Our Services



The SEC’s Rule-Making Binge: Enforcement and Regulation Now and in 2023

To say the Security and Exchange Commission (SEC) has had a busy 2022 would be an understatement. In a webinar hosted by Holland & Knight last week, Jessica Magee, partner, and Scott Mascianica, litigation partner, wasted no time diving into their analysis of what the SEC’s “rule-making binge,” as Mascianica said, means for everyone else.

Under SEC Commissioner Gary Gensler’s leadership, not only has the number of rules proposed increased, but, according to Mascianica, the breadth, depth and coverage across industries has “taken everyone by storm.”

This storm consists of 27 proposed rules, compared to 11 in 2021 and 13 in 2020, which because of their number and timing has led to shorter comment periods, less response time and a rush for firms to get up to speed quickly. Nonetheless, it’s not a matter of if law firms, regulated companies and supporting consultants will be prepared, but how and with what resources.

Here is a deeper look into four of the eight proposed rules Mascianica and Magee highlighted:

  • Definition of Exchange: Add the inclusion of trading interests instead to security seller orders in a marketplace. According to Mascianica this makes nondiscretionary methods available and could have a significant impact on digital assets (noticeable left out of any rules after Gensler said it wouldn’t be included).
  • Climate: Be prepared for prescriptive framework as opposed to a principled one. There are requirements for public companies to include financial impact expenditures, disclosures about management, greenhouse gas emissions reports for themselves, as well as suppliers and third-party vendors.
  • Cybersecurity: Rules apply to public companies, funds and registered investment advisors. As Mascianica said, the incident reporting requirements are asking companies to think about their cybersecurity infrastructure beyond their four walls to include vendors, third parties and portfolio companies, when applicable. Public companies have four business days to report a cybersecurity incident, while funds and advisors must report within 48 hours whether an incident occurred or not.
  • ESG (Environmental, Social and Governance) Disclosures and Naming: The rule is meant to help potential investors and clients to understand what ESG means, how it’s used in company strategies, how it’s integrated, what is looks like operationally, what metrics are used to track it and how information is reported and disclosed. It also gets very specific into how a company can even be named to curb “greenwashing.” According to Mascianica, “words matter” and how a fund is named needs to directly correlate what they are actually doing.

The webinar wrapped up with Tricia DeLeon, litigation partner, giving three predictions for FINRA regulation and enforcement for 2023 related to Regulation Best Interest, Consolidated Audit Trail (CAT) reporting, and Outside Business Activities.

Of specific note is the regulation best interest rule requiring broker/dealers to only recommend financial products in their client’s best interests. DeLeon said this goes beyond the suitability rule to something that could be merely advertised or suggested by broker/dealers. For example, is the cost of purchasing financial products prohibitive for clients or do they have a reputational risk? A holistic view of regulated best interest is now expected, with the first violation of the rule announced this past June.

DeLeon also highlighted a new CAT reporting rule that came into effect July 11, 2022, and an Outside Business Activities rule, both of which will require more reporting from broker/dealers. Under the CAT rule, firms of all sizes must submit data on equity or options trading to regulators for tracking purposes. Just like RBI, this is broad and extends to third-party vendors, as well. Under the OBA rule for registered persons or private securities firm, if you are a member of a board or outside entity, or as DeLeon said promoting something you do not sell yourself and getting paid for it, you must disclose it to FINRA. The cost of not could result in sanctions or fines; with over 1,600 of the former to date and fines ranging from $5-73,000. It’s clear that more is more for 2022 and going into 2023. More rules, more enforcement, more depth and higher expectations of public companies, funds, litigators and executives. As Mascianica said, these rules aren’t just big in number, they are equally complex. Remaining proactive in response and highly vigilant in staying abreast of comment periods, enforcement actions and precedents will be paramount.


Continue to receive Gryphon Strategies content