Financial services regulatory reform in 2018 is complex and evolving. To assist in navigating this landscape, we have prepared a reference tool that provides context and summarizes current developments across a range of key regulatory areas, agencies and actors.  We will continue to track these issues and provide updated versions … Read More

Notwithstanding the venerable status of the attorney-client privilege and the important purposes it serves, the federal banking regulators and the Consumer Financial Protection Bureau have taken the position that they have the legal authority to override the privilege and compel supervised institutions to produce information protected by the privilege.  Seven … Read More

Financial services regulatory reform in 2018 is complex and evolving. To assist in navigating this landscape, we have prepared a reference tool that provides context and summarizes current developments across a range of key regulatory areas, agencies and actors.  We will continue to track these issues and provide updated versions … Read More

On Halloween, the New York and Vermont attorneys general obtained a $700,000 settlement from Hilton for, among other violations, late breach notification.  Davis Polk has published a blog post on this increase in cyber regulation enforcement and the effect on breach notification deadlines.  The full blog post is available at … Read More

On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations. Davis Polk has published a blog post on this escalation in breach notification enforcement and what it … Read More

During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  Davis Polk has published a blog post on the reporting structure for CISOs and factors companies should … Read More

The Federal Reserve’s proposed supervisory guidance on corporate governance is a breath of fresh air that should encourage banking boards to focus on their core responsibilities and avoid blurring the distinctions between executive and non-executive duties.  It is also a signal that supervisors intend to move away from the blunt … Read More

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers … Read More