#regcf #investment #webdevelop #nist #administration-panel #escrow-api #payment-api #offer-api #user-api #email-api #notification-api #esign-api #kyc-api #security

Legal sources

• https://www.sec.gov/info/smallbus/secg/rccomplianceguide-051316
• https://montague.law/blog/regcf-a-comprehensive-overview/

Challenges For Innovators:

legal

Compliance Requirements for Issuers

• [ ] Form C Filing and Disclosure
• [ ] Financial Statement Requirements
• [ ] Amendments, Updates, and Progress Reports

Investor Limitations and Protections

• [ ] Annual Income and Net Worth-based Limits
• [ ] Holding Period and Resale Restrictions

Cybersecurity

Any REG D company should comply with NIST SP 800-53 Compliance in order to pass SEC review. Company should show sufficient strive in:

1. Access control: Ensures only authorized users have access privileges
2. Audit and accountability: Involves a system of checks and balances to ensure proper protection
3. Awareness and training: Ensures team members are given the pertinent security controls training, including how these controls protect their systems
4. Configuration management: Ensures all configurations address the latest needs of the system without compromising security
5. Contingency planning: Involves creating a plan that provides different options in case your security controls do not perform as expected
6. Identification and authentication: Focuses on ensuring users and devices have valid identification and the rights they need to access systems and data
7. Incident response: Orchestrates the steps and tools used when there is a breach
8. Maintenance: Necessary for keeping the system up-to-date and functioning as it should
9. Media protection: Involves protecting the physical media used to store data, such as hard drives and servers
10. Personnel security: Ensures people that manage sensitive systems and data are protected from cybercriminals who may target them

Data protection risks

The United States doesn’t have a singular law that covers the privacy of all types of data. Instead, it has a mix of laws that depends on the state and industry. While it might be not required at this moment its still good to be complied with a NIST Special Publication 800-63B and follow guidelines for:

• New Password Creation
• User Authentication Flow
• Credentials Storage Recommendations
• Breached Password Protection
• Limit Login Attempts
• Allow Multi-Factor Authentication
• Do not use SMS for authentication
• Do not sacrefice UX in favor of security

General Requirements

• Simple investment flow
• Speak with Maria regarding UX flow #Todo
• Number need comas
• This needs to include a confirmation of the investment itself, providing for the following: (i) The date of the transaction;

(ii) The type of security that the investor is purchasing; (iii) The identity, price, and number of securities purchased by the investor, as well as the number of securities sold by the issuer in the transaction and the price(s) at which the securities were sold; (iv) If a debt security, the interest rate and the yield to maturity calculated from the price paid and the maturity date; (v) If a callable security, the first date that the security can be called by the issuer; and (vi) The source, form and amount of any remuneration received or to be received by the intermediary in connection with the transaction, including any remuneration received or to be received by the intermediary from persons other than the issuer.

ToDo

Wiki for:

• [Information security policy]
• [Data Breach Response]
• [Clean Desk Policy]
• [Disaster Recovery Plan]
• [Password Protection Policy]
• [Email Policy]
• [Sensetive Data Encryption Policy]

Features for the Reg CF Crowfunding platforms:

• [administration panel]

• [user management]

• [escrow]

• [offer management]

• [electronic signatures]

• [notification system]

• [email system]

• [investment system]

• [KYC verification]

• [payment system]

• [Security]

• [SEO]

• Speak with Maria regarding UX flow for crowdfunding

wiki for the reg cf

• Disclosures: https://drive.google.com/drive/folders/1d77uVMFWsd2yC_62PvdsnilWwhB9yLQV
• • Reg CF Disclosure Information https://docs.google.com/document/d/1xI7-_u6SGB-GUPq60BGh4Pd12z8zWvPb/edit
• • Listing Disclosure https://docs.google.com/document/d/10uUXFFdU6hPwBrRxz36EGT-C1JITgrjf/edit
• Notices:
• • Notice of Commitment as required by Rule 303(d)
• • Confirmation of Transaction as required by Rule 303(f)
• • Notice of Early Completion as required by Rule 304(b)(2)
• • Notice of Reconfirmation as required by Rule 304(c)
• • Notice of the Return of Funds if an offering is not complete as required by Rule 304(d)
• • The investors consent to the electronic delivery of all information required pursuant to Reg CF Rule 302(a)(2)
• • The investor representation and questionnaire required under Reg CF Rule 303(b)(2)
• • How posts made in the communication channel are reviewed for compliance with Reg CF Rule 303(c)
• • Reg CF Investment Limits
• • Reg CF Offering Limits
• • Reg CF Eligible Companies
• • Reg CF Intermediaries
• • Reg CF Disclosure Requirements
• • Reg CF Restrictions and Resale
• • Reg CF Reporting Obligations
• • Reg CF Benefits and Risks

Wiki for type of securities

• Equity Securities
• SAFE
• Debt Securities
• Revenue-Sharing and Membership Units https://montague.law/blog/regcf-a-comprehensive-overview/