Covered institutions will need to review their cybersecurity and incident response policies and procedures ahead of the applicable compliance deadline.

By Robert Blamires, Laura Ferrell, Daniel Filstrup, Jennifer Howes, and Sarah Zahedi

The Securities and Exchange Commission (SEC) recently1 adopted amendments to Regulation S-P that expand the scope of requirements applicable to brokers, dealers, investment companies, SEC-registered investment advisers, and foreign (non-resident) SEC-registered brokers, dealers, investment companies, and investment advisers (together, Covered Institutions) in order

Companies should take steps now to prepare for the new rules and expectations.

By Jennifer C. Archie, Tony Kim, Serrin Turner, Alexander L. Stout, Ryan J. Malo, and James A. Smith

The US government continues to expand regulatory requirements around notification and disclosure of major cyberattacks or incidents. New measures are arriving on the heels of high-profile ransomware attacks on US companies and critical infrastructure, such as the Colonial Pipeline hack that caused gas shortages in the eastern United States last summer.

Announced shared cybersecurity priorities across the Executive Branch include:

  • Cyber hygiene in the public and private sector, especially where critical infrastructure is involved
  • Operational collaboration between the public and private sector for tier one events
  • Disruption of the flow of cryptocurrency or other consideration to attackers
  • Fulsome, accurate, timely disclosure to investors and other stakeholders
  • Comprehensive reporting of incidents