The U.S. Securities and Exchange Commission (SEC) has reportedly announced internally a major reorganization of its enforcement and exams divisions. This restructuring, effective April 9, 2025, was detailed in a staff memo...more
4/8/2025
/ Cryptocurrency ,
Enforcement Actions ,
Enforcement Guidance ,
Enforcement Priorities ,
Financial Regulatory Reform ,
Financial Services Industry ,
Government Agencies ,
Regulatory Agencies ,
Regulatory Oversight ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Our company experienced a cybersecurity incident. It seemed pretty minor — just a few suspicious emails and an employee’s account being locked. To my dismay, we’re now hearing from our IT team that the issue is more serious....more
On November 22, the Securities and Exchange Commission (SEC) announced its enforcement results for fiscal year (FY) 2024. As compared to FY 2023, the Division of Enforcement (the division) reported a 26% decline in the total...more
In late June, the staff of the U.S. Securities and Exchange Commission’s Division of Corporation Finance released five new compliance and disclosure interpretations regarding the disclosure of material cybersecurity incidents...more
12/2/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Insurance ,
Cybersecurity ,
Disclosure Requirements ,
Encryption ,
Form 8-K ,
Information Technology ,
Materiality ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC)
By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more
10/21/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Disclosure Requirements ,
Form 8-K ,
Incident Response Plans ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
I work for a public company that recently experienced a ransomware attack. Fortunately, we were able to restore our business operations quickly by obtaining a decryption key from the threat actor. Given that we managed to get...more
9/11/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Incident Response Plans ,
Publicly-Traded Companies ,
Ransomware ,
Reporting Requirements ,
Reputational Injury ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
On September 4, the Securities and Exchange Commission (SEC) issued an order against three investment adviser firms for violating the whistleblower protections of Rule 21F-17(a) under the Securities Exchange Act of 1934. This...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
“Dear Mary” is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related — data breaches, forensic investigations, how to...more
Each of the 50 states has its own definition of what constitutes a reportable data breach. For some, it requires “unauthorized access” to personal information. For others, it requires “unauthorized acquisition.” And then,...more
7/25/2024
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Theft ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Unauthorized Access
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
On June 11, the Securities and Exchange Commission (SEC) announced the first settled case in its ongoing review of collaborations between investment advisors and short publishers. The SEC fined affiliated investment advisors...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
The Financial Industry Regulatory Authority’s (FINRA) Enforcement Division recently announced its first settlement involving a firm’s supervision of social media influencers. The respondent, M1 Finance LLC (M1), is a...more
On April 14, the Supreme Court unanimously held that federal district courts have jurisdiction to review constitutional challenges to the structures of the Federal Trade Commission (FTC) and Securities and Exchange Commission...more
In March 2023, the Department of Justice (DOJ) Criminal Division updated its Evaluation of Corporate Compliance Programs (ECCP) guidance to address the use of personal devices and third-party messaging applications by...more
On January 9, the Securities and Exchange Commission (SEC) announced that it had reached a settlement with McDonald’s and its former CEO, Stephen Easterbrook, for charges stemming from McDonald’s 2019 termination of...more
On January 10, FINRA published its “2023 Report on FINRA’s Examination and Risk Management Program” (Report) — FINRA’s third annual compendium of guidance, covering key topics and emerging risks for member firms to consider...more
On November 15, the U.S. Securities and Exchange Commission (SEC) announced its enforcement results for fiscal year 2022, which featured the following key metrics...more