The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement emphasizing the need for lenders and servicers to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most in the industry have already recognized: Cyber coverage … Continue Reading
On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB … Continue Reading
Privacy is serious business. This was made clear in the Federal Trade Commission’s (FTC) recent announcement that it had settled its complaint against Venmo, PayPal’s peer-to-peer payment service, for misrepresentations to consumers regarding privacy and security settings. Although the terms of the settlement do not become final until approval by the FTC on or about … Continue Reading
Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) introduced the Data Breach Prevention and Compensation Act on January 10, 2018 in an effort to increase accountability of large Credit Reporting Agencies (CRAs) for data breaches involving consumer data. The bill, drafted in response to the September 2017 Equifax data breach revelations, seeks to impose direct administrative … Continue Reading
On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) outlined nine non-binding Consumer Protection Principles (the Principles) for the access and sharing of consumer information between third-party companies. The Principles focus on the consumer experience, specifically consumers’ enhanced control over their financial lives. The CFPB envisions a marketplace in which consumers are in the … Continue Reading
Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading
In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading
[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading
The New York State Department of Financial Services’ (NYDFS) cybersecurity regulations went into effect March 1, 2017, and the first of the staggered implementation deadlines is quickly approaching on August 28, 2017. Touted by the NYDFS as the “first in the nation” comprehensive cybersecurity regulation, the new rules pose significant compliance challenges for those covered … Continue Reading
Last month, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued an Advisory which provided substantial guidance to financial institutions regarding the scope of information that must be provided in Suspicious Activity Reports (SARs) arising from cyber-events, cyber-enabled crime, and cyber-related information under the Bank Secrecy Act (BSA). When are financial institutions required to … Continue Reading
Cybersecurity remains a top focus of government regulators, and the prevailing trend is to encourage information sharing between the government and private entities to combat cybersecurity threats. In line with this theme, on February 9, 2016, President Obama directed his administration to implement a Cybersecurity National Action Plan (CNAP) intended to, among other things, enhance … Continue Reading
In a recent blog post on the Federal Trade Commission (FTC) Consumer Information blog, the FTC warned home buyers of an e-mail and wire transfer phishing scam in which hackers pose as real estate professionals or title companies and request buyers to wire their closing costs to the scammer’s account. The FTC noted that hackers … Continue Reading
The New York Department of Financial Services (NYDFS) recently surveyed the companies that it regulates to assess cybersecurity risks. After examining the surveys, the NYDFS seems prepared to propose regulations governing how financial institutions can better monitor and manage risk from a liability perspective. In line with a similar survey by the Office of the … Continue Reading
Yesterday, the Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective (the “Semiannual Risk Perspective”). The Semiannual Risk Perspective covers “key issues facing banks, focusing on those that pose threats to the safety and soundness of banks and their compliance with applicable laws and regulations.” While the OCC identifies four main … Continue Reading
On November 9, 2015, the New York State Department of Financial Services (“NYDFS”) issued a letter to several federal regulatory agencies and trade organizations advising of potential new state regulations intended to increase cybersecurity in the financial services industry. The NYDFS issued the letter following risk assessments performed in 2014 and 2015 that identified industry-wide … Continue Reading
