Tag Archives: SEC

SEC and DOJ Bring First-Ever Crypto Insider Trading Actions

Key Takeaways:

The U.S. Securities and Exchange Commission (“SEC”) and U.S. Department of Justice (“DOJ”) have brought the first-ever insider trading actions involving cryptocurrency against a former manager of Coinbase, one of the largest U.S. crypto asset trading platforms, and two tippees for sharing or trading upon confidential information relating to the planned listing of various cryptocurrencies on Coinbase.
The SEC’s securities fraud charges are based on its longstanding position that certain cryptocurrencies are investment contracts and therefore “securities” subject to the SEC’s jurisdiction.…

Bitcoin Takes A Hit As Cryptocurrency Advertising Faces Increased Scrutiny

Crypto is a Greek prefix meaning “secret” or “hidden.” Unless you live under a rock, or in one of several countries like Bolivia where buying and selling it is illegal, there is nothing secret or hidden about cryptocurrency. It’s everywhere. And public interest in cryptocurrency has led to lots of advertising, mostly on social media and the internet.

Spurred on by an incredible—some might say too-good-to-be-true—increase in value in late 2017,… More

SEC Proposes Rule Requiring Investment Advisers to Adopt Business Continuity and Transition Plans

A cross-post from our colleagues contact Catherine M. Anderson and Kate Leonard of the firm’s Investment Management group, with the reminder that “[m]aintenance of critical operations and systems, and the protection, backup, and recovery of data in the event of a significant business disruption….” More

Cybersecurity News & Notes – June 13, 2016: A Brief Digest of Cybersecurity News You Can Use

In Case You Missed It: The SEC fined Morgan Stanley $1 million for a 2014 data breach. While the FTC had declined to pursue an enforcement action, blaming the breach on technical issues rather than any actions or omissions on the part of Morgan Stanley, the SEC reached a different conclusion. The SEC faulted Morgan Stanley for, among other things, failing to have adequate and up-to-date cybersecurity policies and for failing to correct gaps and flaws in its security systems. … More

CFTC Approves NFA Interpretive Notice on Information Systems Security Programs, Including Cybersecurity Guidance

By Catherine M. Anderson and Kate Leonard

The CFTC recently approved the National Futures Association’s interpretive notice (the “Cybersecurity Notice”) on the general requirements that members should implement for their information systems security programs (“ISSPs”), which includes cybersecurity guidance and ongoing testing and training obligations.

The Cybersecurity Notice will be effective March 1, 2016 and applies to futures commissions merchants, commodity trading advisors,… More

The FTC’s Broad Authority and FTC v. Wyndham: Thinking about the Future of Data Privacy Regulations

What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses is its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of US-EU “safe harbor” system is a useful reminder of the differences between the way the European Union and the U.S. handle questions of data privacy: whereas, generally speaking, in the EU data privacy standards are relatively uniform,… More

What is reasonable? The emerging legalities of cybersecurity post-Wyndham

This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision:

Historically, security was an issue reserved in a back room for the IT department, if there were even a budget and ample resources. To the public, cybersecurity meant identity theft and proceeded with business as usual with the comfort of an anti-virus protection that may have come with their computer.… More

The SEC Charges Investment Adviser with Violating Regulation S-P by Failing to Adopt Cybersecurity Policies and Procedures

In recent years, the SEC has been focused on cybersecurity. It has issued risk alerts, conducted examinations and provided guidance about what the agency sees as widespread weaknesses in many policies and procedures to protect against cyberthreats. The SEC has now taken the next step: a few days ago, the SEC brought its first-ever enforcement action for a violation of Regulation S-P, 17 C.F.R. § 248.30(a) – known as the “Safeguards Rule” – against an investment adviser that was itself the victim of a security breach in which hackers stole customer information.… More

SEC Issues Risk Alert Announcing Second Round of Examinations of Registered Investment Advisers and Broker-Dealers

From our colleagues Catherine Anderson and Lauren Tran, we present this update on OCIE’s 2015 Cybersecurity Examination Initiative: Second Round of Cybersecurity Examinations to Begin

* * *

On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing a second round of examinations of registered investment advisers and broker-dealers under its cybersecurity examination initiative.… More

SEC Issues Cybersecurity Guidance Update for Investment Advisers

By Catherine M. Anderson and Robert G. Sawyer

On April 28, 2015, the SEC’s Division of Investment Management (the “Division”) issued a Guidance Update regarding the SEC’s initiative to assess cybersecurity preparedness and threats in the securities industry, further highlighting this as an important area of focus for the SEC in its compliance initiatives.

The full text of the Guidance Update is available here.… More