Posts Tagged ‘Risk management’

Chairman’s Address at SEC Speaks 2015

Posted by Mary Jo White, Chair, U.S. Securities and Exchange Commission, on Wednesday February 25, 2015 at 9:04 am
  • Print
  • email
  • Twitter
Editor’s Note: Mary Jo White is Chair of the U.S. Securities and Exchange Commission. This post is based on Chair White’s recent address at the Practising Law Institute’s SEC Speaks in 2015 Conference; the full text, including footnotes, is available here. The views expressed in this post are those of Chair White and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

By every meaningful measure, 2014 was a year of significant accomplishment across all of the agency’s areas of responsibility. The year was highlighted by the completion of several transformative rulemakings, including new policy reforms to address faults exposed during the financial crisis and initiatives to better address vulnerabilities in the resiliency and integrity of our markets. It was also an unprecedented year in enforcement, in terms of the number of cases and, more importantly, their subject matter. We made important strides in our review and action plans for optimizing the structure of our equity and fixed income markets, enhancing our risk supervision of the asset management industry and bolstering the effectiveness of public company disclosure. We also significantly strengthened our examination coverage of market participants. But, as always, we have more to do and expect a very busy 2015.

…continue reading: Chairman’s Address at SEC Speaks 2015

Financial Market Utilities: Is the System Safer?

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Saturday February 21, 2015 at 9:24 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Dan Ryan, Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP, and is based on a PwC publication.

It has been two and a half years since the Financial Stability Oversight Council (FSOC) designated select financial market utilities (FMUs) as “systemically important.” These entities’ respective primary supervisory agencies have since increased scrutiny of these organizations’ operations and issued rules to enhance their resilience.

As a result, systemically important FMUs (SIFMUs) have been challenged by a significant increase in regulatory on-site presence, data requests, and overall supervisory expectations. Further, they are now subject to heightened and often entirely new regulatory requirements. Given the breadth and evolving nature of these requirements, regulators have prioritized compliance with requirements deemed most critical to the safety and soundness of financial markets. These include certain areas within corporate governance and risk management such as liquidity risk management, participant default management, and recovery and wind-down planning.

…continue reading: Financial Market Utilities: Is the System Safer?

Key Considerations for Board and Audit Committee Members

Posted by Mary Ann Cloyd, PricewaterhouseCoopers LLP, on Tuesday February 17, 2015 at 9:05 am
  • Print
  • email
  • Twitter
Editor’s Note: Mary Ann Cloyd is leader of the Center for Board Governance at PricewaterhouseCoopers LLP. This post is based on a PwC’s 2014-2015 Key considerations for board and audit committee members report.

The changing business landscape, technological advances, and significant risks such as cybersecurity continue to present opportunities and challenges for companies today. Directors will want to take a fresh and critical look at their boardroom agenda to ensure it is meeting today’s needs.

PwC’s 2014-2015 edition of Key considerations for board and audit committee members, an annual publication from PwC’s Center for Board Governance, can help enhance the quality of board and management discussions in the coming year.

Here are some highlights:

…continue reading: Key Considerations for Board and Audit Committee Members

Cybersecurity and Privacy Diligence in a Post-Breach World

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Sunday February 15, 2015 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo and Randi Singer; the complete publication, including footnotes, is available here.

“By the time you hear thunder, it’s too late to build the ark.”
— Unknown

In November 2014—just two weeks after Admiral Michael Rogers, director of the National Security Agency, testified to the House Intelligence Committee that certain nation-state actors had the capability of “infiltrating the networks of industrial-control systems, the electronic brains behind infrastructure like the electrical grid, nuclear power plants, air traffic control and subway systems”—Sony Pictures announced it had experienced a major cyber-attack, one many sources believe was likely perpetrated by or on behalf of a nation-state. This destructive cyber-attack was a game-changer for corporate America because it became clear that hackers are not simply focused on credit card numbers or personal information. Indeed, the attack on Sony was designed to steal the Company’s intellectual property, disseminate personal emails of high-ranking executives, and destroy Sony servers and hard drives, rendering them useless.

…continue reading: Cybersecurity and Privacy Diligence in a Post-Breach World

2014 Year-End Review of BSA/AML and Sanctions Developments

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Saturday February 14, 2015 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Sullivan & Cromwell LLP, and is based on a Sullivan & Cromwell publication by Elizabeth T. Davy, Jared M. Fishman, Eric J. Kadel Jr., and Jennifer L. Sutton; the complete publication is available here.

This post highlights what we believe to be the most significant developments during 2014 for financial institutions with respect to U.S. Bank Secrecy Act/anti-money laundering (“BSA/AML”) and U.S. sanctions programs, including sanctions administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), and identifies significant trends. The overarching trend that is likely to continue for the foreseeable future is an intense focus on BSA/AML and sanctions compliance by multiple government agencies, combined with increasing regulatory expectations and significant enforcement actions and penalties.

…continue reading: 2014 Year-End Review of BSA/AML and Sanctions Developments

Changing the Cyber Security Playing Field in 2015

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Tuesday January 20, 2015 at 8:36 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo; the complete publication, including footnotes, is available here.

“If this incident [Sony] isn’t a giant wake-up call for U.S. corporations to get serious about cybersecurity, I don’t know what is. I’ve done more than two dozen speaking engagements around the world this year, and one point I always try to drive home is that far too few organizations recognize how much they have riding on their technology and IT operations until it is too late. The message is that if the security breaks down, the technology stops working—and if that happens the business can quickly grind to a halt. But you would be hard-pressed to witness signs that most organizations have heard and internalized that message, based on their investments in cybersecurity relative to their overall reliance on it.”

— Author Brian Krebs, Dec. 20, 2014.

“For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.”

— Professor Bruce Schneier, Dec. 19, 2014.

Without a doubt, the last month in the world of cyber security has been tumultuous. It has now been confirmed that two companies in the United States have potentially been the subject of cyber-terrorism. Servers have been taken down or wiped out. Businesses have been significantly disrupted. Personally identifiable employee information has been shoveled by the pound onto Internet credit card “market” sites. The cyber security world has changed. And two of the most respected men in cyber security have both iterated similar messages: it is time for U.S. corporations to take this stuff seriously.

…continue reading: Changing the Cyber Security Playing Field in 2015

Top 10 Topics for Directors in 2015

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday December 24, 2014 at 9:08 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Kerry E. Berchem, partner and co-head of the corporate practice group at Akin Gump Strauss Hauer & Feld LLP. This post is based on an Akin Gump corporate alert; the full publication, including footnotes, is available here.

U.S. public companies face a host of challenges as they enter 2015. Here is our list of hot topics for the boardroom in the coming year:

  • 1. Oversee strategic planning in the face of uneven economic growth and rising geopolitical tensions
  • 2. Oversee cybersecurity as hackers seek to infiltrate even the most sophisticated information security systems
  • 3. Assess the impact of advances in technology and big data on the company’s business plans
  • 4. Cultivate shareholder relations and assess company vulnerabilities as activist investors target more companies
  • 5. Consider the impact of M&A opportunities
  • 6. Oversee risk management as newer and more complex risks emerge
  • 7. Ensure appropriate board composition in light of increasing focus on diversity, director tenure and board size
  • 8. Explore new trends in reducing corporate health care costs
  • 9. Set appropriate executive compensation
  • 10. Ensure the company has a robust compliance program as the SEC steps up its enforcement efforts and whistleblowers earn huge bounties.

…continue reading: Top 10 Topics for Directors in 2015

The Importance of a Battle-Tested Cyber Incident Response Plan

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Friday December 19, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on a Weil Alert authored by Mr. Ferrillo.

“The scope of [the Sony Pictures Entertainment (SPE)] attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public…. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

— Remarks by Kevin Mandia, “Sony Investigator Says Cyber Attack ‘Unparalleled’ Crime,” Reuters, December 7, 2014. [1]

“The days of the IT guy sitting alone in a dark corner are long gone. Cybersecurity has become an obvious priority for C-Suites and boardrooms, as reputations, intellectual property and ultimately lots of money are on the line.”

— Priya Ananda, “One Year After Target’s Breach: What Have We Learned?” November 1, 2014. [2]

“Resiliency is the ability to sustain damage but ultimately succeed. Resiliency is all about accepting that I will sustain a certain amount of damage.”

— NSA Director and Commander of U.S. Cyber Command Admiral Mike Rogers, September 16, 2014. [3]

We have definitively learned from the past few months’ worth of catastrophic cyber security breaches that throwing tens of millions of dollars at “preventive” measures is simply not enough. The bad guys are too far ahead of the malware curve for that. [4] We have also learned that there are no such things as quick fixes in the cyber security world. Instead, the best approach is a holistic approach: basic blocking and tackling such as password protection, encryption, employee training, and strong, multi-faceted intrusion detection systems [5] really trump reliance on a “50 foot high firewall” alone. But there are also two more things that are critical to a holistic cyber security approach: a strong, well-practiced Incident Response Plan (IRP), and, as Admiral Rogers noted above, the concept of cyber-resiliency, i.e., the ability to take your lumps, but continue your business operations unabated.

In this post, we tackle two questions: (1) What are the essential elements of a Cyber IRP? and (2) Why are IRPs so important to your organization?

…continue reading: The Importance of a Battle-Tested Cyber Incident Response Plan

Some Thoughts for Boards of Directors in 2015

Editor’s Note: Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisitions and matters affecting corporate policy and strategy. This post is based on a Wachtell Lipton memorandum by Mr. Lipton, Stephen A. Rosenblum, and Karessa L. Cain.

The challenges that directors of public companies face in carrying out their duties continue to grow. The end goal remains the same, to oversee the successful, profitable and sustainable operations of their companies. But the pressures that confront directors, from activism and short-termism, to ongoing shifts in governance, to global risks and competition, are many. A few weeks ago we issued an updated list of key issues that boards will be expected to deal with in the coming year (accessible at this link: The Spotlight on Boards, and discussed on the Forum here). Highlighted below are a few of the more significant issues and trends that we believe directors should bear in mind as they consider their companies’ priorities and objectives and seek to meet their companies’ goals.

…continue reading: Some Thoughts for Boards of Directors in 2015

Protecting the Technological Infrastructure of Our Capital Markets

Posted by Luis A. Aguilar, Commissioner, U.S. Securities and Exchange Commission, on Tuesday November 25, 2014 at 9:19 am
  • Print
  • email
  • Twitter
Editor’s Note: Luis A. Aguilar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Aguilar’s remarks at a recent open meeting of the SEC; the full text, including footnotes, is available here. The views expressed in the post are those of Commissioner Aguilar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

Today [November 19, 2014], the Commission considers adopting Regulation Systems, Compliance, and Integrity (or Regulation SCI). These rules and amendments are intended to establish a foundational regulatory framework for the technological market infrastructure that has become increasingly intertwined with the functioning of our securities markets. The rules being considered for adoption today represent a clear improvement over the proposed version, which offered only a hollow promise that our markets would be safer, more resilient, and more stable.

…continue reading: Protecting the Technological Infrastructure of Our Capital Markets

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine