While the SEC made an early foray into proposing rules to govern use of generative AI (Gen AI) by broker-dealers,[1] FINRA has been taking a more traditional approach to emergent technology: surveying members on uses, issuing white papers,[2] publishing observations from its examinations program,[3] and issuing guidance about the application of existing rules.[4]  Consistent with this approach, on June 27,…

Over the last week, the Consumer Financial Protection Bureau (“CFPB”) and the Office of the Comptroller of the Currency (“OCC”) approved the Quality Control Standards for Automated Valuation Models (the “Rule”), which will require mortgage originators and secondary market issuers to ensure that algorithms used for real estate valuation, including artificial intelligence (“AI”) systems (collectively, “automated valuation models” or “AVMs”),…

Our top five European data protection developments from May are: UK guidance on ransom payments: The UK NCSC and various insurance industry bodies co-published guidance on key considerations for ransomware payments. The guidance does not introduce new restrictions or obligations, and is consistent with prior industry standards, as well as UK NCSC and UK ICO messaging. However, there may be…

June 27, 2024 On June 24, 2024, the staff of the Division of Corporation Finance of the Securities and Exchange Commission (the “SEC”) released five new Compliance & Disclosure Interpretations (“C&DIs”) relating to the disclosure of material cybersecurity incidents under Item 1.05 of Form 8-K. A summary of the updates is below, followed by the full text of the new…

As the European Union edges ever-closer to formally enacting the EU AI Act, attention is turning to how other jurisdictions will approach AI regulation.  In the UK, individual regulators will oversee the use of AI within their respective areas of competence. This blog post analyses the UK Competition and Markets Authority’s (“CMA”) proposed approach to AI regulation. The UK Approach…