On July 25, 2024, the U.S. District Court for the Eastern District of Texas stayed the U.S. Department of Labor’s (DOL) recently-issued final rule, set to take effect September 23, 2024, which would amend the definition of an “investment advice fiduciary” for purposes of the Employee Retirement Income Security Act of 1974 (ERISA) and the Internal Revenue Code (the 2024 Rule). One day later, in a separate case challenging the 2024 Rule, the U.S. District Court for the Northern District of Texas also stayed the 2024 Rule on similar grounds. Both decisions stay the effective date of the 2024 Rule indefinitely while the cases are pending.Continue Reading Two Federal District Courts Stay DOL Fiduciary Rule
Devin Eager
SEC Settles Enforcement Proceedings Against Business for Allegedly Insufficient Internal Controls Relating to Cybersecurity Incident
On June 18, 2024, the SEC announced the settlement of administrative proceedings brought against a marketing and business communications firm for alleged internal accounting control deficiencies that caused the firm’s failure to promptly respond to a ransomware attack that occurred between November 29, 2021 and December 23, 2021, and which involved the unauthorized encryption of the firm’s computers, exfiltration of firm and client data, and business service disruptions. According to the order, the firm received and reviewed network intrusion alerts escalated to it by its third-party managed security services provider, but the firm’s cybersecurity alert review and incident response policies and procedures failed to adequately establish a prioritization scheme and provide clear guidance to internal and external personnel on procedures for responding to such incidents. As a result, the firm did not take the malware-infected instances off its network, investigate the activity, or take other steps to prevent further network compromise until December 23, 2021. Continue Reading SEC Settles Enforcement Proceedings Against Business for Allegedly Insufficient Internal Controls Relating to Cybersecurity Incident
FINRA Proposes Rules Regarding SEC-Mandated Reporting of Securities Lending Transactions
On May 1, 2024, the Financial Industry Regulatory Authority (FINRA) proposed a new series of rules—FINRA Rule 6500 Series—regarding reporting of securities lending transactions pursuant to the requirements under new Rule 10c-1a under the Securities Exchange Act of 1934 which the SEC adopted on October 13, 2023. Rule 10c-1a requires “covered persons” to report specified information about “covered securities loans” (as these terms are defined in Rule 10c-1a) to FINRA by the end of the day on which a loan is made or modified, in accordance with rules that FINRA is required to adopt by May 2, 2024 and that detail the format and manner by which the loan information is reported. Continue Reading FINRA Proposes Rules Regarding SEC-Mandated Reporting of Securities Lending Transactions