Baker McKenzie’s Sanctions Blog published the alert titled OFAC Issues New and Amended General Licenses and FAQs; Designates more than 400 Russian Parties on 28 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

The post OFAC Issues New and Amended General Licenses and FAQs; Designates more than 400 Russian Parties appeared first on Global Compliance News.

Source

On March 24, Canada amended its sanctions measures imposed on Myanmar by designating an additional 4 individuals and 2 entities. The Canadian Government indicated that these new sanctions are intended to target arms flows, individuals and entities who procure and supply arms and military equipment to Myanmar. These new measures were developed in coordination with the United Kingdom and United States.

Generally speaking, a designation under these regulations imposes an asset freeze and dealings prohibition, subject to limited exceptions, which prohibits any person in Canada or any Canadian outside Canada to:

  • deal in any property, wherever situated, that is owned, held or controlled by or on behalf of a designated person;
  • enter into or facilitate any transaction related to a dealing referred to above;
  • provide any financial or related services in respect of a dealing referred to above;
  • make available any goods, wherever situated, to a designated person or a person acting on behalf of a designated person; or
  • provide any financial or related service to or for the benefit of a designated person.

An unofficial copy of the legislative amendments to the Special Economic Measures (Burma) Regulations that came into effect on March 24th are available on Global Affairs’ website at here.

The post Canada Introduces Additional Designations on Individuals and Entities in Myanmar appeared first on Global Compliance News.

Source

In brief

On 21 March 2022, the US Securities and Exchange Commission (SEC or Commission) issued its long-awaited proposed rules (Rule Proposal) that, if adopted as currently drafted, would mandate both domestic and foreign registrants to make a variety of climate-related impacts and risk disclosures in registration statements and annual filings under the Securities Exchange Act of 1934 (Exchange Act).


Contents

  1. Summary of Required Disclosures Under the Rule Proposal
  2. Attestation Requirements for GHG Emissions Disclosures
  3. Expanding the Materiality Standard?
  4. Phased-In Approach to Compliance Date
  5. What happens next?

In an effort to meet the Commission’s promise of promulgating “consistent” and “comparable” standards, the proposed rules will seem familiar to companies who already provide investors with reporting under third-party disclosure frameworks since the SECs framework is expressly modeled on those published by the Task Force on Climate-Related Financial Disclosures (TCFD) and Greenhouse Gas Protocol (GHG Protocol).

According to the SEC, it is responding to investor demand for more information about the business risks posed by climate change, as well as information about companies’ responses to and strategies for managing these risks. The SEC further emphasized the “significant” impact that climate-related risks may have on a company’s future financial performance and investors’ return on investment. While it acknowledged the recent proliferation in voluntary reporting and climate-related disclosure, the SEC noted that there is “considerable variation” in the content, detail, and location of that disclosure – and the fact that much of it occurs through sustainability reports and company websites, rather than reports filed with the SEC. Given that current voluntary reporting undertaken by some companies is neither consistent nor comparable across registrants – even those within the same industry – the Commission identified a need to provide investors with a standardized framework to provide meaningful, consistent and decision-useful disclosure.

In the Rule Proposal, climate-related risks are defined as the “actual or potential negative impacts of climate-related conditions and events on a registrant’s consolidated financial statements, business operations, or value chains, as a whole.” Further, in this context, “value chain” means “upstream and downstream activities related to a registrant’s operations.”

Summary of Required Disclosures Under the Rule Proposal

If adopted, the new rule would mandate that registrants include climate-related disclosure concerning:

Corporate Governance. Governance and oversight of climate threats by corporate boards, including which board members and/or board committees are responsible for climate issues and whether any board members have relevant expertise related to these issues; how frequently the board considers climate issues; and whether climate-related issues are part of the overall company strategy and business, risk, and financial management oversight processes of the board, as well as whether the board has set any climate-related targets;

○ The Rule Proposal requests similar information for company management.

Climate Risks. Identified climate risks and opportunities likely to have a material impact on the firm’s business and financial reporting;

○ What processes are in place for identifying and assessing these climate-related risks;

○ What the company’s plans are for managing the risk and how climate risk fits into the firm’s overall risk management process;

○ What the time horizon is – short, medium, long – for each impact described;

○ How identified climate risks likely will affect the company’s business and outlook;

○ Whether a transition plan toward a lower-carbon economy and related corporate processes are part of the firm’s strategy for managing the identified risks, the nature of such a plan, and the associated transition risks and expectations;

○ Whether a “scenario analysis” or similar tools were used to evaluate how the business is likely to respond to the risk(s), the nature of any such analyses, specifics about choices and inputs, as well as outputs, specifically those related to financial condition and impacts;

○ Qualitative description of the impacts of climate-related events on estimates and assumptions used to prepare the registrant’s financial reporting;

○ Consideration of the potential for climate-related events, such as severe weather, droughts, rising water levels, fires, or other types of naturally occurring events, and specifics about what the impact is or could be, in or on the company’s financial statements, as well as on financial reporting estimates and assumptions

Greenhouse Gas Emissions

○ While purporting to be consistent with the GHG Protocol, the Rule Proposal, by design, does not incorporate all of the requirements of that protocol.

Scope 1 and Scope 2 Emissions Disclosure. Direct greenhouse gas (GHG) emissions (Scope 1) and indirect GHG emissions from purchased electricity and other energy sources (Scope 2); disaggregating Scope 1 from Scope 2, and by each constituent greenhouse gas.

Scope 3 Emissions Disclosure. Indirect GHG emissions (Scope 3), from activities within the company’s value chain, for all registrants except smaller reporting companies, unless the company has set a GHG target that includes Scope 3;

■ If the company has set GHG goals, specific information about those targets, including what activities and emissions are included, specifics on the action plan to meet the goals, updates to that action plan, and how offsets or renewable energy certificates fit into the plan, if applicable;

□ The Rule Proposal also mandates disclosure of and around the firm’s internal carbon price, if that is used in the company’s planning or assessment of climate-related issues;

■ Scope 3 disclosures also would be required if “material”;

■ By way of examples, the Rule Proposal includes a non-exclusive list of upstream and downstream activities that might be included in a company’s value stream for Scope 3 purposes;

■ Importantly, the proposal also includes a safe harbor for liability for disclosures of Scope 3 GHG emission data

GHG Intensity Disclosure. “GHG intensity” disclosures in connection with Scope 1, Scope 2 and, if applicable, Scope 3 emissions disclosures; defined “to mean a ratio that expresses the impact of GHG emissions per unit of economic value (e.g., metric tons of CO2e per unit of total revenues, using the registrant’s reporting currency) or per unit of production (e.g., metric tons of CO2e per unit of product produced).”

Financial Statement Metrics.

○ Disclosure of “disaggregated climate-related impacts on existing financial statement line items,” unless the impacts fall below a specified threshold, together with related reporting included in a note to the company’s consolidated financial statements.

○ The Rule Proposal requires reporting of metrics falling into three categories: (i) financial impact metrics, (ii) expenditure metrics, and (iii) financial estimates and assumptions. 

○ Note that, as a result, this reporting will be part of the company’s independent audit and within the scope of the company’s internal controls over financial reporting. The Commission also anticipates that these disclosures would be tagged in Inline XBRL structured data language.

Attestation Requirements for GHG Emissions Disclosures

In addition, for accelerated or large accelerated filers, the Rule Proposal requires that data disclosures concerning Scope 1 and Scope 2 GHG emissions be accompanied by an attestation from an independent source, which must meet minimum qualification standards. The SEC notes in the Rule Proposal that the reason for this attestation is that, unlike other data within a company’s financial reporting, the source of this data will be outside of the firm’s books and records and not subject to independent audit. Further, the Rule Proposal release cites analyses showing that a majority of companies currently making voluntary public reports of GHG emissions data include some form of assurance or verification, which suggested to the Commission that including this requirement was important to investors and the market.

The Rule Proposal includes requirements and standards for the providers of such attestations. There is also a phase-in period included for the assurance level of this attestation; in years two and three after compliance for Scope 1 and 2 emissions data, the confidence level must be at a minimum of “limited assurance,” thereafter “reasonable assurance” is required. Notably, the SEC is seeking comment on whether it should also require attestation concerning the effectiveness of the registrant’s controls over its Scope 1 and Scope 2 GHG emissions disclosure.

Expanding the Materiality Standard?

Once again, within the Rule Proposal release, the Commission has reiterated that “materiality” is not solely a financial standard but has been defined as information that a reasonable investor would consider important in making an investment decision or proxy voting determination. Of course, incorporating this standard, set forth in this way, into registrants’ periodic filing and disclosure requirements may alter how the SEC Staff views other disclosures unrelated to climate.

The Rule Proposal release also includes a discussion of how companies should be thinking about these disclosures, evaluating probability, potential magnitude, and potential financial impact, all of which should be familiar to those with experience evaluating financial reporting criteria and analyses; the Commission also seeks comment on the same.

Phased-In Approach to Compliance Date

The proposal includes a phased approach to the compliance date based on filer type:

  • Large accelerated filers would be required to comply one year following the effective date, with Scope 3 emissions disclosures trailing, one year later
  • Accelerated and non-accelerated filers would be required to comply with these climate-disclosure rules two years following the effective date, with Scope 3 emissions disclosures trailing the following year
  • Smaller reporting companies would be required to comply three years following the effective date and are exempt from Scope 3 emissions disclosures.

What happens next?

The SEC has requested comments from the public on the rule as proposed. Specific questions on which the Commission seeks comments are incorporated throughout the proposal. Comments are due 60 days from the date of issuance (Friday, May 20, 2022) or 30 days after publication in the Federal Register, whichever period is longer.

Sometime after the comment period closes, the SEC will issue its final rule release; however, no matter what is in those rules, the expectation is that litigation will ensue and those proceedings may well delay implementation.

That said, companies that have been undertaking to provide investors and the market with voluntary disclosure on climate impacts and risks may choose to use the SEC’s Rule Proposal release as a guide for how to fashion their voluntary reporting; and those subject to climate-related reporting in other jurisdictions may find that taking into account the Commission’s disclosure regime may help to routinize their global reporting obligations.

Finally, for those companies that have chosen to undertake some level of climate-related reporting outside of their Exchange Act annual reports, they may find that during this uncertain period, before any SEC rule is effective, questions will continue to be raised by the Division of Corporation Finance, and perhaps even the Division of Enforcement, based on prior standards and rules, including the 2010 Guidance. Specifically, registrants can expect to be asked why this information is not “material enough” to include in the company’s SEC filings.

If you have questions about the Rule Proposal or are interested in submitting comments, please contact any of those attorneys listed on this alert or your usual Baker McKenzie contact.

The post United States: SEC Issues Long-Awaited Climate Disclosure Rule Proposal appeared first on Global Compliance News.

Source

In brief

On 3 January 2022, a federal jury for the US District Court for the Northern District of California found Holmes guilty in US v. Elizabeth Holmes, on four counts of fraud based on statements made to investors and business partners about Theranos’ proprietary blood testing devices, their capabilities and uses in the market.

Throughout her trial, the jury heard testimony regarding Holmes’ and Theranos’ efforts to silo employees and limit the visibility of outside investors — all in the name of protecting the company’s valuable trade secrets.

But, while Theranos claimed that its privacy measures were in line with some of the most revered startups to come out of Silicon Valley, Holmes’ trial revealed that much of this secrecy was simply a measure of deceit designed to cover up failed — and phantom — technology and deteriorating business strategy.

In this Expert Analysis, published by Law360, Bradford Newman, Sara Pitt and Kelton Basirico explore the trade secrets aspects of this case.


Download full article

The post United States: Takeaways From Holmes’ unsuccessful trade secret defense appeared first on Global Compliance News.

Source

In brief

On 15 February 2022, the Department of Defense (DoD) released a 30-page report titled State of Competition within the Defense Industrial Base (“Report“) surveying the state of competition across key defense sectors and laying out recommendations to spur increased competition in the defense industrial base (DIB). The Report is one of many required by numerous agencies in response to Biden’s July 2021 Executive Order, previously reported on here.


Contents

  1. Merger oversight
  2. Intellectual property limitations
  3. Increasing new entrants, increasing opportunities for small businesses and reducing barriers to entry
  4. Sector-specific supply chain resiliency plans in priority industrial base sectors

The term DIB refers to the large network of companies that provide goods and services to the DoD. These companies make up a significant part of our economy, ranging from small businesses and start-ups to some of the biggest corporations in the world. They provide products ranging from intercontinental ballistic missiles and highly specialized military satellites to everyday commercial products like batteries and laptops.

The Report addresses the need to promote competition, particularly in the defense procurement process. Increased competition will incentivize innovation in the DIB, thus enabling the sector to offer better products and supply chain quality with lower costs. The Report emphasizes that lack of competition in this sector may create gaps in services and products needed by the DoD, which could contribute to national security risks and undermine its mission.

The Report makes five broad recommendations:

  1. Strengthening merger oversight:
    • The Report highlights that the defense industry has been “historically consolidated” and that the trend of increased consolidation requires “heightened review” for any future mergers and acquisitions in the defense industry.
  2. Addressing intellectual property limitations:
    • The DoD should implement best practices on its long-term intellectual property (IP) needs and ensure that IP-related procedures included in its procurement do not result in unnecessary anticompetitive consequences.
  3. Increasing new entrants:
    • In light of the overall shrinking of the DIB, the DoD should strive to remove any barriers to entry for new entrants to the defense marketplace. This involves dedicating resources to attracting new entrants through small business outreach, support, and cooperation with acquisition authorities.
  4. Increasing opportunities for small businesses:
    • The DoD should increase small business participation in defense procurement, focusing on women-owned, minority-owned, and veteran-owned small businesses.
  5. Implementing sector-specific supply chain resiliency plans:
    • The DoD should create and execute a resiliency plan for the following five priority sectors: casting and forgings, missiles and munitions, energy storage and batteries, strategic and critical materials, and microelectronics.1

Merger oversight

The Report analyzes the trend of increased consolidations in the defense industry. For example, since the 1990s, the number of aerospace and defense prime contractors decreased from 51 to just five, and 90% of missiles come from only three sources today. This consolidation leaves the DoD reliant on only a handful of companies for many products and services, which in turn hurts innovation and lessens competition. The Report also analyzes additional concerns associated with the consolidation, including risks in sourcing, supply chain, and economic security. As such, the Report recommends increased oversight of future mergers and continued collaboration with the antitrust agencies on these deals.

Intellectual property limitations

Addressing exclusive IP rights, the Report identifies two practices that can be used to limit competition in the defense industry, with proposals on how to confront these challenges:

  1. No compulsory licensing beyond the regulatory standard rights:
    • The DoD should: (1) Ensure that IP exclusive rights are part of the evaluation factors when awarding contracts and (2) encourage contractors to provide the required licensing rights and data as a way of securing a contract.
  2. Tying or bundling:
    • To mitigate and prevent IP-based restrictions on proprietary products, the DoD should use a modular open systems approach, which allows systems to integrate with components manufactured by outside vendors and prevents closed proprietary systems. Together with the open systems approach, the DoD should negotiate specialized license agreements to address the issue of IP restrictions on proprietary components.

Increasing new entrants, increasing opportunities for small businesses and reducing barriers to entry

According to the Report, in the last ten years, there has been a 40% decrease of small businesses in the DIB. If this trend continues, the DoD is predicted to lose 15,000 suppliers over the next ten years, which will greatly impact domestic capabilities relating to national and economic security.2 The invigorated focus on expanding the entrants of small businesses will consist mainly of the DoD investing in outreach and engagement, including offering extra support to small businesses that seek to enter the defense marketplace. This includes reaching out to industry associations, participating in outreach events, and streamlining information. The DoD will also be using market intelligence to help identify potential entrants to the market, looking to expand small business programs, and using commercial technology and innovation to engage small businesses to enter the DIB.

Sector-specific supply chain resiliency plans in priority industrial base sectors

The DoD commits to “developing alternatives to the use of strategic and critical minerals to increase supply resilience for defense programs and national security, and to reinvigorate the supply chain.” In addition, the Report highlights the need to coordinate closely with the industry on investing in research and development and developing the workforce. Together with the goals and proposed recommendations,3 the Report encourages a whole-of-government approach to address the challenges within these priority sub-sectors.

In sum, DoD established in this Report it would implement the following actions intended to achieve the goals of the Biden Executive Order:

  • Review how it is evaluating vertical and horizontal mergers, with an increased focus on the risks to national security.
  • Collaborate with interagency colleagues at the Department of Justice and Federal Trade Commission to evaluate the effect of increased consolidation in the defense market.
  • Implement the interagency recommendations outlined in Executive Order 14017, with respect to the Supply Chains, in the five priority sectors.
  • Support the development of skilled workers in manufacturing and technical trades in order to maintain the workforce of defense-specific skills needed for the development and support of the DoD and its systems and equipment.

The Report reinforces the renewed commitment by the DoD to establish changes and set priorities for increasing competition in the defense market and the DIB. These efforts include increased scrutiny of potential M&A, attracting new entrants, encouraging and increasing the participation of the small business vendor base, and implementing initiatives to acquire the IP and associated rights to support greater competition.


1 Detailed recommendations are included in the DoD’s report on Executive Order 14017, America’s Supply Chains.

2 See, Fact Sheet Department of Defense releases new report on safeguarding our national security by promoting competition in the defense industrial base.

3 Detailed recommendations are included in the DoD’s report on Executive Order 14017, America’s Supply Chains.

The post United States: Department of Defense identifies competition priorities in procurement appeared first on Global Compliance News.

Source

In brief

On “Privacy Day” – California Attorney General Rob Bonta announced an investigative sweep targeted at the data collection practices of businesses running consumer loyalty programs in California and issued notices of non-compliance to a number of “major corporations” in the retail, home improvement, travel, and food services industries. Such loyalty programs offered financial incentives to consumers (e.g., discounts, free items, and other rewards) in exchange for their personal information.


Under the California Consumer Privacy Act of 2018, as amended by the Consumer Privacy Rights Act of 2020 (CCPA), businesses must not discriminate against consumers who exercise their rights to information deletion or object to the selling or sharing of their personal information. At the same time, businesses shall not be prohibited under the CCPA from “charging a consumer a different price or rate, or from providing a different level or quality of goods or services to the consumer, if that difference is reasonably related to the value provided to the business by the consumer’s data” or “from offering loyalty, rewards, premium features, discounts, or club card programs”.

The California Attorney General promulgated in 2020 regulations that a business that offers a financial incentive or price or service difference shall provide a “notice of financial incentive” with prescribed disclosures, in addition to “at collection notices”, which businesses must generally provide at or before the time they collect personal information from consumers. In the “notice of financial incentive”, businesses must disclose material terms of incentive programs, including the value of the consumer’s information.

In the recent enforcement actions concerning failures to provide notices of financial incentive, the California Attorney General offered the businesses 30 days to come into compliance with the CCPA before further enforcement actions would be commenced (as is currently required under the CCPA). In a press release issued by the office of the Attorney General, Bonta “urge[d] all business[es] in California to take note and be transparent about how you are using your customer’s data”, signaling an intent to prioritize enforcement of loyalty and other similar consumer programs moving forward.

The notice of financial incentive must clearly describe the material terms of the financial incentive program, be readily available before a consumer opts in, and inform consumers that they may opt-out at any time. Specifically, a business must include the following in the notice:

  1. A succinct summary of the financial incentive or price or service difference offered.
  2. A description of the material terms of the financial incentive or price or service difference, including the categories of personal information that are implicated by the financial incentive or price or service difference and the value of the consumer’s data.
  3. How the consumer can opt-in to the financial incentive or price or service difference.
  4. A statement of the consumer’s right to withdraw from the financial incentive at any time and how the consumer may exercise that right.
  5. An explanation of how the financial incentive or price or service difference is reasonably related to the value of the consumer’s data, including:
    • A good-faith estimate of the value of the consumer’s data that forms the basis for offering the financial incentive or price or service difference.
    • A description of the method the business used to calculate the value of the consumer’s data.

It is clear that the notice of financial incentive must include how a consumer can “opt-in” (a term not defined in the CCPA), which should not be conflated with a requirement under the CCPA to obtain consent (a defined term in the CCPA). Many financial incentive programs require terms of use and thus a need for an agreement involving some form of consent, anyhow (and in such cases, a separate consent could be added), but there are contexts where companies ask for personal information that may trigger a requirement for a financial incentive notice where terms and conditions may not be required. Per Cal. Civ. Code Section 1798.125, a business may enter a consumer into a financial incentive program only if the consumer gives the business prior “opt-in consent” pursuant to Cal Civ. Code Section 1798.130. But the reference to 1798.130 is confusing because 1798.130 does not provide for how to obtain opt-in consent and, as amended, section 1798.130 has a heading of “notice, disclosure, correction, and deletion requirements”. If the reference is to be given any meaning, it supports that consent is not required before first enrolling a consumer in a financial incentive program because 1798.130(a)(5)(A) requires that businesses include in their CCPA online policy a description of a consumer’s rights pursuant to 1798.125 and methods for submitting requests. There are other possible readings of the CCPA on this point. But the CCPA generally does not require opt-in consent for data collection and has an opt-out structure with regards to selling personal information. It would seem logical that the drafters of the CCPA meant for a similar opt-out regime with respect to financial incentive programs to apply (where opt-in consent and waiting 12 months is only required after someone first opts out). And the title of 1798.125 has been amended to say “consumer’s right of no retaliation following opt-out or exercise of other rights”, which would seem supportive of such interpretation.

Businesses now face the difficult task to estimate the value of consumers’ personal information. They should carefully consider all implications from an accounting, tax and litigation perspective. For example, once a business publishes a value pertaining to personal information, the stated value will likely be considered in unrelated contexts and disputes such as data security breaches, trade secret misappropriation, breaches of marketing collaboration contracts with business partners, unclaimed property compliance (escheat), or transfer pricing arrangements in multinational groups. Courts will not be bound by the business’s valuation, of course, but adversaries may hold a published valuation number against a business as an admission of value and make it difficult to argue for a different valuation.

Our team is monitoring developments as the cure period for compliance provided in the notice nears expiration. Should you have questions in the meantime, please reach out to our team or your Baker McKenzie contacts for additional information. 

The post United States: California Attorney General sets sights on consumer loyalty programs for CCPA enforcement appeared first on Global Compliance News.

Source

The White House has set a goal to modernize federal cyber defenses over the next several years using a “zero trust” approach, and agencies just delivered their initial plans to the Office of Management and Budget.

The plans describe how each agency proposes to adopt various zero trust approaches and capabilities by the end of fiscal year 2024, a goal set out by the White House’s zero trust strategy released in January. The memo required agencies to submit the implementation plans by March 27.

Chris DeRusha, the federal chief information security officer at OMB, said the plans will give his team a good idea of where each agency stands.

“While these are the initial cut from the agencies, we’ve been clear that we’re going to want to have some back and forth with them to make sure that they really do align to the budget, that they aligned to our strategy, and that they align to a strategy that OMB sort of agrees the agency should be taking,” DeRusha told reporters after speaking at an April 6 conference hosted by the Institute for Critical Infrastructure Technology in Arlington, Virginia. “We’re doing that in collaboration”

The OMB memo sets some specific deadlines beyond the FY 24 goal. For instance, within a year, agencies are required to support phishing-resistant multifactor authentication for all of their public-facing services.

But for the most part, agencies were able to tell OMB when they plan on reaching zero trust milestones as part of their implementation plans. For instance, the plans should describe how and when the agency “plans to isolate its applications and environments,” according to the strategy memo.

DeRusha said each agency’s journey will be different, especially given the vast differences in agency size and resources.

“I don’t think that you can have a one size fits all approach,” he said. “As we’re getting the small- and medium-sized agency plans in, we’re going to look at them a little bit differently than we would a huge, 250,000-person agency.”

The White House is requesting $10.9 billion in cybersecurity-related funding for federal civilian agencies in FY-23, an 11% increase above last year’s request. Some of that is expected to go toward implementing zero trust architectures.

While agencies had largely finalized their budget requests by the time the final zero trust strategy was released in January, DeRusha said OMB worked with agencies to ensure their budgets included funding for zero trust capabilities.

“I’m feeling pretty good about what we’re able to do in ’23 to fund from the strategy and make it successful,” he said.

Some agencies included more detailed zero trust plans in their FY 23 budget requests than others.

For instance, the Commerce Department is requesting $50 million in FY 23 specifically for a zero trust program. According to budget documents, the funding is pegged for endpoint detection and response capabilities, more centralized log management, and endpoint encryption.

Meanwhile, the Treasury Department is asking for about $86 million in FY 23 specifically for zero trust architecture implementation. Treasury’s near-term actions include “changes to password policies, building a new data categorization model, and making one ‘internal’ systems accessible over the Internet,” according to budget justification documents.

Federal cybersecurity roles

Meanwhile, Congress is looking to update federal cybersecurity standards for the first time since the Federal Information Security Modernization Act since 2014. Lawmakers say the law needs to reflect changes in cyber threats, new concepts like zero trust, and the creation of the Cybersecurity and Infrastructure Security Agency in 2018.

In particular, the legislative effort seeks to put CISA in charge of overseeing more aspects of agency cybersecurity efforts, a role traditionally filled by OMB and the federal CISO.

DeRusha said there’s a role in the “ecosystem” for his office, CISA, and the new White House national cyber director. But as the House and Senate negotiate a final FISMA reform bill, DeRusha said the law needs to be clear about federal roles and responsibilities.

“I think one thing we don’t want to see is a change that ends up making it harder for everybody to sort of complete their mission and potentially more confusing for agencies to work with,” DeRusha said. “We don’t want those outcomes. So while we need to acknowledge everyone’s authorities and roles, and I think we’re making good progress in that space, we are mindful of that concern.”

Source

Baker McKenzie’s Sanctions Blog published the alert titled US Department of Commerce Publishes a List of Aircraft Subject to General Prohibition 24 on 24 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

The post US Department of Commerce Publishes a List of Aircraft Subject to General Prohibition 10 appeared first on Global Compliance News.

Source

Baker McKenzie’s Sanctions Blog published the alert titled BIS Imposes Export Ban on Luxury Goods to Russia and Belarus as well as Russian and Belarussian Oligarchs and Malign Actors on 12 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

The post United States: BIS Imposes Export Ban on Luxury Goods to Russia and Belarus as well as Russian and Belarussian Oligarchs and Malign Actors appeared first on Global Compliance News.

Source

Baker McKenzie’s Sanctions Blog published the alert titled US Government Imposes Sanctions Prohibiting Importation of Russian Energy Products and New Investments in the Russian Energy Sector on 14 March 2022. Read the article via the link here. Please also visit our Sanctions Blog for the most recent updates.

The post United States: US Government Imposes Sanctions Prohibiting Importation of Russian Energy Products and New Investments in the Russian Energy Sector appeared first on Global Compliance News.

Source