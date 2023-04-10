SEC proposes new requirements to address cybersecurity risks to the US securities markets The Securities and Exchange Commission (SEC) has proposed requirements for broker-dealers, clearing agencies, major security-based swap participants, the Municipal Securities Rulemaking Board, national securities associations, national securities exchanges, security-based swap data repositories, security-based swap dealers, and transfer agents (collectively, "Market Entities") to address their cybersecurity risks. The proposal would require all Market Entities to implement policies and procedures that are reasonably designed to address their cybersecurity risks and, at least annually, review and assess the design and effectiveness of their cybersecurity policies and procedures, including whether they reflect changes in cybersecurity risk over the time period covered by the review. The proposal – through new notification requirements applicable to all Market Entities and additional reporting requirements applicable to Market Entities other than certain types of small broker-dealers (collectively, "Covered Entities") – would improve the SEC's ability to obtain information about significant cybersecurity incidents affecting these entities. Further, new public disclosure requirements for Covered Entities would improve transparency about the cybersecurity risks that can cause adverse impacts to the US securities markets. The proposing release will be published in the Federal Register. The public comment period will remain open until 60 days after the date of publication of the proposing release in the Federal Register. [15 Mar 2023] #CyberSecurity

DoJ investigation leads to takedown of darknet cryptocurrency mixer that processed over $3 billion of unlawful transactions The DoJ has announced a coordinated international takedown of a darknet cryptocurrency "mixing" service responsible for laundering more than $3 billion worth of cryptocurrency, between 2017 and the present, in furtherance of, among other activities, ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes. The operation involved US federal law enforcement's court-authorized seizure of two domains that directed users to the defendant service and one Github account, as well as the German Federal Criminal Police's seizure of the defendant's back-end servers and more than $46 million in cryptocurrency. Coinciding with the takedown efforts, an individual, of Hanoi, Vietnam, was charged in Philadelphia with money laundering, operating an unlicensed money transmitting business and identity theft, connected to the operation of the company. [15 Mar 2023] #Cryptocurrency

FDIC acts to protect all depositors of Silicon Valley Bank The Federal Deposit Insurance Corporation (FDIC) has transferred all deposits – both insured and uninsured – and substantially all assets of Silicon Valley Bank, to a newly created, full-service FDIC-operated bridge bank in an action designed to protect all depositors of the bank. Depositors and borrowers will automatically become customers of the bridge bank and will have customer service and access to their funds by ATM, debit cards, and writing checks in the same manner as before. The bank's official checks will continue to clear. Loan customers should continue making loan payments as usual. The bank was closed by the California Department of Financial Protection and Innovation on 10 March 2023, and the FDIC was appointed receiver. The transfer of all the deposits was completed under the systemic risk exception. All depositors of the institution will be made whole. No losses associated with the resolution of the bank will be borne by taxpayers. Shareholders and certain unsecured debt holders will not be protected. Senior management has also been removed. Any losses to the Deposit Insurance Fund (DIF) to support uninsured depositors will be recovered by a special assessment on banks, as required by law. The receiver for the bank has also transferred all Qualified Financial Contracts (as defined in 12 USC 1821(e)) of the failed bank to the bridge bank. [13 Mar 2023] #SVB

FDIC establishes a successor to Signature Bank NY The FDIC has announced that Signature Bank, New York has been closed by the New York State Department of Financial Services (NYDFS), with the FDIC appointed as receiver. To protect depositors, the FDIC transferred all the deposits and substantially all of the assets of the bank to a full-service bank that will be operated by the FDIC as it markets the institution to potential bidders. The bank had 40 branches across the country in New York, California, Connecticut, North Carolina, and Nevada. Banking activities will resume 13 March 2023, including on-line banking. Depositors and borrowers will automatically become customers of the bridge bank, and will continue to have uninterrupted customer service and access to their funds by ATM, debit cards, and writing checks in the same manner as before. The bank's official checks will continue to clear. Loan customers should continue making loan payments as usual. The transfer of all the deposits was completed under the systemic risk exception approved earlier today. All depositors of the institution will be made whole. No losses will be borne by the taxpayers. Shareholders and certain unsecured debt holders will not be protected. Senior management has also been removed. Any losses to the DIF to support uninsured depositors will be recovered by a special assessment on banks, as required by law. [12 Mar 2023] #SignatureBank

SEC charges software company for misleading disclosures about ransomware attack that impacted charitable donors The SEC has announced that a South Carolina-based public company that provides donor data management software to non-profit organizations, agreed to pay $3 million to settle charges for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. The SEC's order finds that, on 16 July 2020, the company announced that the ransomware attacker did not access donor bank account information or social security numbers. Within days of these statements, however, the company's technology and customer relations personnel learned that the attacker had in fact accessed and exfiltrated this sensitive information. These employees did not communicate this information to senior management responsible for its public disclosure because the company failed to maintain disclosure controls and procedures. Due to this failure, in August 2020, the company filed a quarterly report with the SEC that omitted this material information about the scope of the attack and misleadingly characterized the risk of an attacker obtaining such sensitive donor information as hypothetical. [9 Mar 2023] #Ransomeware