Archives: Financial Institutions

Subscribe to Financial Institutions RSS Feed

SEC and CFTC Issue Final Identity Theft Rule

Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft.  The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures … Continue Reading

Federal Reserve Releases Report of Mobile Banking and Mobile Payments Use

On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments.  The report follows a similar report issued by the Federal Reserve last year.  The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well.  … Continue Reading

House Passes Legislation Eliminating Annual GLBA Privacy Notice Requirement

Earlier this week, the House of Representatives passed H.R. 749, the Eliminate Privacy Notice Confusion Act.  The bill is sponsored by Rep. Blaine Leutkemeyer (R-MO) and Rep. Brad Sherman (D-CA).  An earlier version of the bill passed the House in December but was never taken up by the Senate.  We previously covered similar legislation introduced by … Continue Reading

FTC Study Details Inaccuracies in Credit Reports

This week, the Federal Trade Commission released a study of the U.S. credit reporting industry and credit report accuracy.  The study found that five percent of consumers had errors on one of their three nationwide credit reports that could lead them to pay more for financial products.  The study is required under section 319 of the … Continue Reading

President Obama Issues Cybersecurity Executive Order

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why … Continue Reading

FFIEC Proposes Social Media Guidance

On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential … Continue Reading

FDIC Highlights Mobile Payment Technologies and Related Risks

In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped … Continue Reading

FTC Announces Amended Rule on Identity Theft “Red Flags”

On Friday, November 30, the Federal Trade Commission (FTC) issued an Interim Final Rule to amend its Red Flags Rule, which requires certain financial institutions and creditors to establish programs to detect, prevent and mitigate identity theft in connection with consumer accounts.  The Interim Final Rule narrows the definition of “creditor” in response to legislation … Continue Reading

CFPB Offers Assistance for Consumer Credit Reporting Complaints

Last week, the Consumer Financial Protection Bureau (CFPB) announced that it had established a process for assisting consumers with credit reporting complaints.  The CFPB previously had implemented similar processes for complaints relating to credit cards, mortgages, bank accounts and services, private student loans, vehicle, and other consumer loans.  The complaint process is intended to complement the … Continue Reading

CFPB Study Assesses Differences in Credit Scores Sold to Consumers and Creditors

Last week, the Consumer Financial Protection Bureau (CFPB) released a study comparing credit scores sold to creditors and those sold to consumers.  The study found that approximately 1 in 5 consumers would, upon purchasing their credit score from a consumer reporting agency, receive a different credit score than the score provided to creditors for use in … Continue Reading

FDIC Official Discusses Implementation of FFIEC Authentication Guidance

In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage … Continue Reading

FTC Obtains Second Largest Civil Penalty Under FCRA

An employment background screening company will pay a $2.6 million civil penalty to settle Federal Trade Commission charges under the Fair Credit Reporting Act.   The FTC alleged that HireRight Solutions, Inc., which compiles background reports to assist employers in making hiring and other employment-related decisions, is a consumer reporting agency since its reports “bear on … Continue Reading

CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February … Continue Reading

FFIEC Issues Risk Management Guidance for Cloud Computing

On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing.  The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’”  The guidance also … Continue Reading

First Circuit Finds Bank’s Online-Security Procedures ‘Commercially Unreasonable’

A bank that required a commercial customer to answer “challenge questions” for virtually all online payments and that did not implement other common security measures failed to provide a commercially reasonable level of security, the U.S. Court of Appeals for the First Circuit ruled this week. The case arose when unknown hackers were able to … Continue Reading

Settlement Reached in Data Security Breach Lawsuit Against Bank

Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach.  In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers.  … Continue Reading

Proposed Bill Would Limit Annual Privacy Notice Requirement Under GLBA

Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the … Continue Reading

PCI Council Issues Guidance for Mobile Payment Acceptance

Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers.  The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority.  Payment card readers that can be attached to a smartphone or tablet have become … Continue Reading

Fiserv Releases White Paper on Multi-Channel Banking

On April 4, 2012, Fiserv, one of the largest payment processing service providers for the banking industry, released a white paper analyzing the current state of multi-channel banking, which is a consumer’s use of more than one channel to conduct banking activities.  The white paper, titled “Snacking, Lunching and Fine Dining: How Mobile is Reshaping … Continue Reading

Federal Reserve Official Testifies Before Congress on Mobile Financial Services

On March 29, 2012, Director of the Federal Reserve’s Division of Consumer and Community Affairs Sandra Braunstein testified before the Senate Banking Committee on consumers’ use of mobile financial services.  Ms. Braunstein distinguished between “mobile banking,” which is a consumer’s use of a mobile device to interact with a financial institution, including checking balances and transferring … Continue Reading

FTC to Explore Mobile Payments

The Federal Trade Commission has announced that it will host a workshop on April 26, 2012, to discuss mobile payments.  In addition to exploring payment technologies and business models, the workshop will likely cover consumer protection issues such as the risks of financial loss, the need for information disclosures, data protection concerns, and the remedies … Continue Reading

FFIEC Authentication Guidance to be a Hot Topic in 2012

Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance.  The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking.  Starting this year, FFIEC information technology examinations will include reviews for compliance with … Continue Reading

CFPB Supervision and Examination Manual Provides Procedures for Examining Compliance with Financial Privacy Laws

In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual.  Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as certain … Continue Reading

Verizon Report Concludes that Industry’s Compliance with PCI Standards Remains Low

In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS.  Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS.  The PCI-DSS consist of 12 requirements relating to an organization’s information … Continue Reading
LexBlog