July 2, 2022

Volume XII, Number 183

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis

Increased Regulatory Focus on Privacy and Cybersecurity for Private Funds in 2022

2021 continued the trend of increased regulatory focus on privacy and cybersecurity for private investment funds in the U.S. and abroad. There are no signs of the trend leveling off any time soon.

One of the topics that captured our attention last year was the rise of ransomware. As previously shared, ransomware has evolved from merely encrypting files/disabling networks in solicitation of ransom, to sophisticated attacks penetrating data systems and debilitating entities.  Thus, while money continues to be an obvious motivator for these attacks, increasingly so is the pursuit of intellectual property and data.  Regulatory agencies have responded to combat the increase in attacks. For example, in October 2020, OFAC issued an Advisory declaring that any payment made to a sanctioned entity on OFAC’s list would be a violation of federal sanctions regulations and the paying entity would be strictly liable. Importantly, this means that the intent of the victim, and the knowledge as to whether the entity is on OFAC’s list, is no defense. While OFAC intends to decrease ransomware attack compliance through the issuance of its list of sanctioned entities, the nature of ransomware makes it difficult for the victim of an attack to be able to identify what entity is actually being paid.  This ambiguity may cause victims of ransomware attacks to unintentionally violate OFAC’s sanctions and be held strictly liable despite the publication of a list of sanctioned entities.

In the same vein of preventing breaches of privacy via cybersecurity efforts, in February 2022, the SEC proposed new rules under the Investment Advisers Act of 1940 (the “Advisers Act”) and the Investment Company Act of 1940 (the “Investment Company Act”) requiring registered investment advisers and funds to adopt and implement written cybersecurity policies and procedures reasonably designed to address such risks.  One of the proposed rules requires advisers to report significant cybersecurity incidents affecting the adviser, or its fund or private fund clients, to the Commission. The Commission is also proposing amendments to various forms regarding the disclosure related to cybersecurity risks and incidents that affect advisers, funds, their clients, and their shareholders. The comment period ends on April 11, 2022, after which we can expect these new rules to take effect.

In the UK, the National Cyber Security Centre (NCSC) has recently published a reminder to organizations to take steps to protect their systems given the increased risk from and number of cyber threats. This reminder was reiterated by the ICO, the UK’s data supervisory authority, following a reported uptick in cyber related data breaches in the UK of nearly 20% in the past two years. The UK’s data protection legislation already provides that organizations should implement “appropriate technical and organisational measures to ensure a level of security appropriate to the risk” to protect personal data. When designing and assessing “appropriate” measures, organizations in the UK (including funds, sponsors and advisers) should also now take account of the specific guidance on ransomware recently published by the ICO.

We expect to see a continued focus on privacy and cybersecurity in the private funds space as regulators work to find ways to increase security and decrease the risk of loss due to new methods of attack.

Dorothy Murray, Joshua M. Newville, Todd J. Ohlms, Seetha Ramachandran, Jonathan M. Weiss, Julia Alonzo, James Anderson, Julia M. Ansanelli, William D. Dalsen, Adam L. Deming, Kelly McMullon, Reut N. Samuels and Hena M. Vora contributed to this article. 

© 2022 Proskauer Rose LLP. National Law Review, Volume XII, Number 75
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Partner

Steven Baker is a partner in the Litigation department and a member of the International Arbitration group. He has over 25 years of experience advising clients on complex, often multi-jurisdictional disputes in a wide range of industries, including asset management, technology, life sciences, financial services and defence sectors. He also has extensive experience advising upon and managing disputes for clients involving major technology or telecommunications projects and their financing, technology licensing and misappropriation of trade secrets.

...
+44.20.7280.2238
Margaret A Dale, Commercial Litigation, Proskauer Rose Law Firm
Partner

Margaret Dale is a Partner in the Litigation Department, resident in the New York office. Her practice focuses on commercial litigation, including class action defense, as well as intellectual property, privacy and data security, corporate governance litigation, securities litigation, and regulatory and internal investigations. She also represents and counsels clients in art law matters. 

212.969.3315
Michael R. Hackett, Litigation Attorney, Proskauer Law Firm
Associate

Michael R. Hackett is an associate in the Litigation Department and a member of the Asset Management Litigation practice. His practice focuses on disputes and regulation involving private funds, including private equity, venture capital, hedge, real estate and private credit funds, as well as other limited partnerships, where he regularly advises funds, fund sponsors, investment advisers and institutional and individual investors.

Mike’s experience representing private fund clients runs the gamut, from control contests within advisers, to...

617-526-9723
William Komaroff Litigation White Collar Attorney Proskauer Law Firm New York
Partner

Bill Komaroff is a partner in the Litigation Department and White Collar Practice Group. He has a nationwide federal practice focused on corporate defense and investigations, counseling and defending institutional and individual clients in connection with a broad array of complex government investigations, prosecutions and civil disputes.

Bill also has served as a member of the Criminal Justice Act Panel for the District Court for the Southern District of New York.

From 2003 to 2007, Bill served as an Assistant U.S....

212-969-3975
Kirsten Lapham FInancial Services Attorney Proskauer Rose Law Firm, United Kingdom
Partner

Kirsten Lapham is a partner specialising in financial services regulation. She advises a broad range of both institutional and individual clients on a variety of financial services regulatory and compliance issues. Her practice has a specific emphasis on the regulatory issues arising under the AIFMD, and MiFID II for a range of EU and indirectly impacted firms outside of the EU.

Experience in this area includes advising multiple clients on the EU marketing and registration regimes and overlaying local regulatory considerations, such as the U.K. retail distribution...

+44.20.7280.2031
Advertisement
Advertisement
Advertisement