Theta Lake Blog

Marc Gilman

Marc Gilman
Gilman is a technology attorney, compliance executive, and adjunct professor of compliance at Fordham Law bringing 15 years of law, financial services, and IT experience to his leadership role at Theta Lake. Gilman’s legal expertise focus on global technology-related legal and regulatory issues, such as information management, software and product development, cybersecurity, SEC and FINRA regulation, GDPR, and electronic communications platforms. Gilman is a certified information privacy professional with both the CIPP/E and CIPP/US credentials.

Recent Posts

Always On Security: Theta Lake's Alignment with CISA's Emerging Software Cyber Principles

Posted by Marc Gilman on May 24, 2023 8:35:42 AM

On April 13, the US Cybersecurity and Infrastructure Security Agency (“CISA”) and several other global cybersecurity agencies issued a practical roadmap for technology product design called “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.” The document provides a clear articulation of CISA’s cybersecurity expectations, which signals a emerging paradigm shift noting that “[m]anufacturers are encouraged to take ownership of improving the security outcomes of their customers.” This transition finds CISA focusing more on software developers as responsible for consumer security as opposed to the governmental or private sector users of these applications.  

Read More

Bard of The 21st Century: Risks and Opportunities For Generative AI

Posted by Marc Gilman on May 19, 2023 5:16:23 AM

Generative AI refers to a set of technologies that produce new data based on the information they have been trained on–these applications “generate” new information like text or images based on their training data, hence the “generative” monniker. The most popular uses of generative AI, or “GAI,” have been as part of interactive chat applications like Open AI’s ChatGPT and Google’s Bard, image generating applications like Stable Diffusion, Midjourney, and DALL-E, and code generating systems like Copilot. 

Read More

Theta Lake responds to UK regulators consultation on the use of AI

Posted by Marc Gilman on Mar 22, 2023 8:20:02 AM

In late-2022, the Financial Conduct Authority and Prudential Regulation Authority (the “Regulators”) jointly issued Discussion Paper DP5/22(the “Paper”) soliciting feedback on the use of artificial intelligence and machine learning in financial services. In particular, the Regulators requested information about the potential benefits and risks of AI, regulatory considerations, and the use of standards in the development of AI. Theta Lake submitted a response to the Paper to outline its unique approach to AI and thoughts on appropriate application to compliance together with organizational and security controls.

Read More

Regulatory Perspectives From Theta Lake: SEC 17a-4 Modernization

Posted by Marc Gilman on Nov 1, 2022 7:00:00 AM

When it comes to dynamic messaging content from collaboration tools like Webex, Zoom, Slack, and Microsoft Teams as well as SMS, mobile messaging, and consumer applications like WhatsApp, the SEC’s updated recordkeeping Rule 17a-4 announced on October 12, 2022 signals a sea change for broker-dealers. The SEC replaced its antiquated “non-erasable, non-rewritable” electronic recordkeeping requirement in place since the late-90s with a technology-neutral approach centered around audit trail data, which provides far greater flexibility in implementation.

At Theta Lake, we welcome the modernization of Rule 17a-4 as it allows our financial services customers to more easily manage archiving controls for SEC-regulated electronic communications records.  In addition, the spirit and letter of the revised Rule aligns with Theta Lake’s modern approach to the capture, retention, and supervision of complex, interactive video, voice, chat, and email conversation data.

As we noted in our 2022 Modern Communications Security and Compliance Report, 97% of firms are using two or more communication tools, so the ability to seamlessly and compliantly capture dynamic data across a range of platforms is key.  With over 100+ platform integrations, Theta Lake enables easy and effective compliance with the SEC’s new recordkeeping requirements.

For customers, the updated Rule 17a-4(f) offers a flexible, audit trail-based option that makes it easier to retain dynamic data from electronic communications to databases and beyond.  The revised Rule 17a-4(f)(2)(i)(A) allows broker-dealers to:

Read More

Cryptocurrency Detections in Video, Voice, Chat - More than just keywords

Posted by Marc Gilman on Oct 26, 2021 8:30:00 AM

To say that cryptocurrency has been a hot topic in financial services of late is a massive understatement. Coinbase announced (via Twitter, natch) that it submitted an application for registration as a Futures Commission Merchant under NFA and CFTC rules. However, the enthusiasm around Coinbase’s FCM announcement was likely offset by the withdrawal of its proposed interest-bearing Lend product after concerns about its security-like features prompted preliminary interest from the SEC. In other regulatory developments, the emergence of technologies for vetting and tracking digital assets for anti-money laundering and know your customer purposes are advancing rapidly. Look no further than MasterCard’s acquisition of CipherTrace as evidence of an increasing focus on transactional activity tracking and the lightning fact evolution of more mature AML/KYC processes for blockchain-based and other digital currencies.

Read More

Topics: compliance, video conferencing, cryptocurrency, detections

Examining Recent Collaboration and Chat E-comms Compliance Guidance from ESMA, FCA, FINRA, SEC

Posted by Marc Gilman on Oct 19, 2021 10:20:23 AM

It’s clear that the flexibility regulators including ESMA, the FCA, FINRA, and the SEC offered financial services firms around the relatively unfettered use of modern collaboration and chat tools like Zoom, Microsoft Teams, and Webex by Cisco during the pandemic has come to an end.  No action relief issued at the outset of COVID-19 has expired, and regulatory missives in the second half of 2021 indicate a marked change of tone and expectations for firms using dynamic communication platforms.

Read More

Topics: compliance, chat compliance, surveillance, monitoring, regulations, electronic communications

The Need to Modernize Information Barriers Compliance

Posted by Marc Gilman on Sep 1, 2021 9:15:00 AM

As enterprise communications technologies have evolved, the related challenge of managing business rules for groups permitted to use them and communicate with one another have become more complex. In financial services, business information barriers prohibit communications between specific groups to mitigate the risk of misuse of material non-public information (“MNPI”) to prevent market abuse and insider dealing. Information barriers requirements are spelled out in FINRA Rules 2241 and 2242, Section 204A of the Investment Advisers Act, in FCA’s SYSC 10.2 Rule as well as the SEC’s Exchange Act Section 15(g), which requires broker-dealers to:

Read More

Topics: compliance, supervision, monitoring

Our Response to Regulators on AI and ML in Financial Services

Posted by Marc Gilman on Aug 11, 2021 8:30:00 AM

Last month Theta Lake submitted a response to a request for comment from several federal banking agencies including the Federal Reserve, the Consumer Financial Protection Bureau, and the Office of the Comptroller of the Currency about the use of Artificial Intelligence (AI) and Machine Learning (ML) in financial services. In our response, we described how Theta Lake uses AI in its Security and Compliance Suite, offered thoughts about how the agencies might create a framework for assessing AI risk, and outlined a few standard practices that would facilitate strong AI development in the future.

Read More

Topics: voice compliance, regtech, surveillance, financial services

Theta Lake Perspective: SEC’s OCIE's 2021 Exam Priorities

Posted by Marc Gilman on Mar 30, 2021 9:00:00 AM

On March 3, 2021, the SEC’s Office of Compliance Inspections and Examinations (“OCIE”) announced its 2021 Exam Priorities—the first such missive in the pandemic era. The Commission’s ability to be flexible and nimble in its approach to 2020 exams and plans for this year are laudable. To bolster that effectiveness, the recently created Event and Emerging Risk Examination Team will improve and expand OCIE’s rapid response capabilities. (I wrote more about the EERT here). Based on this year’s priorities, OCIE and EERT will be very busy in 2021.

Read More

Topics: compliance

A Single Confidential Doc Can Leave A Company Scrambling to Recover

Posted by Marc Gilman on Jan 28, 2021 11:35:20 AM

Typically, when we think about data breaches or loss, we picture scenarios where vast troves of personal data are accessed through brute force attacks or phishing attempts, resulting in thousands or millions of records being impacted. However, the release of smaller amounts of data, even a single PDF document or PowerPoint slide, can have serious and damaging ramifications for an organization.

Read More

Topics: compliance, security, data leakage

Comment Here

Theta Lake provides security and compliance for modern collaboration platforms using frictionless partner integrations with Cisco Webex, Microsoft Teams, RingCentral, Slack, Zoom, and more. Using patented machine learning and NLP, Theta Lake detects risks in: video, voice, chat, and document content across what is shared, shown, spoken, and typed. Those risks are surfaced in an AI-assisted, patent-pending review workspace that adds consistency, efficiency, and scale for security and compliance teams. All of this enables organizations to safely realize the full ROI of a collaboration-first workplace while reducing the cost of security and compliance.

www.thetalake.com

Subscribe here to stay up to date!