Tag: federal agencies

Third Time’s a Charm? SEC & CFTC Finalize Amendments to Form PF

On February 8, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) jointly adopted amendments to Form PF, the confidential reporting form for certain registered investment advisers to private funds. Form PF’s dual purpose is to assist the SEC’s and CFTC’s regulatory oversight of private fund advisers (who may be both SEC-registered investment advisers and also registered with the CFTC as commodity pool operators or commodity trading advisers) and investor protection efforts, as well as help the Financial Stability Oversight Council monitor systemic risk. In addition, the SEC entered into a memorandum of understanding with the CFTC to facilitate data sharing between the two agencies regarding information submitted on Form PF.

Continued Spotlight on Private Funds

The continued focus on private funds and private fund advisers is a recurring theme. The SEC recently adopted controversial and sweeping new rules governing many activities of private funds and private fund advisers. The SEC’s Division of Examinations also continues to highlight private funds in its annual examination priorities. Form PF is similarly no stranger to recent revisions and expansions in its scope. First, in May 2023, the SEC adopted requirements for certain advisers to hedge funds and private equity funds to provide current reporting of key events (within 72 hours). Second, in July 2023, the SEC finalized amendments to Form PF for large liquidity fund advisers to align their reporting requirements with those of money market funds. And last week, this third set of amendments to Form PF, briefly discussed below.

SEC Commissioner Peirce, in dissent:

“Boundless curiosity is wonderful in a small child; it is a less attractive trait in regulatory agencies…. Systemic risk involves the forest — trying to monitor the state of every individual tree at every given moment in time is a distraction and trades off the mistaken belief that we have the capacity to draw meaning from limitless amounts of discrete and often disparate information. Unbridled curiosity seems to be driving this decision rather than demonstrated need.”

Additional Reporting by Large Hedge Fund Advisers on Qualifying Hedge Funds

These amendments will, among other things, expand the reporting requirements for large hedge fund advisers with regard to “qualifying hedge funds” (i.e., hedge funds with a net asset value of at least $500 million). The amendments will require additional disclosures in the following categories:

  • Investment exposures, borrowing and counterparty exposures, currency exposures, country and industry exposures;
  • Market factor effects;
  • Central clearing counterparty reporting;
  • Risk metrics;
  • Investment performance by strategy;
  • Portfolio, financing, and investor liquidity; and
  • Turnover.

While the final amendments increase the amount of fund-level information the Commission will receive with regard to individual qualifying hedge funds, at the same time, the Commission has eliminated the aggregate reporting requirements in Section 2a of Form PF (noting, in its view, that such aggregate information can be misleading).

Enhanced Reporting by All Hedge Funds

The amendments will require more detailed reporting on Form PF regarding:

  • Hedge fund investment strategies (while digital assets are now an available strategy to select from, the SEC opted not to adopt its proposed definition of digital assets, instead noting that if a strategy can be classified as both a digital asset strategy and another strategy, the adviser should report the strategy as the non-digital asset strategy);
  • Counterparty exposures (including borrowing and financing arrangements); and
  • Trading and clearing mechanisms.

Other Amendments That Apply to All Form PF Filers

  • General Instructions. Form PF filers will be required to report separately each component fund of a master-feeder arrangement and parallel fund structure (rather than in the aggregate as permitted under the existing Form PF), other than a disregarded feeder fund (e.g., where a feeder fund invests all its assets in a single master fund, US treasury bills, and/or “cash and cash equivalents”). In addition, the amendments revise how filers will report private fund investments in other private funds, “trading vehicles” (a newly defined term), and other funds that are not private funds. For example, Form PF will now require an adviser to include the value of a reporting fund’s investments in other private funds when responding to questions on Form PF, including determining filing obligations and reporting thresholds (unless otherwise directed by the Form).
  • All Private Funds. Form PF filers reporting information about their private funds will report additional and/or new information regarding, for example: type of private fund; identifying information about master-feeder arrangements, internal and external private funds, and parallel fund structures; withdrawal/redemption rights; reporting of gross and net asset values; inflows/outflows; base currency; borrowings and types of creditors; fair value hierarchy; beneficial ownership; and fund performance.

Final Thoughts

With the recent and significant regulatory spotlight on investment advisers to private funds and private funds themselves, we encourage advisers to consider the interrelationships between new data reporting requirements on Form PF and the myriad of new regulations and disclosure obligations being imposed on investment advisers more generally (including private fund advisers).

The effective date and compliance date for new final amendments to Form PF is 12 months following the date of publication in the Federal Register.

Robert Bourret also contributed to this article.

©2024 Katten Muchin Rosenman LLP

by: Adam Bolter of Katten 

For more SEC and CFTC news, visit the NLR Securities & SEC section.

How a Zero-Day Flaw in MOVEit Led to a Global Ransomware Attack

In an era where our lives are ever more intertwined with technology, the security of digital platforms is a matter of national concern. A recent large-scale cyberattack affecting several U.S. federal agencies and numerous other commercial organizations emphasizes the criticality of robust cybersecurity measures.

The Intrusion

On June 7, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) identified an exploit by “Threat Actor 505” (TA505), namely, a previously unidentified (zero-day) vulnerability in a data transfer software called MOVEit. MOVEit is a file transfer software used by a broad range of companies to securely transfer files between organizations. Darin Bielby, the managing director at Cypfer, explained that the number of affected companies could be in the thousands: “The Cl0p ransomware group has become adept at compromising file transfer tools. The latest being MOVEit on the heels of past incidents at GoAnywhere. Upwards of 3000 companies could be affected. Cypfer has already been engaged by many companies to assist with threat actor negotiations and recovery.”

CISA, along with the FBI, advised that “[d]ue to the speed and ease TA505 has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks.”

Although CISA did not comment on the perpetrator behind the attack, there are suspicions about a Russian-speaking ransomware group known as Cl0p. Much like in the SolarWinds case, they ingeniously exploited vulnerabilities in widely utilized software, managing to infiltrate an array of networks.

Wider Implications

The Department of Energy was among the many federal agencies compromised, with records from two of its entities being affected. A spokesperson for the department confirmed they “took immediate steps” to alleviate the impact and notified Congress, law enforcement, CISA, and the affected entities.

This attack has ramifications beyond federal agencies. Johns Hopkins University’s health system reported a possible breach of sensitive personal and financial information, including health billing records. Georgia’s statewide university system is investigating the scope and severity of the hack affecting them.

Internationally, the likes of BBC, British Airways, and Shell have also been victims of this hacking campaign. This highlights the global nature of cyber threats and the necessity of international collaboration in cybersecurity.

The group claimed credit for some of the hacks in a hacking campaign that began two weeks ago. Interestingly, Cl0p took an unusual step, stating that they erased the data from government entities and have “no interest in exposing such information.” Instead, their primary focus remains extorting victims for financial gains.

Still, although every file transfer service based on MOVEit could have been affected, that does not mean that every file transfer service based on MOVEit was affected. Threat actors exploiting the vulnerability would likely have had to independently target each file transfer service that employs the MOVEit platform. Thus, companies should determine whether their secure file transfer services rely on the MOVEit platform and whether any indicators exist that a threat actor exploited the vulnerability.

A Flaw Too Many

The attackers exploited a zero-day vulnerability that likely exposed the data that companies uploaded to MOVEit servers for seemingly secure transfers. This highlights how a single software vulnerability can have far-reaching consequences if manipulated by adept criminals. Progress, the U.S. firm that owns MOVEit, has urged users to update their software and issued security advice.

Notification Requirements

This exploitation likely creates notification requirements for the myriad affected companies under the various state data breach notification laws and some industry-specific regulations. Companies that own consumer data and share that data with service providers are not absolved of notification requirements merely because the breach occurred in the service provider’s environment. Organizations should engage counsel to determine whether their notification requirements are triggered.

A Call to Action

This cyberattack serves as a reminder of the sophistication and evolution of cyber threats. Organizations using the MOVEit software should analyze whether this vulnerability has affected any of their or their vendors’ operations.

With the increasing dependency on digital platforms, cybersecurity is no longer an option but a necessity in a world where the next cyberattack is not a matter of “if” but “when;” it’s time for a proactive approach to securing our digital realms. Organizations across sectors must prioritize cybersecurity. This involves staying updated with the latest security patches and ensuring adequate protective measures and response plans are in place.

© 2023 Bradley Arant Boult Cummings LLP

For cybersecurity legal news, click here to visit the National Law Review.

Federal Agencies Announce Investments and Resources to Advance National Biotechnology and Biomanufacturing Initiative

As reported in our September 13, 2022, blog item, on September 12, 2022, President Joseph Biden signed an Executive Order (EO) creating a National Biotechnology and Biomanufacturing Initiative “that will ensure we can make in the United States all that we invent in the United States.” The White House hosted a Summit on Biotechnology and Biomanufacturing on September 14, 2022. According to the White House fact sheet on the summit, federal departments and agencies, with funding of more than $2 billion, will take the following actions:

  • Leverage biotechnology for strengthened supply chains: The Department of Health and Human Services (DHHS) will invest $40 million to expand the role of biomanufacturing for active pharmaceutical ingredients (API), antibiotics, and the key starting materials needed to produce essential medications and respond to pandemics. The Department of Defense (DOD) is launching the Tri-Service Biotechnology for a Resilient Supply Chain program with a more than $270 million investment over five years to turn research into products more quickly and to support the advanced development of biobased materials for defense supply chains, such as fuels, fire-resistant composites, polymers and resins, and protective materials. Through the Sustainable Aviation Fuel Grand Challenge, the Department of Energy (DOE) will work with the Department of Transportation and the U.S. Department of Agriculture (USDA) to leverage the estimated one billion tons of sustainable biomass and waste resources in the United States to provide domestic supply chains for fuels, chemicals, and materials.
  • Expand domestic biomanufacturing: DOD will invest $1 billion in bioindustrial domestic manufacturing infrastructure over five years to catalyze the establishment of the domestic bioindustrial manufacturing base that is accessible to U.S. innovators. According to the fact sheet, this support will provide incentives for private- and public-sector partners to expand manufacturing capacity for products important to both commercial and defense supply chains, such as critical chemicals.
  • Foster innovation across the United States: The National Science Foundation (NSF) recently announced a competition to fund Regional Innovation Engines that will support key areas of national interest and economic promise, including biotechnology and biomanufacturing topics such as manufacturing life-saving medicines, reducing waste, and mitigating climate change. In May 2022, USDA announced $32 million for wood innovation and community wood grants, leveraging an additional $93 million in partner funds to develop new wood products and enable effective use of U.S. forest resources. DOE also plans to announce new awards of approximately $178 million to advance innovative research efforts in biotechnology, bioproducts, and biomaterials. In addition, the U.S. Economic Development Administration’s $1 billion Build Back Better Regional Challenge will invest more than $200 million to strengthen America’s bioeconomy by advancing regional biotechnology and biomanufacturing programs.
  • Bring bioproducts to market: DOE will provide up to $100 million for research and development (R&D) for conversion of biomass to fuels and chemicals, including R&D for improved production and recycling of biobased plastics. DOE will also double efforts, adding an additional $60 million, to de-risk the scale-up of biotechnology and biomanufacturing that will lead to commercialization of biorefineries that produce renewable chemicals and fuels that significantly reduce greenhouse gas emissions from transportation, industry, and agriculture. The new $10 million Bioproduct Pilot Program will support scale-up activities and studies on the benefits of biobased products. Manufacturing USA institutes BioFabUSA and BioMADE (launched by DOD) and the National Institute for Innovation in Manufacturing Biopharmaceuticals (NIIMBL) (launched by the Department of Commerce (DOC)) will expand their industry partnerships to enable commercialization across regenerative medicine, industrial biomanufacturing, and biopharmaceuticals.
  • Train the next generation of biotechnologists: The National Institutes of Health (NIH) is expanding the Innovation Corps (I-Corps™), a biotech entrepreneurship bootcamp. NIIMBL will continue to offer a summer immersion program, the NIIMBL eXperience, in partnership with the National Society for Black Engineers, which connects underrepresented students with biopharmaceutical companies, and support pathways to careers in biotechnology. In March 2022, USDA announced $68 million through the Agriculture and Food Research Initiative to train the next generation of research and education professionals.
  • Drive regulatory innovation to increase access to products of biotechnology: The Food and Drug Administration (FDA) is spearheading efforts to support advanced manufacturing through regulatory science, technical guidance, and increased engagement with industry seeking to leverage these emerging technologies. For agricultural biotechnologies, USDA is building new regulatory processes to promote safe innovation in agriculture and alternative foods, allowing USDA to review more diverse products.
  • Advance measurements and standards for the bioeconomy: DOC plans to invest an additional $14 million next year at the National Institute of Standards and Technology for biotechnology research programs to develop measurement technologies, standards, and data for the U.S. bioeconomy.
  • Reduce risk through investing in biosecurity innovations: DOE’s National Nuclear Security Administration plans to initiate a new $20 million bioassurance program that will advance U.S. capabilities to anticipate, assess, detect, and mitigate biotechnology and biomanufacturing risks, and will integrate biosecurity into biotechnology development.
  • Facilitate data sharing to advance the bioeconomy: Through the Cancer Moonshot, NIH is expanding the Cancer Research Data Ecosystem, a national data infrastructure that encourages data sharing to support cancer care for individual patients and enables discovery of new treatments. USDA is working with NIH to ensure that data on persistent poverty can be integrated with cancer surveillance. NSF recently announced a competition for a new $20 million biosciences data center to increase our understanding of living systems at small scales, which will produce new biotechnology designs to make products in agriculture, medicine and health, and materials.

A recording of the White House summit is available online.

Article By Lynn L. Bergeson and Carla N. Hutton of Bergeson & Campbell, P.C.

For more environmental, energy, and resources legal news, click here to visit the National Law Review.

©2022 Bergeson & Campbell, P.C.