Professionals

Craig A. Foster

Partner

VCARD

Overview
Publications
Presentations
Professional and Civic
News
Events
Legal Blog

Overview

Craig regularly assists registered investment advisers with all aspects of their operations, including formation, registration, licensing, disclosure, privacy, client contracts, employee agreements, compliance programs and website and advertising review. Craig also frequently helps advisers navigate and respond to regulatory examinations and conduct annual compliance reviews.

Craig has a particular penchant for assisting robo-advisers. Understanding that such firms face many regulatory challenges and functional challenges that traditional investment advisers may not, he co-founded and regularly contributes to a legal blog, Source Code, which seeks to help robo-advisers address those challenges.

Craig also advises investment company clients on a regular basis. Craig has substantial experience in organizing and launching funds, drafting prospectuses and service provider agreements, advising fund boards, seeking exemptive relief, responding to inquiries from regulators, and coordinating with fund service providers. Craig has also helped many funds prepare and deliver proxy materials to shareholders and has assisted in the successful completion of a number of fund reorganizations. In addition to investment company clients, Craig has significant experience in helping private investments funds prepare offering documents and comply with federal and state registration exemptions.

Finally, Craig works on all things related to privacy and cybersecurity. Having obtained the International Association of Privacy Professionals (IAPP) Certified Information Privacy Professional/United States (CIPP/US) credential, he regularly counsels businesses in all industries on compliance with state, federal, and international privacy laws, helps them respond to data breaches, and assists them in improving their operations around privacy and security.

Publications

Quoted, "Tips for updating your Form CRS," Regulatory Compliance Watch, June 17, 2021
“DOL Issues Much-Anticipated Retirement Plan Cybersecurity Guidance,” Thompson Hine Employee Benefits & Executive Compensation Update, April 2021
“Electronic Disclosure: SEC Requirements and the Form CRS Business Case,” 2020 Whitepaper authored in partnership with InvestorCOM Inc.
Quoted, “Pressure testing a compliance programme,“ Financier Worldwide, October 2020
"California Legislature Extends CCPA's Exemptions for Personal Information in the Employment and Business-to-Business Context," Thompson Hine Privacy & Cybersecurity Update, September 2020
“Final CCPA Regulations Approved, Effective Immediately,” Thompson Hine Privacy & Cybersecurity Update, August 2020
“New York’s SHIELD Act Now Effective – Take Steps to Ensure Compliance,” Thompson Hine Privacy & Cybersecurity Update, April 2020
“SEC Announces Exam Focus on Compliance with Form CRS and Regulation Best Interest,” Thompson Hine Investment Management Update, April 2020
“SEC Provides Temporary Regulatory Relief for Investment Advisers,” Thompson Hine COVID-19 Update, March 2020
"California Attorney General Publishes Modifications to CCPA Regulations," Thompson Hine Privacy & Cybersecurity Update, March 2020
"UK Proposes Substantial Expansion of Online Privacy Protections for Children," Thompson Hine Privacy & Cybersecurity Update, January 2020
"California’s New Data Privacy Law Coming into Focus," Thompson Hine Privacy & Cybersecurity Update, October 2019
“‘Pre-Ticked’ Boxes to Obtain Cookie Use Consent Fail Under EU Law,” Thompson Hine Privacy & Cybersecurity Update, October 2019
“Advisory Firm Fined $15 Million for Improper Fees on Inactive Accounts and Failure to Disclose Conflict of Interest,” Thompson Hine Investment Management Update, September 2019
“New York SHIELD Act Expands Privacy and Cybersecurity Obligations,” Thompson Hine Privacy and Cybersecurity Update, July 2019
“NFA Proposes Amendments to 2016 Cybersecurity Guidance,” Thompson Hine Investment Management Update, December 2018
“Canada’s New Data Breach Law Creates Unique Obligations for Businesses,” Thompson Hine Privacy & Cybersecurity Update, November 2018
“SEC Issues No-Action Letter Allowing Fund Boards to Rely on CCO Representations to Comply with Certain Exemptive Rules,” Thompson Hine Investment Management Update, October 2018
“Preparing for Ohio’s Cybersecurity Safe Harbor Law,” Thompson Hine Privacy & Cybersecurity Update, October 2018
“California Becomes First State to Regulate Internet-Connected Devices,” Thompson Hine Privacy & Cybersecurity Update, October 2018
“Amendments to California Privacy Law Will Impact Businesses,” Thompson Hine Privacy & Cybersecurity Update, October 2018
“California Expands Consumer Privacy Protections,” Thompson Hine Privacy & Cybersecurity Update, July 2018
“Data Privacy Concerns Should Be a Focus in M&A Transactions,” Thompson Hine Business Law Update, Spring 2018
“CEA Report: Cost of Malicious Cyber Activity to the U.S. Economy,” Thompson Hine Privacy & Cybersecurity Update, February 2018
“EU-U.S. Privacy Shield Review Confirms Adequacy and Suggests Improvements,” Thompson Hine Privacy & Cybersecurity Update, October 2017
“SEC Eases Form ADV Compliance Deadline for Interim Updates,” Thompson Hine Investment Management Update, August 2017
“FTC Increases Focus on Smart Toys with COPPA Update,” Thompson Hine Privacy & Cybersecurity Update, August 2017
“Court Finds Work Product Doctrine Protects Data Breach Records,” Thompson Hine Privacy & Cybersecurity Update, June 2017
“Interacting with Your On-line Web Visitors Can Create Privacy Concerns,” Columbus Business First, April/May 2017
“New York Financial Services Cybersecurity Regulation Takes Effect March 1,” Thompson Hine Privacy & Cybersecurity Update, February 2017
“Cybersecurity Commission Report Encourages Immediate Action, Collaboration,” Thompson Hine Privacy & Cybersecurity Update, December 2016
“European Commission Adopts EU-U.S. Privacy Shield,” Thompson Hine Privacy & Cybersecurity Update, July 2016
“SEC Proposes Business Continuity & Transition Plan Rule,” Thompson Hine Investment Management Update, July 2016
“European Commission Publishes EU-U.S. Privacy Shield Legal Texts,” Thompson Hine Privacy & Cybersecurity Update, March 2016
“U.S. and EU Agree on New Framework to Replace Safe Harbor,” Thompson Hine Privacy & Cybersecurity Update, February 2016
“EU Court: Employee Email Monitoring May Not Breach Privacy Rights,” Thompson Hine Privacy & Cybersecurity Update, January 2016
“Enhanced EU Data Protection Regulations,” Thompson Hine Privacy & Cybersecurity Update, December 2015
"Northstar Financial Advisors v. Schwab Investments – Implications and Considerations for Investment Company Boards of Trustees,” The Investment Lawyer, December 2015
“EU/U.S. Safe Harbor Framework in Jeopardy: Article 29 Working Party Statement on ECJ Case,” Thompson Hine Privacy & Cybersecurity Update, October 2015
“Court Decision Imperils Privacy Safe Harbor,” Thompson Hine Privacy & Cybersecurity Update, October 2015
“Money Market Fund Rule Amendments,” Thompson Hine Investment Management Update, September 2015
“SEC Brings First Enforcement Action Under Distribution-in-Guise Initiative,” Thompson Hine Investment Management Update, September 2015
“Take the Time to Revisit Clients’ Policies for Dealing with Diminished Financial Capacity and Financial Abuse,” The Investment Lawyer, Vol. 22, No. 1, January 2015
“New SEC Rules to Combat Technology Glitches and Enhance Cybersecurity,” Thompson Hine Privacy & Investment Management Update, December 2014
“European Union Imposes Extraterritorial Privacy Obligations on U.S. Businesses,” Thompson Hine Privacy & Information Security Update, May 2014
“Canada’s New Anti-Spam Law – Is Your Business Ready?,” Thompson Hine Privacy & Information Security Update, May 2014
“Supreme Court Expands SOX Whistleblower Protection to Service Providers’ Employees,” Thompson Hine Investment Management Update, March 2014
“New California Law Requires Tracking Transparency,” Thompson Hine Privacy & Information Security Update, March 2014
The Investment Lawyer, “Fifth Circuit Restricts Dodd-Frank Retaliation Protections for Whistleblowers,” Vol. 20 No. 12, December 2013
Thompson Hine Privacy & Information Security Update, "California Legislature Passes 'Do Not Track' Disclosure Law," September 13, 2013
Thompson Hine Investment Management Update, "General Solicitation Under the JOBS Act: Practical Tips for Hedge Fund Managers," August 8, 2013

Presentations

Presenter, "Vendor Engagements – Managing Cybersecurity and Privacy Risks," Thompson Hine's Investment Management Coffee Chat Webinar Series, May 2021
Presenter, "SEC’s New Marketing Rule – Testimonials, Endorsements and Solicitation Activity," Thompson Hine's Investment Management Coffee Chat Webinar Series, March 2021
Presenter, "SEC’s New Marketing Rule – Redefining 'Advertisement'," Thompson Hine's Investment Management Coffee Chat Webinar Series, March 2021
“Overview and Impacts of General Data Protection Regulation (GDPR) and MiFID II,” Cincinnati Compliance Roundtable, March 2018
“Privacy and Data Security Considerations in M&A Transactions,” IAPP KnowledgeNet (Columbus), September 2017
“SEC Exams of Investment Advisers and Investment Companies - What to Expect, How to Prepare and Mock Exam Protocols,” the Central Ohio Compliance Association, September 2017
"Using Performance Data in Advertising – Guidelines and Recommendations for Avoiding the SEC’s Wrath," August 23, 2017
“Preparing for Changes to Form ADV – What You Need to Know Now,” the Central Ohio Compliance Association, April 2017
“Current Trends for Hedge Fund Managers: General Solicitation is In – ‘Bad Actors’ are Out,” the Central Ohio Compliance Association, November 2013

Professional and Civic

Professional Associations