The SEC has released its Examination Priorities: Fiscal Year 2025 (“Examination Priorities”), which may be a useful roadmap to SEC-registered investment advisers, exchanges, and other entities subject to routine examination by the SEC Division of Examinations (“EXAMS”). The Examination Priorities represent the EXAMS Staff’s identification of areas of heightened risks to investors and/or the integrity […]
Securities and Exchange Commission
SEC Sends a Message to Investment Advisers: Take Secure Data Disposal Seriously
On September 20, 2022, the Securities and Exchange Commission (SEC) settled an enforcement action with a large, registered investment adviser (the Firm) for alleged violations of the Safeguards Rule and the Disposal Rule of Regulation S-P that arose in the context of a data disposal process, imposing a $35 million penalty. Specifically, the SEC […]
SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. Regulation S-ID requires registered financial institutions, broker dealers, and investment advisers […]
Swiss Data Protection Regulator Is Latest to Outline Framework for Transferring Data to the SEC
Entities registered with the U.S. Securities & Exchange Commission (SEC) must maintain certain books and records and can be subject to the SEC’s examination, inspection, and enforcement authority. Responding to SEC requests can require cross-border transfers of personal data, and this has historically risked non-compliance under foreign data protection law. The SEC has been proactive […]
Critical Audit Matters Disclosure Implicates Information Technology and Security
As independent auditors to public companies and business development companies begin to make required disclosure of Critical Audit Matters (CAMs) to the audit committee, such reports are beginning to include discussion of information security programs and information technology controls. Independent auditors have treated material weaknesses in certain information technology controls as material weaknesses in internal […]