1700 Palm Beach Lakes Blvd, Suite 820

West Palm Beach, FL

(800) 341-2684

Call Toll Free

Contact us

Online Inquiries 24/7

Laura Anthony Esq

MAKE VALUED ALLIANCES

Cybersecurity Disclosures

SEC Division Of Corporation Finance Statement On Disclosure Review

On June 24, 2024, Erik Gerding the Director of the SEC’s Division of Corporation Finance made a statement regarding the SEC’s state of disclosure review.  In fiscal year 2023 and continuing into 2024, the top areas of review and comment by the SEC were China-related matters, artificial intelligence, non-GAAP disclosures, management’s discussion and analysis, revenue recognition and financial statement presentation.  In addition, disruptions in the banking industry, cybersecurity risks, the impact of inflation and disclosure related to or as a result of newly adopted rules (such as pay versus performance) are gaining attention by SEC review teams.

The director’s statement gives some insight into the SEC’s focus and serves as a reminder to our clients and us practitioners alike to be sure we are staying abreast of the ever-changing capital markets environment.

China Related Disclosures

A few years ago, the SEC enacted the Holding Foreign Companies Accountable Act and approved rules implementing same (see HERE).   The SEC continues to

Read More »

August 6, 2024

SEC Publishes More New C&DI On Cybersecurity Rules

On June 24, 2024 the SEC published five (5) new compliance and disclosure interpretations (C&DI) on cybersecurity incident disclosures supplementing the C&DI published in December 2023 (see HERE).

Cybersecurity

In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules).

The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company.  An Item 1.05 Form 8-K is due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial risk to national security or

Read More »

July 30, 2024

SEC Publishes New C&DI On Cybersecurity Rules

Back in fourth quarter 2023, the SEC published several new compliance and disclosure interpretations on various topics including cyber incident disclosure, proxy and information statements, the inclusion of securities in the filing fee exhibit, and Inline XBRL.  As my blog topic list tends to be very long, I am finally getting to this and will cover the various new C&DI topics over the next few weeks.

Cybersecurity

In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules).  The SEC has published three new C&DI directly related to the Form 8-K reporting requirements and ability to delay reports based on national security concerns.

The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the

Read More »

May 21, 2024

The New 10-K Requirements For Annual Report Season

As 2023 has come to a close it is time to prepare for the upcoming annual report season and this year there are multiple new requirements to be cognizant of.  With annual reports being followed by proxies and first quarter 10-Q’s in rapid succession, it is important to get ahead of all the new disclosures. This blog will summarize each of the new disclosures and include some practice tips.

First, though is what is suddenly not a new requirement and in particular the share repurchase disclosures.  Adopted on May 3, 2023 (see HERE) the new disclosure requirements would have taken effect for inclusion in the upcoming 10-K season.  Following a successful court challenge, on November 22, 2023, the SEC issued an order postponing the effective date of the new rules pending further SEC action (see HERE).  However, the SEC may not get the opportunity to resurrect the rules.  The U.S. Chamber of Commerce is doubling down and

Read More »

January 2, 2024

SEC Chair Gary Gensler’s Annual Congressional Testimony

On September 12, 2023, Gary Gensler gave his annual testimony to the United States Senate Committee on Banking, Housing and Urban Affairs and then on September 27th to the United States House of Representatives Committee on Financial Services (for a review of last year’s testimony see HERE).  Both appearances included the same prepared remarks followed by robust Q&A from the lawmakers.

This year Chair Gensler’s prepared remarks focused on: (i) rule amendments and updates; (ii) improving efficiency in equity markets; (iii) disclosure matters and related enforcement including related to cryptocurrency; and (iv) general updates on the SEC and capital markets.

Prepared Remarks

We shouldn’t expect the busy SEC rule making agenda to slow down any time soon.  Chair Gensler prioritizes updating rules for technology, business and market changes.  Although Gensler’s speech focuses on rule changes to make the markets more efficient and resilient and lower costs, the reality is that not all rule changes will accomplish

Read More »

October 17, 2023

SEC Adopts Final New Rules On Cybersecurity Disclosures

On July 26, 2023, the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance.  The proposed rules were published in March 2022 (see HERE).  In response to numerous comments, the final rules made several changes to the proposal, including narrowing the disclosures in both the Form 8-K/6-K and annual reports on Form 10-K and 20-F.

The final rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company.  An Item 1.05 Form 8-K will be due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial

Read More »

August 29, 2023

Proposed Rules On Cybersecurity Disclosure

Earlier this year, the SEC published proposed rules on cybersecurity risk management, strategy, governance and incident disclosure by public companies.  Although the comment period has passed, a final rule has not yet been issued.  As of now, cybersecurity disclosures are encompassed within the general anti-fraud provisions including the requirement to disclose “such further material information, if any, as may be necessary to make the required statements, in light of the circumstances under which they are made, not misleading” as well SEC guidance last updated in 2018 (see HERE).

The proposed amendments would require, among other things, current reporting about material cybersecurity incidents and updates about previously reported cybersecurity incidents. The proposal also would require periodic reporting about a company’s policies and procedures to identify and manage cybersecurity risks; the company’s board of directors’ oversight of cybersecurity risk; and management’s role and expertise in assessing and managing cybersecurity risk and implementing cybersecurity policies and procedures. The proposal would further

Read More »

December 20, 2022

Russia-Ukraine Disclosures And Supply Chain Issues

Supply chain issues continue to plague just about every industry and the continuing attack by Russia against the Ukraine, gives little hope of a respite in the near future.  The recent easing of congestion at the handful of U.S. ports big enough to accommodate container ships is likely more a result of inflation and a summer slowdown than effective logistical management.  Amid the ongoing difficulties, the SEC has published a sample letter to companies regarding disclosures pertaining to Russia’s invasion of the Ukraine and related supply chain issues.

SEC Sample Comment Letter

The SEC is of the view that companies should provide detailed disclosure, to the extent material or if required by a prescriptive rule, regarding: (i) direct or indirect exposure to Russia, Belarus, or Ukraine through their operations, employee base, investments in Russia, Belarus, or Ukraine, securities traded in Russia, sanctions against Russian or Belarusian individuals or entities, or legal or regulatory uncertainty associated with operating in or exiting

Read More »

August 9, 2022

Intellectual Property And Technology Risks – International Business Operations

In December 2019, the SEC Division of Corporation Finance issued CF Disclosure Guidance: Topic No. 8 providing guidance related to the disclosure of intellectual property and technology risks associated with international business operations.

The global and technologically interconnected nature of today’s business environment exposes companies to a wide array of evolving risks, which they must individually examine to determine proper disclosures using a principles-based approach.  A company is required to conduct a continuing analysis on the materiality of risks in the ever-changing technological landscape to ensure proper reporting of risks.  To assist management in making these determinations, the SEC has issued additional guidance.

The guidance, which is grounded in materiality and a principles-based approach, is meant to supplement prior guidance on technology and cybersecurity matters including the February 2018 SEC statement on public company cybersecurity disclosures (see my blog HERE); Director Hinman’s speech at the 18th Annual Institute on Securities Regulation in Europe in March, 2019; the SEC

Read More »

December 22, 2020

A COVID IPO

On June 25, 2020, SEC Chair Jay Clayton gave testimony before the Investor Protection, Entrepreneurship and Capital Markets Subcommittee of the U.S. House Committee on Financial Services on the topic of capital markets and emergency lending in the Covid-19 era.  The next day, on June 26, Chair Clayton, William Hinman, Director of the Division of Corporation Finance, Dalia Blass, Director of the Division of Investment Management and Brett Redfearn, Director of the Division of Trading and Markets issued a public statement on the same topic but expanded to include efforts to ensure the orderly function of U.S. capital markets.

Chair Clayton Testimony

Chair Clayton breaks down his testimony over five topics including: (i) market monitoring and regulatory coordination; (ii) guidance and targeted assistance and relief; (iii) investor protection, education and outreach efforts; (iv) ongoing mission-oriented work; and (v) the SEC’s fiscal-year 2021 budget request.

Market Monitoring and Regulatory Coordination

Despite the extraordinary volumes and volatility we have seen in the

Read More »

August 25, 2020

SEC Statements On Capital Markets Amid Covid-19

On June 25, 2020, SEC Chair Jay Clayton gave testimony before the Investor Protection, Entrepreneurship and Capital Markets Subcommittee of the U.S. House Committee on Financial Services on the topic of capital markets and emergency lending in the Covid-19 era.  The next day, on June 26, Chair Clayton, William Hinman, Director of the Division of Corporation Finance, Dalia Blass, Director of the Division of Investment Management and Brett Redfearn, Director of the Division of Trading and Markets issued a public statement on the same topic but expanded to include efforts to ensure the orderly function of U.S. capital markets.

Chair Clayton Testimony

Chair Clayton breaks down his testimony over five topics including: (i) market monitoring and regulatory coordination; (ii) guidance and targeted assistance and relief; (iii) investor protection, education and outreach efforts; (iv) ongoing mission-oriented work; and (v) the SEC’s fiscal-year 2021 budget request.

Market Monitoring and Regulatory Coordination

Despite the extraordinary volumes and volatility we have seen

Read More »

July 28, 2020

Proposed 2021 U.S. Budget

In February, the Office of Management and Budget released the proposed fiscal 2021 United States government budget.  The beginning of the Budget contains a message from President Trump delineating a list of key priorities of the administration including better trade deals, preserving peace through strength, overcoming the opioid crisis, regulation relief and American energy independence.  The budget has some notable aspects that directly relate to the capital markets and its participants.

SEC

As the federal government has been doing for all agencies, the 2021 Budget seeks to eliminate agency reserve funds.  Specifically regarding the SEC, the Budget cuts the SEC reserve by $50 million.  The reduction in reserve fund is thought to increase overall accountability as the SEC would need to go to Congress to ask for additional funds if needed, with an explanation, instead of just accessing a reserve account.  Reserve fund cuts are sent to the U.S. Treasury for deficit reduction.

However, the Budget also increases the

Read More »

July 7, 2020

Division of Enforcement 2019 Annual Report

As my firm does not practice in the enforcement arena, it is not an area I always write about, but this year I found a few trends that are interesting.  In particular, just by following published enforcement matters on the SEC’s website, I’ve noticed a large uptick in actions to suspend the trading in, or otherwise take action against, micro- and small-cap companies, especially delinquent filers.  I’ve also noticed a large uptick of actions against smaller public and private companies that use misleading means to raise capital from retail investors, and the concurrent use of unlicensed broker-dealers.  Of course, there have always been a significant number of actions involving cryptocurrencies. In light of my own observations, I decided to review and report on the SEC’s view of its actions.

As an aside, before discussing the report, I note that the Government Accountability Office (GAO) has raised concerns about the quality of record keeping and documentation maintained by the

Read More »

December 24, 2019

SEC And FINRA Joint Statement On Custody Of Digital Assets

On July 8, 2019, the SEC’s Division of Trading and Markets and FINRA’s Office of General Counsel issued a joint statement on broker-dealer custody of digital asset securities (“Joint Statement”).  The SEC and FINRA have been discussing issues of custody related to tokens and digital assets for years.  For example, issues surrounding the custody of digital assets have been continuously cited by the SEC as one of the reasons for the failure to approve a cryptocurrency ETF.

The Joint Statement begins with the admission that historical rules do not adequately cover the complex issues related to digital assets, including rules related to the loss or theft of a security.  In recent months the SEC and FINRA staff have been engaging in conversations with industry participants regarding how the rules could be applied or modified to suit the needs of the emerging technology of digital assets.

Any entity that transacts business in digital asset securities must comply with the federal securities

Read More »

August 6, 2019

FinCEN Guidance On Cryptocurrency

In May 2019, the Financial Crime Enforcement Network (FinCEN) issued a thirty-page comprehensive review of its regulations as pertains to convertible virtual currencies.  Previously, in February 2018, FinCEN stated that it expects issuers of initial coin offerings (ICOs) to comply with the Bank Secrecy Act (BSA), including its anti-money laundering (AML) and know your customer (KYC) requirements (see HERE).

In general, entities that are subject to the BSA must: (i) register with FinCEN as a money services business (MSB); (ii) prepare a written AML compliance program that is designed to mitigate risks, including AML risks, and to ensure compliance with all BSA requirements including the filing of suspicious activity reports (SAR) and currency transaction reports; (iii) keep records for certain types of transactions at specific thresholds; and (iv) obtain customer identification information sufficient to comply with the AML program and recordkeeping requirements.

Although the new guidance does not establish any new regulatory requirements, it is the first time

Read More »

July 16, 2019

Securities Token Or Not? A Case Study – Part III

This is the third part in my three-part series laying out fact patterns and discussing whether a specific digital asset is a security, a utility, currency, commodity or some other digital asset. In Part 1 of the series, I examined a decentralized token that had been issued without any concurrent capital raise and was able to conclude such token was not a security. Part 1 can be read HERE. In Part 2 I examined a token that was issued with the intent of being a utility token, but as a result of the clear speculative motivation for purchasers, and the lack of decentralization, concluded it was a security. Part 2 can be read HERE.

In this Part 3 of the series, I examine the issuance of the Free Token as a dividend and its cousin the Bounty Token. Unlike the prior blogs in this series, which examined the question of whether a particular token is a security, this blog

Read More »

October 9, 2018

Securities Token Or Not? A Case Study – Part II

This is the second part in my three-part series laying out fact patterns and discussing whether a specific digital asset is a security, a utility, currency, commodity or some other digital asset. Although the first and easy answer is that if a digital asset is being issued today, it is most assuredly a security upon issuance that needs to comply with the federal securities laws, the answer is not always that straightforward for digital assets that have been in the marketplace for a period of time, such as Bitcoin and Ether, or for new digital assets that are carefully being constructed to fall outside the purview of a securitized token.

In the first part of this series, we examined the Oldie Token and, under the fact pattern presented, was able to determine that the Oldie Token was not a security. Part 1 can be read HERE. In this part we will examine the Functional Token, which has not

Read More »

October 2, 2018

SEC Strategic Plan

On June 19, 2018, the SEC published a draft Strategic Plan and requested public comment on the Plan. The Strategic Plan would guide the SEC’s priorities through fiscal year 2022. The Plan reiterates the theme of serving the interests of Main Street investors, but also recognizes the changing technological world with a priority of becoming more innovative, responsive and resilient to market developments and trends. The Plan also broadly focuses on improving SEC staff’s performance using data and analytics.

The Strategic Plan begins with a broad overview about the SEC itself, a topic I go back to and reiterate on occasion, such as HERE. The SEC’s mission has remained unchanged over the years, including to protect investors, maintain fair, orderly and efficient markets, and facilitate capital formation. In addition, according to the Strategic Plan, the SEC:

  • Engages and interacts with the investing public directly on a daily basis through a variety of channels, including investor roundtables and education
Read More »
September 18, 2018

SEC Spring 2018 Regulatory Agenda

On May 9, 2018, the SEC posted its latest version of its semiannual regulatory agenda and plans for rulemaking with the U.S. Office of Information and Regulatory Affairs. According to the preamble, information in the agenda was accurate as of March 13, 2018. On April 26, 2018, SEC Chairman Jay Clayton gave testimony before the Financial Services and General Government Subcommittee of the House Committee on Appropriations regarding the SEC’s requested fiscal year 2019 budget. This blog will summarize the newest regulatory agenda and SEC upcoming budgetary requests.

Usually the agenda is separated into two categories: (i) Existing Proposed and Final Rule Stages; and (ii) Long-term Actions. The Spring 2018 agenda is broken down by (i) “Prerule Stage”; (ii) Proposed Rule Stage; (iii) Final Rule Stage; and (iv) Long-term Actions. The Proposed and Final Rule Stages are intended to be completed within the next 12 months and Long-term Actions are anything beyond that. The number of items to be completed

Read More »

June 26, 2018

The SEC Has Issued New Guidance On Cybersecurity Disclosures

On February 20, 2018, the SEC issued new interpretative guidance on public company disclosures related to cybersecurity risks and incidents. In addition to addressing public company disclosures, the new guidance reminds companies of the importance of maintaining disclosure controls and procedures to address cyber-risks and incidents and reminds insiders that trading while having non-public information related to cyber-matters could violate federal insider-trading laws.

The prior SEC guidance on the topic was dated, having been issued on October 13, 2011. For a review of this prior guidance, see HERE. The new guidance is not dramatically different from the 2011 guidance.

Introduction

The topic of cybersecurity has been in the forefront in recent years, with the SEC issuing a series of statements and creating two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s). Moreover, the SEC has asked the House Committee on Financial

Read More »

March 27, 2018

The Senate Banking Committee’s Hearing On Cryptocurrencies

On February 6, 2018, the United States Senate Committee on Banking Housing and Urban Affairs (“Banking Committee”) held a hearing on “Virtual Currencies: The Oversight Role of the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission.” Both SEC Chairman Jay Clayton and CFTC Chairman J. Christopher Giancarlo testified and provided written testimony. The marketplace as a whole had a positive reaction to the testimony, with Bitcoin prices immediately jumping up by over $1600. This blog reviews the testimony and provides my usual commentary.

The SEC and CFTC Share Joint Regulatory Oversight

The Banking Committee hearing follows SEC and CFTC joint statements on January 19, 2018 and a joint op-ed piece in the Wall Street Journal published on January 25, 2018 (see HERE). As with other areas in capital markets, such as swaps, the SEC and CFTC have joint regulatory oversight over cryptocurrencies. Where the SEC regulates securities and securities markets, the CFTC

Read More »

March 6, 2018

The CFTC And Cryptocurrencies

The SEC and U.S. Commodity Futures Trading Commission (CFTC) have been actively policing the crypto or virtual currency space. Both regulators have filed multiple enforcement actions against companies and individuals for improper activities including fraud. On January 25, 2018, SEC Chairman Jay Clayton and CFTC Chairman J. Christopher Giancarlo published a joint op-ed piece in the Wall Street Journal on the topic.

Backing up a little, on October 17, 2017, the LabCFTC office of the CFTC published “A CFTC Primer on Virtual Currencies” in which it defines virtual currencies and outlines the uses and risks of virtual currencies and the role of the CFTC. The CFTC first found that Bitcoin and other virtual currencies are properly defined as commodities in 2015. Accordingly, the CFTC has regulatory oversight over futures, options, and derivatives contracts on virtual currencies and has oversight to pursue claims of fraud or manipulation involving a virtual currency traded in interstate commerce. Beyond instances of fraud

Read More »

February 20, 2018

SEC Statements On Cybersecurity – Part 2

On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).

The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.

This is the second in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. Part I of this blog, which outlined Chair Clayton’s statement on cybersecurity and the EDGAR

Read More »

November 28, 2017

SEC Statements On Cybersecurity; An EDGAR Hacking – Part 1

On September 20, 2017, SEC Chair Jay Clayton issued a statement on cybersecurity that included the astonishing revelation that the SEC Edgar system had been hacked in 2016. Since the original statement, the SEC has confirmed that personal information on at least two individuals was obtained in the incident. Following Jay Clayton’s initial statement, on September 25, 2017, the SEC announced two new cyber-based enforcement initiatives targeting the protection of retail investors, including protection related to distributed ledger technology (DLT) and initial coin or cryptocurrency offerings (ICO’s).

The issue of cybersecurity is at the forefront for the SEC, and Jay Clayton is asking the House Committee on Financial Services to increase the SEC’s budget by $100 million to enhance the SEC’s cybersecurity efforts.

This is the first in a two-part blog series summarizing Jay Clayton’s statement, the SEC EDGAR hacking and the new initiatives. My prior blog outlining SEC guidance on the disclosure of cybersecurity matters can be read

Read More »

November 21, 2017

Yahoo Hacking Scandal And Obligations Related To Cybersecurity

On September 26, 2016, Senator Mark R. Warner (D-VA), a member of the Senate Intelligence and Banking Committees and cofounder of the bipartisan Senate Cybersecurity Caucus, wrote a letter to the SEC requesting that they investigate whether Yahoo, Inc., fulfilled its disclosure obligations under the federal securities laws related to a security breach that affected more than 500 million accounts.  Senator Warner also requested that the SEC re-examine its guidance and requirements related to the disclosure of cybersecurity matters in general.

The letter was precipitated by a September 22, 2016, 8-K and press release issued by Yahoo disclosing the theft of certain user account information that occurred in late 2014. The press release referred to a “recent investigation” confirming the theft of user account information associated with at least 500 million accounts that was stolen in late 2014. Just 13 days prior to the 8-K and press release, on September 9, 2016, Yahoo filed a preliminary 14A filing with

Read More »

December 6, 2016

Categories

Securities Law Blog
Linkedin-in Rss

Contact Information

Recent Posts

Legal Resources

Tweets

DEVELOPED AND MANAGED BY

Featured On

Apple Youtube Twitter
Apple Facebook-f Twitter Linkedin-in
  • Anthony L.G, PLLC. All Rights Reserved.

Contact Author

Laura Anthony Esq

Have a Question for Laura Anthony?