Tag Archives: SEC

SEC Adopts New Guidance on Public Company Cybersecurity Disclosures and Insider Trading

Earlier today, our colleagues David Engvall, Keir Gumbs, Reid Hooper, and Matthew Wood in the Securities and Capital Markets practice group posted the below article on the SEC’s new statement and interpretive guidance on public company cybersecurity disclosures and insider trading on the Cov Financial Services blog.  The original article can be read here. On … Continue Reading

The Securities and Exchange Commission and Financial Industry Regulatory Authority Release Examination Priorities for 2017

The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) and the Financial Industry Regulatory Authority, Inc. (“FINRA”) (a private self-regulatory organization overseen by OCIE), recently released their 2017 examination priorities.  It is no surprise to find cybersecurity listed as an examination priority again this year. OCIE and FINRA have repeatedly recognized … Continue Reading

Morgan Stanley to Pay $1 Million Penalty in SEC Cybersecurity Settlement

By Ciarra Chavarria and Keir Gumbs On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal … Continue Reading

Senators Introduce Bill Requiring Cybersecurity Expertise Reports to SEC

On December 17, 2015, Senators Reed (D-RI) and Collins (R-ME) introduced the Cybersecurity Disclosure Act of 2015 (S. 2410), which has been referred to the Committee on Banking, Housing, and Urban Affairs.  According to the press release accompanying the bill, it “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure … Continue Reading

When are Public Companies Required to Disclose that They Have Experienced a Material Data Security Breach?

Recent discoveries of data security breaches have raised a perennial question for public companies:  are public companies required by law or practice to provide material updates to their investors when bad things happen?  The answer can be quite surprising.  Disclosure at the Time of the Event As a threshold matter, federal securities law does not … Continue Reading

SEC Exams of Asset Managers to Include Focus on Cybersecurity

Routine SEC examinations of investment advisers and investment companies this year will include scrutiny of these entities’ cybersecurity policies, an SEC official told attendees Thursday at a national agency-hosted compliance seminar. The SEC’s Regulation S-P, which implements the federal Gramm-Leach-Bliley Act, requires brokers, dealers, investment companies, and registered investment advisers to “adopt policies and procedures … Continue Reading

SEC and CFTC Issue Final Identity Theft Rule

Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft.  The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures … Continue Reading

Surveys Reveal Surprisingly Common Data Security Shortcomings

Despite studies indicating that data security is a top concern for executives and corporate boards — a development we previously blogged about here — barely half of employees are familiar with their company’s information security policies, according to a survey by Forrester Research.  The report explains, “only 56 percent of information workers in North America … Continue Reading

SEC’s Division of Corporation Finance Issues Guidance on Disclosing Cybersecurity Risks

By David Fagan & Steve Satterfield Yesterday, the SEC’s Division of Corporation Finance issued a guidance document regarding public companies’ disclosure obligations relating to cybersecurity risks and breaches.  The guidance responds to a request by Sen. Jay Rockefeller that the SEC clarify its position on this increasingly important issue.  The Division noted that as companies … Continue Reading

SEC Imposes Fines under Regulation S-P for the First Time

On April 7, 2011, the Securities and Exchange Commission announced a total of $55,000 in fines against three former executives of a securities broker-dealer for violations of the privacy and safeguard rules in Regulation S-P.  The fines mark the first time the SEC has imposed administrative fines for violations of these rules.  Copies of the … Continue Reading