Charu A. Chandrasekhar – Debevoise Data Blog

Cybersecurity

Internal Accounting Controls Claim Rejected in SolarWinds Case

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Paul Rodel, Matt Kelly, Anna Moody, Alice Gu and Talia Lorch July 23, 2024

On July 18, 2024, in the landmark SEC v. SolarWinds Corp. case, U.S. District Judge Paul Engelmayer dismissed the majority of the claims brought by the U.S. Securities and Exchange Commission (the…

Artificial Intelligence

FINRA Issues Brief Reminder on Managing Generative AI Risk in Supervisory Tools

By: Charu A. Chandrasekhar, Avi Gesser, Matt Kelly, Jeff Robins and Kristin Snyder July 1, 2024

While the SEC made an early foray into proposing rules to govern use of generative AI (Gen AI) by broker-dealers,[1] FINRA has been taking a more traditional approach to emergent…

Cybersecurity

Incident Response Plans Are Now Accounting Controls? SEC Brings First-Ever Settled Cybersecurity Internal Controls Charges

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Benjamin R. Pedersen, Julie M. Riewe, Matt Kelly, Anna Moody and Andreas A. Glimenakis June 20, 2024

In an unprecedented settlement, on June 18, 2024, the U.S. Securities & Exchange Commission (the “SEC”) announced that communications and marketing provider R.R. Donnelley & Sons Co. (“RRD”) agreed to…

Artificial Intelligence

SEC Targets AI Washing in Private Capital Markets: “Old School Fraud Using New School Buzzwords”

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Avi Gesser, Julie M. Riewe, Kristin Snyder, Matt Kelly and Suchita Mandavilli Brundage June 14, 2024

On June 11, 2024, the U.S. Securities and Exchange Commission (“SEC”) filed its third matter this year involving “AI washing”—namely, alleged misstatements or omissions by securities market participants about the…

Cybersecurity

The SEC Adopts Significant Cybersecurity Amendments to Reg S-P

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Sheena Paul, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Anna Moody, Johanna Skrzypczyk, Suchita Mandavilli Brundage and Ned Terrace May 17, 2024

On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track…

Artificial Intelligence

Top 10 Cybersecurity Measures for Deploying AI Systems from the NSA, FBI and CISA

By: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Stephanie Cipolla and Noah L. Schwartz May 2, 2024

The integration of artificial intelligence into companies’ business practices poses increased cybersecurity risks, which we have previously written about here. As AI systems become ubiquitous, they also become targets for…

Artificial Intelligence

Treasury’s Report on AI (Part 1) – Governance and Risk Management

By: Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann, Matt Kelly, Johanna Skrzypczyk, Michelle Huang, Sharon Shaji and Annabella M. Waszkiewicz April 29, 2024

On March 27, 2024, the U.S. Department of Treasury (“Treasury”) released a report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). The Report was released…

Artificial Intelligence

Preparing for AI Whistleblowers

By: Avi Gesser, Charu A. Chandrasekhar, Arian June, Michelle Huang, Sharon Shaji and Cooper Yoo April 24, 2024

As artificial intelligence (“AI”) use and capabilities surge, a new risk is emerging for companies: AI whistleblowers. Both increased regulatory scrutiny over AI use and record-breaking whistleblower activity has set…

Artificial Intelligence

The Increasing Risks of AI Washing and Securities Fraud Class Actions

By: Maeve O'Connor, Avi Gesser, Jim Pastore, Kristin Snyder, Charu A. Chandrasekhar, Matt Kelly, Gabriel Kohan, Alexandra Mogul and Joshua A. Goland April 3, 2024

Many public companies are starting to face increased risks of securities class action litigation based on statements about their use of AI that are alleged to have been false or…

Cybersecurity

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under…