On May 22, 2020, the Small Business Administration (SBA) issued its interim final rule on loan forgiveness. The rule describes, in a question-and-answer format, the mechanics of applying for and receiving loan forgiveness under the Paycheck Protection Program. In “SBA Issues Long-Awaited Paycheck Protection Program Forgiveness Regulations,” colleagues Jenny Y. Liu, David B. Dixon and Matthew Oresman discuss how the May 22, 2020 interim final rule is consistent with, and expands on, the loan forgiveness calculation that was evident from SBA’s loan forgiveness application template, which SBA published on May 15, 2020.
Both the House and Senate have passed a bipartisan bill to modify elements of the PPP established by the Coronavirus Aid, Relief, and Economic Security Act (CARES Act). The legislation, intended to provide a “quick ﬁx” to obstacles faced by small businesses seeking relief under the forgivable loan program, was signed into law by President Trump on June 5, 2020. In “Key Changes to Paycheck Protection Program,” colleagues Matthew Oresman, Lori Panosyan and Jenny Y. Liu discuss how the Flexibility Act proposes to amend the controversial 75/25 rule imposed by the SBA that currently requires PPP borrowers to use at least 75 percent of their loan proceeds on payroll costs, amid other changes.
We urge our clients to consult Pillsbury’s comprehensive COVID-19 Resource Center for information regarding Responding to a Global Crisis, Business Interruption, Cybersecurity, Employer Concerns and other general matters related to the COVID-19 pandemic. We also recommend the following specific measures to mitigate risks of business interruption and regulatory noncompliance resulting from the COVID-19 pandemic.
Registered and Exempt Reporting Firms:
The deadline for the annual update of Form ADV is approaching. We have previously notified you regarding filing obligations that were due between January 1 and March 1. Below is a recommended compliance and filing deadline table addressing registered firms’ obligations for the remainder of the calendar year. Let us know if you need any assistance.
In response to the coronavirus pandemic, see the Pillsbury articles and webinar regarding our recommendations. If you have not already, at this point you should:
- Review and/or activate your business continuity plan
- Review your vendor relationships and assess any stressors
- Shore up cybersecurity protections and be vigilant regarding heightened risks
- Assemble a response team for immediate, intermediate and long-term plans
Please contact us with any of your needs.
Read this article and additional Pillsbury publications at Pillsbury Insights.
The California Consumer Privacy Act (CCPA), a broad statute which imposes new data privacy obligations on certain companies that do business in California, will become effective on January 1, 2020. Fund managers and other investment advisers (“Advisers”) and certain of their affiliates that are currently subject to data privacy laws pursuant to the Gramm-Leach-Bliley Act (GLBA) or the UK General Data Protection Regulation (GDPR) may have additional obligations to consider and prepare for as the CCPA compliance deadline approaches.
Recommendations for employers before new law goes into effect on January 1, 2020
While acknowledging the challenges in applying the securities laws to digital assets, the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA), in a joint statement on July 8, 2019, reaffirm that those rules equally apply to digital assets, and promise they will continue to engage the industry in finding solutions.
Read the full public statement HERE.
SEC Risk Alert regarding safety of customer records and cloud vendor diligence.
As part of its cybersecurity sweep, the SEC has examined risks related to the storage of customer records and information by investment advisers on cloud-based storage platforms and issued a Risk Alert, “Safeguarding Customer Records and Information in Network Storage – Use of Third Party Security Features.” The sweep focused on vendor due diligence and oversight and registered advisers’ monitoring of data and customer information safety. Among other information, OCIE sought vendor contracts (including service level agreements); vendor reviews; risks assessments of cloud service providers, including data encryption, data loss prevention, books & records exposure, identity and access management; and policies and procedures and their alignment to technology standards.
The Risk Alert identified as the main compliance issues related to cloud-based storage (i) Misconfigured network storage solutions (inadequately configured security settings to protect against unauthorized access; lack of policies and procedures addressing the security configuration); (ii) Inadequate oversight of vendor-provided network storage solutions (lack of, or inadequate, policies, procedures, contractual provisions that security settings on vendor-provided network storage solutions were configured in accordance with the firm’s standards); and (iii) Insufficient data classification policies and procedures (firms’ policies and procedures did not identify the different types of data stored electronically by the firm and the appropriate controls for each type of data).
The Risk Alert encourages investment advisers to review their practices, policies, and procedures with respect to the electronic storage of customer information and to consider any necessary improvements, and to actively oversee vendors. The SEC included helpful recommendations for cyber/cloud risk management, including the implementation of policies and procedures designed to support the initial installation, on-going maintenance, and regular review of the network storage solution; guidelines for security controls and baseline security configuration standards to ensure that each network solution is configured properly; and vendor management policies and procedures that include, among other things, regular implementation of software patches and hardware updates followed by reviews to ensure that those patches and updates did not unintentionally change, weaken, or otherwise modify the security configuration.
Please contact your counsel at Pillsbury’s Investment Funds Group if you need help with reviewing and enhancing your cloud storage and related policies.
This is a reminder about the upcoming annual compliance deadlines that may or may not apply to you.
Please click HERE to open a summary chart of the filing deadlines.
Please feel free to contact us if you have questions or need assistance with any of these filings.
Pillsbury IFIM Group