On November 26, 2024, the United States Court of Appeals for the Fifth Circuit issued a landmark decision holding that the Treasury Department’s Office of Foreign Assets Control (“OFAC”) exceeded its statutory authority by...more
The outcome of the US presidential election this month, coupled with the prospect of a crypto-friendly president and Congress, have unleashed a torrent of enthusiasm that has been building throughout the crypto sector this...more
Financial institutions and securities market participants continue to face escalating cyber threats – in frequency, volume, and severity. The many reasons for the escalating risk include: Financial services companies are...more
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) finalized a rulemaking on Personal Financial Data Rights (the “Final Rule”). The Final Rule is intended to accelerate a shift towards open banking in the...more
11/6/2024
/ Banks ,
Consumer Data Requests ,
Consumer Financial Protection Bureau (CFPB) ,
Data Management ,
Dodd-Frank ,
Final Rules ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Open Banking ,
Popular
As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more
11/4/2024
/ Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Disclosure Requirements ,
Government Agencies ,
Incident Response Plans ,
National Security ,
Regulatory Agenda ,
Regulatory Oversight ,
Reporting Requirements ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC)
BACKGROUND -
On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letter, Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks,...more
10/28/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Framework ,
Financial Services Industry ,
NYDFS ,
Regulatory Oversight ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
The Cyber and Analytics Unit within the Member Supervision program of the Financial Industry Regulatory Authority, Inc. (“FINRA”) recently published a cybersecurity advisory regarding increasing cybersecurity risks at...more
Mayer Brown Partners Ana Bruder, Justin Herring, and Oliver Yaros focus on cybersecurity risks and regulations in the EU and UK. They explore third-party risks, ransomware incidents, and the impact of AI, while examining how...more
As applications and use cases for digital assets and their blockchain infrastructure grow and become more sophisticated, investments and valuations for businesses in these areas have grown as well. The growing number of...more
5/23/2024
/ Blockchain ,
Corporate Sales Transactions ,
Cryptocurrency ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Security ,
Digital Assets ,
Information Technology ,
Intellectual Property Protection ,
Investment ,
Risk Management
On May 15, 2024, the U.S. Securities and Exchange Commission (“SEC”) adopted amendments (the “Amendments”) to Regulation S-P under the Securities Exchange Act of 1934 (the “Exchange Act”), which governs the treatment of...more
Join us on the latest episode of Financial Services Focus as Justin Herring, Jeff Taft and Ana Bruder discuss key cyber threats facing the financial services industry, including third-party risks, sophisticated ransomware,...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Data Breach ,
Data Preservation ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
NPRM ,
Proposed Rules ,
Ransomware ,
Regulatory Agenda
On January 29, 2024, the US Department of Commerce’s Bureau of Industry and Security (the “Department”) issued a notice of proposed rulemaking seeking comment on a proposed regulation in response to the Executive Order (E.O.)...more
2/15/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
Cloud Computing ,
Comment Period ,
Customer Identification Program (CIP) ,
Cybersecurity ,
Executive Orders ,
Financial Institutions ,
IaaS ,
Machine Learning ,
National Security ,
NPRM ,
Proposed Regulation ,
U.S. Commerce Department
On January 17, 2024, the New York State Department of Financial Services (“NYSDFS”) released a proposed circular letter addressing the use of external consumer data and information sources (“ECDIS”) and artificial...more
1/26/2024
/ Artificial Intelligence ,
Comment Period ,
Consumer Information ,
Data Management ,
Discrimination ,
Disparate Impact ,
Fairness Standard ,
Information Governance ,
Information Management ,
Information Technology ,
Insurance Regulations ,
Machine Learning ,
NYDFS ,
Popular ,
Proposed Regulation ,
Regulatory Agenda ,
Risk Management ,
Underwriting
On December 21, 2023, the New York Department of Financial Services (“NYDFS”) finalized guidance on how the banks and mortgage institutions it regulates (“New York Institutions”) should manage climate-related financial and...more
1/4/2024
/ Climate Action Plan ,
Climate Change ,
Consumer Financial Products ,
Corporate Governance ,
Environmental Social & Governance (ESG) ,
Financial Institutions ,
Financial Services Industry ,
Internal Controls ,
Mortgages ,
NYDFS ,
Risk Management
While the blockchain universe continues to expand, the direction and pace of its development will continue to be influenced by a number of variables – including financial markets, regulatory environments and politics. While...more
On December 12, 2023, the Department of Justice (DOJ) issued guidelines for companies to follow in requesting that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and...more
12/13/2023
/ Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Form 8-K ,
New Guidance ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Engaging third-party providers for technology transactions involves a certain level of cybersecurity risk. In fact, most companies have been through a third-party incident. In this episode, partners Justin Herring and Adam...more