financial institutions

The Federal Trade Commission updated its “Standards for Safeguarding Customer Information” (“Safeguards Rule”) and extended the compliance deadline to June 9, 2023. Some entities still may be wondering – “Do these regulations apply to my business?” and “What do I have to do?”

Back in 2021, we provided a high-level summary of the Safeguards Rule

On October 27, 2021 the FTC issued a final rule (the “Final Rule”) amending 16 CFR Part 134, Standards for Safeguarding Customer Information (“Safeguards Rule”), after a period of notice and comment. While the existing Safeguards Rule imposes a general obligation on financial institutions to maintain an information security program, the Final Rule outlines these

Last week, the New York State Department of Financial Services (“DFS”) issued a press release to remind covered entities of an upcoming deadline under the DFS cybersecurity regulations.  The next deadline under the regulations is February 15, 2018 – by that date, any covered entities (hopefully, you know who you are) must submit a

The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they:

  1. Designate a Chief Information Security Officer (“CISO”)
  2. Establish a Cybersecurity Program
  3. Develop a Written Cybersecurity Policy.

We have prepared an

As you know if you regularly read this blog, the New York State DFS finally finalized its “first-in-the-nation” cybersecurity rules with an effective date of March 1, 2017. And their reach is quite large: DFS-supervised entities from insurers and banks to mortgage brokers and credit unions (and their third-party service providers) will have to begin

The Federal Financial Institutions Examination Counsel (FFIEC) recently issued supervisory guidance entitled “Social media:  Consumer Compliance Risk Management Guidance.”  Financial institutions are expected to use the Guidance in their efforts to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their involvement in social media.

The Guidance was