U.S. Congressional Leaders Introduce Two Landmark Bills to Create a Digital Assets Regulatory Scheme

This week, two committees in the House of Representatives will mark up legislation intended to clarify the regulatory framework applicable to digital assets in the United States. Earlier this month, leaders in the U.S. Senate also introduced legislation to establish a comprehensive and unified regulatory scheme for digital assets and digital asset derivatives.1 Both the House and Senate bills seek to integrate the regulation of digital assets and digital asset derivatives into the existing U.S. regulatory framework — primarily that of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) — rather than create a standalone framework, but both bills face significant barriers to enactment.

(more…)

Cybersecurity and Environmental Fraud Top Priorities of U.S. Commodity Futures Trading Commission Division of Enforcement

Just before Americans began their Fourth of July holiday, the U.S. Commodity Futures Trading Commission (CFTC) Division of Enforcement Director announced that the division has established two key task forces: the Cybersecurity and Emerging Technologies and the Environmental Fraud Task Force.1 Both task forces will be staffed with attorneys and investigators across the Division of Enforcement with the goal of serving as subject matter experts and prosecuting cases. As a result, CFTC registrants should be prepared for heightened focus on cybersecurity and environmental fraud, particularly in the derivatives and relevant spot markets.

(more…)

How the China Personal Information Protection Law Applies to Foreign Asset Managers

Since China’s Personal Information Protection Law (PIPL) came into effect in November 2021, there has been widespread uncertainty amongst offshore fund managers and investors with entities outside Mainland China as to how and whether the regime applies to them. Given the potential for foreign asset managers to overlook or misinterpret PIPL, this brief update outlines some guidance as to how PIPL can apply, and to whom, in a practical context.

(more…)

The Future of UK Open Banking: Joint Regulatory Oversight Committee Issues Recommendations

The committee of government and regulatory authorities responsible for open banking in the UK has set out its plans and timeframes for expanding and developing infrastructure, standards, and processes for the sector. Central among these are proposals to improve the performance of interfaces among relevant firms, mitigate financial crime risks, and ensure that end users receive sufficient information and are protected if something goes wrong. This Sidley Update summarises the proposals and key points for firms.

(more…)

Regulatory Update: National Association of Insurance Commissioners Spring 2023 National Meeting

The National Association of Insurance Commissioners (NAIC) held its Spring 2023 National Meeting (Spring Meeting) March 21–25, 2023. This Sidley Update summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Spring Meeting. Highlights include continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, continued discussion of considerations related to private equity (PE) ownership of insurers, new initiatives to address innovation and technology in the insurance sector, and continued development of a new consumer privacy protections model law.

(more…)

Broker-Dealers and Investment Advisers Should Double-Check Their “Identity Theft” Programs: SEC Division of Examinations Issues Risk Alert on SEC’s Identity Theft Red Flags Rule, Regulation S-ID

On December 5, 2022, the Division of Examinations of the Securities and Exchange Commission (SEC) released a Risk Alert discussing its observations on Regulation S-ID (Reg. S-ID) from recent examinations of SEC-registered investment advisers and broker-dealers.  Reg. S-ID, the SEC’s implementation of the identity theft red flags rule, requires SEC-regulated financial institutions and creditors to develop and implement an identity theft prevention program (Program) with written policies and procedures that are updated periodically.  The requirements for the Program are outlined in the text of Reg. S-ID, and there are guidelines in Appendix A to assist firms in creating and maintaining a compliant Program.  As Reg. S-ID applies to both SEC and Commodity Futures Trading Commission-regulated entities, financial institutions and creditors should consider their compliance programs accordingly.

(more…)

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period. The amendment is available for a sixty-day comment period – until January 9, 2023 – after which the agency may adopt final regulations or issue a further revised version.

(more…)

CFPB Begins Rulemaking on Data Access and Portability

The Consumer Financial Protection Bureau (CFPB) on October 27, 2022 took the long-anticipated first step to issue a regulation implementing Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This followed a preview by CFPB Director Rohit Chopra at the Money 20/20 conference on October 25 in which he outlined the “CFPB’s new approach to regulation,” which is designed to create “catalysts for more competition.” With respect to Section 1033, Director Chopra said that the CFPB is “exploring safeguards to prevent excessive control or monopolization by one, or even a handful of, firms” and will be working toward avoiding regulations that could be “rigged in favor of some players over others.” Director Chopra’s focus on competition as an essential element of consumer protection has been a hallmark of his directorship.