On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
10/29/2024
/ Artificial Intelligence ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Deep Fake ,
Financial Services Industry ,
Incident Response Plans ,
New Guidance ,
NYDFS ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider ,
Training ,
Vendors
Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town....more
On May 21, 2024, Erik Gerding, director of the Division of Corporation Finance of the U.S. Securities and Exchange Commission (SEC), issued a statement with clarifying guidance on cybersecurity incident disclosure under Item...more
5/30/2024
/ Corporate Governance ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Form 8-K ,
Materiality ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The U.S. Department of Defense (DoD) published a finalized rule on March 12, 2024, which expands access to defense contractors who wish to participate in the Defense Industrial Base (DIB) Cybersecurity (CS) Program....more
3/15/2024
/ Cyber Incident Reporting ,
Cybersecurity ,
Defense Sector ,
Department of Defense (DOD) ,
Federal Contractors ,
Final Rules ,
New Rules ,
Popular ,
Procurement Guidelines ,
Subcontractors ,
Voluntary Participation
On October 30, 2023, President Biden issued an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The EO establishes sweeping directives and priorities for federal...more
11/1/2023
/ Artificial Intelligence ,
Biden Administration ,
Civil Rights Act ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Federal Procurement Systems ,
Intellectual Property Protection ,
Legislative Agendas ,
National Security ,
NIST ,
Popular ,
Proposed Legislation ,
Public Agencies ,
Regulatory Agenda ,
Semiconductors ,
Technology Sector
The US Securities and Exchange Commission (the SEC) announced on September 11, 2023, that it had settled with nine SEC-registered investment advisers (the Advisers) over alleged violations of Rule 206(4)-1 under the...more
As a significant step in its ongoing initiatives on the disclosure, management, and oversight of cybersecurity risks and incidents, on July 26, 2023, the US Securities and Exchange Commission (SEC or Commission) adopted rules...more
7/31/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Final Rules ,
Foreign Private Issuers ,
Form 10-K ,
Form 8-K ,
Publicly-Traded Companies ,
Regulation S-K ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Smaller Reporting Companies ,
Third-Party Risk ,
XBRL Filing Requirements
The SEC continues its overhaul of cybersecurity, cyber incident reporting, and privacy controls and requirements for industry registrants, their services providers, and corporate America generally.
On March 15, 2023, the SEC...more
4/14/2023
/ Broker-Dealer ,
Compliance ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Disposal Protocols ,
Financial Industry Regulatory Authority (FINRA) ,
Incident Response Plans ,
Mutual Funds ,
Personal Information ,
Policies and Procedures ,
Proposed Rules ,
Registered Investment Advisors ,
Regulation S-P ,
Safeguards Rule ,
Securities and Exchange Commission (SEC) ,
Sensitive Personal Information
On March 10, 2023, the US Federal Deposit Insurance Corporation took control of the assets of Silicon Valley Bank (SVB). In light of SVB’s closure, many venture firms and emerging companies are establishing new accounts with...more
On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal...more
As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that...more
The U.S. Securities and Exchange Commission is implementing a campaign to overhaul the agency’s expectations around cybersecurity and cyber incident reporting for the financial services industry and corporate America...more
2/15/2022
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
Financial Services Industry ,
Investment Adviser ,
Investment Companies ,
Popular ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulation S-P ,
Regulation SCI ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
On February 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed a package of new rules and amendments to enhance cybersecurity preparedness and improve cyber resilience of investment advisers and investment...more
2/11/2022
/ Comment Period ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Disclosure Requirements ,
Investment Adviser ,
Investment Advisers Act of 1940 ,
Investment Companies ,
Investment Company Act of 1940 ,
New Rules ,
Policies and Procedures ,
Proposed Rules ,
Public Comment ,
Recordkeeping Requirements ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)