On December 5, 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued sanctions against Evil Corp, a Russian cybercriminal organization that is known for distributing the Dridex malware. Dridex is a banking trojan that has been used to target financial institutions across the globe and has resulted in more than $100 million […]
Cyber Risk
Critical Audit Matters Disclosure Implicates Information Technology and Security
As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls. Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]
SHIELD Act Overhauls New York’s Data Breach Notification Framework
On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]
SEC Issues Risk Alert Noting Common Regulation S-P Compliance Issues
The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) has issued a Risk Alert that provides an overview of the most common deficiencies or weaknesses in investment adviser and broker-dealer compliance with the Safeguards Rule, Regulation S-P, based on recent examinations. Placed in context with prior OCIE Risk Alerts concerning cybersecurity practices and Regulation S-P […]
Companion Cybersecurity Disclosure Bills Introduced in U.S. Congress
On February 28 and March 13, 2019, members of the U.S. Senate and U.S. House of Representatives introduced legislation designed to enhance the transparency of cybersecurity risk oversight at certain SEC reporting companies. Although the text of the House bill, H.R. 1731 is not yet publicly available, the bipartisan Senate bill, S. 592, would require […]