Compliance Perspectives: Rolling Out New Compliance Initiatives
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
On April 11, the Department of Justice's National Security Division (NSD) published new guidance on recent measures to restrict the ability of adversarial foreign governments and other foreign entities of concern to access...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
Effective September 1, 2025, the UK’s Failure to Prevent Fraud offense will go into effect as part of the UK’s Economic Crime and Corporate Transparency Act 2023 (the ECCTA). The law significantly expands corporate liability...more
On April 8, the Department of Justice’s (“DOJ’s”) final rule on Preventing Access to US Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “Rule”) formally took effect. ...more
On January 8, 2025, the U.S. Department of Justice (“DOJ”) issued its final rule to implement Executive Order 14117 aimed at preventing access to Americans' bulk sensitive personal data and government-related data by...more
2025 is set to be a busy year in UK consumer protection law. With the CMA issuing its annual plan for 2025 / 2026 on 27 March 2025 and its new powers to enforce consumer protection law under the Digital Markets, Competition...more
The European Union has significantly overhauled its product liability regime with a new directive concerning liability for defective products (Product Liability Directive). EU member states have until December 9, 2026, to...more
The European Commission’s adoption on 23 October 2024 of the two regulations (Regulations) supplementing the [the Regulation on digital operational resilience for the financial sector Publications Office (europa.eu)] (DORA)...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
On March 6, 2024, in a 3-2 vote, the US Securities and Exchange Commission (SEC) adopted final rules requiring registrants to disclose certain climate-related information in registration statements and annual reports. ...more
On November 1, 2023, New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500) – the most significant modifications to Part...more
President Joe Biden on Oct. 30, 2023, signed a sweeping executive order (EO) and invoked the Defense Production Act to establish the first set of standards for using artificial intelligence (AI) in healthcare and other...more
In July 2023, the SEC adopted new cybersecurity rules for the stated purpose of enhancing and standardizing disclosures regarding cybersecurity risk management, strategy, governance and incidents by public companies. The...more
In less than three months, public companies and certain foreign private companies will have to take additional steps after cybersecurity breaches: deciding whether an incident meets the materiality threshold that requires...more
On July 26, 2023, the Securities and Exchange Commission adopted new rules imposing disclosure requirements regarding cybersecurity risk management, strategy, governance and incidents. The new rules, which became effective...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
On November 2, 2022, the U.S. Securities and Exchange Commission (“SEC”), by a vote of 3-2, proposed amendments to rules under the Investment Company Act of 1940 that would modify the existing liquidity risk management...more
Get ready, large employers. After years of amendments exempting the personal information of employees and other personnel from the California Consumer Privacy Act (“CCPA”), covered employers now have a firm deadline by which...more
Seyfarth Synopsis: California employers racing to ensure all their employees receive mandatory harassment training by the end of the year can now take their foot off the gas. In response to an outcry from employer groups...more
On October 13, 2016, the U.S. Securities and Exchange Commission (SEC) unanimously adopted regulatory changes that require open-end funds, including mutual funds and exchange-traded funds (ETFs), to establish liquidity risk...more