May 11, 2023

A Practical Approach to Navigating the New Cybersecurity Legal and Regulatory Landscape

In recent years, there has been a resounding surge of new cybersecurity laws and regulations, both within the U.S. and around the world, including among certain key jurisdictions for managers such as the E.U. and Cayman Islands. This trend has generally created a complex, fragmented, jumble of global reg-tech jurisprudence – and 2023 is shaping up to be the most frenzied year of cybersecurity regulatory change to date. The federal government has more than a dozen new cybersecurity laws and regulations locked and loaded, several of which are being promulgated by the SEC, with iterations for public companies and various types of market entities, including investment advisers. This guest article by John T. Araneo, partner at Cole‑Frieman & Mallon and head of the firm’s cybersecurity law practice, provides a simple, plain English explanation of the fundamental elements of the SEC’s proposed cybersecurity risk management rule for investment advisers, discusses how this new cybersecurity compliance regime may work and supplies some clear next-step action items that investment advisers should consider taking. For additional commentary from Araneo, see “How Fund Managers Can Prepare for the Latest SEC Cyber Sweeps” (Jul. 11, 2019).

Key Differences Between U.S. and U.K. Marketing Rules and Tips for Dual Compliance (Part One of Two)

On November 4, 2022, it became mandatory to comply with the SEC’s new marketing rule (Marketing Rule) under Rule 206(4)‑1 of the Investment Advisers Act of 1940 (Advisers Act). Most SEC-registered investment advisers that are subject to the rule have implemented necessary internal changes, but the process is probably more challenging for advisers forced to also comply with other jurisdictions’ requirements. As the largest concentration of SEC-registered fund managers outside the U.S. is in the U.K and regulated by the Financial Conduct Authority (FCA), those advisers must create compliance programs that meet those dual regulatory responsibilities. To address some of the issues relevant to managers that are subject to both the U.S. and U.K. rules on marketing investment products, the Alternative Investment Management Association hosted a webinar that was moderated by senior adviser Suzan Rose and featured K&L Gates partners Michelle Moran and Michael W. McGrath, who has since moved to Dechert. This first article in a two-part series reviews the key differences between the U.S. and U.K. marketing regimes, as well as measures advisers can take to reconcile those regimes. The second article will analyze similarities and differences in the treatment of non-standard investment performance track records (e.g., hypothetical performance, predecessor performance, etc.) across the jurisdictions. For more on preparing for the Marketing Rule, see “A Checklist for Advisers to Guide Compliance With the Marketing Rule” (Sep. 8, 2022); and “Eleven Top of Mind Questions Surrounding the New Marketing Rule” (May 26, 2022).

SEC Remains Focused on Off-Channel Communications

Maintaining appropriate business records is a fundamental compliance duty and a core component of the SEC’s examination and enforcement regime, stressed Seward & Kissel partner Russell Johnston in a recent firm presentation. Failure to preserve records undermines the agency’s ability to protect investors and ensure market integrity. In recent years, the SEC has zeroed in on how firms monitor and maintain records of so-called “off-channel” electronic communications, imposing $2 billion in penalties on firms that failed to do so. Johnston and Seward & Kissel partners Debra Franzese, Philip Moustakis and Michael Watling discussed the SEC’s recent enforcement actions involving off-channel communications, its pending sweep of investment advisers and what advisers can do to ensure they have appropriately addressed use of off-channel communications and prepared for the inevitable examination on the issue. This article distills their insights. See “Former SEC Enforcement Official Looks Back at 2022 and Forward to 2023” (Jan. 5, 2023); and “Present and Former SEC Officials Discuss Enforcement (Part Two of Two)” (Jun. 9, 2022).

How Lawyers Can Leverage the Shifting Environment to Enhance Compliance Programs

In-house lawyers across industries commonly refer to the revenue-generating units of their organizations as “the business,” while legal and compliance departments are referred to as “cost centers” with a pejorative undertone. Notably, the lawyers that operate in those units are keenly aware of the power dynamics that nomenclature reinforces. Shifting perceptions of corporations’ responsibility, however, might give compliance lawyers an opportunity to add value, influence their organizations’ cultures and reframe goals. In a guest article, WTAII PLLC attorneys Warren Allen II and Ray McKenzie share observations and strategies for leveraging those shifts when building and bolstering organizations’ compliance programs. See “Can Compliance Certifications Empower CCOs?” (Jul. 14, 2022).

SEC Adopts Final Rules on Trade Clearance and Settlement

On February 9, 2022, the SEC proposed shortening the required settlement time for securities transactions from the current two business days after the trade date to one business day after the trade date. It also proposed rules to shorten the process for confirming and affirming trade information and to facilitate so-called straight-through processing of securities transactions that takes place without the need for manual intervention. On February 15, 2023, the SEC adopted final rules that are largely in line with its proposal. This article details the key elements of the rule revisions. See “The SEC’s 2022 Reg Flex Agendas: Major Proposals and Ambitious Timelines” (Jul. 28, 2022).