Engage with the U.S. SEC’s Crypto Task Force and Shape the Future of Crypto Regulation
On February 21, 2025, Commissioner Hester Peirce of the U.S. Securities and Exchange Commission (SEC) issued a statement inviting public input on a wide range of issues related to crypto assets and blockchain technology (the Statement). Although the Statement was issued by Commissioner Peirce in her individual capacity and does not necessarily reflect the views of the Commission or other Commissioners, it resembles a concept release in its scope and format, inviting public input on a wide range of issues concerning crypto assets and blockchain technology.
(more…)
Artificial Intelligence: U.S. Securities and Commodities Guidelines for Responsible Use
Despite recent focus on artificial intelligence (AI) by U.S. financial regulators, the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Financial Industry Regulatory Authority (FINRA) have not yet issued new regulations specifically addressing the use of AI. Nonetheless, during the Biden administration, guidance from these agencies emphasized the necessity of responsible use of AI within existing regulatory frameworks, urging market participants to exercise additional diligence to navigate compliance risks associated with AI usage.
Action Items for U.S. Public Companies for 2025
Rapid rulemaking and aggressive enforcement by the SEC, combined with legislative, judicial, and regulatory developments, have created new requirements and expectations for U.S. public companies.
U.S. SEC Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information Amendments Adopted
On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) adopted amendments to its Regulation S-P. These final amendments impose significant cybersecurity requirements for several SEC-registered entities and transfer agents registered with another appropriate regulatory agency, including with respect to these entities’ policies and procedures, incident response and notification procedures, and cybersecurity risk management.
U.S. SEC Division of Exams Announces 2024 Examination Priorities
On October 16, 2023, the U.S. Securities and Exchange Commission (SEC) Division of Examinations (EXAMS or Division) issued its annual examination priorities, which, for the first time, was published at the start of the SEC’s fiscal year to “better inform investors and registrants of key risks, trends, and examination topics” the Division intends to focus on in the coming year.1
Latest Wave of SEC Off-Channel Communications Enforcement Actions: Five Takeaways
On September 29, 2023 — the last business day of its fiscal year — the U.S. Securities and Exchange Commission (SEC) issued the latest in a series of actions charging 10 firms with recordkeeping failures in connection with employees’ use of unapproved applications on personal devices to engage in communications relating to the firms’ business (known as “off-channel communications”).1 The firms charged included broker-dealers, investment advisers, and dually registered broker-dealers and investment advisers as well as one family of firms that self-reported conduct to the SEC. To date, the SEC has charged over 40 registrants and leveled over $1.6 billion in penalties as part of its off-channel communications matters. Other regulators, including the Commodity Futures Trading Commission (CFTC), have brought similar cases.
SEC’s Cybersecurity Disclosure Rules Are Here. Is Your Company Ready to Comply?
Companies are facing more attacks on their information systems. And, as their cyber risk skyrockets, the SEC has stepped in with new regulations, telling businesses what to disclose about these incidents — and requiring detailed disclosures on cyber risk management more broadly. With the deadline for compliance fast approaching, businesses are scrambling to mitigate their legal risk and comply with regulations that some say may be an overreach.
SEC Proposes Sweeping New Rules on Use of Data Analytics by Broker-Dealers and Investment Advisers
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC or Commission) proposed new rules for broker-dealers (Proposed Rule 15(1)-2) and investment advisers (Proposed Rule 211(h)(2)-4) on the use of predictive data analytics (PDA) and PDA-like technologies in any interactions with investors.1 However, as discussed below, the scope of a “covered technology” subject to the rules is much broader than what most observers would consider to constitute predictive data analytics. The proposal would require that anytime a broker-dealer or investment adviser uses a “covered technology” in connection with engaging or communicating with an investor (including exercising investment discretion on behalf of an investor), the broker-dealer or investment adviser must evaluate that technology for conflicts of interest and eliminate or neutralize those conflicts of interest. The proposed rules would apply even if the interaction with the investor does not rise to the level of a “recommendation.”
U.S. SEC Public Company Cybersecurity Disclosure Regulation Finalized With Swift Effective Date
On July 26, 2023, the U.S. Securities and Exchange Commission finalized its rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (the Final Rule), which will become effective 30 days following publication in the Federal Register. The Final Rule applies to all public companies subject to the reporting requirements of the Securities Exchange Act of 1934, including foreign private issuers, smaller reporting companies, and business development companies, and will require disclosure of material cybersecurity incidents on Form 8-K and Form 20-F and periodic disclosure of cybersecurity risk management, strategy, and governance in annual reports on Form 10-K and Form 20-F.
U.S. Congressional Leaders Introduce Two Landmark Bills to Create a Digital Assets Regulatory Scheme
This week, two committees in the House of Representatives will mark up legislation intended to clarify the regulatory framework applicable to digital assets in the United States. Earlier this month, leaders in the U.S. Senate also introduced legislation to establish a comprehensive and unified regulatory scheme for digital assets and digital asset derivatives.1 Both the House and Senate bills seek to integrate the regulation of digital assets and digital asset derivatives into the existing U.S. regulatory framework — primarily that of the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) — rather than create a standalone framework, but both bills face significant barriers to enactment.
