Financial Regulatory Forum

U.S. regulators urge firms to improve business continuity and disaster recovery plans

By Guest Contributor
August 21, 2013

By Stuart Gittleman, Compliance Complete

NEW YORK, Aug.21 (Thomson Reuters Accelus) – Futures and securities firms should review their industry-wide and internal business continuity and disaster recovery plans to improve responsiveness to significant disruptions and reduce recovery time, their regulators said Friday in a staff advisory.

Cybersecurity and the board: avoiding personal liability — Part III of III: Policies and procedures

By Guest Contributor
August 8, 2013

By Steven L. Caponi, Thomson Reuters Accelus contributing author

NEW YORK, Aug. 8 (Thomson Reuters Accelus) - In the previous two installments of this series (Part I and Part II), we discussed the fiduciary obligation of officers/directors to proactively address cyber security and the legal basis for holding them personally liable if they fail to do so. This third and final article explores the more difficult task of deciding which best practices directors should consider adopting. Because each enterprise faces unique challenges, this process requires that directors understand their company’s cyber security risk profile and the options available for mitigating the risk.

Cybersecurity and the board of directors: avoiding personal liability — Part II of III

By Guest Contributor
August 6, 2013

By Steven L. Caponi, Compliance Complete contributing author

NEW YORK, Aug. 6 (Thomson Reuters Accelus) - The first article in this three-part series discussed how legal principles governing directors’ fiduciary duties may be applied to cybersecurity and the risks posed by cyber attacks. To summarize, Delaware’s corporate law places an affirmative obligation on fiduciaries to keep informed of serious risks facing the enterprise. The failure to exercise appropriate oversight in the face of known risks constitutes a breach of the duty of loyalty, a breach that cannot be exculpated under 8 Del. C. §102(b)(7).

IA brief: State laws may require firms to re-think social media policies

By Guest Contributor
October 3, 2012

By Jason Wallace

NEW YORK, Oct. 3 (Thomson Reuters Accelus) – Federal and state privacy legislation aiming to protect against employer access to private social media websites may put the investment industry in a bind — unable to fully supervise social-media and electronic communications used by their representatives.

Disclosures 2012: level of cyber-security risk disclosures varies after new SEC guidance

By Guest Contributor
April 6, 2012

By Robert Kalb

NEW YORK, April 6 (Business Law Currents) – Ever-growing reliance on technology in customer interactions, proprietary data storage and even normal business operations is creating increased risk for companies working to ensure these systems remain uncompromised. As threats of cyber-attacks expand across industries, and given the potential material impact on operations, the security of these digital technologies from internal and external threats is vital.