Category

Financial Privacy

13 December 2018

Monetary Authority of Singapore Consults on Cyber Hygiene Notice

*This article was originally published by DataGuidance in October 2018.

On 6 September 2018, the Monetary Authority of Singapore (‘MAS’) issued a consultation paper on its draft notice on cyber hygiene (‘the Notice’) which will require financial institutions operating in Singapore to implement a set of fundamental controls to raise their overall level of cyber resilience. Han Ming Ho and Yuet Ming Tham, partners at Sidley, discuss and focus on the key features of the draft Notice.

Read More

EmailShare
06 November 2018

SFC Announces New Policy to Regulate Digital Assets

On November 1, 2018, following a rising tide of speculation, the Hong Kong regulator Securities and Futures Commission (SFC) announced a series of initiatives to regulate digital assets for the first time (and, apparently, without the need for any kind of legislative approval or backing). The initiatives, discussed below, take effect immediately. For purposes of the new regime, the SFC refers to “virtual assets” broadly defined to include initial coin offerings (ICOs), digital tokens (such as digital currencies, utility tokens or security or asset-backed tokens) and any other virtual commodities, cryptoassets and other assets of essentially the same nature (together “digital assets” herein as commonly understood in the industry). (more…)

EmailShare
25 October 2018

SEC Cautions Public Companies to Address Cyber Threats as Part of Internal Accounting Controls

On October 16, 2018, the U.S. Securities and Exchange Commission (SEC) took the unusual step of issuing a Report of Investigation cautioning public companies that they should consider cyber threats and related human vulnerabilities when designing and implementing their internal accounting controls. The report is an outgrowth of an investigation conducted by the SEC’s Enforcement Division into whether certain public companies that were victims of cyber fraud complied with the federal securities laws requiring public companies to implement and maintain internal accounting controls. The controls provided by these provisions must be sufficient to provide reasonable assurances that transactions occur (e.g., purchasing equipment), and access to assets is permitted (e.g., checking accounts, warehouses), only in accordance with management’s authorization.

(more…)

EmailShare
23 October 2018

EU Parliament Adopts Blockchain Resolution

On October 3, 2018, the European Parliament passed its long awaited resolution on distributed ledger technologies and blockchains (the “Blockchain Resolution”). The Blockchain Resolution was adopted to protect and empower EU citizens and businesses with respect to the specific issues that arise in relation to the blockchain or “distributed ledger” technology, one of which being the tension with data protection rights and the GDPR in general. (more…)

EmailShare
06 September 2018

European Data Protection Board Clarifies Application of GDPR to Payment Service Providers

On July 5, 2018, the European Data Protection Board (EDPB)1 replied to a request from a Member of the European Parliament (MEP), Dutch Democrat Sophie in ‘t Veld, for clarification on a number of issues relating to the protection of personal data under the EU General Data Protection Regulation (2016/679) (GDPR) and the revised EU Payment Services Directive (2015/2366) (PSD2). In its response, the EDPB set out its position on how the requirement to obtain explicit consent from payment service users under PSD2 interacts with the GDPR. The EDPB also provided guidance on the use of personal data relating to a payee by an account information service provider or a payment initiation service provider acting for a payer.

This post summarizes the EDPB’s stated positions on these points and explores the implications for firms providing payment services in the European Economic Area (EEA).

(more…)

EmailShare
27 August 2018

NYDFS Cybersecurity Regulation: Additional Cybersecurity Program Safeguards Due September 4, 2018

Companies subject to New York’s Cybersecurity Regulation are acting quickly to finalize their compliance obligations as the fifth “due date,” September 4, 2018, quickly approaches.

By September 4, 2018, Covered Entities must ensure that their cybersecurity programs have in place certain additional safeguards:

  • an audit trail that shows detection of and response to material cybersecurity events;
  • written security procedures, guidelines, and standards for the development of in-house applications and for the evaluation and testing of externally developed applications;
  • data retention policies and procedures for the disposal on a periodic basis of nonpublic information no longer necessary for business operations;
  • risk-based policies, procedures, and controls to monitor the activity of authorized users and detect unauthorized access; and security controls, such as encryption, to protect non-public business relations and personal information.

Notably, for this upcoming deadline, Covered Entities that have received a limited exemption must still comply with the regulatory provision regarding data retention policies and procedures for the periodic disposal of nonpublic information. (more…)

EmailShare
22 August 2018

Fintech Without Borders: Regulators Consult on Global Financial Innovation Network

On August 7, a group of regulators from 11 jurisdictions published a consultation (the Consultation) on the Global Financial Innovation Network (the GFIN), which aims to promote international cooperation on innovation and the use of technology in financial services (FinTech) and in regulatory processes (RegTech).

The group — which includes the U.S. Consumer Financial Protection Bureau, the UK Financial Conduct Authority (the FCA), the Hong Kong Monetary Authority (HKMA) and the Monetary Authority of Singapore (MAS) — is one of the first major collaborative efforts on FinTech and RegTech issues among regulators in developed financial services markets. The Consultation builds on the FCA’s proposal earlier this year to create a “global sandbox” for innovative financial services firms.

This post summarizes the proposed role of the GFIN, the issues on which its founding regulators are consulting and how these may affect financial services firms.

(more…)

EmailShare
16 August 2018

Coalition Groups Weigh In on CCPA Clean Up Legislation

On June 29, the day after California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law, Data Matters provided a summary of the important new legislation.  In doing so, we noted that the law was scheduled to go into effect on January 1, 2020 and that, if and when it did, it would be the “broadest privacy law in the United States” and “may well have an outsize influence on privacy laws nationwide.”  Because of this, we further predicted that “[t]he coming months will no doubt stimulate considerable legislative and litigation activity to test the acceptability of [the CCPA’s] effects on interstate commerce, free speech, commercial innovation, reasonable regulatory burdens and meaningful privacy protection.” (more…)

EmailShare
30 July 2018

South Carolina Becomes the First State to Enact the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law.  According to NAIC’s news release announcing this development, the Model Law was meant to build on the organization’s cybersecurity progress and create a “platform that enhances our mission of protecting consumers.”  (For more information on the development of the Model Law, see our prior coverage.)  (more…)

EmailShare
1 2 3 6
XSLT Plugin by BMI Calculator