Sidley Welcomes Former-CFPB Enforcement Director Tom Ward
Sidley is pleased to announce that Thomas Ward, who previously served as Enforcement Director at the Consumer Financial Protection Bureau (CFPB), has joined the firm as a partner in the Banking and Financial Services Group in Washington, D.C. As the CFPB’s chief law enforcement officer, Tom was responsible for enforcing … Read More
DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats
There just may be a new cybersecurity regulator in town.
In an effort it describes as “an important step” toward safeguarding more than $9.3 trillion in retirement assets, the U.S. Department of Labor (DOL) published its first cybersecurity guidance last week (Cybersecurity Guidance). The Cybersecurity Guidance is directed … Read More
East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act
For over two and a half years, California has enjoyed the spotlight of having the most comprehensive data privacy law in the United States. On March 2, 2021, Virginia forced California to share the honors, when Democratic Gov. Ralph Northam signed into law the Virginia Consumer Data Protection Act (VCDPA).… Read More
UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services
On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3, “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). This follows the FCA’s announcement in its 2020-21 business plan that … Read More
FINRA Issues 2021 Report on its Examination and Risk Monitoring Program
Released on February 1, the Financial Industry Regulatory Authority (FINRA) 2021 Report on its Examination and Risk Monitoring Program (Report) provides a roadmap for member firms to use to prepare for examinations and to review and assess compliance and supervisory procedures related to business practices, compliance, and operations. The Report … Read More
NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?
Most cybersecurity professionals are aware of the New York Department of Financial Service’s requirement imposed on DFS-licensed entities to certify their cybersecurity program’s compliance on an annual basis (by April 15th of each year), but less well known is that numerous other states impose similar requirements on regulated insurance entities … Read More
U.S. Office of the Comptroller of the Currency Finalizes Fair Access Requirements
On January 14, 2021, the U.S. Office of the Comptroller of the Currency (OCC) issued its controversial final rule (Rule)1 to establish a new requirement for covered banks to provide “fair access” to financial services to both natural persons and legal entities.2 The preamble to the Rule explains … Read More
UK FCA Expectations on Call Recording in a Remote Working Environment — Market Watch 66
On 11 January 2021, the UK Financial Conduct Authority (FCA) published the 66th edition of its Market Watch newsletter. The newsletter sets out the FCA’s expectations for firms on recording telephone conversations and electronic communications when alternative working arrangements are in place, including increased homeworking in light of the … Read More
FinCEN Proposes Tracking and Reporting Virtual Currency Transactions Involving Unhosted Wallets
On December 18, 2020, the Financial Crimes Enforcement Network (FinCEN) issued a notice of proposed rulemaking (NPR) regarding a proposal to impose on banks1 and money service businesses (MSBs) new recordkeeping, reporting, and identity verification requirements in relation to certain transactions involving convertible virtual currency (CVC) or digital assets … Read More
Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers
On December 15, 2020, the U.S. Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR).1 The NPR is a joint proposal by the Office … Read More