Tag: SEC

Categories
Daily Compliance News

Daily Compliance News for August 4, 2023 – The Follow Your Passion Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

·       Altice France suspends director. (Bloomberg)

·       The biggest attorney/client privilege case in years.  (FT)

·       SEC tells some Wall Street brokers to get their AML controls in order. (WSJ)

·       Following your passion.  (NYT)

Categories
Blog

SEC Formalizes New Rules on Cyber Breach Disclosures

The SEC has recently voted on new rules that will require companies to disclose material cybersecurity incidents within four days and to make disclosures about their broad cybersecurity risks in their annual report. Tom Fox and Matt Kelly discussed this issue on a recent edition of Compliance into the Weeds. Matt blogged about it on Radical Compliance.

This new set of rules represents a major shift from the past, when companies may have been asked by law enforcement not to disclose an attack until they were done tracking the attackers. The SEC has tried to balance the need for transparency with the need for law enforcement to use the information, and companies can go to the Justice Department to get permission to keep a breach private.

The SEC had originally proposed these rules nearly 18 months ago, in March of 2022. After considering public feedback, the SEC voted on the rules two weeks ago, at the end of July. Companies now have to disclose material cybersecurity incidents within four days of deciding that the incident is material. They must also make disclosures about their broad cybersecurity risks and how they manage those risks in their annual report. This includes disclosing the impact of the breach, such as the financial consequences and any qualitative effects.

The SEC has also proposed a rule that would require companies to disclose the cyber expertise of their board directors. However, this was changed due to public feedback that most of cyber risk management is done at the management level. The two Republican commissioners objected to the rule, saying it was too extensive and unnecessary, and arguing that the SEC was trying to dictate how companies should run their cybersecurity functions. The US Chamber or other groups may try to litigate over the rule, but for now, companies must disclose or discuss the processes for assessing, identifying, and managing material risks from cybersecurity threats.

The Head of the SEC Enforcement Division recently gave a speech about disclosing cybersecurity incidents and what his division looks at for bad practices that might lead to an enforcement action. The SEC Enforcement Director zeroed in on the misleading disclosure and said companies cannot engage in such conduct. He gave examples of companies who have suffered enforcement actions long before any of the new rules were adopted. First American Title Insurance and Pearson both gave misleading disclosures to investors about the nature of the breaches they suffered. First American thought the breach was not material and announced it was not a big deal, but their IT team later realized it was a big deal. Pearson suffered an extensive breach and disclosed to investors that there may have been some exposure of confidential data, when they already knew there was no ‘may’ involved. Companies need to disclose the severity of the incident and the reality of what actually happened.

To ensure compliance with the new rules, companies need to have proper policies for handling cybersecurity incidents that are useful and relevant to their company. Companies cannot simply copy language from a regulation and paste it into their policy manual and declare victory. They need to be clear and relevant to their employees about how to find red flags and how to respond to them.

We took a deep dive into the policy choice of transparency over use of information by law enforcement. Companies can go to the Justice Department and get permission from the Attorney General to keep a breach private if it is a threat to national security or public safety. Companies can then take that permission back to the SEC and tell the SEC the company will not disclose the breach for 30 days. Companies can then go back to the Attorney General’s office for another 30-day extension to keep the breach private. The SEC has tried to cut the baby in half by creating a process to keep some breaches private, but they have made clear they do not want corporate or lawyer-led gamesmanship around these disclosures and want a solid informational disclosure.

As this new rule is sure to have a major impact on how companies handle cybersecurity incidents in the future, it is important for companies to be aware of the new rules and the potential consequences of not complying. Companies need to have proper policies in place to ensure compliance, and they need to be sure to provide accurate and timely disclosures about any material cybersecurity incidents.

Categories
Compliance Into the Weeds

Compliance into the Weeds: SEC Rules for Cyber Breach Disclosure

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt consider the new SEC rules on cyber breach disclosures.

This new era of cyber security calls for increased accountability and transparency from companies to protect investors and citizens from cyber threats. The U.S. Securities and Exchange Commission (SEC) recently adopted new cyber disclosure rules requiring companies to disclose material cybersecurity incidents and risks in their annual reports. This policy change will require companies to analyze and disclose the impacts of any material cybersecurity incidents, as well as any potential exemptions from disclosure that companies may seek.

 Key Highlights 

·      New Cyber Breach Disclosure Rules

·      Material Breaches

·      Role of the Board

 Resources

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: July 28, 2023 – The New Cyber Disclosure Rules Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Zelensky warns about corruption. (FT)
  • New cyber disclosure rules go into effect. (AP)
  • Najib deposed in 1MDB case. (Bloomberg)
  • Cognizant investigation not outsourced. (WSJ)
Categories
Daily Compliance News

Daily Compliance News: July 5, 2023 – The Too Big to Manage Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance related stories to start your day. Sit back, enjoy a cup of morning coffee and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership or general interest for the compliance professional.

  • More on CA Supreme Court expansion of whistleblower protection. (Law360)
  • Are banks too big to manage? (WSJ)
  • SEC charges window maker and its ex-CFO over accounting violations. (Reuters)
  • Corruption still bedevils Lebanon. (PBS)
Categories
Daily Compliance News

Daily Compliance News: June 28, 2023 – The Forget the SEC Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition:

  • SBF loses bid to have criminal charges tossed. (Reuters)
  • Hertz Ex CEO wins clawback attack. (Law360)
  • Zambia police arrest former President’s son on corruption charges. (VOA)
  • Will ICRS become the global climate reporting standard? (WSJ)
Categories
Daily Compliance News

Daily Compliance News: June 27, 2023 – The Wells Notices Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Solar Winds execs receive Wells Notice. (Reuters)
  • Corruption hindering PdVSA. (InSight Crime)
  • Inhouse lawyers grapple with ESG demands. (FT)
  • SEC wants more information from small banks. (WSJ)
Categories
Blog

Messaging Compliance in a Shifting Regulatory Landscape: U.S. Regulatory Compliance

Are you ready to learn how to implement electronic communications capture and supervision in your firm for better compliance and prevention of regulatory violations? Is messaging compliance giving your compliance function headaches? Welcome to a special 5 part blog post series on messaging compliance in a shifting regulatory landscape, sponsored by Global Relay. In this Part 1, I visited with Chip Jones on the current US regulatory landscape for messaging apps.

The importance of capturing and supervising electronic communications cannot be overstated for financial services compliance professionals. By properly managing these communications, you are taking a proactive approach to preventing potential regulatory violations and protecting both your personal and professional reputation. Through implementing a robust communication compliance policy, training your employees, and establishing a monitoring process, you can ensure a secure and compliant environment in which your firm can thrive.

Here are the key steps:

  • Understand electronic communication regulations;
  • Choose a reliable communication capture tool;
  • Implement a clear communication compliance policy;
  • Train employees on communication best practices; and
  • Establish a monitoring and supervision process.

 1. Understand electronic communication regulations.

In the ever-evolving world of financial services, electronic communication regulations play a critical role in ensuring transparency, accountability, and compliance. Familiarizing yourself with these regulations is the first essential step in implementing effective Electronic Communications Capture and Supervision (ECCS) processes at your firm. By understanding the governing rules and industry standards, financial service professionals can avoid potential pitfalls and unwarranted regulatory scrutiny.

In light of the SEC’s enforcement actions against large investment banks, it becomes apparent how crucial it is to stay informed of these regulations and maintain proactive supervision. The use of electronic communication tools, enables firms to monitor their internal communications closely and prevent regulatory violations. One effective method is to actively flag specific phrases and keywords that indicate off-channel communications, which in turn draws attention to and helps monitor those potential risks.

2. Choose a reliable communication capture tool.

Implementing electronic communication capture and supervision within a financial firm is essential for ensuring compliance with regulatory requirements and maintaining a transparent and accountable work environment. When choosing a reliable communication capture tool, it is crucial to consider its effectiveness in monitoring and archiving all forms of electronic communication within the organization. This includes emails, instant messages, social media interactions, and any other relevant communication channels. A dependable tool should be able to capture and retain all electronic communications while additionally providing the option to search, analyze, and review the retained data for potential regulatory violations or areas of concern.

One way their solution helps is by tracking phrases and words that may suggest an attempt to shift discussions to off-channel platforms. This raises a red flag, which allows compliance professionals to identify potential violations and take appropriate action. The Securities and Exchange Commission (SEC) is increasingly focusing on individuals within firms who breach regulatory guidelines. As a result, the SEC may impose stronger consequences such as termination or monetary actions to deter similar violations from occurring.  The implementation of a reliable communication capture tool is essential for a firm’s overall compliance efforts, as it helps promote transparency and instills accountability within the organization.

Ensuring that electronic communications are monitored and retained reduces the likelihood of rogue representatives pushing unsuitable investments or engaging in other illegal activities. Furthermore, the use of reliable tools can provide financial firms with a solid foundation for communication compliance supervision, which regulators are increasingly emphasizing. As compliance professionals are likely to face more individual-level enforcement actions, firms must have the right tools and processes in place to maintain compliance and mitigate potential risks.

 3. Implement and train employees on a clear communication compliance policy.

Implementing a clear communication compliance policy is an essential step in ensuring your firm’s electronic communications are appropriately supervised and within regulatory requirements. By establishing a well-structured policy, compliance professionals can effectively monitor and mitigate potential risks, which may result in regulatory violations and penalties. A comprehensive compliance policy should address the monitoring of on- and off-channel communications, identify patterns of misconduct, and establish procedures to escalate and resolve potential issues.

A robust policy should educate employees on the importance of proper communication compliance and the dangers of using personal devices for business communications.  The regulators, including the SEC, are closely monitoring and enforcing communication compliance rules, increasing the potential for individual-level actions, such as termination or monetary penalties, against those violating such requirements.  Understanding and implementing a communication compliance policy is crucial for financial services compliance professionals to mitigate the risk of regulatory violations.

By proactively monitoring electronic communications and capturing data, firms can equip their compliance teams with invaluable information to identify and address potential issues early. Moreover, implementing a robust compliance policy can help encourage employees to maintain transparency in their communications and understand the importance of using appropriate channels for business purposes. In doing so, organizations can effectively minimize regulatory risks, protect their reputation, and ensure the highest standard of integrity in their business operations.

In today’s fast-paced financial services industry, ensuring compliance with electronic communication regulations is more vital than ever. By following the steps outlined in this blog post, compliance professionals like you can significantly reduce the risk of regulatory violations and protect your firm’s reputation. Remember, a well-thought-out communication compliance policy, coupled with employee training and a reliable communication capture tool, can provide the foundation for a robust compliance program. Don’t hesitate to take action – invest in the right tools and processes to safeguard your firm’s future.

Join us tomorrow when we ask the provocative question: Is Regulation stifling innovation?

Categories
Corruption, Crime and Compliance

Crypto Conundrum: Coinbase vs. SEC – A Deep Dive with Matt Stankiewicz

The complex relationship between digital currencies and global financial regulations is highlighted yet again with the SEC’s recent crack down on major crypto exchanges Binance and Coinbase. Michael Volkov welcomes Matt Stankiewicz, also known as Crypto Max, to share his insight on these ongoing cases. He discusses the implications these enforcement actions might have on the industry, the securities law-related legal issues, and the internal mechanics of these exchanges.

Matt Stankiewicz is a Managing Counsel at The Volkov Law Group. His expertise includes financial regulation and compliance, with a focus on securities, anti-money laundering (AML), and cryptocurrency regulation. Given his professional background and interest in crypto regulations, he is a frequent speaker on legal matters concerning cryptocurrency exchanges and the SEC.

 

You’ll hear Michael and Matt discuss:

  • The SEC’s enforcement actions hinge on their assertion that Binance was serving US customers without the proper registration, thereby violating securities laws. They allege that Binance knowingly allowed and even encouraged US customers to utilize their offshore platform, enhancing their profits and trading volumes but breaching US regulations in the process.
  • Rather than directly challenging the status of specific tokens, the SEC is targeting exchanges like Binance and Coinbase. By regulating these exchanges, the SEC could effectively control the access points to the crypto industry, thus having a broader impact.
  • Binance is preparing for a legal fight with the SEC over these compliance issues, including allegations of wash trading to artificially inflate trading volume. The platform’s potential troubles are linked to similar issues faced by FTX and their trading arm, Alimator Research.
  • Given the recent pattern of the SEC bringing complaints without the DOJ pursuing criminal cases, it’s unlikely that the DOJ will bring a criminal case against Binance. 
  • Coinbase’s IPO was approved by the SEC despite allegations that the company had engaged in illegal activities related to the trading of unregistered securities. The SEC argues that the approval of an IPO doesn’t guarantee the legality of the company’s underlying operations, but this could be seen as contradictory to the SEC’s stated role of protecting investors.
  • Coinbase, in attempting to comply with securities regulations and being continuously rebuffed by the SEC, is the most compliant cryptocurrency exchange. However, should the SEC crack down on Coinbase and other major U.S. exchanges, it could push investors to offshore exchanges where the SEC has limited jurisdiction and where there is a higher risk of fraud. 

 

KEY QUOTES

“The SEC is taking obvious actions to show that they are very aggressive in their enforcement actions.” – Matt Stankiewicz

 

“This is a perfect reminder for everyone listening, whether you’re into crypto or not. If you are working internally with your email or you’re in [a] corporate chat, that can all be discoverable in future litigation. And you need to be careful what you say.” – Matt Staniewicz

 

“It is a very poor look in the court of public opinion for the SEC to stand on the ground of saying, ‘We are here to protect investors,’ but [avoid] stopping this before investors have a chance to throw all their money in that IPO.” – Matt Stankiewicz

 

Resources

Matt Stankiewicz on LinkedIn

Categories
Daily Compliance News

Daily Compliance News: June 16, 2023 – The Goldman Probed Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • SEC and FED looking at Goldman roll in failed SVB. (WSJ)
  • Ecommerce and forced labor. (NYT)
  • Former Ukrainian Judge gets 10 years for corruption. (RadioFreeEurope)
  • Senate confirms first Muslim, female judge. (Reuters)