MVA White Collar Defense, Investigations, and Regulatory Advice Blog

As cybersecurity attacks have continued to gain prominence as a threat posing critical risk management and compliance challenges for financial institutions, the Securities and Exchange Commission (SEC) has emerged as an active federal regulator in this arena. In September 2017, the SEC announced creation of a Cyber Unit housed within the SEC’s Enforcement Division that targets cyber-related misconduct, including hacking to obtain material nonpublic information, intrusions into retail brokerage accounts, and cyber-related threats to trading platforms and other ...

Charlotte Litigation Members Neil Bloomfield and Ed O’Keefe will be serving as panelists at the upcoming SIFMA Compliance and Legal Society's Charlotte Regional Seminar on Monday, September 24, 2018. This one day seminar feature presentations by leading securities regulators and industry professionals.  Bloomfield will be speaking on the Privacy and Cybersecurity Issues panel alongside Keith Agisim (Moderator, Bank of America), Michael Adams (McGuireWoods), James Powell (LPL Financial LLC), and John Reed Stark (John Reed Stark Consulting, LLC).  O’Keefe ...

Members of MVA’s Privacy and Data Security team, Charlotte Member Neil Bloomfield, Charlotte Counsel Tandy Mathis and Charlotte Associate Nathan White were speakers for the latest Privacy and Data Security Seminar that was held on August 22, 2018. This seminar discussed the data management challenges in today’s government investigations. This is an area undergoing significant changes in light of GDPR, the CLOUD Act and the impending suspension of the Privacy Shield. This CLE focused on both the legal restrictions and practical challenges confronting U.S. counsel when ...

By John Fagg, Nader Raja, and Kristen Kenley.  On July 11, 2018, pursuant to a Presidential Executive Order, the Department of Justice announced the formation of a new multi-agency task force on Market Integrity and Consumer Fraud that will focus on combating consumer and market fraud.  Deputy Attorney General Rod Rosenstein, who will chair the new task force, unveiled plans for the initiative at a press conference that brought together top regulators at the Department of Justice, the Securities and Exchange Commission, the Consumer Financial Protection Bureau, and the Federal ...

On Feb. 22, 2018, the Securities and Exchange Commission (SEC) issued its first interpretive guidance since October 2011 on public companies’ cybersecurity risk and incident disclosure obligations. Although public companies are not subject to an express obligation to disclose data security threats under federal law or SEC regulations, the latest guidance confirms that “companies nonetheless may be obligated to disclose such risks and incidents.”

The purposes of the SEC’s new guidance are threefold:

1. Reinforce and expand upon the October 2011 guidance;
2. Address the ...

The CLOUD Act Overhauls an Outdated Stored Communications Act (SCA ...

By Neil Bloomfield and Lindsey Frye.  This will be our first in a series of updates on the status of regulation and enforcement in the context of cybersecurity related issues.  Regulation and liability in the context of a cyber attack present complex questions.  The easy target is the individual or organization that committed that attack—the criminal hacker.  Unfortunately, the easy target is often beyond the jurisdiction of U.S. courts, and even if they are not, they lack the resources to provide a meaningful recovery.  Secondary targets, which have become the focus of ...