On September 4, 2019, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert addressing the most common compliance issues it identified in examinations of investment advisers (“Advisers”) related to principal and agency cross transactions.
Continue Reading

Responding to a request by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), the EU’s data protection supervisory bodies released an initial joint opinion on the impact of the U.S. Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) on the EU data protection framework.

The preliminary assessment by the European

On August 26, 2019, New York Governor Andrew Cuomo signed into law legislation extending the statute of limitations for claims brought under the Martin Act from three to six years. The statute reverses a New York Court of Appeals decision holding that Martin Act claims must be brought within three years.
Continue Reading

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”), which expands data breach notification obligations under New York law and for the first time imposes affirmative cybersecurity obligations on covered entities.

The Act makes five principal changes

Last month, Representative Jim Himes (D-Conn) and his co-sponsors, Representatives Carolyn B. Maloney (D-NY) and Denny Heck (D-WA), introduced H.R. 2534:  The Insider Trading Prohibition Act.  Unlike its substantially similar predecessor, H.R. 1625, which was introduced by Representative Himes on March 25, 2015, H.R. 2534 has gained some momentum in the U.S. House of Representatives, having been unanimously approved by the Financial Services Committee in May 2019.  Although the bill is only at the preliminary stage, if the proposal eventually proceeds further in the process of becoming law, it will represent a potentially significant shift in and clarification of U.S. insider trading laws.
Continue Reading

Last month, Representative Maxine Waters, Chair of the House Financial Services Committee, introduced a discussion draft of the “Bad Actor Disqualification Act of 2019” (the “Proposed Act”).  Similar to proposed legislation Rep. Waters introduced in 2015 and 2017, the effect of the Proposed Act, if passed, would be to dramatically increase the burdens on institutions

In the past year, members of the U.S. Congress and Senate on both sides of the aisle have proposed data privacy bills that would impose nationwide standards on companies who collect and/or share consumers’ personal information. Currently, all 50 states have separate, but often overlapping, data privacy regimes—each subjecting companies to various combinations of recordkeeping standards, data sharing restrictions, and data breach reporting requirements—creating a patchwork of state laws that can generate substantial uncertainty for corporations.
Continue Reading

On June 5, 2019, the Securities and Exchange Commission (“SEC”) finalized Regulation Best Interest (“Reg BI” or the “Final Rule”) under the Securities Exchange Act of 1934 (“Exchange Act”) to establish a new “best interest” standard of conduct for broker-dealers when making a recommendation of any transaction or investment strategy involving securities to a retail

On May 6, 2019, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 19-18, addressing members’[1] anti-money laundering (“AML”) compliance programs.  This notice focused extensively on members’ monitoring for suspicious activities and subsequent suspicious activity report (“SAR”) filing obligations, providing 97 examples of “money laundering red flags” to securities industry market participants.  Where applicable to a members’ business operations, FINRA encouraged broker-dealers to take a “risk-based approach” to AML compliance and incorporate these red flags into their AML programs, even though the organization noted that merely doing so will not satisfy all obligations.  Where any red flags are detected, FINRA encouraged firms to consider whether “additional investigation, customer due diligence measures or a SAR filing may be warranted.”

Continue Reading

On April 16, 2019, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert addressing all registered broker-dealers and investment advisers’ (together, “Firms”)[1] privacy-related obligations under Regulation S-P (“Reg S-P”).  The Risk Alert set out the most frequent Reg S-P deficiencies OCIE identified during examinations over the past two years, and encouraged registrants to review their written privacy policies and procedures as well as the consistency with which these policies and procedures have been implemented.  The Alert is the latest in a series of recent privacy and cybersecurity guidance documents issued by the SEC, including the February 2018 Commission Statement and Guidance on Public Company Cybersecurity Disclosures and October 2018 Report of Investigation on cyber-related frauds and public company accounting controls.

This Risk Alert is consistent with the SEC’s approach of seeking to influence the conduct of registrants by providing guidance on specific compliance issues, followed by Risk Alerts noting common exam deficiencies, prior to pursuing enforcement actions.  Investment advisers and broker-dealers should  take this as a prompt to review their relevant policies and procedures to ensure they are appropriate and being followed in practice.
Continue Reading