Compliance, Enforcement, Regulatory, Standard of Care

Cyber Siege and Artificial Intelligence: These Aren’t Your Parents’ Cyber Threats

October 11, 2023 Clifford E. Kirsch, Editor Leave a comment

From Brian Rubin, Michael Bahar and Soroosh Faegh in NSCP Currents:

Everyone has been talking about Artificial Intelligence or AI. Broker-Dealers (BDs) and Investment Advisers (IAs) need to be particularly vigilant in addressing AI cybersecurity threats. The SEC has recognized these threats through a slew of recent pronouncements and proposed rules.

AI presents enormous opportunities, but it is also rapidly evolving the cyber threat, so BDs/AIs would do well to strongly consider re-assessing their policies, procedures, and plans to reasonably ensure they are incorporating the latest AI threats into their incident response, information security, and business continuity plans, their cybersecurity disclosures and board agendas, as well as their approach to consistent and coordinated communications. Indeed, AI’s threats may not be your parents’ cyber threats.

SEC expands the Names Rule

October 3, 2023 Clifford E. Kirsch, Editor Leave a comment

On September 20, 2023, the US Securities and Exchange Commission (SEC) voted by a 4-1 margin to adopt amendments to the fund “Names Rule” (Rule 35d-1) under the Investment Company Act of 1940. The amendments greatly expand the scope of the rule, but relax some of the compliance requirements that were originally proposed.

Consistent with the proposal, the final amendments expand the scope of the rule to require funds with names that suggest a focus in investments that have, or issuers that have, “particular characteristics” to adopt an 80% investment policy.
The final amendments retain the rule’s original language requiring funds to comply with their 80% policies “under normal circumstances” and “at the time of investment,” but add a requirement that funds must review compliance with their 80% policies no less frequently than quarterly, in lieu of the continuous monitoring that was proposed.

In a departure from the proposal, the final amendments do not require unlisted closed-end funds and BDCs to adopt their 80% policies as fundamental policies, rather, the amended rule states that such funds may not change their policies without a majority shareholder vote, unless the fund conducts a tender offer prior to the change, provides notice of the change prior to the tender offer, shares are repurchased at net asset value, and the tender offer is not oversubscribed.

Emoji Enforcement: Surely you can’t be serious

June 14, 2023 Clifford E. Kirsch, Editor Leave a comment

From Brian Rubin in NSCP Currents:

During this year’s annual FINRA conference, a panel of officials announced that in connection with retaining and supervising electronic messages, firms might have to begin reviewing emojis to determine whether they constitute reportable customer complaints.

FINRA’s proclamation appears to be problematic for firms. First, FINRA didn’t announce whether technology exists to find, let alone, translate emojis. Second, emojis are constantly being added. Finally, the meaning of emojis depends on context and the “space-time continuum,” including the generation bracket of the sender and recipient. For example, the thumbs up emoji 👍used to mean, “good job,” but for Gen Z-ers, it’s more of an insult about something you botched, rather than a positive sign, and sometimes it means, “sure, whatever” in response to something you’ve said. Without industry consultation about these issues, it’s easy to predict what will happen next: 😡.

Costly 13F Filing Violations, ChatGPT Policy Considerations, Insight Into New Fiduciary Rule Proposal: Lessons Learned & Worth Reading for March 2023

March 23, 2023 BDIA Editors Leave a comment

ACA Group’s Lessons Learned and thought leadership:

Failure to Follow the Rules Can Be Costly
“Does Your Company Need a ChatGPT Policy? Probably”. Chat GPT is a certainly a hot topic. The New York University School of Law’s Program on Corporate Compliance and Enforcements raises thoughtful considerations.
Communicating with the SEC When Your Organization Suffers a Cybersecurity Incident. MoFo (Morrison Foerster) provides some tips about when to proactively report hacking incidents to the SEC.
NYDFS Issues Guidance on Virtual Currency Custody Practices. For those following the evolving virtual currency custody environment, Dechert’s Financial Services Group recently addressed the New York Department of Financial Services’ (NYDFS) guidance.
The DOL’s New Fiduciary Rule: What We Can Expect. Fred Reish and Joan M. Neri of Faegre Drinker weigh in on the DOL’s anticipated new fiduciary rule proposal.

Additional thought leadership and Insights can be found here.

Compliance, Enforcement, Regulatory