Photo of Jeffrey P. Taft

Jeffrey Taft is a partner in the Firm's Financial Services Regulatory & Enforcement group and the Cybersecurity and Data Privacy practice. His practice focuses primarily on bank regulation, bank receivership and insolvency issues, payment systems, consumer financial services and cybersecurity/privacy issues. He has extensive experience counseling financial institutions, merchants, technology companies and other entities on various federal and state banking and consumer credit issues, including compliance with the Bank Holding Company Act, National Bank Act, International Banking Act, Consumer Financial Protection Act, Truth-in-Lending Act, the Fair Credit Reporting Act, the Electronic Fund Transfer Act, the Equal Credit Opportunity Act, the Fair Debt Collection Practices Act, the Real Estate Settlement Procedures Act, state unfair or deceptive acts or practices statutes, CFPB's UDAAP authority and the development and implementation of privacy, cybersecurity and information security programs under the Gramm-Leach Bliley Act, the NYDFS cybersecurity regulation and industry standards, such as PCI DSS and NIST.

Read Jeff's full bio.

 

On March 9, 2023, the Securities and Exchange Commission (“SEC”) announced that Blackbaud Inc. (“Blackbaud”) agreed to pay $3 million to settle charges for alleged misleading disclosures about its 2020 ransomware attack and for alleged disclosure control failures.1

Blackbaud, a South Carolina-based company that provides data management software to colleges, universities, and non-profit organizations,

Cybersecurity has become one of the biggest risks facing the financial services industry, and there have been extensive guidance and initiatives from US banking regulators to help ensure the safety of the institutions and the banking system. Some of the more recent regulatory requirements and other developments will have a significant impact on nonbank financial

As cybersecurity and privacy risks mount, financial services companies face new concerns about compliance and enforcement as well as the risk of business interruption and costly litigation. In this Cybersecurity Awareness Month program, our lawyers will discuss the recent regulatory developments from the New York Department of Financial Services (NYDFS) that are presenting real-world challenges

On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once compliance is required on May 1, 2022.

Continue reading.

On February 9, 2022, the US Securities and Exchange Commission (SEC) voted to propose several new rules and amendments to existing rules that would significantly alter the current requirements for investment advisers and funds, with one proposal specifically focused on private funds and the other focused on cybersecurity.

Continue reading.

Our Global Insurance Industry Year in Review is now in its 10th year. In this report, we discuss developments and trends in insurance industry transactions over the past year, with a particular focus on mergers and acquisitions, corporate finance, insurtech, the insurance-linked securities and convergence markets, as well as tax, regulatory and litigation developments.

A

On November 18, 2021, the Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”) and Federal Deposit Insurance Corporation (“FDIC,” collectively with the Federal Reserve and OCC, the “Federal Regulators”) finalized new cyber incident notification requirements for institutions that they regulate and their service providers (the

  • On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.
  • Financial institutions covered by the Final Rule include finders, finance companies, mortgage companies, motor vehicle dealerships, payday lenders and other non-banks involved

On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).1 According to the Affiliate Program Letter, a Covered Entity

2020 and 2021 saw sophisticated, coordinated cyber attacks affect some of the largest companies in the world. In the wake of these attacks, the Biden Administration and federal regulators—as well as businesses within the financial sector—are highly focused on cybersecurity. With a rapidly changing landscape, financial services companies are working hard to prepare for cyber