Priorities Include Artificial Intelligence and Other Emerging Technologies, Complex Products, Reg BI, Cybersecurity, Outsourcing, Private Funds and Compliance with New and Amended SEC Rules

On October 21, 2024, the Division of Examinations (the “Division”) of the U.S. Securities and Exchange Commission (“SEC”) released its examination priorities for fiscal year 2025 (which started October 1, 2024). Over the course of 2025, the Division intends for its examinations to focus on the use of artificial intelligence and other emerging technologies (including digital engagement practices, complex products, cybersecurity, outsourcing, private fund advisers, and compliance with new and amended SEC rules, such as the recent amendments to Regulation S-P and SEC rule changes relating to the securities industry’s transition to a T+1 standard settlement cycle for most securities transactions.

In this Legal Update, we provide a brief overview of the Division’s 2025 priorities, with a focus on topics relevant to broker-dealers and investment advisers. Broker-dealers, investment advisers and other SEC registrants should review the priorities closely and evaluate their own compliance efforts and examination preparedness, including by raising awareness within their organizations and identifying and addressing opportunities to strengthen internal controls and compliance procedures.

On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letterCybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks, providing guidance on the cybersecurity risks associated with the use of artificial intelligence (AI) and strategies for entities regulated by DFS (“Covered Entities”) to mitigate these risks.

The guidance reviews the AI-cybersecurity risk landscape and provides a broad overview of controls to mitigate that risk.  Although NYDFS states that this guidance does not impose new requirements, companies would be wise to pay attention. The letter does not impose any new rules, instead addressing how Covered Entities should use the framework in 23 NYCRR Part 500 (“Cybersecurity Regulation”) to assess and mitigate AI-related cybersecurity risks. But, as a practical matter, the guidance will certainly shape how NYDFS evaluates companies’ cybersecurity programs. And as with other early NYDFS cybersecurity initiatives, this guidance will likely influence how other regulators approach AI-cybersecurity risk.

We provide a summary of the guidance in our Legal Update.

On September 25, 2024, the Securities and Exchange Commission announced the settlement of twenty-one enforcement actions related to untimely reports required by Section 13(d) or 13(g) of the Securities Exchange Act, Section 16(a) of the statute, or some combination of the provisions. The twenty-three respondents in the proceedings included thirteen firms, several of which are public companies, and ten natural persons. All the actions were settled by consent. None of the respondents admitted or denied the SEC’s charges. Cease and desist orders forbidding the respondents from committing or causing future violations of the relevant statutory provisions were entered against all twenty-three. The Commission assessed penalties against all the respondents in amounts ranging from $10,000 to $750,000.

Section 13(d) and (g) require reports from beneficial owners of more than five percent of a class of voting securities registered under Section 12 of the Exchange Act. Schedules 13D and 13G are the reporting forms. Prompt amendments to the ownership reports to disclose certain changes in beneficial ownership must be filed in circumstances described in the SEC’s regulations. Directors and certain executives for the issuers of such securities are required by Section 16(a) to file initial reports of ownership on Form 3 and transaction reports for acquisitions and dispositions of such securities on Form 4. Form 4 reports must be filed electronically within two business days of the reportable transaction. The same duties apply to beneficial owners of more than ten percent of such a class, (even though their ownership stakes are also reportable pursuant to Section 13(d) or (g)). Public companies must disclose reporting delinquencies under Section 16(a) in their proxy statements.

Late reporting was the common element in all the actions against the twenty-one beneficial owners who were respondents. One case was brought against a party that had made a single untimely Schedule 13D filing. Another action was charged late filing of a report of initial ownership on Form 3 and of Schedule 13D. Several respondents were cited for numerous delinquencies. One complaint lists seventy untimely Form 4 reports.

The respondents included two public companies that had undertaken to make Section 16(a) filings for their directors and executives, a compliance practice encouraged by the Commission, but had failed to make timely reports. In the circumstances, the SEC commented, both companies had caused violations of Section 16(a) related to the delinquent filings. Each also failed to disclose the reporting delinquencies in their proxy statements in violation of Exchange Act Section 13(a)

Another of the public company respondents charged with Section 16(a) reporting failures also was cited for violation of Exchange Act Section 13(f), the statutory requirement for investment managers with investment discretion over $100 million or more in certain securities to report their holdings to the SEC. The case is unusual in that the company in question is not a financial services provider. Instead, the company was managing a very large portfolio for its own account.

The enforcement sweep demonstrates the Commission’s continuing interest in ensuring timely ownership reporting under Sections 13(d) and (g) and Section 16(a) of the Exchange Act. Similar prosecutions were conducted in 2014, 2015, 2020, and 2023. The lessons of the actions emphasize the importance of reliable compliance procedures for capturing and reporting trading information for beneficial owners of more than five or ten percent of registered voting securities and for the directors and executives of Exchange Act registrants within the periods prescribed by the regulations. Public companies assisting persons subject to Section 16(a) should recognize that providing the assistance means shared responsibility for the reports.

Exempt and Hybrid Securities Offerings, published by the Practising Law Institute, is both a comprehensive reference on exempt and hybrid securities offerings, including the history and evolution of exempt offering exemptions, and a practical handbook, with step-by-step guides, practice pointers, and forms. Co-author Anna Pinedo’s 2024 update includes guidance on market trends, rule changes, enforcement activity and more.

Learn more on PLI’s website or on our blog.

November 5, 2024
8:30 a.m. – 9:30 a.m. EDT
Mayer Brown LLP 14th Floor, 1221 Avenue of the Americas, New York, NY 10020

Join us for this in-person CLE on November 5, 2024.

There are a number of FINRA rules to take into account from the perspective of a placement agent or underwriter when undertaking a private placement or a public offering. During our session, we will focus on recent developments, new guidance and FAQs, and enforcement actions relating to the following:

  • Rule 5123 and private placements;
  • Rule 2210 relating to advertising, when considered in the context of private placements and public offerings;
  • Rule 5120 on conflicts of interest, including disclosure requirements and when a QIU is required;
  • Rule 5110 and underwriting compensation; and
  • Rule 5141 and fixed price offerings.

This is an in-person presentation, with CLE credit, intended to encourage discussion. There will be no recording, and no zoom or hybrid option available.

Breakfast will be served.

Please email ckaplan@mayerbrown.com to register.

In September 2024, the Securities and Exchange Commission charged a consumer products company (the “Company”) with having made inaccurate claims regarding the recyclability of its single-use coffee pods.  The SEC found that the company violated Section 13(a) of the Securities Exchange Act of 1934 and Rule 13a-1, which require companies to file accurate reports.

According to the SEC, the Company failed to disclose that two of the largest recycling companies in the US had raised significant concerns about the commercial feasibility of recycling the Company’s coffee pods.  At the time, these recycling companies had informed the Company that they did not intend to accept the pods for curbside recycling.  However, in its annual reports, the Company claimed that testing with recycling facilities validated the recyclability of the coffee pods.  Sale of these coffee pods represented a considerable portion of the Company’s coffee systems business in 2019, a segment in which consumer research revealed that environmental concerns were a key factor influencing customer purchasing decisions.

In a statement, Commissioner Peirce dissented, arguing that the Company’s claims about the recyclability of its coffee pods were accurate and should not be considered misleading simply because some recycling companies declined to process them.  Commissioner Peirce expressed concern that the SEC’s action may deter firms from making certain claims in their reports.  She also noted that the action creates an excessive burden by requiring overly detailed caveats to avoid potential second-guessing.  Commissioner Peirce questioned the Commission’s approach of imposing penalties without proving that the disclosures were materially misleading or relevant to investor decisions.

To settle the charges, the Company agreed to a cease-and-desist order and a $1.5 million civil penalty.  Read the SEC’s full press release and order.

A broker-dealer failed to reasonably supervise its registered representatives when making recommendations of certain variable rate structured products (“VRSPs”), including fixed to floating rate steepeners and other variable rate principal-at-risk structured products, to 20 investors.  The broker-dealer violated FINRA Rules 2111 (Suitability) and 3110 (Supervision).  The behavior in question occurred prior to the adoption of Regulation Best Interest.

The broker-dealer recommended VRSPs to 12 customers with low or moderate risk tolerance.  Although the broker-dealer’s written supervisory procedures (“WSPs”) required that customers sign a form confirming that they understood the risks of investing in VRSPs, no such forms were signed, and the recommendations to purchase the VRSPs were not reasonably supervised.

The broker-dealer also made recommendations of VSRPs resulting in concentrations of at least 25% in each of eight other customers’ accounts.  Because VSRPs can make little to no interest for years, these recommendations were unsuitable.  At that time, the broker-dealer had no exception reports or any other mechanism to prevent concentration of structured products, and did not conduct reviews to evaluate whether such recommendations were suitable for the customers.

The Chair and Commissioners of the Securities and Exchange Commission testified before the US House of Representatives Committee on Financial Services on September 24, 2024.  The SEC’s testimony provided updates on market conditions and highlighted key developments in the Commission’s rulemaking activities over the past year.

The SEC noted that the US capital markets makes up 40% of the world’s capital markets.  About 58% of US households own stocks and over 50% of US households own registered funds.  Registered investment advisers advise on over $37 trillion in registered funds, $27 trillion in private funds, and $49 trillion in separately managed accounts.

The testimony also outlined the broad scope of the SEC’s responsibilities.  The SEC oversees over 40,000 entities, including 13,000 registered funds, 15,400 investment advisers, 3,400 broker-dealers, 25 national securities exchanges, 108 alternative trading systems, 10 credit rating agencies, and six active registered clearing agencies, among other external entities.

In its testimony, the SEC included an update from the Division of Corporation Finance (“Corp Fin”).  In 2023, approximately 7,400 actively reporting issuers were subject to oversight by the Division of Corporate Finance’s Disclosure Review Program, with over 4,000 listed on US exchanges.  Corp Fin reviewed the filings of over 3,700 reporting companies and new issuers in 2023.  Below is a summary of Corp Fin’s rulemaking activity referenced in the SEC’s testimony along with links to our Legal Updates on the rules:

  • Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Final Rules (July 2023).  The SEC began requiring registrants to disclose material cybersecurity incidents they experience and requiring registrants to disclose material information regarding their cybersecurity risk management, strategy, and governance on an annual basis.  Read our Legal Update.
  • Prohibition Against Conflicts of Interest in Certain Securitizations Final Rules (November 2023).  As mandated by Dodd-Frank, the SEC adopted rules regarding conflicts of interest in the securitization market, with compliance required starting in June 2025.  Read our White Paper.
  • The Enhancement and Standardization of Climate-Related Disclosures for Investors Final Rules (March 2024).  The SEC adopted rules to standardize climate-related risk disclosures by public companies and in public offerings.  However, after multiple lawsuits challenging the rule were consolidated into a case in the Eighth Circuit, the SEC stayed its rule pending the resolution of the challenges.  Read our Legal Update.  
  • SPACs, Shell Companies, and Projections Final Rules (July 2024).  The SEC implemented its final rules regarding disclosures by special purpose acquisition companies (SPACs), both when going public as well as when engaging in a business combination transaction with a target company (de-SPAC transactions).  Read our Legal Update.  
  • Exchange Listing Rules on Clawbacks of Executive Compensation (October 2023).  The SEC adopted rules requiring companies to implement policies for reclaiming executive compensation in cases of financial restatements, with issuer disclosure requirements starting in 2024.  Read our Legal Update.
  • Amendments to Rule 10b5-1 (December 2022).  The SEC updated rules regarding how corporate insiders trade their own company’s stock were phased in April 2023. Read our Legal Update.
  • Beneficial Ownership Reporting Deadlines (October 2023).  The SEC adopted rules shortening the deadlines for beneficial ownersto publicly disclose their holdings, with compliance starting in February 2024.  Read our Legal Update.
  • Most recently, consistent with Congress’s mandate in the Financial Data Transparency Act of 2022, the SEC and eight other federal financial regulators proposed joint data standards for data submitted to the nine financial regulators to promote the interoperability of financial regulatory data.  Read more about the proposal.

The SEC’s testimony also reviewed the accomplishments of the Divisions of Investment Management, Trading and Markets, Economic and Risk Analysis, Examinations, and Enforcement, which we cover in a separate post.

Read the Commission’s full testimony.

The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. (“FINRA”) recently published a cybersecurity advisory regarding increasing cybersecurity risks at third-party providers (the “Cybersecurity Advisory”). The Cybersecurity Advisory highlights third-party risks to FINRA member firms and effective practices to mitigate such risks.  

FINRA’s advisory comes at a time when third-party cyber risk is regularly in the headlines.  The Cybersecurity Advisory cites to several third-party incidents in the recent past that impacted member firms, such as the 2023 MOVEit incident, which has been monitored by FINRA over the last year. While the Cybersecurity Advisory does not establish new legal or regulatory requirements, FINRA urges member firms to consider the advisory as they review or update their existing third-party outsourcing/vendor, including cybersecurity, policies and practices. 

Read our Legal Update.

Seminar | Wednesday, October 16, 2024
8:00am – 5:00pm EDT
Register here.

Mayer Brown is pleased to sponsor SIFMA’s C&L Regional Seminar in New York City. C&L Regional Seminars gather compliance and legal professionals working in the financial services industry to share best practices, informative content and focused networking opportunities in the increasingly complex and changing regulatory and compliance arenas.