Financial services regulatory reform in 2018 is complex and evolving. To assist in navigating this landscape, we have prepared a reference tool that provides context and summarizes current developments across a range of key regulatory areas, agencies and actors.  We will continue to track these issues and provide updated versions
Continue Reading

On Halloween, the New York and Vermont attorneys general obtained a $700,000 settlement from Hilton for, among other violations, late breach notification.  Davis Polk has published a blog post on this increase in cyber regulation enforcement and the effect on breach notification deadlines.  The full blog post is available at
Continue Reading

On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations. Davis Polk has published a blog post on this escalation in breach notification enforcement and what it
Continue Reading

During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  Davis Polk has published a blog post on the reporting structure for CISOs and factors companies should
Continue Reading

The Federal Reserve’s proposed supervisory guidance on corporate governance is a breath of fresh air that should encourage banking boards to focus on their core responsibilities and avoid blurring the distinctions between executive and non-executive duties.  It is also a signal that supervisors intend to move away from the blunt
Continue Reading

In a Risk Perspective released on July 7, 2017, the Office of the Comptroller of the Currency (“OCC”) emphasized the need for institutions to be cyber resilient – i.e., be able to respond to cyber attacks by managing various risks.  Acting Comptroller Keith Noreika noted in a speech on the
Continue Reading

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers
Continue Reading

On June 26, 2017, the full D.C. Circuit Court of Appeals split down the middle over whether the Securities and Exchange Commission’s (the “SEC’s”) appointment of Administrative Law Judges (“ALJs”) is consistent with the Constitution.  As detailed in a prior alert, panels of the Tenth and D.C. Circuit Courts
Continue Reading

This evening, Treasury Secretary Mnuchin published the long-awaited report on proposals to existing banking regulations (press release here), which is the first of what will be several reports, in accordance with President Trump’s February 3 Executive Order on Core Principles for Regulating the U.S. Financial System. The report
Continue Reading