In February, the Financial Industry Regulatory Authority released the 2022 Report on FINRA’s Examinations and Risk Monitoring Program, providing guidance to the broker-dealer industry.

Read on for a discussion of key topics addressed in this year’s report.

On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.

Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.

On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to combat cybersecurity violations and misrepresentations.

Read on for analysis of this case and implications for government contractors.

The Securities and Exchange Commission continues to propose rules at a rapid pace. Three of the most recent proposed rules would significantly impact investment advisers by:

  1. Requiring documentation of registered investment adviser compliance reviews;
  2. Establishing cybersecurity risk management and reporting requirements for investment advisers, investment companies and business development companies;
  3. Updating and accelerating beneficial ownership reporting requirements.

Read our alert to learn more about the proposed rules and their potential impacts on investment advisers.

On Feb. 10, the Senate Judiciary Committee approved the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which targets the online proliferation of child sexual abuse material by paring back online service providers’ broad immunity under the Communications Act of 1934.

Read on for analysis of this legislation, which could open websites and tech platforms to civil lawsuits and state criminal charges for user-created content hosted on their websites.

Investing in artificial intelligence (AI) companies has become a riskier and more involved process than in previous years.  Companies need new processes and tools to follow the more stringent AI regulations that are on the horizon (at least in Europe and the United States).  Regulators are discussing how best to structure AI regulations in order to align risk management with optimizing the potential value creation of these technologies.  Investors should take a similar approach in their investment strategy. Read on for a discussion of the considerations investors should keep in mind as they vet their investment pipeline.

Continue Reading Tech Investing Part III: Investing in AI

Threats to cybersecurity and data privacy are constantly increasing both in volume and complexity.  This trend is expected to continue in 2022.  In a bid to protect cybersecurity and ensure data is properly safeguarded, countries around the world are introducing new laws focused on cybersecurity and data protection.  Armed with new legal frameworks, regulators and law enforcement are placing onerous obligations on organisations who fall victim to cybersecurity breaches.  There are shorter deadlines in which to notify the authorities of data breaches and ever increasing fines and penalties for businesses that fail to respond swiftly and appropriately to a cyberattack.

In this ever-changing area what is on the horizon for 2022?

Continue Reading Cybersecurity and Data Privacy – What to expect in 2022

On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.

Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.

On Oct. 6, the Department of Justice announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.”

Read on for details and analysis of this new enforcement initiative and what it means for federal contractors.

On Sept. 15, the Federal Trade Commission issued a policy statement emphasizing that developers of health apps and other connected devices and their service providers must meet breach notification requirements under the Health Breach Notification Rule, including a rapid 10-day notice period to the FTC and a 60-day notice period to individuals and the media. The FTC statement also warned that it would bring enforcement action — and violations could result in civil penalties of $43,792 per violation, per day.

Read on for details about the notification rule and critical next steps for impacted entities.