The Digital Operational Resilience Act (DORA) regulation is part of the European Union’s (EU) strategy to enhance the overall stability of the EU financial system by ensuring that financial entities are resilient to digital...more
7/19/2024
/ Banking Sector ,
Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Digital Platforms ,
EU ,
European Banking Authority (EBA) ,
European Securities and Markets Authority (ESMA) ,
European Stability Mechanism ,
European Supervisory Authorities (ESAs) ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
SaaS ,
Technology
On June 28, the Supreme Court issued a landmark decision on Chevron deference through its rulings on Loper Bright Enterprises v. Raimondo and Relentless, Inc. v. Department of Commerce. These decisions reversed the...more
7/17/2024
/ Administrative Procedure Act ,
Artificial Intelligence ,
Chevron Deference ,
Chevron v NRDC ,
Compliance ,
Government Agencies ,
Loper Bright Enterprises v Raimondo ,
Public Policy ,
Regulatory Authority ,
Relentless Inc v US Department of Commerce ,
Rulemaking Process ,
SCOTUS ,
Statutory Interpretation
On June 28, 2024, the Supreme Court issued its long-awaited decisions in Loper Bright Enterprises v. Raimondo and Relentless v. Department of Commerce. The opinions overturned the long-standing "Chevron doctrine," under which...more
7/9/2024
/ Chevron Deference ,
Chevron v NRDC ,
Congressional Intent ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
SCOTUS ,
Statutory Authority ,
Statutory Interpretation
In a monumental opinion issued today, the U.S. Supreme Court in Loper Bright Enterprises v. Raimondo overruled Chevron U.S.A. Inc. v. Natural Resources Defense Council, Inc., holding (6-3) that deference to an agency's...more
7/1/2024
/ Administrative Procedure Act ,
Chevron Deference ,
Chevron v NRDC ,
Constitutional Challenges ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
National Marine Fisheries Service ,
Regulatory Authority ,
Relentless Inc v US Department of Commerce ,
SCOTUS ,
Stare Decisis ,
Statutory Interpretation ,
Unconstitutional Condition
A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government.
On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more
4/8/2024
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Exemptions ,
NPRM ,
Proposed Rules ,
Ransomware ,
Reporting Requirements ,
SBA
On February 28, 2024, the Biden Administration issued Executive Order (EO) 13873, focused on restricting certain transactions involving Americans' personal data, as well as sensitive government data, to specific countries....more
3/5/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Biden Administration ,
Compliance ,
Consumer Financial Protection Bureau (CFPB) ,
Covered Person ,
Covered Transactions ,
Data Transfers ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Due Diligence ,
Enforcement ,
Executive Orders ,
Exemptions ,
Government Agencies ,
International Data Transfers ,
Know Your Customers ,
Penalties ,
Recordkeeping Requirements ,
Rulemaking Process ,
Security and Privacy Controls ,
Sensitive Personal Information
The European Union (EU) is poised to enact the Cyber Resilience Act (CRA), a comprehensive cybersecurity regulation with major implications for software and connected device manufacturers in the United States and globally....more
1/23/2024
/ Compliance ,
Cyber Incident Reporting ,
Cybersecurity ,
Effective Date ,
Electronic Devices ,
EU ,
Manufacturers ,
Popular ,
Proposed Regulation ,
Regulatory Oversight ,
Smart Devices ,
Software ,
Software Developers
Non-bank financial institutions will have a new data breach disclosure requirement effective May 13, 2024. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule (“Safeguards Rule”), adding...more
On July 26, 2023, the Securities Exchange Commission (SEC) adopted a final rule intended to augment and standardize disclosures regarding cybersecurity risk management, governance, and incident reporting. The new rule imposes...more
9/5/2023
/ Compliance ,
Compliance Dates ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Disclosure Requirements ,
EDGAR ,
Final Rules ,
Foreign Private Issuers ,
Form 10-K ,
Form 20-F ,
Form 8-K ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Smaller Reporting Companies
The financial services sector must already contend with a maze of regulations in a variety of areas, and 2023 is poised to usher in new cybersecurity regulations for the industry. Organizations should ensure their security...more
2/17/2023
/ Banking Sector ,
California Privacy Rights Act (CPRA) ,
CFTC ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FDIC ,
Federal Reserve ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
NCUA ,
NYDFS ,
OCC ,
Popular ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC)
Cybersecurity is a growing concern for all nonprofit organizations, especially those that store, process, and transmit sensitive data. While it is common to think of the cyber issue as relevant to digital communications and...more