On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just SEC registrants to monitor CISA […]
FTC Cautions Against Biased Outcomes in Use of AI and Algorithms
As the healthcare and financial impacts of COVID-19 continue to evolve with the global pandemic, the use of AI technology and associated risks have received greater attention. On April 8, 2020, the FTC posted an extensive summary of its recent enforcement actions, studies, and guidance regarding the use of AI tools and algorithms. The summary […]
SEC Releases Detailed Set of “Cybersecurity and Resiliency Observations”
On January 28, 2020, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) released a detailed set of observations culled from thousands of examinations of registered investment advisers, broker-dealers, clearing agencies, national exchanges, and other SEC registrants (“Observations”). These Observations represent the most detailed compilation of strategies and tools that OCIE has observed to promote […]
Critical Audit Matters Disclosure Implicates Information Technology and Security
As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls. Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]