Bylined article by Financial Services Regulatory & Enforcement partner Jeffrey Taft and associates Matthew Bizanz and Leslie Cruz.
Cybersecurity worries regularly lead the news and the boardroom agenda as a major part of the zeitgeist of our time. A single cybersecurity incident can move markets, end careers, or prompt litigation. In this age of cybersecurity, financial institutions have rapidly realized the importance of maintaining robust defenses to protect both customers and the institution from bad actors, whether internal or external.
Reflecting the piecemeal nature of financial services regulation in the United States, federal and state regulators have begun jockeying for position by adapting existing regulations to cybersecurity concerns and by breaking ground with new cybersecurity regulations. Each regulator has taken its own path with respect to the institutions it regulates, and no one approach has become dominant.
For investment advisers registered under the Investment Advisers Act of 1940 (RIAs), the US Securities and Exchange Commission (SEC) is the primary functional regulator. So far, the SEC has taken a path of adapting existing requirements in Regulation S-P to address cybersecurity concerns through the issuance of guidance and enforcement actions.
This article provides an overview of Regulation S-P, discusses how the SEC has interpreted Regulation S-P to address cybersecurity and certain
SEC and FINRA enforcement activities, reviews cybersecurity initiatives undertaken by other regulators and organizations, and offers concluding remarks that may help RIAs with a path forward. Throughout we discuss considerations and takeaways for developing and evaluating cybersecurity compliance for RIAs.
Originally published in The Investment Lawyer
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2019. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.