The Capital Commitment

Proskauer on Private Fund Litigation

Crypto Asset Regulation: Is the US or UK Keeping Up Best With This Emerging Market?

One driver for the first widely adopted cryptocurrency Bitcoin was to create a store of value that existed outside of government control. It is therefore no surprise that attempts to regulate the rapidly developing crypto asset market have required great efforts from regulators and legislators around the world to keep apace.

In this blog, we compare key drivers and results of the regulatory approach being taken in the US and UK. While the U.S. is leading the way on the enforcement of crypto regulations, the UK has taken greater steps in relation to banking approvals. With regard to tax treatment, the position is becoming much clearer in both jurisdictions. Continue Reading

How to Respond to the SolarWinds “Orion” Supply Chain Attack

As reported last week, it appears that a state-sponsored security hack has resulted in a major security compromise in widely-used software offered by a company called SolarWinds. The compromised software, known as Orion, is enterprise network management software that helps organizations manage their networks, servers and networked devices. The software is widely-used by both public and private sector companies. How should businesses respond to this development, and how should legal departments direct or support this response? The post spells out some of the specific steps that all potentially impacted organizations should consider.

Read the full post on Proskauer’s New Media and Technology Law blog.

A Timely Reason to Review Procedures for Risk Assessments and Vendor Contracts in Light of the SolarWinds Attack

As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the public and private sectors. Whether or not you are one of the impacted customers, the SolarWinds attack is a reminder of the importance of conducting incident response and risk assessments under privilege whenever possible, performing due diligence before engaging vendors, and implementing procedures to minimize information disclosed to or accessed by vendors.

Read the full post on Proskauer’s Privacy Law blog.

Regulatory Crackdown on Ransomware

Ransomware is a Serious and Growing Problem

In recent years, Ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks that often involve actual data access, theft and sometimes, the threat of publication. These sophisticated malware attacks frequently destroy backups and provide criminals even more leverage over their victims, coercing them to pay ransoms.  Ransomware does not just target businesses – it is often used to attack hospitals, research institutions, and other public services that are especially critical during this global pandemic.

It is increasingly common for Ransomware attacks to be associated with large sophisticated cyber-criminal organizations, with a central entity providing the tools, training, and ability to collect ransoms and sending its “associates” out to cause harm. As long as victims continue to pay ransoms, Ransomware is able to expand. Ransomware is also being adapted for new, criminal purposes.  Increasingly, hackers associated with countries like Iran and North Korea are using Ransomware to generate an influx of cash into their economic streams and bypass economic sanctions. Faced with an urgent need to stop the spread of Ransomware, law enforcement is now moving past its old strategy of strongly discouraging victims from paying ransoms. Regulatory agencies – such as OFAC and the SEC – are implementing regulations to prevent victims from paying ransom to buy their way out of a Ransomware attack.  These regulations arm law enforcement with a new enforcement mechanism – allowing them to punish companies who choose to pay ransom in the face of a Ransomware attack. Accordingly, they signal a new area of regulatory enforcement that will likely become the government’s most powerful tool to curb the spread of Ransomware. Continue Reading

OCIE Issues Risk Alert on Common Deficiencies Observed in Adviser Compliance Programs

On November 19, 2020, the SEC’s Office of Compliance Inspections and Examinations published a risk alert providing an overview of notable compliance issues observed in registered investment advisers’ compliance programs.  The alert will serve as a useful checklist for advisers seeking to identify weaknesses in their own compliance programs and preparing for the inevitable SEC examination.  Our analysis summarizes this alert and provides several practical take-aways that advisers can consider when reviewing their own compliance policies and procedures.

SEC Enforcement’s 2020 Annual Report Reflects Shifting Priorities for Fund Managers: Four Key Takeaways

On Monday the SEC announced its enforcement results for FY 2020, accompanied by a report from the Director of its Division of Enforcement. This report confirms what we have seen over the past year for private fund managers: although OCIE has been more active on adviser examinations, we’ve seen a bit less enforcement activity. Yet in spite of the headwinds posed by the global pandemic, the Commission brought 715 enforcement actions in FY 2020, representing only a 17% decrease from FY 2019. It also obtained record-breaking monetary remedies with total penalties and disgorgement reaching $4.68 billion, an 8% increase from 2019. Continue Reading

SEC Announces 2020 National Compliance Outreach Seminar for Investment Companies and Investment Advisers

On October 7th, 2020, the Securities and Exchange Commission (SEC) announced the rescheduled date of its 2020 national compliance outreach seminar for investment companies and investment advisers.  This program is intended to help Chief Compliance Officers and other senior personnel at investment companies and investment advisory firms enhance their compliance programs.  The SEC’s Office of Compliance Inspections and Examinations (OCIE), Division of Investment Management (IM), and the Asset Management Unit (AMU) of the Division of Enforcement jointly sponsor the compliance outreach program.  The national seminar will be held virtually on the afternoon of Thursday, November 19th, 2020 via a live webcast from the SEC’s Washington, D.C., headquarters from noon until 4:50 p.m. EST. Continue Reading

LexBlog