In the securities industry, regulators like to say that the compliance professionals are their “partners.” But every so often, those regulators charge one of their compliance partners with rule violations. The compliance community understandably gets unsettled, expresses concern, and regulators respond with a “don’t worry” clarification explaining those charges were driven by unusual “facts and circumstances.” That cycle just completed again.
On March 17, the Financial Institution Regulatory Authority (“FINRA”) issued Regulatory Notice 22-10 to ...
Continuing its active regulatory agenda, the Securities and Exchange Commission on March 9, 2022, proposed new cybersecurity regulations for reporting public companies. Although couched as a series of “disclosure” requirements, the proposed list of required disclosures can be viewed as a de facto prescription of what public companies must do and say on cybersecurity; that prompted Commissioner Peirce to dissent.
The Proposed Rule would require reporting public companies to promptly disclose “material cybersecurity incidents” and their response, updating those ...