Tag Archives: Financial Institutions

FDIC Official Discusses Implementation of FFIEC Authentication Guidance

In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage … Continue Reading

CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February … Continue Reading

FFIEC Issues Risk Management Guidance for Cloud Computing

On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing.  The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’”  The guidance also … Continue Reading

First Circuit Finds Bank’s Online-Security Procedures ‘Commercially Unreasonable’

A bank that required a commercial customer to answer “challenge questions” for virtually all online payments and that did not implement other common security measures failed to provide a commercially reasonable level of security, the U.S. Court of Appeals for the First Circuit ruled this week. The case arose when unknown hackers were able to … Continue Reading

Settlement Reached in Data Security Breach Lawsuit Against Bank

Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach.  In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers.  … Continue Reading

Proposed Bill Would Limit Annual Privacy Notice Requirement Under GLBA

Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the … Continue Reading

FTC to Explore Mobile Payments

The Federal Trade Commission has announced that it will host a workshop on April 26, 2012, to discuss mobile payments.  In addition to exploring payment technologies and business models, the workshop will likely cover consumer protection issues such as the risks of financial loss, the need for information disclosures, data protection concerns, and the remedies … Continue Reading

FFIEC Authentication Guidance to be a Hot Topic in 2012

Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance.  The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking.  Starting this year, FFIEC information technology examinations will include reviews for compliance with … Continue Reading

CFPB Supervision and Examination Manual Provides Procedures for Examining Compliance with Financial Privacy Laws

In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual.  Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as certain … Continue Reading

The Office of Financial Research and Legal Entity Identifiers

As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators.  The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for measuring risk … Continue Reading

CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants

The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank.  GLBA requires financial institutions to, among other requirements, establish safeguards … Continue Reading

CFPB Opens for Business

Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that … Continue Reading

FFIEC Releases Supplement to Authentication Guidance

The Federal Financial Institutions Examination Council (FFIEC) released the long-awaited supplement to its authentication guidance, Authentication in an Internet Banking Environment.  The supplement represents the most current and authoritative guidance regarding data security in connection with online banking platforms.  Here are a few highlights of the supplement: Financial institutions should perform periodic risk assessments that … Continue Reading

SWIFT Messaging Raises Unique Financial Privacy Issues

The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, provides an organizational platform for facilitating international payments.  U.S. and foreign financial institutions use SWIFT messages to initiate, process, receive, and settle payment orders.  The amount of information exchanged via SWIFT is immense.  More than 9,000 financial institutions in 209 countries rely on SWIFT to process … Continue Reading

Survey Indicates Banks Taking “Wait and See” Approach to Mobile Payments

Fiserv, Inc. recently released the results of a survey suggesting banks are taking a “wait and see” approach to mobile payments. Fiserv commissioned and Forrester Consulting conducted the survey of 15 large U.S. banks, which found that most of the banks offered mobile banking services allowing customers to make transfers between accounts, find an ATM, … Continue Reading

Consumer Financial Protection Bureau Publishes Notice of “Consumer Inquiry and Complaint Database”

The deadline to submit comments in response to the Consumer Financial Protection Bureau (CFPB) Implementation Team’s notice to establish the “Consumer Inquiry and Complaint Database” is less than two weeks away.  Title X of the Dodd-Frank Act establishes the CFPB to enforce federal consumer financial laws through rulemaking, supervision, and enforcement authority.  Dodd-Frank grants the … Continue Reading

Remote Deposit Capture Services Present Opportunity and Risk

According to a Federal Deposit Insurance Corporation survey of depository institutions, approximately 38 percent of institutions offer some form of remote deposit capture (RDC) service.  RDC enables a customer to deposit checks and other items electronically through the internet or the customer’s mobile phone.  The service was first authorized in 2004 when Congress passed the … Continue Reading

Federal Trade Commission Provides Initial Interpretation of the Red Flags Clarification Act in Litigation with the American Bar Association

We recently covered the Red Flag Program Clarification Act of 2010 in a blog post and client alert.  The Act was intended to narrow the scope of the Federal Trade Commission’s Red Flags rule, which imposes requirements on creditors and financial institutions to detect and deter identity theft.  Prior to the Act’s passage, the American … Continue Reading

President Signs Into Law Legislation Narrowing Scope of Red Flags Rule

Over the weekend, President Obama signed into law the “Red Flag Program Clarification Act of 2010.”  The Act is intended to narrow the types of entities that are subject to the Federal Trade Commission’s Red Flags rule, which requires financial institutions and creditors to take certain steps to prevent identity theft.  More information on the … Continue Reading

President to Sign Into Law Legislation Narrowing Scope of Red Flags Rule

Last week, Congress delivered to President Obama for his signature the “Red Flag Program Clarification Act of 2010,” which is intended to narrow the types of entities that are subject to the Federal Trade Commission’s Red Flags rule.  The Red Flags rule requires “financial institutions” and “creditors” to establish programs to detect, prevent, and mitigate … Continue Reading