In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury’s (Treasury) Federal Insurance Office (FIO) to jointly assess whether the risk to critical infrastructure and potential financial exposures from catastrophic cyber incidents warrant

The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector.  As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

On August 21, 2019 the Conference of State Bank Supervisors (“CSBS”) launched three new online tools designed to help non-bank financial services companies navigate state regulations and protect against cyber security risks: a State Regulatory Guidance Portal, a State Survey Map of Money Transmission Laws, and Cybersecurity 101: A Resource Guide for Financial Sector Executives.

Ballard Spahr is proud to partner with Venminder, Inc., on this podcast posted today discussing third-party vendor risk management concerns of financial institutions and service providers. Hosted by Venminder’s Chief Risk Officer Branan Cooper, the podcast features Glen Trudel, a partner in Ballard Spahr’s Consumer Financial Services Group with extensive experience in this area.

The

Equifax announced on September 7, 2017 a massive data breach affecting an estimated 143 million consumers.  Richard Cordray, the then Director of the CFPB, shortly thereafter authorized an investigation according to several media reports.  Reuters reported yesterday that the investigation sputtered since then, according to several government and industry sources.  That is not surprising since

We are pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.  It will offer insights into the latest transactional, governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber

Last week, the OCC released its semiannual risk report highlighting credit, operational, and compliance risks to the federal banking system.  The report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource by those financial institutions to address the key concerns

The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television

On December 14, the Financial Stability Oversight Council (FSOC), which was established by the Dodd-Frank Act to analyze and mitigate potential threats to the financial sector, released its first report under the Trump administration (the “Report”).  FSOC is comprised of representatives from each of the federal financial regulators, including the CFPB.  Mick Mulvaney, President Trump’s