Hong Kong Monetary Authority Introduces Initiatives to Promote Fintech Developments

On Sept. 6, the Hong Kong Monetary Authority (the HKMA) announced two initiatives targeted at raising Hong Kong’s profile as a fintech hub: the setting up of the Fintech Innovation Hub (the Hub) and the Fintech Supervisory Sandbox (the Sandbox).

Read More

SHARE
EmailPrintShare

CFTC Issues Final Cybersecurity Rules on System Safeguards Testing Requirements

On September 8th, the Commodity Futures Trading Commission (“CFTC”) approved amendments (“Final Rules”) to its ”system safeguards rules.” The system safeguards rules obligate designated contract markets, swap execution facilities, and swap data repositories (for convenience, collectively referred to as “Exchanges”) as well as derivatives clearing organizations (“Clearinghouses”) to have in place cybersecurity programs of risk analysis and oversight. As part of such a program, Exchanges and Clearinghouses (collectively, “Covered Entities”) must conduct testing and review sufficient to ensure their automated systems are reasonably reliable and secure, and have adequate scalable capacity.

Read More

SHARE
EmailPrintShare

Toward a National FinTech Charter: Comptroller Proposes Receivership Rule for Uninsured Banks

On Tuesday, Sept. 13, the Office of the Comptroller of the Currency (OCC) published a notice of proposed rulemaking and request for public comment (the Proposed Rule) introducing a regulatory regime to govern the receivership of national banks that are not insured (uninsured banks) by the Federal Deposit Insurance Corporation (FDIC). See OCC, Receiverships for Uninsured National Banks, 81 Fed. Reg. 62,835, 62,835 (Sept. 13, 2016) (the Proposed Rule). While the Proposed Rule would apply to the existing pool of 52 uninsured national trust banks, its broader impact would be to establish a receivership regime that would support the creation of new forms of limited purpose, uninsured banks for the financial technology (FinTech) industry. The Proposed Rule would not apply to uninsured federal branches and agencies of foreign banks under the International Banking Act of 1978. Proposed Rule at 62,838.

Read More

SHARE
EmailPrintShare

New York State Department of Financial Services Proposes Regulations Imposing Detailed Cybersecurity Rules on Insurance, Banking and Other Licensed Financial Institutions

On September 13, 2016, the New York State Department of Financial Services (“NYDFS”) proposed regulations outlining minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Proposed Regulations”). The NYDFS regulates entities and products that are subject to New York insurance, banking and financial services laws. Because the scope of the Proposed Regulations includes any entity “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law,” the Proposed Regulations will cover a broad range of entities in the banking, insurance and financial services industries, including insurance producers and premium finance companies.

Read More

SHARE
EmailPrintShare

FTC Expounds on NIST Cybersecurity Framework; Invites Comment on GLBA Safeguards Rule

On August 31, 2016, the Federal Trade Commission published “The NIST Cybersecurity Framework and the FTC” on its blog. The post describes how, in many ways, the FTC’s enforcement actions are “aligned” with the NIST Cybersecurity Framework and that many of the Commission’s enforcement actions can be analyzed under the Framework’s five core principles. The post also makes plain, however, that a company’s compliance with the Framework is not necessarily required, nor is adoption of the Framework clearly sufficient to satisfy the Commission’s requirement that companies establish “reasonable” cybersecurity practices.

Read More

SHARE
EmailPrintShare

Evaluating the Dwindling Privacy Shield Grace Period

Now that we are into September, you may be hearing more about the Privacy Shield for transfers of personal data from the EU to the U.S., and in particular the 9 month “grace period” to fully implement the Privacy Shield for companies that certify within the first two months that the Privacy Shield is available for certification.   The Department of Commerce began accepting certifications on August 1, 2016, and so the opportunity to take advantage of the grace period closes on September 30, 2016.  This grace period does not, however, absolve companies of the responsibility to implement Privacy Shield principles and substantive obligations upon certification.  Rather, it permits companies nine months from the date they certify to the Privacy Shield to negotiate amendments to their third party contracts with all vendors or other business partners that receive personal data from the certifying company.

Read More

SHARE
EmailPrintShare
1 2 3 32
SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator