Check out our Flash Reports for the latest SEC- and compliance-related news, trends, and insights.
The SEC adopted amendments to Regulation S-P requiring broker-dealers, investment companies, registered investment advisors, and transfer agents to implement and maintain policies and procedures regarding an incident response program that are designed to detect, respond, and recover from unwarranted access or use of client information.
Read MoreOn September 5, 2023, the SEC charged five investment firms who failed to comply with requirements regarding safekeeping of client assets, and/or to timely update disclosures relating to audits of financial statements for private fund’s they advise.
On September 5, 2023, the SEC charged private equity firm Prime Group Holdings LLC with “failing to disclose millions of dollars of real estate brokerage fees” that a fund managed by the firm paid to the firm’s affiliate.
On September 1, 2023, six private equity and hedge fund trade groups sued the SEC to block new private fund reforms adopted in August. The suit was filed in the Fifth Circuit Court of Appeals and argued that the SEC overstepped its statutory authority by adopting sweeping changes with these new rules for private funds.
On Saturday, August 19, 2023, a Kroll employee fell victim to a sophisticated “SIM swapping” cyber-attack, targeting their T-Mobile US., Inc. account. This attack involved the transfer of the Kroll employee’s phone number by T-Mobile to the threat actor’s device at their request.
The SEC states a “covered technology” includes a broker-dealer or investment advisers’ “use of analytical, technological, or computational functions algorithms, models, correlation matrices, or similar methods or processes that optimize for, predict, guide, forecast, or direct investment-related behaviors or outcomes of an investor”.
On July 26th, 2023, the SEC adopted rules requiring public companies “to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance”.