Cybersecurity Archives - Securities Law Blog

SEC Withdraws Statement On Broker Dealer Custody Of Digital Asset Securities

On May 15, 2025, the SEC Division of Trading and Markets and Office and FINRA’s Office of General Counsel withdrew their joint statement on broker dealer custody of digital asset securities. The original joint statement had been issued on July 8, 2019 (see HERE). This original statement has oft been thought of as the reason that broker dealers have not (could not) adopt any broad ranging policies or procedures related to digital assets.

The withdrawal of the joint statement, together with the slew of other recent activity from the SEC related to digital assets, (see HERE for example) is an important step towards more widespread adoption of digital asset trading, allowing retail investors to aggregate their investments with their trusted broker dealer advisors.

Refresher On Original Joint Statement/Concerns

Broker-dealers that hold funds and securities must comply with Exchange Act Rule 15c3-3 (the “Customer Protection Rule”), which generally requires the broker to maintain physical possession or control over

May 27, 2025

SEC’s Fall 2024 Flex Regulatory Agenda

The SEC has published its semi-annual Fall 2024 regulatory agenda (“Agenda”) and plans for rulemaking. The Agenda is published twice a year, and for several years I have blogged about each publication. Although items on the Agenda can move from one category to the next, be dropped off altogether, or new items pop up in any of the categories (including the final rule stage), the Agenda provides valuable insight into the SEC’s plans and the influence that comments can make on the rulemaking process.

The Agenda is broken down by (i) Proposed Rule Stage; (ii) Final Rule Stage; and (iii) Long-term Actions. The Proposed and Final Rule Stages are intended to be completed within the next 12 months and Long-term Actions are anything beyond that. The number of items to be completed in a 12-month time frame is 30, down from 34 on the Spring 2024 Agenda and 43 on the Fall 2023 Agenda. Many in the industry believe the

February 25, 2025

SEC Publishes More New C&DI On Cybersecurity Rules

On June 24, 2024 the SEC published five (5) new compliance and disclosure interpretations (C&DI) on cybersecurity incident disclosures supplementing the C&DI published in December 2023 (see HERE).

Cybersecurity

The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company. An Item 1.05 Form 8-K is due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial risk to national security or

July 30, 2024

SEC Publishes New C&DI On Cybersecurity Rules

Back in fourth quarter 2023, the SEC published several new compliance and disclosure interpretations on various topics including cyber incident disclosure, proxy and information statements, the inclusion of securities in the filing fee exhibit, and Inline XBRL. As my blog topic list tends to be very long, I am finally getting to this and will cover the various new C&DI topics over the next few weeks.

Cybersecurity

In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules). The SEC has published three new C&DI directly related to the Form 8-K reporting requirements and ability to delay reports based on national security concerns.

May 21, 2024

The New 10-K Requirements For Annual Report Season

As 2023 has come to a close it is time to prepare for the upcoming annual report season and this year there are multiple new requirements to be cognizant of. With annual reports being followed by proxies and first quarter 10-Q’s in rapid succession, it is important to get ahead of all the new disclosures. This blog will summarize each of the new disclosures and include some practice tips.

First, though is what is suddenly not a new requirement and in particular the share repurchase disclosures. Adopted on May 3, 2023 (see HERE) the new disclosure requirements would have taken effect for inclusion in the upcoming 10-K season. Following a successful court challenge, on November 22, 2023, the SEC issued an order postponing the effective date of the new rules pending further SEC action (see HERE). However, the SEC may not get the opportunity to resurrect the rules. The U.S. Chamber of Commerce is doubling down and

January 2, 2024

SEC Chair Gary Gensler’s Annual Congressional Testimony

On September 12, 2023, Gary Gensler gave his annual testimony to the United States Senate Committee on Banking, Housing and Urban Affairs and then on September 27^th to the United States House of Representatives Committee on Financial Services (for a review of last year’s testimony see HERE). Both appearances included the same prepared remarks followed by robust Q&A from the lawmakers.

This year Chair Gensler’s prepared remarks focused on: (i) rule amendments and updates; (ii) improving efficiency in equity markets; (iii) disclosure matters and related enforcement including related to cryptocurrency; and (iv) general updates on the SEC and capital markets.

Prepared Remarks

We shouldn’t expect the busy SEC rule making agenda to slow down any time soon. Chair Gensler prioritizes updating rules for technology, business and market changes. Although Gensler’s speech focuses on rule changes to make the markets more efficient and resilient and lower costs, the reality is that not all rule changes will accomplish

October 17, 2023

SEC Adopts Final New Rules On Cybersecurity Disclosures

On July 26, 2023, the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance. The proposed rules were published in March 2022 (see HERE). In response to numerous comments, the final rules made several changes to the proposal, including narrowing the disclosures in both the Form 8-K/6-K and annual reports on Form 10-K and 20-F.

The final rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company. An Item 1.05 Form 8-K will be due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial

August 29, 2023

Proposed Rules On Cybersecurity Disclosure

Earlier this year, the SEC published proposed rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies. Although the comment period has passed, a final rule has not yet been issued. As of now, cybersecurity disclosures are encompassed within the general anti-fraud provisions including the requirement to disclose “such further material information, if any, as may be necessary to make the required statements, in light of the circumstances under which they are made, not misleading” as well SEC guidance last updated in 2018 (see HERE).

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a company’s policies and procedures to identify and manage cybersecurity risks; the company’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal would further

December 20, 2022

Caremark Is Alive And Well – Director Liability In Delaware

The last time I wrote about In Re Caremark International Inc. (“Caremark”), and its protections for a board of directors from breach of fiduciary duty claims, was in early 2021 following a year of cases that had eroded its historical strong defenses. Now, almost two years later, boards have paid attention to the judicial opinions and added compliance practices, including implementing written oversight systems, resulting in a dramatic uptick in the dismissal of plaintiff’s attempts to satisfy Caremark claims.

Background

In Re Caremark International Inc. Derivative Litigation was a civil action in the Delaware Court of Chancery in 1996 which drilled down on a director’s duty of care in the oversight context. A Caremark claim “seeks to hold directors accountable for the consequences of a corporate trauma.” To adequately allege such a claim, a plaintiff must allege that the board had some level of involvement in the trauma such that it knew or should have known about

December 13, 2022

Russia-Ukraine Disclosures And Supply Chain Issues

Supply chain issues continue to plague just about every industry and the continuing attack by Russia against the Ukraine, gives little hope of a respite in the near future. The recent easing of congestion at the handful of U.S. ports big enough to accommodate container ships is likely more a result of inflation and a summer slowdown than effective logistical management. Amid the ongoing difficulties, the SEC has published a sample letter to companies regarding disclosures pertaining to Russia’s invasion of the Ukraine and related supply chain issues.

SEC Sample Comment Letter

The SEC is of the view that companies should provide detailed disclosure, to the extent material or if required by a prescriptive rule, regarding: (i) direct or indirect exposure to Russia, Belarus, or Ukraine through their operations, employee base, investments in Russia, Belarus, or Ukraine, securities traded in Russia, sanctions against Russian or Belarusian individuals or entities, or legal or regulatory uncertainty associated with operating in or exiting

August 9, 2022

1700 Palm Beach Lakes Blvd, Suite 820

(800) 341-2684

Contact us

MAKE VALUED ALLIANCES

Cybersecurity

SEC Withdraws Statement On Broker Dealer Custody Of Digital Asset Securities

SEC Publishes More New C&DI On Cybersecurity Rules

SEC Publishes New C&DI On Cybersecurity Rules

The New 10-K Requirements For Annual Report Season

SEC Chair Gary Gensler’s Annual Congressional Testimony

SEC Adopts Final New Rules On Cybersecurity Disclosures

Proposed Rules On Cybersecurity Disclosure

Russia-Ukraine Disclosures And Supply Chain Issues

Categories

Contact Information

Recent Posts

SEC Withdraws Statement On Broker Dealer Custody Of Digital Asset Securities

Delaware Reworks General Corporation Law

SEC Publishes CD&I On Mergers And Acquisitions, Form S-4 And Tender Offers

Legal Resources

Tweets

DEVELOPED AND MANAGED BY

Featured On

Contact Author

Have a Question for Laura Anthony?