2021 continued the trend of increased regulatory focus on privacy and cybersecurity for private investment funds in the U.S. and abroad. There are no signs of the trend leveling off any time soon.

One of the topics that captured our attention last year was the rise of ransomware. As previously shared, ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks penetrating data systems and debilitating entities.  Thus, while money continues to be an obvious motivator for these attacks, increasingly so is the pursuit of intellectual property and data.  Regulatory agencies have responded to combat the increase in attacks. For example, in October 2020, OFAC issued an Advisory declaring that any payment made to a sanctioned entity on OFAC’s list would be a violation of federal sanctions regulations and the paying entity would be strictly liable. Importantly, this means that the intent of the victim, and the knowledge as to whether the entity is on OFAC’s list, is no defense. While OFAC intends to decrease ransomware attack compliance through the issuance of its list of sanctioned entities, the nature of ransomware makes it difficult for the victim of an attack to be able to identify what entity is actually being paid.  This ambiguity may cause victims of ransomware attacks to unintentionally violate OFAC’s sanctions and be held strictly liable despite the publication of a list of sanctioned entities.

As interest in environmental, social, and corporate governance (ESG) related funds grows, the regulatory landscape surrounding ESG in the US and the E.U. continues to evolve. Proskauer’s Kirsten Lapham, Joshua Newville and Jonathan Weiss share key implications for the asset management industry.

Read the full Bloomberg Law article here.

In 2020, we saw an increased regulatory focus on cybersecurity. Though former SEC Chairman Clayton largely took the view that existing statutes and regulations were sufficient, the Division of Examinations increased exam activities in the space while agencies like FinCEN increased enforcement against violators. We can expect to see a continued focus on cybersecurity going forward as a persistent long-term trend, but it is unclear whether it will remain among the top priorities of the SEC this year. As discussed in Risk #1, we believe that the Chairman, Gary Gensler, will take a more active approach generally and, as part of that, we expect a heightened focus on cybersecurity. Sponsors are a theoretically high value target for attack because even relatively small sponsors often control billions of dollars (whether directly or indirectly) and have highly confidential information concerning their investors and partners. It is important that sponsors’ commitment to, and investment in, cybersecurity systems, policies, and procedures is commensurate with their risks and profile in fact.

Proskauer’s Private Investment Funds Group released its 2020 Annual Review. The yearly report provides a summary of some of the significant changes and developments that occurred in the past year in the private equity and hedge fund spaces, as well as certain recommended practices that investment advisers should consider

Just as U.S. regulators are wrestling with the question of how to regulate cryptocurrencies and digital assets, as reported here, the same questions are being asked in the UK. Some have been answered with refreshing clarity; some remain much more opaque.

As with any new technology or asset, there are different spheres of legal and regulatory influence to consider. At the most basic, what is it? (a.k.a. Can I steal it? And can I recover it?). The next level is typically regulatory – Who regulates it? How it is regulated? How are the public and markets protected?

How any jurisdiction answers these questions will have a material impact on the way private firms and others within the asset management industry deal with, and consider potential investments in, crypto assets.

With 46% of UK business reporting a cyber attack during 2019/2020 and 32% reporting at least one a week – see the UK Government’s Cyber Security Breaches Survey 2020 – the UK’s Financial Conduct Authority (“FCA”) has issued a timely warning to market participants of increasing cyber security threats in the wake of COVID-19.