Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC, OCC, NCUA identify essential critical infrastructure workers during Covid-19

    Federal Issues

    On March 26, the FDIC issued FIL-25-2020 stating that the financial services sector is a “critical infrastructure” during the Covid-19 pandemic pursuant to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (CISA) March 19 guidance. The guidance is intended to help state, local, and industry partners identify critical infrastructure sectors and essential workers in order to ensure continuity of critical functions. The FIL advises company leadership to provide workers with documentation identifying them as critical infrastructure workers who need “to travel inside restricted areas in order to support critical infrastructure.”

    On March 25, the OCC issued similar guidance pursuant to CISA’s guidance. Bulletin 2020-23 encourages essential critical infrastructure workers to maintain normal work schedules during the Covid-19 pandemic, and offers guidance for banks concerning workers who may need to move within and between restricted areas. Essential critical infrastructure workers include those who are needed to: (i) “process and maintain systems for processing financial transactions and services (e.g., payment, clearing and settlement; wholesale funding; insurance services; and capital markets activities)”; (ii) “provide consumer access to banking and lending services,” such as ATMs and armored cash carriers; and (iii) support financial institutions (e.g., staffing data and security operations centers). The workers also include key third party providers who deliver core services. The OCC advises banks to, among other things, update business continuity plans and provide documentation to workers detailing work-related travel.

    The NCUA also sent a letter to member boards of directors, chief executive officers, chief information officers, and chief information security officers identifying essential critical infrastructure workers pursuant to CISA’s guidance. Updates to Covid-19 NCUA resources are available here.

    Federal Issues Agency Rule-Making & Guidance FDIC OCC NCUA Covid-19 Department of Homeland Security

    Share page with AddThis
  • Departments of Treasury, State, and Homeland Security issue joint advisory warning businesses of North Korean sanctions evasion tactics

    Financial Crimes

    On July 23, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in conjunction with the Department of State and the Department of Homeland Security, issued an advisory to warn businesses—including manufacturers, buyers, and service providers—of the potential risks that may result from sanctions evasion tactics used by North Korea across supply chains. The advisory also provides assistance for businesses complying with Title III of the Countering America’s Adversaries Through Sanctions Act of 2017 with respect to North Korean sanctions. According to the advisory, the U.S. government “is focusing its disruption efforts on North Korean citizens or nationals whose labor generates revenue for the North Korean government.” Specifically, the advisory warns businesses to examine their entire supply chains and adopt appropriate, well-documented due diligence best practices, which “may be considered mitigating factors when the U.S. government determines the appropriate enforcement response.” The advisory also outlines penalties for violations of sanctions and enforcement actions.

    See here for previous InfoBytes coverage on North Korea sanctions.

    Financial Crimes Department of Treasury Department of State Department of Homeland Security Sanctions CAATSA North Korea OFAC

    Share page with AddThis
  • White House Releases Proclamation Announcing National Cybersecurity Awareness Month

    Privacy, Cyber Risk & Data Security

    On September 30, President Trump issued a Proclamation announcing October 2017 as National Cybersecurity Awareness Month. As part of the initiative, the Department of Homeland Security (DHS) issued tools and resources for both consumers and organizations to manage cybersecurity risk. As previously covered in InfoBytes, the President issued an Executive Order earlier this year entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” that requires agencies to submit risk management reports to DHS and develop recommendations for cybersecurity improvements affecting all critical infrastructure, including the financial services industry.

    Privacy/Cyber Risk & Data Security Federal Issues Risk Management Trump Department of Homeland Security Executive Order

    Share page with AddThis