Photo of Adam D. Kanter

On February 9, 2022, the Securities Exchange Commission (“SEC” or “Commission”) voted 3-1 to propose rules, forms and amendments concerning cybersecurity risk management, as well as registered investment adviser and fund disclosures. As we have previously discussed, the proposal under the Investment Advisers Act of 1940 (Advisers Act) and the Investment Company Act of

On February 9, 2022, the US Securities and Exchange Commission (SEC) voted to propose several new rules and amendments to existing rules that would significantly alter the current requirements for investment advisers and funds, with one proposal specifically focused on private funds and the other focused on cybersecurity.

Continue reading.

On April 16, 2019, the staff from the Office of Compliance Inspections and Examinations (the “OCIE”) of the US Securities and Exchange Commission (“SEC”) published a Risk Alert describing privacy and related customer information safeguarding issues it has identified in recent examinations of registered investment advisers and broker-dealers (“Registered Entities”).1 These issues continue to

On September 23, 2018, the North American Securities Administrators Association, Inc. (“NASAA”) released a proposed model rule for state-registered investment advisers (“state RIAs”) that would impose new information security and privacy requirements (the “Cyber Proposal”).1 NASAA intends the Cyber Proposal to provide state RIAs with a basic structure for implementing information security policies, procedures

On September 26, 2018, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered broker-dealer/investment adviser (the “Registrant”) for allegedly violating the Gramm-Leach-Bliley Act Safeguards Rule (Regulation S-P) and the Identity Theft Red Flags Rule (Regulation S-ID).1 The Registrant allegedly violated the SEC’s rules by failing to implement appropriately designed

The compliance date is fast approaching for the US Securities and Exchange Commission’s recently adopted amendments to Form ADV. Initial or amended Form ADVs filed on or after October 1, 2017 (with limited exception, as discussed in this Legal Update) must comply with the amendments. Among other things, the amendments require advisers to provide additional

On August 7, 2017, the Office of Compliance Inspections and Examinations (“OCIE”) of the US Securities and Exchange Commission (“SEC”) announced the results of its second cybersecurity examination initiative.1 This initiative built on the SEC’s 2014 cybersecurity examination initiative (“Cybersecurity 1 Initiative”) but “involved more validation and testing of procedures and controls surrounding cybersecurity

On September 22, 2015, the US Securities and Exchange Commission (“SEC”) brought and settled charges against a registered investment adviser (the “RIA”) for violations of the Gramm-Leach-Bliley Act’s “safeguards rule” adopted under Regulation S-P.1 These violations occurred immediately prior to a cybersecurity breach of the RIA’s systems, in which the hackers may have obtained

In a bylined article, Cybersecurity & Data Privacy partner Rajesh De, Financial Services Regulatory & Enforcement partner Jeffrey P. Taft, Corporate & Securities associate Adam D. Kanter, and Financial Services Regulatory and Enforcement associate Matthew Bisanz (all Washington DC) examine the SEC’s continued focus on cybersecurity.

Continue reading.