On October 27, the Federal Trade Commission (“FTC”) unanimously voted to amend the Safeguards Rule to require non-banking financial institutions to report data breaches and security events to the Agency. This amendment will...more
On October 19, 2023, the Consumer Financial Protection Board (“CFPB”) released a proposed rule that, if enacted, would grant consumers greater access rights to the data their financial institutions hold. Under the proposed...more
10/24/2023
/ Comment Period ,
Consumer Financial Products ,
Consumer Financial Protection Act (CFPA) ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Information ,
Consumer Privacy Rights ,
Dodd-Frank ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Personally Identifiable Information ,
Proposed Rules ,
Regulatory Agenda
The CFPB has taken a significant step towards issuing regulations to implement Section 1033 of the Dodd-Frank Act by releasing an outline of the proposals it is considering in preparation for convening a small business...more
The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to...more
On October 27, the Federal Trade Commission (FTC) announced a final rule (Final Rule) and supplemental notice of proposed rulemaking (NPRM) to amend the Safeguards Rule promulgated under the Gramm-Leach-Bliley Act (GLBA),...more
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require...more
October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two...more
10/8/2020
/ Bank Secrecy Act ,
BSA/AML ,
Cyber Crimes ,
Cybersecurity ,
Financial Institutions ,
FinCEN ,
International Emergency Economic Powers Act (IEEPA) ,
Office of Foreign Assets Control (OFAC) ,
Privacy Concerns ,
Ransomware ,
Suspicious Activity Reports (SARs)
The FTC has proposed amendments to its 2003 Safeguards Rule and 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA). The proposed changes are informed by the FTC’s enforcement...more
The FTC has proposed amendments to its 2003 Safeguards Rule and the 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA). ...more
3/8/2019
/ Banking Sector ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Gramm-Leach-Blilely Act ,
Personally Identifiable Information ,
Privacy Rule ,
Proposed Amendments ,
Rulemaking Process ,
Safeguards Rule
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. ...more
9/11/2018
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Data Security ,
Federal Breach Notification Standard ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Information Technology ,
Insurance Industry ,
Legislative Agendas ,
Personally Identifiable Information ,
Policies and Procedures ,
Popular ,
Preemption ,
Proposed Legislation ,
Risk Management
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
7/17/2017
/ Banking Sector ,
Chief Information Security Officer (CISO) ,
Covered Entities ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Third-Party Risk
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
A goal of providing effective disclosures to consumers is to allow consumers to make informed decisions. But what must be done to make disclosures effective? This was the question the Federal Trade Commission (FTC) explored...more
9/27/2016
/ Advertising ,
Banking Sector ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Disclosure Requirements ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
Mobile Apps ,
Mobile Devices ,
Native Advertising ,
Popular ,
Social Media ,
Social Networks ,
Tracking Systems ,
Video Games ,
Warner Brothers Entertainment
The Bank for International Settlement (BIS) Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) last week issued the first internationally agreed-upon...more
7/7/2016
/ Bureau of Industry and Security (BIS) ,
Committee on Payments and Market Infrastructure (CPMI) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Financial Institutions ,
Financial Markets ,
Gramm-Leach-Blilely Act ,
IOSCO ,
New Guidance ,
Risk Management
An amendment creating an exception to the annual privacy notice delivery requirement for financial institutions has been signed into law by President Obama as part of the “Fixing America’s Surface Transportation Act” (FAST...more
The New York Department of Financial Services (NYDFS) has distributed a letter to various federal and state regulatory agencies and associations proposing the development of new cybersecurity regulations for financial...more
The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider...more
7/24/2015
/ Best Practices ,
Criminal Prosecution ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
FBI ,
Financial Institutions ,
Hackers ,
Malware ,
New Guidance ,
NIST