Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Parallel Universe or Coincidence: The CFPB’s New Data Consumer Protection Principles’ Relationship to GDPR

On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) outlined nine non-binding Consumer Protection Principles (the Principles) for the access and sharing of consumer information between third-party companies. The Principles focus on the consumer experience, specifically consumers’ enhanced control over their financial lives. The CFPB envisions a marketplace in which consumers are in the … Continue Reading

Foreign No More: Transferring Data on Demand U.S. Companies and GDPR Data Portability

Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading

CFPB Walks the Data Privacy Tightrope on Public HMDA Disclosures

In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading

The Bank Next Door: Part I – Using Social Media to “Friend” Customers

[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading

New York Sets Its Sights on Cybersecurity Weaknesses at Financial Institutions

The New York State Department of Financial Services’ (NYDFS) cybersecurity regulations went into effect March 1, 2017, and the first of the staggered implementation deadlines is quickly approaching on August 28, 2017. Touted by the NYDFS as the “first in the nation” comprehensive cybersecurity regulation, the new rules pose significant compliance challenges for those covered … Continue Reading

Banks Should Prepare for Increased Collaboration between IT, Legal and BSA/AML Compliance Departments under New FinCEN Guidance

Last month, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory which provided substantial guidance to financial institutions regarding the scope of information that must be provided in Suspicious Activity Reports (SARs) arising from cyber-events, cyber-enabled crime, and cyber-related information under the Bank Secrecy Act (BSA). When are financial institutions required to … Continue Reading

Preparing for Increased Cybersecurity Information Sharing

Cybersecurity remains a top focus of government regulators, and the prevailing trend is to encourage information sharing between the government and private entities to combat cybersecurity threats. In line with this theme, on February 9, 2016, President Obama directed his administration to implement a Cybersecurity National Action Plan (CNAP) intended to, among other things, enhance … Continue Reading

Buyer Beware – Know Before You Wire: FTC and NAR Warn Home Buyers on Closing Costs Wire Transfer Phishing Scams

In a recent blog post on the Federal Trade Commission (FTC) Consumer Information blog, the FTC  warned home buyers of an e-mail and wire transfer phishing scam in which hackers pose as real estate professionals or title companies and request buyers to wire their closing costs to the scammer’s account. The FTC noted that hackers … Continue Reading

Video Interview: Discussing Possible Cybersecurity Recommendations from the NY Department of Financial Services

The New York Department of Financial Services (NYDFS) recently surveyed the companies that it regulates to assess cybersecurity risks. After examining the surveys, the NYDFS seems prepared to propose regulations governing how financial institutions can better monitor and manage risk from a liability perspective. In line with a similar survey by the Office of the … Continue Reading

Third Party Service Providers Remain in the Spotlight

Yesterday, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective (the “Semiannual Risk Perspective”). The Semiannual Risk Perspective covers “key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations.” While the OCC identifies four main … Continue Reading

New York DFS Set to Regulate Cybersecurity Rules

On November 9, 2015, the New York State Department of Financial Services (“NYDFS”) issued a letter to several federal regulatory agencies and trade organizations advising of potential new state regulations intended to increase cybersecurity in the financial services industry. The NYDFS issued the letter following risk assessments performed in 2014 and 2015 that identified industry-wide … Continue Reading
LexBlog