On March 31, 2022, the Securities Industry and Financial Markets Association (“SIFMA”) released its after-action report on Quantum Dawn VI – a global financial-markets cybersecurity exercise.
Quantum Dawn VI was conducted on November 18, 2021, with over 1,000 participants from 240 financial institutions and regulatory bodies representing 20 countries. The exercise simulated a large-scale ransomware attack by a state-actor against major global financial institutions and regulators. The scenario was chosen, in part, based upon an observed 93% increase in ransomware ...
In the securities industry, regulators like to say that the compliance professionals are their “partners.” But every so often, those regulators charge one of their compliance partners with rule violations. The compliance community understandably gets unsettled, expresses concern, and regulators respond with a “don’t worry” clarification explaining those charges were driven by unusual “facts and circumstances.” That cycle just completed again.
On March 17, the Financial Institution Regulatory Authority (“FINRA”) issued Regulatory Notice 22-10 to ...
Continuing its active regulatory agenda, the Securities and Exchange Commission on March 9, 2022, proposed new cybersecurity regulations for reporting public companies. Although couched as a series of “disclosure” requirements, the proposed list of required disclosures can be viewed as a de facto prescription of what public companies must do and say on cybersecurity; that prompted Commissioner Peirce to dissent.
The Proposed Rule would require reporting public companies to promptly disclose “material cybersecurity incidents” and their response, updating those ...
The regular “Weekly Update” email from the Financial Industry Regulatory Authority (“FINRA”) had an eye-catching warning February 16, urging broker-dealer member firms to heed the “Shields Up” cyber threat warning from the Cybersecurity and Infrastructure Security Agency (“CISA”) and the FBI.
That warning urged heightened cybersecurity vigilance “related to Russia’s potential destabilizing activities against Ukraine.” The CISA alert said, “While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the ...
On February 9, the SEC proposed new cybersecurity risk management regulations for investment advisers, registered investment companies (funds), and business development companies.
Relying on the Commission’s mission to protect investors and ensure orderly markets, the Release cites increasing cybersecurity threats and emphasized the disruptive consequences and costs (to advisers, funds and investors) of unpreparedness. The Release grounds the Proposal in advisers’ fiduciary duty to clients and the anti-fraud “compliance rule” requiring written policies ...
Over the last couple of decades, the securities self-regulatory organization FINRA (f/k/a NASD) informs its membership each year of what compliance risks are noted by its examination program. Those are risks firms should address and also might be harbingers of enforcement focus for the coming year. Years ago, it was the “Errico Letter” - a friendly reminder from NASD’s Head of Member Regulation. Then it became the Examination Priorities Letter. Now it’s a Report, but with a more useful assemblage of the Rules and Resources applicable to each risk called out.
Some risks have ...
Requiescat Diem. Launched with great fanfare three years ago as Libra, the Facebook/Meta-led blockchain stablecoin effort now called Diem announced January 31 that it will shut down and sell its assets to Silvergate Capital Corporation.
Libra was launched June 18, 2019, with support by many key finance and payments industry participants. Libra aspired to become a worldwide blockchain-based stablecoin payment system. Initially envisioned as a multi-currency stablecoin, Libra was to be backed by a basket of reserve assets including fiat currencies and short-term government ...
The Financial Crimes Enforcement Network (“FinCEN”) unit of the U.S. Department of the Treasury called this week for the nation’s financial institutions to be on the lookout for money flows indicative of environmental crimes. The Notice links environmental crimes to FinCEN’s traditional missions of combatting corruption and international terrorism and money-laundering, but also expressly recites a new ESG mission due to “environmental crimes’ contribution to the climate crisis, including threatening ecosystems, decreasing biodiversity, and increasing ...
In remarks this week at SEC Speaks, SEC Investor Advocate Rick Fleming mused that the “gamification” of securities trading might pose an undue risk that exploits a potential loophole in Regulation Best Interest (“Reg. BI”).
Recall that Reg. BI, adopted in 2019, imposes a “best interest” standard of conduct for broker-dealers when they make a recommendation to a retail customer of any securities transaction or investment strategy. (The Adopting Release). Reg. BI came about after many years of struggle to try to harmonize the fiduciary-duty standard for investment ...
In remarks this week at the SEC Speaks conference, new SEC Enforcement Director Gurbir Grewal said he’s bringing back admissions in SEC settled actions to help spur accountability. Most SEC actions are settled on a “neither admit nor deny” basis.
“When it comes to accountability, few things rival the magnitude of wrongdoers admitting that they broke the law, and so, in an era of diminished trust, we will, in appropriate circumstances, be requiring admissions in cases where heightened accountability and acceptance of responsibility are in the public interest.” Grewal ...