Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Financial Institutions

Subscribe to Financial Institutions RSS Feed

The FTC’s Agenda to Tackle Big Data and Discrimination

Posted in Advertising & Marketing, Emerging Technologies, Federal Trade Commission, Financial Institutions, Mobile, Online, United States

Last Friday, the FTC announced an agenda for its upcoming workshop, “Big Data: A Tool for Inclusion or Exclusion?” which will take place on Monday, Sept. 15, starting at 8:00 a.m.  As we’ve previously reported, the workshop will build on recent efforts by the FTC and other government agencies to understand how new technologies affect… Continue Reading

Ten Things You Should Know About the SEC’s New Cybersecurity Examinations

Posted in Cybersecurity, Data Breaches, Data Security, Financial Institutions, Financial Privacy

Last week, the Securities and Exchange Commission announced that it will conduct more than 50 cybersecurity examinations to identify risks and ensure that broker-dealers and investment advisers are adequately protecting customer information.  Below are some key takeaways from the Risk Alert that the SEC’s Office of Compliance Inspections and Examinations released with its announcement:

Is Korea Moving Towards EU-Style Legislation for Financial Institutions?

Posted in Financial Institutions, Financial Privacy, International, Korea

By Hee-Eun Kim and Monika Kuschewsky In January 2014, a massive data leak of some 104 million credit card accounts shocked South Korea.  The number of affected accounts was twice the number of the population of South Korea’s.  The incident arose when a temporary employee of a personal credit rating agency that manages personal financial… Continue Reading

Comparison of Five Data-Breach Bills Currently Pending in the Senate

Posted in Congress, Data Breaches, Data Security, Federal Trade Commission, Financial Institutions, United States

Data security continues to be a hot issue on Capitol Hill, and just yesterday Attorney General Eric Holder urged Congress to create a “strong, national standard” for quickly reporting data breaches to consumers.  Democratic and Republican senators have been busy drafting legislation that would establish national requirements for data security and breach notice.  The following… Continue Reading

SEC Exams of Asset Managers to Include Focus on Cybersecurity

Posted in Cybersecurity, Data Security, Financial Institutions, Financial Privacy, United States

Routine SEC examinations of investment advisers and investment companies this year will include scrutiny of these entities’ cybersecurity policies, an SEC official told attendees Thursday at a national agency-hosted compliance seminar. The SEC’s Regulation S-P, which implements the federal Gramm-Leach-Bliley Act, requires brokers, dealers, investment companies, and registered investment advisers to “adopt policies and procedures… Continue Reading

Covington and the George Washington University’s Cybersecurity Initiative Release Issue Brief on Cyberespionage and Trade Secret Theft

Posted in Congress, Cybersecurity, Emerging Technologies, Financial Institutions, International

At a co-hosted event last week, Covington & Burling LLP and The George Washington University’s Cybersecurity Initiative released an issue brief on the growing threats of cyberespionage and trade secret theft and responses to address these threats.  The paper provides an overview of existing laws and policy reforms being considered in the U.S. and European… Continue Reading

CFPB Rulemaking Agenda Includes Potential Changes to GLBA Annual Privacy Notice Requirement

Posted in Congress, Financial Institutions, Financial Privacy, United States

Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings.  The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of federal regulatory and deregulatory actions across… Continue Reading

SEC and CFTC Issue Final Identity Theft Rule

Posted in Financial Institutions, Financial Privacy, Red Flags, United States

Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft.  The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures… Continue Reading

Federal Reserve Releases Report of Mobile Banking and Mobile Payments Use

Posted in Data Security, Financial Institutions, Financial Privacy, United States

On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments.  The report follows a similar report issued by the Federal Reserve last year.  The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well. … Continue Reading

House Passes Legislation Eliminating Annual GLBA Privacy Notice Requirement

Posted in Financial Institutions, Financial Privacy, United States

Earlier this week, the House of Representatives passed H.R. 749, the Eliminate Privacy Notice Confusion Act.  The bill is sponsored by Rep. Blaine Leutkemeyer (R-MO) and Rep. Brad Sherman (D-CA).  An earlier version of the bill passed the House in December but was never taken up by the Senate.  We previously covered similar legislation introduced by… Continue Reading

FTC Study Details Inaccuracies in Credit Reports

Posted in Federal Trade Commission, Financial Institutions, Financial Privacy, United States

This week, the Federal Trade Commission released a study of the U.S. credit reporting industry and credit report accuracy.  The study found that five percent of consumers had errors on one of their three nationwide credit reports that could lead them to pay more for financial products.  The study is required under section 319 of the… Continue Reading

President Obama Issues Cybersecurity Executive Order

Posted in Cloud Computing, Cybersecurity, Department of Commerce, Financial Institutions, United States

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why… Continue Reading

FFIEC Proposes Social Media Guidance

Posted in Financial Institutions, Financial Privacy, Social Media, United States

On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential… Continue Reading

FDIC Highlights Mobile Payment Technologies and Related Risks

Posted in Financial Institutions, Financial Privacy, United States

In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped… Continue Reading

FTC Announces Amended Rule on Identity Theft “Red Flags”

Posted in Congress, Creditors, Data Security, Federal Trade Commission, Financial Institutions, Financial Privacy, Red Flags, United States

On Friday, November 30, the Federal Trade Commission (FTC) issued an Interim Final Rule to amend its Red Flags Rule, which requires certain financial institutions and creditors to establish programs to detect, prevent and mitigate identity theft in connection with consumer accounts.  The Interim Final Rule narrows the definition of “creditor” in response to legislation… Continue Reading

CFPB Offers Assistance for Consumer Credit Reporting Complaints

Posted in Federal Trade Commission, Financial Institutions, Financial Privacy, United States

Last week, the Consumer Financial Protection Bureau (CFPB) announced that it had established a process for assisting consumers with credit reporting complaints.  The CFPB previously had implemented similar processes for complaints relating to credit cards, mortgages, bank accounts and services, private student loans, vehicle, and other consumer loans.  The complaint process is intended to complement the… Continue Reading

CFPB Study Assesses Differences in Credit Scores Sold to Consumers and Creditors

Posted in Financial Institutions, Financial Privacy, United States

Last week, the Consumer Financial Protection Bureau (CFPB) released a study comparing credit scores sold to creditors and those sold to consumers.  The study found that approximately 1 in 5 consumers would, upon purchasing their credit score from a consumer reporting agency, receive a different credit score than the score provided to creditors for use in… Continue Reading

FDIC Official Discusses Implementation of FFIEC Authentication Guidance

Posted in Financial Institutions, Financial Privacy, United States

In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage… Continue Reading

FTC Obtains Second Largest Civil Penalty Under FCRA

Posted in Federal Trade Commission, Financial Institutions, Financial Privacy, United States

An employment background screening company will pay a $2.6 million civil penalty to settle Federal Trade Commission charges under the Fair Credit Reporting Act.   The FTC alleged that HireRight Solutions, Inc., which compiles background reports to assist employers in making hiring and other employment-related decisions, is a consumer reporting agency since its reports “bear on… Continue Reading

CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

Posted in Financial Institutions, Financial Privacy, United States

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February… Continue Reading

FFIEC Issues Risk Management Guidance for Cloud Computing

Posted in Cloud Computing, Data Security, Financial Institutions, Financial Privacy, United States

On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing.  The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’”  The guidance also… Continue Reading

First Circuit Finds Bank’s Online-Security Procedures ‘Commercially Unreasonable’

Posted in Cybersecurity, Data Security, Financial Institutions, Litigation, United States

A bank that required a commercial customer to answer “challenge questions” for virtually all online payments and that did not implement other common security measures failed to provide a commercially reasonable level of security, the U.S. Court of Appeals for the First Circuit ruled this week. The case arose when unknown hackers were able to… Continue Reading

Settlement Reached in Data Security Breach Lawsuit Against Bank

Posted in Data Breaches, Data Security, Financial Institutions, Financial Privacy, Litigation

Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach.  In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers. … Continue Reading

Proposed Bill Would Limit Annual Privacy Notice Requirement Under GLBA

Posted in Congress, Financial Institutions, Financial Privacy, Litigation, United States

Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the… Continue Reading