On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published updated proposed amendments to its cybersecurity regulation (the “2023 Proposal”) applicable to “covered entities.”1 Covered entities are any person operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation or similar authorization under the New York Banking
Matthew Bisanz
Filing Instructions Released for New US Bank Incident Reporting Requirement
On March 29, 2022, the US federal banking regulators released instructions on how financial institutions should comply with recently adopted computer-security incident notification requirements.1 These instructions will assist financial institutions in satisfying their obligations under the new requirements once compliance is required on May 1, 2022.
SEC Proposals Would Significantly Impact Private Fund Advisers and Impose New Cybersecurity Requirements on Registered Advisers and Funds, including BDCs
On February 9, 2022, the US Securities and Exchange Commission (SEC) voted to propose several new rules and amendments to existing rules that would significantly alter the current requirements for investment advisers and funds, with one proposal specifically focused on private funds and the other focused on cybersecurity.
Global Insurance Industry Year in Review 2021
Our Global Insurance Industry Year in Review is now in its 10th year. In this report, we discuss developments and trends in insurance industry transactions over the past year, with a particular focus on mergers and acquisitions, corporate finance, insurtech, the insurance-linked securities and convergence markets, as well as tax, regulatory and litigation developments.
A…
Breach Notification Requirement Finalized by US Banking Regulators
On November 18, 2021, the Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”) and Federal Deposit Insurance Corporation (“FDIC,” collectively with the Federal Reserve and OCC, the “Federal Regulators”) finalized new cyber incident notification requirements for institutions that they regulate and their service providers (the…
US Federal Trade Commission Adopts Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Safeguards Rule
- On October 27, 2021, the Federal Trade Commission issued a final rule (“Final Rule”) implementing most of the revisions it proposed in 2019, with some important modifications, to its Gramm-Leach-Bliley Act safeguards rule.
- Financial institutions covered by the Final Rule include finders, finance companies, mortgage companies, motor vehicle dealerships, payday lenders and other non-banks involved
…
NYDFS Clarifies Application of Cybersecurity Regulation to Covered Entities Adopting an Affiliate’s Cybersecurity Program
On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).1 According to the Affiliate Program Letter, a Covered Entity…
New Incident Notification Requirements Proposed by Federal Regulators for US Financial Institutions and Their Service Providers
In December 2020, the Board of Governors of the Federal Reserve System (“Federal Reserve”), Office of the Comptroller of the Currency (“OCC”), and Federal Deposit Insurance Corporation (“FDIC,” collectively with the Federal Reserve and OCC, the “Federal Regulators”) proposed new cyber incident notification requirements for institutions that they regulate and their service providers (the “Proposal”).…
Sound Practices for Operational Resilience Released by US Banking Regulators
On October 30, 2020, the US federal banking regulators1 issued guidance on sound practices for the largest US banking organizations to strengthen their operational resilience, including with respect to cyber risk management (the “Guidance”).2 Operational resilience is an organization’s ability to prepare for, adapt to, withstand, and recover from disruptions and to continue…
OFAC and FinCEN Communicate Ransomware Expectations in New Guidance
On October 1, 2020, the US Treasury Department issued important guidance on what victims of ransomware attacks, as well as financial institutions (particularly money services businesses (“MSBs”) and other companies that facilitate such payments), should consider when confronted with potential ransomware demands. First, the Office of Foreign Assets Control (“OFAC”) issued an advisory that emphasizes…