Updates on Developments in Data Privacy and Cybersecurity
In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011. Henley generally said that the industry was working towards compliance and offered…
Continue Reading FDIC Official Discusses Implementation of FFIEC Authentication Guidance
The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision. The rule will have significant consequences for companies in the consumer reporting industry. The final rule follows a proposed rule issued in February 2012 indicating that the CFPB intended to supervise the consumer reporting market as part of the CFPB’s authority to supervise nonbank providers of consumer financial products and services. The final rule is effective September 30, 2012.
The final rule defines a “larger participant” in the consumer reporting market as a nonbank covered person that offers or provides consumer reporting and has annual receipts from consumer reporting in excess of $7 million.Continue Reading CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market
Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance. The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking. Starting this year, FFIEC information technology examinations will…
Continue Reading FFIEC Authentication Guidance to be a Hot Topic in 2012
On Tuesday, the Payment Card Industry Security Standards Council announced that it was opening the formal feedback period for versions 2.0 of the Payment Card Industry Data Security Standard (“PCI-DSS”) and Payment Application Data Security Standard (“PA-DSS”), which were issued in October 2010 and will become effective exclusively when versions…
Continue Reading PCI Council Opens Feedback Period for PCI-DSS and PA-DSS Versions 2.0
In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual. Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks&rsquo…
On October 27, 2011, Senator John D. Rockefeller, chairman of the Senate Commerce, Science, and Transportation Committee, sent letters to Visa and Mastercard requesting information regarding the companies’ data collection and aggregation practices and proposals. An October 25, 2011, Wall Street Journal article outlined various initiatives from the two companies pertaining…
As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators. The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of…
Continue Reading The Office of Financial Research and Legal Entity Identifiers
Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions. P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data…
Continue Reading PCI Point-to-Point Encryption Standards May Simplify Compliance
Yesterday, a subcommittee of the House Financial Services Committee held a hearing to discuss cybersecurity and security threats to the financial sector. The panelists included officials from the Secret Service, Federal Bureau of Investigation, and Department of Homeland Security, as well as representatives from Verizon, Symantec, Bank of America, and…
The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank. GLBA requires financial institutions to, among other requirements, establish safeguards to ensure the security and confidentiality of consumer records and to comply with certain requirements governing the disclosure of consumers’ personal information. Swap dealers and major swap participants are expected to collect and use nonpublic personal information in a similar manner as financial institutions currently subject to GLBA’s financial privacy requirements. The CFTC’s rule simply extends the financial privacy requirements to swap dealers and major swap participants.
The final rule becomes effective 60 days after the CFTC finalizes its regulations further defining the terms “swap dealer” and “major swap participant.” On December 21, 2010, the CFTC issued proposed regulations with respect to these definitions. The proposed definitions of these terms under the Dodd-Frank statute appear after the jump.Continue Reading CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants
