Consumer Financial Services Law Blog
Dykema Gossett PLLC
Dykema Gossett PLLC

Consumer Financial Services Law Blog

Consumer Financial Services Law Blog

News and analysis regarding Consumer Financial Services litigation and regulation, and activities of the Consumer Financial Protection Bureau


Get updates by email

RSS Subscribe to this blog's feed
Twitter Follow us on Twitter

Contributors

Showing 3 posts in Cybersecurity.

FinCEN Publishes New Advisory on Cyber-Events and Cyber-Enabled Crimes

The Financial Crimes Enforcement Network (“FinCEN”) recently published an Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime. The Advisory does not change or create any new regulatory obligations, but it does clarify how existing Bank Secrecy Act (“BSA”) regulations for reporting cyber-events and cyber-enabled crimes apply to financial institutions. Specifically, the Advisory provides additional guidance for reporting cyber-enabled crime and cyber-enabled events through Suspicious Activity Reports (“SARs”), including cyber-related information in SARs; collaborating between BSA units and in-house cybersecurity units to identify suspicious activity; and sharing cyber-related information among financial institutions to prevent and report money laundering, terrorism financing, and cyber-enabled crimes. Read More ›

SEC’s Focus on Enforcing Data Security Safeguards Continues: Lessons Learned from Its $1M Fine of Morgan Stanley

The SEC’s recent settlement with Morgan Stanley highlights the agency’s continued focus on enforcing cybersecurity measures. On June 8, 2016, Morgan Stanley agreed to pay a $1 million penalty to settle charges relating to its alleged failure to adopt written policies and procedures reasonably designed to protect customer records and information, a violation of the “Safeguards Rule.”  Read More ›

QUICK REVIEW—Watching the Watchers: FTC Orders Investigation Into Third Party PCI DSS Qualified Independent Assessors

The FTC’s focus on data security appears to be expanding, with the agency now investigating the processes by which private industry measures data security compliance. On March 7, 2016, the FTC ordered nine different companies who are “Qualified Independent Assessors” to provide detailed information about how they assess their clients’ compliance with the Payment Card Industry Data Security Standards (“PCI DSS”). The nine companies receiving orders range from large accounting firms such as PricewaterhouseCoopers, LLP, to security-focused companies such as Foresite MSP, LLC. They must respond to the Commission within 45 days (absent any extensions that the Commission might grant). The FTC did not state that the orders were issued in connection with any apparent breach or other specific problem, and the agency’s ultimate goal for this inquiry remains to be seen. Read More ›