Jonathan A. Forman

Subscribe to all posts by Jonathan A. Forman

SEC Cybersecurity Actions Against Registered Firms for Business Email Compromises Emphasize Importance of MFA

Photo of Adam CohenPhoto of Jonathan A. FormanBy Adam Cohen and Jonathan A. Forman on Posted in Enforcement, Incident Response, Information Security, SEC
On August 30, 2021, the Securities and Exchange Commission (“SEC”) announced three settled orders against several investment advisers, broker-dealers, and dual registrants for violations of Regulation S-P allegedly resulting from business email compromises that each exposed or potentially exposed the personal information of thousands of customers.[1] These enforcement actions underscore the following lessons for broker-dealers and … Continue Reading

SEC Scrutinizes Use of Fintech by Broker-Dealers and Investment Advisers

Photo of Teresa Goody GuillénPhoto of Jonathan A. FormanPhoto of Madison GaudreauBy Teresa Goody Guillén, Jonathan A. Forman and Madison Gaudreau on Posted in FinTech, FTC, SEC
The Securities and Exchange Commission (“SEC”) recently issued a request for information and public comment on the use of new and emerging technologies by investment advisers and broker-dealers that suggests potential regulatory action to come.[1] According to its release, the SEC is seeking to understand how registrants — whether online brokerages, robo-advisers, internet investment advisers, … Continue Reading

New York Brings Long-Awaited Cybersecurity Message Case

Photo of Jonathan A. FormanBy Jonathan A. Forman and Eulonda Skyles on Posted in Cybersecurity
Ever since the New York State Department of Financial Services (DFS) instituted its first-in-the-nation Cybersecurity Regulation[1] in 2017 (covered in our post here), banks, insurance companies, and others in the financial services industry wondered what would trigger an enforcement action under its broad purview. At long last, the industry now knows. On July 22, 2020, … Continue Reading

Cybersecurity Remains a Top SEC Examination Priority in the New Decade

Photo of Jonathan A. FormanBy Jonathan A. Forman on Posted in Cybersecurity
It may be a new decade, but the focus of the Securities and Exchange Commission (SEC) on cybersecurity has not shifted. In particular, the SEC noted in its 2020 Examination Priorities that the Office of Compliance Inspections and Examinations (OCIE) “will continue to prioritize cyber and information security risks across the entire examination program.” This … Continue Reading

SEC Updates Data Privacy and Cybersecurity Guidance for Registered Firms

Photo of Jonathan A. FormanPhoto of Matt FriedmanBy Jonathan A. Forman and Matt Friedman on Posted in Cybersecurity, Enforcement, Financial Privacy
On April 16, 2019, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a risk alert, “Investment Adviser and Broker-Dealer Compliance Issues Relating to Regulation S-P – Privacy Notices and Safeguard Policies,” highlighting its data privacy and cybersecurity observations from recent examinations of registered firms. Regulation S-P By … Continue Reading

Beware the Ides of March – Is Your NYDFS Cybersecurity Compliance in Order?

Photo of Jonathan A. FormanBy Eulonda Skyles and Jonathan A. Forman on Posted in Cybersecurity, Enforcement
March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers[1] (e.g., vendors, suppliers, agents). To comply with the regulation, banks, insurance companies, and other financial institutions and individuals who are, or … Continue Reading

NFA’s Amended Cybersecurity Guidance Includes New Incident Reporting Requirement

Photo of Jonathan A. FormanBy Jonathan A. Forman on Posted in Cybersecurity, Incident Response
Following other regulators, the National Futures Association (NFA) recently amended its cybersecurity guidance to, among other things, impose a new cybersecurity incident reporting requirement on members. Cybersecurity Incident Reporting. According to the amended guidance, members will be required to report to NFA any cybersecurity incident related to the member’s commodity interest business that resulted in … Continue Reading

SEC Clarifies Existing Cybersecurity Disclosure Guidance

Photo of Craig A. HoffmanPhoto of Jonathan A. FormanBy Craig A. Hoffman, Jonathan A. Forman and John Busch on Posted in Cybersecurity, Data Breach Notification Laws
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued cybersecurity disclosure guidance for public companies (“SEC Guidance”) that, according to SEC Chair Jay Clayton, “reinforces and expands” on the SEC Division of Corporation Finance’s prior guidance from 2011 (“Corp Fin Guidance” as we previously covered) regarding disclosure requirements under the federal securities … Continue Reading

SEC Cybersecurity Risk Alert Emphasizes Proactive Compliance and Ongoing Vigilance

Photo of Jonathan A. FormanPhoto of Melinda L. McLellanBy Jonathan A. Forman and Melinda L. McLellan on Posted in Cybersecurity
On August 7, 2017, the Securities and Exchange Commission (SEC) released its latest cybersecurity risk alert, detailing findings from the examination of 75 broker-dealers, investment advisers and investment companies carried out by its Office of Compliance Inspections and Examinations (OCIE) pursuant to its 2015 cybersecurity examination initiative. In contrast with the previous round of examinations, … Continue Reading

New York DFS Updates FAQs to Clarify Applicability of Cybersecurity Regulation

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Financial Privacy, State Legislation
With the first compliance deadline now less than two months away, the New York Department of Financial Services (NYDFS) has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) by publishing an update to previously issued Frequently Asked Questions. We reported on the forthcoming Cybersecurity Regulation in January and … Continue Reading

Substantial Risk of Harm in Data Breach Class Actions Ripe for Supreme Court Review

Photo of Jonathan A. FormanBy Jonathan A. Forman on Posted in Privacy Class Actions
Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores Inc. (Michaels) for failing to sufficiently allege an injury to support standing. This decision is significant … Continue Reading

Colorado Proposes Cybersecurity Requirements for Investment Advisers and Broker-Dealers

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Financial Privacy, Information Security
On March 27, 2017, the Colorado Department of Regulatory Agencies proposed changes to the Colorado Securities Act that would impose new cybersecurity requirements on investment advisers and broker-dealers (the “Proposed Rule”). Among other obligations, the Proposed Rule would require these entities to include cybersecurity as part of their risk assessments, and establish and maintain written … Continue Reading

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy, Information Security
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading

New York Department of Financial Services Issues Revised Cybersecurity Regulations

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services Companies (the “Proposal”). As we previously reported, the NYDFS first announced the proposed regulations in September; at that time, they were … Continue Reading

What? The Rules Committee Hearings Don’t Have A Hashtag?

Photo of James A. ShererPhoto of Jonathan A. FormanBy Karin Scholz Jenson, James A. Sherer and Jonathan A. Forman on Posted in Information Governance
This post is a joint submission with BakerHostetler Discovery Advocate blog. On a snowy Sixth Avenue this week, thousands of people packed the New York Hilton Midtown for the sensory overload that is LegalTech New York (#LTNY), the annual E-Discovery, privacy, and information governance bash. And today, just hours after the massive conference closed, the E-Discovery … Continue Reading
LexBlog