The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to:

  • Maintain and implement cybersecurity policies and procedures;
  • Adopt new recordkeeping standards;
  • Report significant cybersecurity incidents to the commission; and
  • Disclose cybersecurity risks and incidents to clients and investors.

Continue Reading SEC proposes cybersecurity rules for registered funds and investment advisers

On 19 January 2021, the Information Commissioner’s Office (ICO), published a letter dated 11 September 2020, available here, explaining that personal data transfers from UK based companies to the Securities and Exchange Commission (SEC) for the purposes of regulatory compliance may be permitted under the General Data Protection Regulation (GDPR).

Background

Firms regulated by the SEC must fulfil requests for documentation made by the SEC and make their books, records or documents available for inspection, to ensure compliance with U.S. federal securities laws, rules and regulations. This calls for the production of information, documentation, and other records, which may include personal data and special category personal data.Continue Reading The ICO offers guidance on personal data transfers to the SEC

On April 3, 2019, the U.S. Securities and Exchange Commission (SEC) took their first step towards providing greater clarity on the key question of how to evaluate whether transactions involving issuance or sales of digital tokens are sales of securities subject to U.S. securities laws and regulations.

The guidance was released in two parts:

The United States District Court for the Southern District of California recently changed course in an enforcement action brought by the U.S. Securities and Exchange Commission (SEC) against cryptocurrency company Blockvest, LLC and its founder. In doing so, the court granted the SEC’s request to preliminarily enjoin the defendants from violating the securities laws and

On November 28, 2018, the U.S. Securities and Exchange Commission’s (SEC) request for a preliminary injunction against Defendants Blockvest, LLC (Blockvest) and Blockvest’s founder and chairman Reginald Buddy Ringgold, III (Ringgold) was denied by United States District Court for the Southern District of California.

Blockvest and Ringgold were offering and selling unregistered securities in the

The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital

Last week, the Securities and Exchange Commission (SEC) unanimously adopted new cybersecurity guidance aimed at assisting public companies in their preparation of cybersecurity risk and incident disclosures. In its new Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures, the SEC is aiming to apply lessons learned from the many major data security incidents that have occurred since the Commission first issued cybersecurity guidance in 2011. The 2011 Guidance was some of the first of its kind as almost no guidance relating to disclosure requirements and cybersecurity issues existed at the time. The updated Guidance serves to provide the SEC’s views on public companies’ disclosure obligations as they relate to data breaches and other cybersecurity incidents.

The new Guidance encourages public companies to be transparent and disclose any potential cybersecurity risks before breaches or attacks occur. To make such pre-breach risk disclosure possible, the Guidance suggests that companies develop robust cybersecurity risk assessment policies. The Guidance also cautions companies to prevent executives or other insiders from trading company shares during the internal investigation of a data security incident or before such information is made available to the public. This prohibition on trading is specifically directed to curb behaviors such as those evident during one 2017 date breach involving a major credit-reporting agency.Continue Reading Guiding light: SEC adopts updated cybersecurity guidance

At the end of September, the Securities Exchange Commission (“SEC”) announced two new initiatives to address cyber-based threats and protect retail investors. In the press release, the SEC outlined the creation of the Cyber Unit (“Unit”) and the Retail Strategy Task Force (“RSTF”).  The Unit will focus on targeting cyber-related misconduct.  The RSTF was established

The initial coin offerings (ICOs) regulatory map has begun to take shape with the U.S. Securities and Exchange Commission (SEC), the Canadian Securities Administrators (CSA), the UK’s Financial Conduct Authority (FCA), Singapore, Hong Kong, China and Australia offering their opinions on ICOs.  The FCA recently stated that ICOs are “very high-risk, speculative investments.”  The Dubai