Photo of Rishi N. Zutshi

Rishi N. Zutshi’s practice focuses on commercial litigation and securities litigation, with extensive experience in disputes relating to complex financial instruments and derivatives.

Over recent months, numerous state regulators, including in Massachusetts, Texas, and New Jersey, have been exercising greater oversight of cryptocurrency businesses.[1]  On April 17, 2018, the office of the New York Attorney General Eric Schneiderman (“NYAG”) launched the Virtual Markets Integrity Initiative, which will seek information from various platforms that trade cryptocurrencies to better protect consumers.  The initiative responds to concerns that cryptocurrency trading platforms may not provide consumers with the same information available from traditional exchanges.  As part of the initiative, the NYAG’s Investor Protection Bureau sent thirteen major cryptocurrency trading platforms questionnaires relating to internal policies, controls, and best practices.  The Bureau intends to consolidate and disseminate to consumers the information it receives.
Continue Reading New York Attorney General Becomes Most Recent State Regulator To Foray Into Cryptocurrency Oversight

Following on the heels of the SEC’s updated interpretive guidance on cybersecurity disclosure, SEC Chairman Jay Clayton and SEC Commissioner Robert Jackson each recently made public statements underscoring the agency’s increasing focus on cybersecurity.

On March 12, 2018, Chairman Clayton stated that the SEC will closely monitor how corporations respond to the new interpretive guidance at a conference held by the Council of Institutional Investors.  During an interview conducted by former Chairwoman Elisse Walter, Chairman Clayton said implementation of the interpretive guidance “will be a focal point for staff review” and that companies should work to determine their disclosure obligations under the current rules.[1]  Reiterating the interpretive guidance’s statement that the SEC expects companies to make disclosures “tailored” to their particular cybersecurity risks and incidents, Chairman Clayton stated that companies must put significant effort into determining their individual disclosure obligations under the current rules, meaning that “[r]eally good lawyering and governance is necessary.”[2]  Chairman Clayton also alluded to calls by certain SEC Commissioners for rulemaking requiring the disclosure of cybersecurity incidents in 8-K filings:  “In terms of writing a rule, if you wanted to make it a specific 8-K requirement, the issue there is whether something is material,” said Chairman Clayton, adding “[i]t’s really a facts and circumstances situation, and it can vary from industry to industry and company to company.”[3]   
Continue Reading SEC Officials Emphasize Close Monitoring of Cybersecurity Disclosures Following Release of Interpretive Guidance

On March 6, 2018, the World Economic Forum (WEF) published a white paper report analyzing challenges that financial services and fintech firms face in protecting customer information against the increasing risk of cyber-attacks and setting out proposals to better manage this cyber-risk.[1] As described below, the report recommends industry-wide efforts to adopt standardized cyber-risk metrics and to develop mechanisms for assessing cybersecurity. In conjunction with the publication of these recommendations, Citigroup Inc., Kabbage, Inc., Zurich Insurance Group AG and the Depository Trust & Clearing Corporation have formed a consortium to address cybersecurity risks in the fintech industry.[2]
Continue Reading World Economic Forum Publishes Recommendations for Managing Cyber-Risk