Cybersecurity has become one of the biggest risks facing the financial services industry, and there have been extensive guidance and initiatives from US banking regulators to help ensure the safety of the institutions and the banking system. Some of the more recent regulatory requirements and other developments will have a significant impact on nonbank financial
New York Department of Financial Services (NYDFS)
Webinar: Cyber Spotlight: NYDFS Cybersecurity Regulation – What Do the Proposed Changes and Increasing Enforcement Mean for Covered Entities?
As cybersecurity and privacy risks mount, financial services companies face new concerns about compliance and enforcement as well as the risk of business interruption and costly litigation. In this Cybersecurity Awareness Month program, our lawyers will discuss the recent regulatory developments from the New York Department of Financial Services (NYDFS) that are presenting real-world challenges…
Data Privacy and Cybersecurity Issues in M&A Transactions
Mayer Brown partners Christian Fabian, Stephen Lilley and Lei Shen, located in the United States, focus on data privacy and cybersecurity issues in M&A transactions.
Global Insurance Industry Year in Review 2021
Our Global Insurance Industry Year in Review is now in its 10th year. In this report, we discuss developments and trends in insurance industry transactions over the past year, with a particular focus on mergers and acquisitions, corporate finance, insurtech, the insurance-linked securities and convergence markets, as well as tax, regulatory and litigation developments.
A…
NYDFS Clarifies Application of Cybersecurity Regulation to Covered Entities Adopting an Affiliate’s Cybersecurity Program
On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).1 According to the Affiliate Program Letter, a Covered Entity…
US Federal Trade Commission Proposes Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Regulations
On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule…
2019 Outlook: Cybersecurity and Data Privacy
Cybersecurity and data privacy presented some of the most complex legal questions and business risks that multinational companies faced in 2018. Businesses should expect continued growth in cyber and data privacy challenges in 2019.
Cyber attacks became even more sophisticated and severe in 2018, with incidents ranging from exfiltration and extortion schemes, to attacks on…
5 Considerations for General Counsels Regarding the New York Cybersecurity Regulations
The cybersecurity regulation (“CyberRegs”) adopted by the New York State Department of Financial Services (“NYDFS”) is almost two years old and will be fully in effect by March 2019. The CyberRegs has already had a broad impact on financial institutions that are authorized to engage in business in New York (“Covered Entities”). Furthermore, even for…
Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape
The cybersecurity and data privacy landscape continues to change, creating significant new risks for businesses across economic sectors. New types of litigation are emerging, new regulatory regimes are entering into force, and new laws promise yet further compliance challenges in the future. At the same time, a wide range of threat actors are launching more…
NAIC Adopts Insurance Data Security Model Law
On October 24, 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. The NAIC Model Law builds on existing data privacy and consumer breach notification requirements by requiring insurance licensees to comply with detailed requirements regarding their information security program and responding to and giving notification of cybersecurity events.…