlement with InfoTrax Systems, L.C. (“InfoTrax”), a third-party service provider, regarding multiple data security failures. As a result of these security shortcomings, a hacker accessed about one million consumers’ sensitive personal information after more than twenty intrusions into InfoTrax’s network. This settlement marks one of the first instances in which the FTC has alleged a violation of the FTC Act predicated solely upon the failure to maintain reasonable security measures by a third-party service provider. The settlement is also notable for a Commissioner’s concurring statement criticizing the settlement’s standard twenty-year term.
Continue Reading Latest FTC Data Privacy Settlement May Signal More Direct Approach to Regulating Data Security
Supreme Court to Consider Whether the SEC Has Authority to Seek Disgorgement in Federal Court Actions: Will the Court Further Prune the SEC’s Enforcement Powers?
On November 1, 2019, the Supreme Court granted certiorari in Liu v. SEC to decide whether the Securities and Exchange Commission can obtain disgorgement as an equitable remedy in federal court enforcement actions.
The certiorari grant in this case is unusual, because the circuit courts that have considered the issue have all agreed that the
The CCPA Takes Shape with Proposed Regulations, as Companies are Encouraged to Comply by January 1
The final version of the California Consumer Privacy Act of 2018 is coming into view.
On October 10, California’s Attorney General released the long-anticipated draft regulations to implement the CCPA, and on October 12, the Governor signed into law five amendments to the CCPA passed during the 2019 legislative session. (We previously discussed the CCPA
United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement
On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1] As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner. The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.
Continue Reading United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement
Be Prepared: How to Proactively Account for Data Privacy
Have the right policies in place
– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy
SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets
On September 18, 2019, the Securities and Exchange Commission (“SEC”) filed its first civil suit alleging violations of broker-dealer registration requirements in U.S. digital asset markets. In a case filed in the U.S. District Court for the Central District of California, the SEC alleged that Defendants ICOBox and its founder, Nikolay Evdokimov, illegally conducted an unregistered public securities offering for their 2017 initial coin offering (“ICO”), and have operated an unregistered brokerage service facilitating the launch of ICOs in digital asset securities since 2017.
Continue Reading SEC Files First Suit Against Alleged Unregistered Broker-Dealer Operating in Digital Asset Markets