Mike Nonaka

Mike Nonaka

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as big data, blockchain and related technologies, bitcoin and other virtual currencies, same day payments, and online lending.

Subscribe to all posts by Mike Nonaka

New York DFS Publishes FAQs on New Cybersecurity Regulations

As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500).  Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading

The Securities and Exchange Commission and Financial Industry Regulatory Authority Release Examination Priorities for 2017

The Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) and the Financial Industry Regulatory Authority, Inc. (“FINRA”) (a private self-regulatory organization overseen by OCIE), recently released their 2017 examination priorities.  It is no surprise to find cybersecurity listed as an examination priority again this year. OCIE and FINRA have repeatedly recognized … Continue Reading

Extension of Time for Comments on the Federal ANPR on Cyber Risk Management Standards

For those considering submitting comments on the federal advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management standards, you’ve been granted an extension.  The agencies involved—the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation—announced that they will extend the comment period … Continue Reading

GAO to Review CFPB Data Collection Initiative

Last week, the Government Accountability Office (GAO) agreed to review the Consumer Financial Protection Bureau’s (CFPB) collection and analysis of consumer credit records in response to a request from Senator Mike Crapo (R-ID).  In a letter to the GAO Comptroller General, Sen. Crapo requested that the GAO investigate “CFPB’s data collection to determine its purpose, scope … Continue Reading

CFPB Rulemaking Agenda Includes Potential Changes to GLBA Annual Privacy Notice Requirement

Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings.  The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of federal regulatory and deregulatory actions across … Continue Reading

FTC Announces Information about Upcoming Mobile Security Forum

Today, the Federal Trade Commission released the agenda and panelists for the public forum it is holding on mobile security, Mobile Security: Potential Threats and Solutions, on June 4, 2013.  The forum will bring together technology researchers, industry members, and academics to explore mobile malware, the security of existing and developing mobile technologies, and the roles … Continue Reading

FTC Official Highlights FCRA Enforcement as a High Priority

Earlier this month, Maneesha Mithal, Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, testified before the U.S. Senate Subcommittee on Consumer Protection, Product Safety, and Insurance regarding consumer report accuracy and the FTC’s efforts to improve accuracy through education and enforcement.  Her testimony emphasized the impact that consumer report errors may … Continue Reading

SEC and CFTC Issue Final Identity Theft Rule

Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft.  The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures … Continue Reading

Federal Reserve Releases Report of Mobile Banking and Mobile Payments Use

On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments.  The report follows a similar report issued by the Federal Reserve last year.  The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well.  … Continue Reading

House Passes Legislation Eliminating Annual GLBA Privacy Notice Requirement

Earlier this week, the House of Representatives passed H.R. 749, the Eliminate Privacy Notice Confusion Act.  The bill is sponsored by Rep. Blaine Leutkemeyer (R-MO) and Rep. Brad Sherman (D-CA).  An earlier version of the bill passed the House in December but was never taken up by the Senate.  We previously covered similar legislation introduced by … Continue Reading

FTC Issues Report on Mobile Payments

Last Friday, the Federal Trade Commission released a report, Paper, Plastic…or Mobile?, on the use of mobile payments.  The report follows a workshop hosted by the FTC in April 2012 that explored innovative mobile payment products and services, the potential benefits offered by mobile payments, and the concerns they raise.  For purposes of the report, mobile … Continue Reading

FTC Study Details Inaccuracies in Credit Reports

This week, the Federal Trade Commission released a study of the U.S. credit reporting industry and credit report accuracy.  The study found that five percent of consumers had errors on one of their three nationwide credit reports that could lead them to pay more for financial products.  The study is required under section 319 of the … Continue Reading

PCI Council Releases PCI-DSS Cloud Computing Guidelines

On February 7, 2013, the Payment Card Industry (PCI) council released a supplement to the payment card industry data security standards (PCI-DSS) on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.  The supplement is intended for merchants, service providers, assessors, and other entities in evaluating the use of cloud … Continue Reading

FFIEC Proposes Social Media Guidance

On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential … Continue Reading

FDIC Highlights Mobile Payment Technologies and Related Risks

In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped … Continue Reading

FTC Enters into Consent Order with Mobile Application Developers for Fair Credit Reporting Act Violations

Last week, the Federal Trade Commission entered into a consent order with two companies alleged to have operated as consumer reporting agencies, by providing criminal record reports through mobile applications, without complying with the Fair Credit Reporting Act (FCRA).  The consent order represents the FTC’s first FCRA case involving mobile applications.  According to the FTC’s complaint, Filiquarian … Continue Reading

CFPB Offers Assistance for Consumer Credit Reporting Complaints

Last week, the Consumer Financial Protection Bureau (CFPB) announced that it had established a process for assisting consumers with credit reporting complaints.  The CFPB previously had implemented similar processes for complaints relating to credit cards, mortgages, bank accounts and services, private student loans, vehicle, and other consumer loans.  The complaint process is intended to complement the … Continue Reading

FTC Finalizes Settlements with Companies for Exposing Sensitive Consumer Information through Installation of Peer-to-Peer File Sharing Software

On October 26, 2012, the FTC finalized settlements with Georgia auto dealer Franklin Budget Car Sales, Inc. and Utah-based debt collector EPN Inc. over charges that each company illegally exposed sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems.  The final settlements follow a notice-and-comment period … Continue Reading

FTC Imposes $1 Million Fine Against Musicians’ Fan Websites for COPPA Violations

By Lindsey Tonsager and Mike Nonaka On October 2, 2012, the Federal Trade Commission filed a proposed consent decree resolving claims that Artist Arena LLC violated the Children’s Online Privacy Protection Act (COPPA) by collecting and disclosing email addresses, birth dates and other personal information from more than 100,000 children younger than the age of … Continue Reading

CFPB Study Assesses Differences in Credit Scores Sold to Consumers and Creditors

Last week, the Consumer Financial Protection Bureau (CFPB) released a study comparing credit scores sold to creditors and those sold to consumers.  The study found that approximately 1 in 5 consumers would, upon purchasing their credit score from a consumer reporting agency, receive a different credit score than the score provided to creditors for use in … Continue Reading

FTC Releases Privacy Guide for Mobile Application Developers

The Federal Trade Commission has released a guide, Marketing Your Mobile App: Get It Right from the Start, to help mobile application developers comply with truth-in-advertising standards and privacy principles.  Although the guide is informal and not binding guidance, it does represent helpful FTC commentary.  The guide notes that a one-size fits all approach is not workable since … Continue Reading

FDIC Official Discusses Implementation of FFIEC Authentication Guidance

In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage … Continue Reading
LexBlog