Latest Articles

On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P – Privacy Notices and Safeguard Policies,” highlighting its data privacy and cybersecurity observations from recent examinations of registered firms. Regulation S-P By way of background, Regulation S-P is the SEC’s data privacy regulation that implemented the privacy provisions of the Gramm-Leach-Bliley Act.…
March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers[1] (e.g., vendors, suppliers, agents). To comply with the regulation, banks, insurance companies, and other financial institutions and individuals who are, or should be, licensed with NYDFS (Covered Entities) were required to address substantial data security compliance requirements over the past two…
Following other regulators, the National Futures Association (NFA) recently amended its cybersecurity guidance to, among other things, impose a new cybersecurity incident reporting requirement on members. Cybersecurity Incident Reporting. According to the amended guidance, members will be required to report to NFA any cybersecurity incident related to the member’s commodity interest business that resulted in (i) any loss of customer or counterparty funds, (ii) any loss of a member’s own capital, or (iii) the member…
Over the past year, the plaintiffs’ bar and Securities and the Exchange Commission (SEC) have brought class and enforcement action proceedings, respectively, against those involved with the issuance and marketing of initial coin offerings (ICOs), including those located outside the United States. The proceedings involving foreign defendants present the interesting and threshold issue in these litigations of whether personal jurisdiction in U.S. courts exists over these defendants. Until recently it was unclear how courts would…
In this issue: • Multiple Pilots Drive Momentum for Leveraging Blockchain in the Food Supply Chain SEC Rejects Winklevoss Bitcoin Trust, Commissioner Dissents New Reports Detail ICO Scrutiny and Seek to Provide Clarity Blockchain Adoption Continues in Both Institutional and Startup Environments Multiple Pilots Drive Momentum for Leveraging Blockchain in the Food Supply Chain By: Jaime B. Petenko A major global technology company recently shared additional details about the Food Trust, a…
Last summer, the Securities and Exchange Commission (SEC) issued its 21(a) report concluding that, according to the U.S. Supreme Court decision in SEC v. W.J. Howey Co., the DAO token qualified as a “security” under the federal securities laws and thus, its offering had to either be registered with the SEC or subject to a valid exemption from registration. While many commentators have focused on the implications of Howey on initial coin offerings (ICOs), few…
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on the SEC Division of Corporation Finance’s prior guidance from 2011 (“Corp Fin Guidance” as we previously covered) regarding disclosure requirements under the federal securities laws and related policies and procedures. Chair Clayton indicated that “providing the Commission’s views…
On August 7, 2017, the Securities and Exchange Commission (SEC) released its latest cybersecurity risk alert, detailing findings from the examination of 75 broker-dealers, investment advisers and investment companies carried out by its Office of Compliance Inspections and Examinations (OCIE) pursuant to its 2015 cybersecurity examination initiative. In contrast with the previous round of examinations, the Cybersecurity 2 Initiative focused more on validating and testing cybersecurity procedures and controls, with the alert highlighting…
With the first compliance deadline now less than two months away, the New York Department of Financial Services (NYDFS) has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) by publishing an update to previously issued Frequently Asked Questions. We reported on the forthcoming Cybersecurity Regulation in January and February. The new FAQs address the applicability of the Cybersecurity Regulation to three different types of entities. [1] New…
Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores Inc. (Michaels) for failing to sufficiently allege an injury to support standing. This decision is significant because it widens the existing circuit split on what allegations constitute an injury-in-fact, particularly where a plaintiff seeks standing by…