Cybersecurity

Subscribe to Cybersecurity

This past week, co-defendants in a class action related to the theft of cryptocurrency engaged in their own lawsuit over alleged security failures.  IRA Financial Trust, a retirement account provider offering crypto-assets, sued class action co-defendant Gemini Trust Company, LLC, a crypto-asset exchange owned by the Winklevoss twins, following a breach of IRA customer accounts.  IRA claims that Gemini failed to secure a “master key” to IRA’s accounts, and that hackers were able to exploit this alleged security flaw to steal tens of millions of dollars of cryptocurrency.  This lawsuit demonstrates the growing trend of cryptocurrency thefts resulting from cyber breaches, and ensuing litigation activity.

Continue Reading Litigation Between FinTech Companies Follows Class Action Over Cryptocurrency Theft

On April 29, 2019 the New York State Department of Financial Services (“DFS”) announced that it has created a new division, called the Consumer Protection and Financial Enforcement Division, which combines the previously separate Enforcement Division and Financial Frauds and Consumer Protection Division.

The new division will be “responsible for protecting and educating consumers and

On July 31, 2018, the U.S. Department of the Treasury released a report identifying numerous recommendations intended to promote constructive activities by nonbank financial institutions, embrace financial technology (“fintech”), and encourage innovation.

This is the fourth and final report issued by Treasury pursuant to Executive Order 13772, which established certain Core Principles designed to inform the manner in which the Trump Administration regulates the U.S. financial system.  Among other things, the Core Principles include:  (i) empower Americans to make independent financial decisions and informed choices; (ii) prevent taxpayer-funded bailouts; (iii) foster economic growth and vibrant financial markets through more rigorous regulatory impact analysis; (iv) make regulation efficient, effective, and appropriately tailored; and (v) restore public accountability within federal financial regulatory agencies and rationalize the federal financial regulatory framework.

Treasury’s lengthy report contains over 80 recommendations, which are summarized in an appendix to the report.  The recommendations generally fall into four categories:  (i) adapting regulatory approaches to promote the efficient and responsible aggregation, sharing, and use of consumer financial data and the development of key competitive technologies; (ii) aligning the regulatory environment to combat unnecessary regulatory fragmentation and account for new fintech business models; (iii) updating a range of activity-specific regulations to accommodate technological advances and products and services offered by nonbank firms; and (iv) facilitating experimentation in the financial sector.

Continue Reading Treasury Releases Report on Nonbank Institutions, Fintech, and Innovation

Blockchain is a powerful innovation that is poised to bring substantial positive change to the financial services industry as well as many other industries.  Despite such promise, blockchain, like any emerging financial services technology, must be evaluated from the perspective of cybersecurity risk – both to an individual financial institution and to the broader and

On February 21, 2018, the U.S. Securities and Exchange Commission (the “Commission”) approved a statement and interpretive guidance that provides the Commission’s views on a public company’s disclosure obligations concerning cybersecurity risks and incidents (the “2018 Commission Guidance”). This guidance reinforces and expands upon previous cybersecurity disclosure guidance issued by the Division of Corporation Finance (the “Staff”) in October 2011  (the “2011 Staff Guidance”).  The 2018 Commission Guidance also focuses on two additional issues: (i) maintenance of comprehensive policies and procedures related to cybersecurity, including sufficient disclosure controls and procedures, and (ii) insider trading in the cybersecurity context.

Continue Reading SEC Adopts New Guidance on Public Company Cybersecurity Disclosures and Insider Trading

On September 6, 2017, the Federal Reserve System (“FRS”) published a paper that identifies updated strategies and tactics for improving the U.S. payments system. The paper, entitled Strategies for Improving the U.S. Payment System: Federal Reserve Next Steps in the Payments Improvement Journey, refines the strategies set forth in a previous FRS paper, Strategies for Improving the U.S. Payment System, published in January 2015, and outlines nine tactics the FRS intends to pursue to advance progress on payment system improvements. The tactics fall into three broad categories: FRS service enhancements, FRS research, and industry collaboration efforts.

The new FRS paper retains without substantive change three of the five strategies outlined in the 2015 paper: speed, security, and collaboration. The fourth strategy outlined in the 2015 paper focused on achieving greater end-to-end efficiency for domestic and cross-border payments. The new paper divides this prior strategy into separate domestic and international components as follows: (1) efficiency—achieving greater end-to-end efficiency for domestic payments; and (2) international—working to enhance the timeliness, cost effectiveness, and convenience of cross-border payments. The tempered expectations for improving cross-border payments reflects concerns about compliance with anti-money laundering, terrorist financing, and economic sanctions requirements. The FRS also decided against enhancing the Fedwire Funds Service to make it easier for participating institutions to send cross-border payments.

The fifth strategy outlined in the 2015 paper—enhancing FRS payments, settlement and risk management services—has been eliminated. Instead, the FRS recharacterizes as tactics two types of potential enhancements to FRS services. First, the FRS will pursue enhancements to FRS settlement services to support real-time retail payments, such as assessing the demand for weekend hours. Second, the FRS will explore and assess the need, if any, for the FRS to engage as a service provider in areas beyond providing settlement services in a faster payments ecosystem. The American Banker reported that, while industry stakeholders generally support enhancements to the FRS’s settlement services, an expanded FRS role as a service provider is more controversial with support from small banks and credit unions and resistance from larger institutions.

Continue Reading Federal Reserve Updates Strategies and Tactics for Promoting Payment System Improvements

On March 24, 2017, Treasury Secretary Steven Mnuchin gave a speech in which he identified cybersecurity as his primary concern regarding the financial sector.  Secretary Mnuchin said in his remarks that ensuring a “safe and sound financial sector” requires cooperation and investment among the various financial regulators.  The Secretary emphasized that he wants regulatory agencies

On October 25, 2016, the Financial Crimes Enforcement Network (FinCEN) issued an Advisory to financial institutions to (i) clarify reporting requirements under the Bank Secrecy Act (BSA) for filing Suspicious Activity Reports (SARs) on cyber-attacks and cyber-enabled crimes, (ii) note what information financial institutions should include in such reports, and (iii) encourage financial institutions to share information on cyber-attacks within the institution itself, with other banks, and with FinCEN and other regulators as appropriate.  The Advisory states that it is not designed to change current law.

Continue Reading FinCEN Issues Advisory on Suspicious Activity Reporting Requirements for Cyber-attacks Under the Bank Secrecy Act

On October 19, 2016, the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to certain large, interconnected financial entities as well as