InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NY DFS Advises Banks On New Cybersecurity Examination Process
On December 10, NY DFS Superintendent Benjamin Lawsky issued a bulletin to all New York state-chartered or licensed banking institutions regarding an updated IT examination process. Effective immediately, cybersecurity examinations will be included within the overall IT examination process. The DFS cybersecurity examinations will incorporate a number of new topics, including: (i) corporate governance; (ii) protections against intrusion, such as multi-factor or adaptive authentication, along with server and database configuration; (iii) information security testing and monitoring; and (iv) cybersecurity insurance coverage, along with other third-party protections. Ultimately, the new examination process will assess a bank’s cybersecurity protections, in addition to how it manages potential cyber risks and handles a cybersecurity attack.
Massachusetts Fines Bank for Data Breach
On December 8, a large bank settled with the state of Massachusetts for $825,000 over a data breach that exposed the personal information of at least 260,000 customers. In March 2012, the bank allegedly lost unencrypted backup tapes with customer information and failed to report the missing tapes until October 2012. According to the Massachusetts AG, the bank violated state law by failing to (i) sufficiently protect information; and (ii) provide timely notification of the data breach. In the settlement agreement, Massachusetts credited the bank with $200,000 to upgrade its security procedures, while $325,000 will be paid in civil penalties, $75,000 in attorney’s fees and costs, and $225,000 to a consumer aid education fund.
Second Circuit Overturns Two Insider Trading Convictions
On December 10, the U.S. Court of Appeals for the Second Circuit overturned, and further, dismissed two of the DOJ’s insider trading convictions. United States of America v. Newman and Chiasson, Nos. 13-1837-cr(L), 13-1917-cr(con) (2nd Cir. Dec. 10, 2014). In a 28-page decision, the Court noted “erroneous” jury instruction, the Government’s lack of evidence that personal benefit was received by the alleged insiders, and the inability to prove the alleged insiders actually knew that they were trading on inside information. The ruling now narrows the scope of what constitutes insider trading and will likely impact other pending insider-trading cases. It is anticipated that the Government will appeal the Court’s decision.
Third Circuit Affirms Whistleblowers Must Arbitrate Under Dodd-Frank
On December 8, the U.S. Court of Appeals for the Third Circuit held that application of Dodd-Frank’s Anti-Arbitration provision did not apply to causes of action asserted under the Anti-Retaliation Dodd Frank Provision due to the limiting language of the arbitration law. Khazin v. TD Ameritrade Holding Corp, No. 14-1689 (3rd Cir. Dec.8, 2014). In 2013, the plaintiff filed suit in the District of New Jersey alleging that he had been fired in the preceding year for whistleblowing. According to the complaint, the retaliation occurred after the plaintiff questioned a supervisor about the pricing of a financial product that did not comply with relevant securities regulations. The District Court ruled that Dodd Frank’s Anti-Arbitration Provision did not prohibit the enforcement of arbitration agreements that were signed before the enactment of Dodd-Frank. Rather than deciding on the timing issue, however, the Court of Appeals upheld the decision on statutory construction grounds based on the limiting language of the Anti-Arbitration provision indicating that it only applied to causes of action contained within the same section, and not all allegations under Dodd-Frank.
ABA Requests Guidance On SCRA Notice Form Expiration
On December 3, the ABA sent a letter to HUD’s General Deputy Assistant Secretary for the Office of Housing requesting guidance on the use of form HUD-92070 under the Servicemembers Civil Relief Act. HUD Form 92070 relates to the debt protections servicemembers receive under the SCRA. However, the most current version of the form expired on November 30, 2014. The letter seeks guidance regarding (i) compliance requirements now that the form has expired; and (ii) how to provide an accurate notice to servicemembers since the current form will be inaccurate effective January 1, 2015. Finally, the letter requests that HUD advise lenders as to how they should remain in compliance with the Congressional mandate until a new form is published.
Unofficial Transcript of CFPB's November 18 Webinar on Completing the Closing Disclosure Form
On November 18, the CFPB presented Part 4 in its series of webinars (hosted by the Federal Reserve) addressing frequently asked questions regarding the TILA-RESPA Integrated Disclosure (“TRID”) rule. In this session, the CFPB addressed questions on completing the Closing Disclosure form. As with past CFPB webinars on the TRID rule, BuckleySandler has prepared a transcript of the webinar that incorporates the CFPB’s slides. The transcript is provided for informational purposes only and does not constitute legal opinions, interpretations, or advice by BuckleySandler. The transcript was prepared from the audio recording arranged by the Federal Reserve and may have minor inaccuracies due to sound quality. In addition, the transcripts have not been reviewed by the CFPB or the Federal Reserve for accuracy or completeness.
Questions regarding the matters discussed in the webinar or the rules themselves may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past. In addition, please visit our TRID Resource Center for additional information about the TRID rule and related materials.
- Jeffrey P. Naimon, (202) 349-8030
- Clinton R. Rockwell, (310) 424-3901
- John P. Kromer, (202) 349-8040
- Joseph M. Kolar, (202) 349-8020
- Jeremiah S. Buckley, (202) 349-8010
CFPB Fines Debt-Settlement Firm
On December 4, the CFPB fined a New Jersey-based debt-settlement service provider $69,075 in civil monetary penalties for alleged violations of the FTC’s Telemarketing Sales Rule (TSR). The CFPB alleged that the firm charged upfront fees to consumers which are prohibited for debt-settlement services. Further, the CFPB charged that the firm failed to provide debt-settlement services to consumers which harmed their credit history. In addition to the civil money penalty, the consent order requires the firm submit a compliance plan that includes (i) written policies and procedures designed to prevent violations of the TSR; (ii) training programs addressing the TSR and Federal consumer financial laws; (iii) written compliance monitoring processes; (iv) consumer complaint monitoring process; and (v) specific deadlines for when the compliance plan will be completed.
Treasury Official Urges Banks to Consider Cyber Insurance, Assess Cybersecurity Readiness
On December 3, Deputy Secretary Raskin delivered remarks at the Texas Bankers’ Association Executive Leadership Cybersecurity Conference. During her prepared remarks, Raskin noted recent data security breaches across many business sectors, including financial services, and presented ten questions for bank CEOs to consider when assessing their institutions’ cybersecurity readiness. Notably, Raskin urged the bank executives to consider relatively new cyber risk insurance for the financial recovery it provides because the underwriting processes could enhance other cybersecurity controls and provide helpful information for assessing a bank’s risk level. Currently, over 50 insurance carriers offer some form of cyber insurance coverage. Raskin’s remarks come only weeks after Congressional leaders sent a letter to financial institutions requesting that they provide information about their ability to protect consumers and safeguard personal information in the event of a data breach or cyber-attack.
DOJ Announces Formation of Cybersecurity Unit In Efforts to Prevent Cybercrime
On December 4, Assistant AG Leslie Caldwell delivered remarks at the Cybercrime 2020 Symposium regarding the DOJ’s recent efforts to fight cybercrime. Specifically, Caldwell noted the DOJ’s Criminal Division is (i) increasing its international law enforcement operations; and (ii) creating a committed Cybersecurity Unit to address the growing threat of cybercrime. The Cybersecurity Unit will take on the responsibility of enhancing the DOJ’s public and private security efforts, most notably by working with law enforcement to ensure that “legislation is shaped to most effectively protect our nation’s computer networks and individual victims from cyber attacks.”
FHFA Issues Advisory Bulletin, Tightens Oversight of Single-Family Servicers and Sellers
On December 1, the FHFA issued an advisory bulletin highlighting its supervisory expectation that Fannie and Freddie maintain the safety and soundness of their operations by closely assessing the risk profile of lenders and servicers. Under the new framework, any new lender or servicer that enters into a contract with Fannie or Freddie will undergo a thorough assessment of their capital levels, business models and whether they would be able to fulfill certain responsibilities under economic downturns. This includes buying back faulty mortgages or being able to work with borrowers to avoid foreclosure. Other risks, such as potential legal troubles, will also be examined.