On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal...more
On 1 April 2024, the UK and US signed a memorandum of understanding on the science of AI safety. This partnership is the first of its kind and will see the two countries work together to assess risks and develop safety tests...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was...more
Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly...more
Recent activity by the New York Department of Financial Services (NYDFS) and the Securities and Exchange Commission (SEC) highlight the continued focus by government regulators on cybersecurity. As these and other regulators...more
11/17/2023
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Financial Regulatory Reform ,
Financial Services Industry ,
NYDFS ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Litigation
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC...more
8/8/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
New Rules ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
Recent enforcement actions and announcements show that state and federal regulators are continuing to focus intensely on cybersecurity and data protection. Notably, the New York Department of Financial Services (“NYDFS”)...more
7/18/2023
/ Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Settlement ,
State and Local Government ,
State Data Privacy Laws
A recent consent order between the New York State Department of Financial Services (“NYDFS”) and cryptocurrency trading platform, bitFlyer USA (“bitFlyer”), shows that the NYDFS continues to utilize an aggressive enforcement...more
6/21/2023
/ Civil Monetary Penalty ,
Consent Order ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Enforcement Actions ,
Financial Services Industry ,
Information Technology ,
New York ,
NYDFS ,
Regulatory Requirements ,
Regulatory Violations ,
Technology
We have written on previous occasions about the rise in frequency and severity of Business Email Compromise (BEC) cyberattacks. As explained in other posts, BEC attacks are a type of phishing scam typically targeting...more
In recent weeks, the U.S. Department of Justice (DOJ) has implemented significant changes to its corporate enforcement policies in an attempt to encourage companies to root out and voluntarily disclose corporate misconduct....more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
9/2/2022
/ Covered Entities ,
Cybersecurity ,
Enforcement ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Notice Requirements ,
NYDFS ,
Policies and Procedures ,
Popular ,
Second Amendment ,
Third-Party Service Provider
On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
4/26/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Security ,
Department of Energy (DOE) ,
FBI ,
Information Sharing ,
International Trade ,
Popular ,
Russia
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to...more
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the...more
Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals. In an effort to deter the use of cryptocurrencies in furtherance of...more
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action....more
On February 24, 2022, two of three founders of an off-shore cryptocurrency derivatives exchange, the Bitcoin Mercantile Exchange or “BitMEX,” pled guilty to violating the Bank Secrecy Act (BSA) by failing to maintain an...more
3/4/2022
/ Anti-Money Laundering ,
Bank Secrecy Act ,
Bitcoin ,
Broker-Dealer ,
Criminal Prosecution ,
Cryptocurrency ,
Department of Justice (DOJ) ,
FinCEN ,
Investment Adviser ,
Popular ,
Securities Litigation ,
Suspicious Activity Reports (SARs)
The televised “thud” of explosions in Ukraine has an ominous but deceptively distant tone. For many organizations the hostilities are closer at hand, in the form of cyberattacks that could spread beyond the Russian-Ukrainian...more
On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint...more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor...more
In October, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published new guidance for the virtual currency industry focusing on compliance with the financial industry’s obligations...more
On October 28, 2021, in a speech before the American Bar Association’s 36th Annual National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco formally announced that the Department of Justice is taking...more