Risk Management

SEC Adopts Final Rules on Public Company Cybersecurity Disclosures of Incidents and Processes

By Lawrence Cunningham, Edward Best, Rajesh De, Stephen Lilley, Anna T. Pinedo, Laura D. Richman, Justin Herring & Dominique Shelton Leipzig on July 28, 2023

Posted in Breaches & Incident Response, Cybersecurity, United States

On July 26, 2023, the U.S. Securities and Exchange Commission (the “SEC”) issued a release, adopting final rules (the “Final Rules”) aimed at standardizing and enhancing disclosure relating to cybersecurity incidents and risk management processes. The SEC had proposed rules (the “Proposed Rules”) on March 9, 2022. The Final Rules reflect the considerable comments received…

Sound Practices for Operational Resilience Released by US Banking Regulators

By Rajesh De, Jeffrey P. Taft, David A. Simon, Megan Webster, J. Paul Forrester & Matthew Bisanz on November 5, 2020

Posted in Breaches & Incident Response, Cybersecurity, Financial Services

On October 30, 2020, the US federal banking regulators¹ issued guidance on sound practices for the largest US banking organizations to strengthen their operational resilience, including with respect to cyber risk management (the “Guidance”).² Operational resilience is an organization’s ability to prepare for, adapt to, withstand, and recover from disruptions and to continue…

Information Technology Examination Handbook for U.S. Financial Institutions Updated

By Rajesh De, Jeffrey P. Taft, Stephen Lilley & Matthew Bisanz on November 30, 2015

Posted in Cybersecurity, Government Agency Update / Notice, United States

The members of the Federal Financial Institutions Examination Council (“FFIEC”) have released an update to the Management section of the Information Technology Examination Handbook (the “Handbook”).¹ While the Handbook is written for examiners at the U.S. federal banking agencies and for the financial institutions subject to examination, it contains helpful guidance for other entities…