In the Ignites article “Shops Caught Up in SEC Data Breach Probe,” SEC and regulatory enforcement defense partner Jim Lundy commented on the requests issued by the Securities and Exchange Commission’s (SEC) Division of Enforcement that asked firms that may have been victims of the SolarWinds breach to voluntarily disclose information related to the cyberattack.
Ignites explained that while the requests are non-public, this approach being utilized by the Division of Enforcement has similarities to the SEC’s share class selection disclosure initiative. “Aspects of it look similar to the 12b-1 initiative, but it’s not as detailed,” Lundy said. However, “It’s not as clear. It was not publicly released by the SEC,” he continued.
Lundy recommended that firms take this letter seriously and respond thoroughly. “The letter … makes it fairly clear that if you don’t respond and the SEC opens up an investigation, those asset managers and public companies will not avail themselves of the self-reporting declination,” he added.
The SEC’s Division of Enforcement has now published FAQs attempting to provide guidance on the voluntary requests described in this article.
The full article is available for Ignites subscribers.