During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  Davis Polk has published a blog post on the reporting structure for CISOs and factors companies should
Continue Reading

The Federal Reserve’s proposed supervisory guidance on corporate governance is a breath of fresh air that should encourage banking boards to focus on their core responsibilities and avoid blurring the distinctions between executive and non-executive duties.  It is also a signal that supervisors intend to move away from the blunt
Continue Reading

In a Risk Perspective released on July 7, 2017, the Office of the Comptroller of the Currency (“OCC”) emphasized the need for institutions to be cyber resilient – i.e., be able to respond to cyber attacks by managing various risks.  Acting Comptroller Keith Noreika noted in a speech on the
Continue Reading

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers
Continue Reading

On June 26, 2017, the full D.C. Circuit Court of Appeals split down the middle over whether the Securities and Exchange Commission’s (the “SEC’s”) appointment of Administrative Law Judges (“ALJs”) is consistent with the Constitution.  As detailed in a prior alert, panels of the Tenth and D.C. Circuit Courts
Continue Reading

This evening, Treasury Secretary Mnuchin published the long-awaited report on proposals to existing banking regulations (press release here), which is the first of what will be several reports, in accordance with President Trump’s February 3 Executive Order on Core Principles for Regulating the U.S. Financial System. The report
Continue Reading

Linked below is the Davis Polk visual memorandum analyzing the Federal Reserve’s final rule on total loss-absorbing capacity (TLAC), eligible long-term debt (LTD) and clean holding company requirements for U.S. global systemically important banking organizations (G-SIBs) and U.S. IHCs of foreign G-SIBs, which is intended to further improve their resiliency
Continue Reading