Amelia Schmidt

Subscribe to Amelia Schmidt's Posts

On March 5, the Interagency Suspension and Debarment Committee (“ISDC”) released a consolidated report to Congress on suspension and debarment developments for FY12 and FY13. Issued in the face of continued legislative pressure to utilize suspension and debarment, the report documents an overall rise in the number of suspensions and debarments – from 4,639 in FY2012 to 4,842 in FY2013. The number of case referrals to an agency’s Suspension and Debarment Officer (“SDO”) also increased from 3,700 in FY12 to 3,942 in FY13; and the number of agencies’ declinations to pursue action decreased from 200 to 154. While the trends observed in the report indicate that some agencies are making a greater effort to enhance the transparency and due process in suspension and debarment proceedings, other trends indicate that the process is potentially being used as a punitive measure.

Section 873(a)(7) of the Duncan Hunter National Defense Authorization Act for FY2009 requires the ISDC to annually provide a report of various suspension and debarment-related updates to Congress, including: (1) progress and efforts to improve the suspension and debarment system, and (2) each ISDC agency’s activities and accomplishments in the government-wide debarment system. The report focused particularly on the activities of defense agencies, as many of them “have more mature suspension and debarment programs.”
Continue Reading Suspension and Debarments on the Rise and Likely to Increase Further, ISDC Reports to Congress

On January 9, the Securities & Exchange Commission (“SEC”) released its National Examination Priorities (“NEP”) for 2014 and once again identified cybersecurity as a heightened risk that the agency intends to scrutinize as part of its mission to protect investors.  The NEP identifies technology — specifically, companies’ governance and supervision of IT systems, information security, and response readiness — as one of its most significant initiatives for 2014.  The NEP’s Broker-Dealer Exam Program also identifies market access controls related to “information leakage and cyber security” as a core risk on which the agency will focus in the coming year.

We wrote in a previous post about the SEC’s intensifying focus on corporations’ cybersecurity efforts – and on their cybersecurity weaknesses and risks.  Cybersecurity has continued to be a focal point for the SEC, especially in the face of mounting Congressional pressure on the agency to demand more transparency from companies about their cybersecurity risks and steps taken to address those risks, and recent reports of cyberattacks against U.S. companies and the massive costs to those companies that result.  SEC Chair Mary Jo White noted in a speech to the National Association of Corporate Directors in October that cybersecurity was a “hot topic from many perspectives.”  This year’s NEP is the latest sign that corporate cyber risks and incidents will remain in the agency spotlight in 2014.
Continue Reading SEC to Focus on Corporate Cybersecurity Risks in 2014

As the latest 10-K filing period for corporations draws to a close, the Securities and Exchange Commission (SEC) is expected to intensify its scrutiny on whether companies’ filings adequately disclose both information security breaches that occurred in the past, and the material risks due to cyber threats such companies face in the future.  Since the Senate Commerce Committee focused greater attention upon corporate cybersecurity in a letter to the SEC on May 12, 2011, momentum has been building for expanded corporate disclosure of cybersecurity safeguards and security breaches.  In October 2011, the SEC issued guidance that publicly traded companies have a duty to disclose “material information regarding cybersecurity risks and cyber incidents” where failure to do so would make other disclosures misleading.  Recent developments both inside and outside the SEC show that corporations can expect an even brighter spotlight this year upon their cybersecurity efforts – and shortfalls.  Now more than ever, publicly traded companies need to be prepared to address, whether in responses to SEC comment letters or in preparing future filings, what material risks they may have due to cyber threats and whether they have taken steps to address such risks and vulnerabilities.

Recent Developments:

In its 2013 Examination Priorities, the SEC identified a number of “risk areas” attracting its focus, including enterprise risk management and companies’ “governance and supervision of information technology systems for topics such as operational capability, market access, and information security, including risks of system outages, and data integrity compromises that may adversely affect investor confidence.”  These Examination Priorities were published on February 21, 2013, one week after the President issued an Executive Order on improving critical infrastructure cybersecurity, and several days after the release of the Mandiant report, which tied the Chinese military to cyberattacks on over 140 U.S. and other foreign corporations and entities.
Continue Reading Putting the SEC Spotlight on Corporate Cyber Risks