Davis Polk & Wardwell LLP

State Street Global Advisors, or SSGA, updated and released earlier this week its Global Proxy Voting and Engagement Principles and Proxy Voting and Engagement Guidelines – North America (US & Canada). SSGA has created a new set of global policies dedicated to what companies can expect when engaging with SSGA on environmental and social matters and how SSGA intends to approach voting on sustainability-related proposals. In addition, SSGA recently published its latest general issuer
Davis Polk’s Avi Gesser, associate Matt Kelly, and law clerk Samantha Pfotenhauer co-authored an article, The Expanding Role of Lawyers in Addressing Cyber Risk at Financial Firms, appearing in this month’s issue of The Review of Securities & Commodities Regulation. Not that long ago, cybersecurity was viewed as primarily a technical issue, to be handled by a company’s IT department.  But times are changing—at least somewhat.  The rise of robust regulatory frameworks related to data…
At the 18th Annual Institute on Securities Regulation in Europe last week, SEC Director Bill Hinman spoke about the benefits of the SEC’s current, flexible approach to environmental, social and governance (ESG) disclosure for public companies. He noted that current disclosure requirements are largely principles-based and “apply in areas where the disclosure topics may be complex, associated with uncertain risks and rapidly evolving.” Such an adaptable principles-based disclosure regime, Director Hinman posited, is well suited…
Earlier this month, SEC Chairman Jay Clayton and Division of Trading and Markets Director Brett Redfearn engaged in a public dialogue on equity market structure issues.  In addition to reviewing three equity market structure initiatives adopted by the SEC in 2018 (the transaction fee pilot, enhanced order handling disclosure requirements and new transparency requirements for alternative trading systems that trade NMS stocks), Clayton and Redfearn highlighted three areas for potential further rulemaking:…
Two-factor authentication is one of the most common measures that companies use to reduce cyber risk, but it is not very effective if companies don’t also have a good lost-phone protocol. Various regulations and industry rules require two-factor authentication (also referred to as multi-factor authentication or MFA) including the NYDFS cyber rules, the NIST identification and authentication requirements, the Payment Card Industry (“PCI”) Data Security Standard 8.3, as well as the proposed amendments to…
On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and swap dealers.  Perhaps the most significant new obligation is the imposition of onerous breach notification requirements. The full blog post is available at our Cyber…
On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and swap dealers.  They are designed to “establish general requirements relating to Members’ information systems security programs (ISSPs) but leave the exact form of an ISSP…
U.S. federal banking regulators plan to revive efforts to regulate financial institution incentive compensation, as required under Section 956 of the Dodd–Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act).  The Wall Street Journal reports that the current effort is in its “early stages” and is being led by “top officials” of at least the Federal Reserve, the FDIC and the OCC.  The article notes, “spokesmen for the Fed and OCC said their…
Insider data threats – which include the deliberate theft or destruction of sensitive information, as well as innocent mistakes that result in a loss of control of confidential data – have become a primary risk factor to most businesses.  To properly maintain cybersecurity and protect confidential information, companies need to monitor the activities of their employees more than ever.  How far employers can go in tracking the activity of employees requires a delicate balance between…