SEC – Debevoise Data Blog

SEC

Financial Services Industry Petitions the SEC for a Rulemaking to Amend the Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rule

By: Erez Liebermann, Benjamin R. Pedersen, John Jacob, Stephanie Thomas and Cindy Tu May 27, 2025

Debevoise’s Data Strategy and Security group recently assisted five leading financial services industry trade associations in preparing a joint rulemaking petition in response to the Securities and Exchange Commission’s (“SEC”)…

Cybersecurity

The SEC Adopts Significant Cybersecurity Amendments to Reg S-P

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Erez Liebermann, Sheena Paul, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Anna Moody, Johanna Skrzypczyk, Suchita Mandavilli Brundage and Ned Terrace May 17, 2024

On May 16, 2024, the SEC adopted amendments to Regulation S-P (“Reg S-P”) one year after its proposed amendments (the “Proposed Amendments”). The finalized amendments (“Amended Reg S-P”) largely track…

Cybersecurity

100 Days of Cybersecurity Incident Reporting on Form 8-K: Lessons Learned

By: Charu A. Chandrasekhar, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Matt Kelly, Anna Moody, John Jacob, Kelly Donoghue and Talia Lorch March 28, 2024

On December 18, 2023, the Securities and Exchange Commission’s (the “SEC”) rule requiring disclosure of material cybersecurity incidents became effective. To date, 11 companies have reported a cybersecurity incident under…

Announcement

Announcing the Debevoise Tracker for Cybersecurity Incident Disclosure on Form 8-K

By: Avi Gesser, Benjamin R. Pedersen, John Jacob and Talia Lorch March 6, 2024

In July, we previewed the new rules adopted by the Securities and Exchange Commission (“SEC”) for Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure. Under these rules, Item 1.05 of…

Artificial Intelligence

Have You Reviewed Your Form ADV AI Disclosures?

By: Charu A. Chandrasekhar, Avi Gesser, Kristin Snyder, Julie M. Riewe, Marc Ponchione, Matt Kelly, Sheena Paul, Mengyi Xu and Ned Terrace February 26, 2024

Registered investment advisers (“RIAs”) have swiftly embraced AI for investment strategy, market research, portfolio management, trading, risk management, and operations. In response to the exploding use of AI across the…

Cybersecurity

Webcast: SEC Cybersecurity Rules for Issuers – Part 3: Practice Guide Q&A

By: Luke Dembosky, Charu A. Chandrasekhar, Avi Gesser, Erez Liebermann and Benjamin R. Pedersen December 8, 2023

On December 1, 2023 partners from our Data Strategy & Security, Securities Enforcement, and Capital Markets practices discussed practice tips to implement the SEC’s new cybersecurity rules. Receive the full…

Automated Decision Making

Using Technology to Benefit Markets and Investors

By: Melissa MacGregor (SIFMA), Marc Ponchione, Jeff Robins, Kristin Snyder, Matt Kelly, Sheena Paul, Jarrett Lewis and Melissa Muse October 23, 2023

SIFMA and SIFMA AMG Comment on the SEC’s Proposed Rules for BDs and RIAs Among its many uses in the financial world, technology can improve operational efficiencies, reduce risk and…

Artificial Intelligence

The SEC’s 2024 Examination Priorities: Continued Scrutiny of Cybersecurity Policies and Procedures

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Kristin Snyder, Erez Liebermann, Matt Kelly and Mengyi Xu October 18, 2023

On October 16, 2023, the SEC’s Division of Examinations (“EXAMS”) issued its 2024 Examination Priorities (the “2024 Priorities”). The 2024 Priorities reflect the Commission’s continued scrutiny of information security and…

Artificial Intelligence

SEC Proposes Rule to Eliminate or Neutralize Conflicts of Interest in the Use of “Predictive Data Analytics” Technologies

By: Andrew J. Ceresney, Charu A. Chandrasekhar, Avi Gesser, Robert B. Kaplan, Marc Ponchione, Julie M. Riewe, Jeff Robins, Kristin Snyder, Matt Kelly, Gary Murphy, Sheena Paul, Jarrett Lewis, Catherine Morrison and Mengyi Xu August 14, 2023

On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) issued proposed rules (the “Proposed Rules”) that would require broker-dealers and investment advisers (collectively, “firms”) to evaluate their use…

Regulation

SEC Adopts New Cybersecurity Rules for Issuers – Part 2 Key Takeaways

By: Charu A. Chandrasekhar, Luke Dembosky, Avi Gesser, Matthew Kaplan, Erez Liebermann, Benjamin R. Pedersen, Paul Rodel, Steven J. Slutzky, Matt Kelly, Mengyi Xu, Kelly Donoghue, John Jacob, Amy Pereira, Chris Duff and Ned Terrace August 7, 2023

On July 26, 2023, the SEC adopted long-anticipated final rules on cybersecurity risk management, strategy, governance and incident disclosure for issuers (“Final Rules”). We summarized the key obligations under the…