In an unintended consequence of the Securities and Exchange Commission's (SEC) unprecedented rulemaking agenda, a black-hat hacker gang has filed a whistleblower complaint against its victim for not reporting a cybersecurity...more
In September, the Securities Exchange Commission’s new Cybersecurity Rule for reporting public companies became effective. The SEC Cybersecurity Rule applies to public companies and generally requires (1) disclosure of...more
9/29/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
Financial Industry Regulatory Authority (FINRA) ,
Form 8-K ,
New Rules ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
On March 31, 2022, the Securities Industry and Financial Markets Association (“SIFMA”) released its after-action report on Quantum Dawn VI – a global financial-markets cybersecurity exercise....more
Continuing its active regulatory agenda, the Securities and Exchange Commission on March 9, 2022, proposed new cybersecurity regulations for reporting public companies. Although couched as a series of “disclosure”...more
3/10/2022
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Disclosure Requirements ,
Policies and Procedures ,
Proposed Rules ,
Publicly-Traded Companies ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
The regular “Weekly Update” email from the Financial Industry Regulatory Authority (“FINRA”) had an eye-catching warning February 16, urging broker-dealer member firms to heed the “Shields Up” cyber threat warning from the...more
2/17/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
New Guidance ,
Personally Identifiable Information ,
Russia ,
Threat Management ,
Vulnerability Assessments
On February 9, the SEC proposed new cybersecurity risk management regulations for investment advisers, registered investment companies (funds), and business development companies....more
2/14/2022
/ Anti-Fraud Provisions ,
Business Development Companies ,
Comment Period ,
Cybersecurity ,
Data Protection ,
Disclosure Requirements ,
Fiduciary Duty ,
Identity Theft ,
Investment Adviser ,
Investor Protection ,
Policies and Procedures ,
Proposed Rules ,
Registered Investment Companies (RICs) ,
Regulatory Agenda ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Securities Litigation ,
Securities Regulation
Over the last couple of decades, the securities self-regulatory organization FINRA (f/k/a NASD) informs its membership each year of what compliance risks are noted by its examination program. Those are risks firms should...more
2/10/2022
/ Anti-Money Laundering ,
BSA/AML ,
Capital Raising ,
Compliance Monitoring ,
Crowdfunding ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Markets ,
Form CRS ,
Influencers ,
Municipal Securities Market ,
Regulation BI ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Special Purpose Acquisition Companies (SPACs)
On August 13, 2021, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 21-29, collecting guidance on outsourcing and vendor management. The Notice was prompted by increased reliance on outsourcing...more
On March 4, FINRA issued a Regulatory Notice warning member firms not to fall for phishing scam preying on compliance fears. The scam uses a phony email address, supports@finra-online.com, demanding an immediate response to...more
The U.S. Securities and Exchange Commission (“SEC”) released its 2021 Examination Priorities on March 3. The Examinations group – elevated last December to Division status (formerly the Office of Compliance Investigations...more
3/5/2021
/ BSA/AML ,
Climate Change ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Environmental Social & Governance (ESG) ,
FinTech ,
Infectious Diseases ,
Investment ,
Libor ,
OCIE ,
Regulation Best Interest ,
Retail Investors ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC)
Spotlight -
U.S. Supreme Court Rules in Favor of Burr's Petition for the South Carolina Election Commission: South Carolina's Witness Requirement on Absentee Ballots is Here to Stay -
On October 5th, the Supreme Court...more
10/27/2020
/ Absentee Voting ,
Business Litigation ,
Cybersecurity ,
Employee Rights ,
Family and Medical Leave Act (FMLA) ,
Financial Industry Regulatory Authority (FINRA) ,
Liability Insurance ,
Mail-In Ballots ,
Phishing Scams ,
Political Campaigns ,
Remote Proceedings ,
Right to Vote ,
SCOTUS ,
Wage and Hour
Phishing FINRA -
October is cyber-security awareness month, so it’s only appropriate that FINRA started it with another Regulatory Notice warning member firms to beware of a false-survey phishing scheme. The Notice warns...more
10/8/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Financial Industry Regulatory Authority (FINRA) ,
Hackers ,
Information Technology ,
Office of Foreign Assets Control (OFAC) ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware
SBA Issues New PPP Rules for Owner-Employees and Related Party Rents -
The Small Business Administration ("SBA") recently issued a new interim final rule clarifying whether paycheck protection program ("PPP") loan proceeds...more
9/25/2020
/ Business Closures ,
CARES Act ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Family and Medical Leave Act (FMLA) ,
Financial Industry Regulatory Authority (FINRA) ,
Government Lockdown ,
Loan Forgiveness ,
Paycheck Protection Program (PPP) ,
Relief Measures ,
Rent ,
Return-to-Work Agreements ,
SBA ,
SBA Lending Programs ,
Small Business
On August 20, FINRA warned member firms about a rash of imposter websites, using registered representative’s names, pictures, CRD numbers and other information to gull investors into providing personally-identifying...more
The Financial Industry Regulatory Authority (“FINRA”) has issued a special alert to its member firms, alerting them to an imposter website: www.finnra.org (containing an extra “n”)....more
On May 28, 2020, FINRA issued its Regulatory Notice 20-16 sharing firms’ WFH practices observed to date. They include common practices adopted across most industries, as one would expect....more
This week FINRA issued Reg. Notice 20-08 on “Pandemic-Related Business Continuity Planning, Guidance and Regulatory Relief.”...more
3/12/2020
/ Business Continuity Plans ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Cybersecurity ,
Data Protection ,
Emergency Management Plans ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Services Industry ,
Flexible Work Arrangements ,
Infectious Diseases ,
Public Health ,
Relief Measures ,
Telecommuting
FINRA held its bi-annual Cybersecurity Conference in January and recently published five take-away real-world experiences from the conference...more
2/27/2020
/ Anti-Money Laundering ,
C-Suite Executives ,
Consumer Protection Laws ,
Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Digital Assets ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Markets ,
FinTech ,
Hackers ,
Information Governance ,
Information Security ,
Information Technology ,
Initial Public Offering (IPO) ,
Liquidity Management ,
MSRB ,
Municipal Advisers ,
OCIE ,
Phishing Scams ,
Popular ,
Regulation BI ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC) ,
Vulnerability Assessments
Frank Borger-Gilligan, Tennessee’s chief securities regulator, last week was selected as President-Elect of the North American Securities Administrators Association (“NASAA”) at the annual meeting in Anchorage, Alaska. ...more
OCIE released its 2017 exam priorities on January 12. The priorities list was most notable for being shorter than prior years. But that likely means only more focus, rather than less vigor....more
1/13/2017
/ BSA/AML ,
Cybersecurity ,
ETFs ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Markets ,
Investment ,
Investment Adviser ,
Money Market Funds ,
Municipal Advisers ,
OCIE ,
Pensions ,
Private Funds ,
Recidivism ,
Retail Investors ,
SEC Examination Priorities ,
Securities and Exchange Commission (SEC)
On January 4, new President and CEO Richard Cook issued FINRA’s Annual Regulatory and Examination Priorities Letter. This year’s list in summary is:
New for 2017:
Targeted electronic off-site reviews “on select...more
1/6/2017
/ Big Data ,
BSA/AML ,
Cybersecurity ,
Financial Industry Regulatory Authority (FINRA) ,
Financial Institutions ,
Financial Markets ,
Industry Examinations ,
Liquidity Risk Management Rule ,
Market Manipulation ,
Mutual Funds ,
Regulatory Agenda ,
REIT ,
Risk Management ,
Risk Mitigation ,
Securities ,
Spoofing
Tennessee has joined other states in formally approving lawyers’ cloud-storage of client-confidential data. The Board of Professional Responsibility (“BOPR”) held that lawyers ethically may use cloud storage for...more
9/25/2015
/ American Bar Association (ABA) ,
Banking Sector ,
Banks ,
Breach Notification Rule ,
Bring Your Own Device (BYOD) ,
Client Data ,
Client Services ,
Cloud Computing ,
Compliance ,
Confidential Information ,
Confidentiality Policies ,
Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Loss Prevention ,
Data Security ,
Due Diligence ,
Ethics ,
Financial Institutions ,
Incident Response Plans ,
Law Practice Management ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
Third-Party Service Provider
A week after OCIE announced it would conduct a second round of cyber-security exams, the Commission emphasized the issue by bringing an enforcement action against a non-custodial investment-adviser over a remediated data...more
9/25/2015
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Financial Institutions ,
Free Identity Theft Protection ,
Hackers ,
Investment Adviser ,
OCIE ,
Personally Identifiable Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
SIFMA
This week the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced a second-round of cybersecurity examinations, continuing its initiatives on the issue. The move follows the SEC’s: March 2014 roundtable...more
9/17/2015
/ Bring Your Own Device (BYOD) ,
Compliance ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Due Diligence ,
Financial Institutions ,
Financial Markets ,
Incident Response Plans ,
Loss Prevention ,
OCIE ,
Risk Assessment ,
Securities and Exchange Commission (SEC) ,
SIFMA ,
Third-Party Service Provider
The Financial Industry Regulatory Authority (“FINRA”) released its 10th annual Exam Priority Letter earlier this week (Jan. 6, 2015). The so-called “Errico Letter” advises broker-dealer member firms of the operational risks...more