In February 2018, the SEC updated its cybersecurity disclosure guidelines for reporting companies, emphasizing the importance to investors and markets for prompt and robust disclosure relating to cyber issues. Indeed, in April, the agency brought its first enforcement action relating to cybersecurity enforcement issues. In its recent annual report, the agency’s enforcement division emphasized that cybersecurity disclosure is a priority issue. Clearly, public company’s cybersecurity-related disclosure practices are receiving a great deal of attention and scrutiny.

But what are public companies actually doing in terms of cybersecurity disclosures? A recent study by EY took a look at the actual cybersecurity disclosure practices. Their analysis shows that cybersecurity-related disclosure practices “vary widely,” suggesting there is an “opportunity for enhancement.” The October 22, 2018 report, entitled “Cybersecurity Disclosure Benchmarking,” can be found here.
Continue Reading Cybersecurity Disclosure Practices and Standards

It is axiomatic in the current global economy that every business needs to have a China strategy. Most business enterprises are drawn to the world’s most populous country and second-largest economy. But while China represents an attractive business marketplace, it can also in many respects be a perilous place to try to do business, particularly from a regulatory and compliance standpoint. While most businesses may recognize these challenges, many may struggle to try and address the concerns. A new book entitled “Governance, Risk and Compliance Management in China” (here), which I review below, may provide substantial help to companies trying to address compliance concerns arising from doing business in China. Of particular interest to this blog’s readers, the book includes an interesting chapter on D&O insurance issues in China.  
Continue Reading Book Review: Governance and Risk Management in China

As I detailed in recent blog posts (here and here), these days virtually every public company M&A transaction is likely to involve M&A-related litigation. For that reason, M&A litigation represents a significant liability exposure for directors and officers of the companies involved in the M&A transaction and they have a keen interest in

In October 2000, the SEC promulgated Rule 10b5-1 to provide company insiders with a way to trade their shares in company stock without incurring securities law liability, through the pre-trading adoption of a written trading plan. Despite the Rule’s protective purpose, concerns have arisen more recently about Rule 10b5-1 plan abuses, as I noted in

You will never read a headline that says “Financial Institution Fires Rogue Trader Who Racked Up Massive Gains.” Therein lies the fundamental tension in financial institution risk management. It is not a merely cynical view that financial institutions tacitly tolerate control lapses as long as gains result – indeed, some of the leading commentators place the blame for