News & Analysis as of

Cyber Incident Reporting Cybersecurity Financial Services Industry

Fenwick & West LLP

SEC News Roundup - June 2025

Fenwick & West LLP on

Petition for Rulemaking with Respect to Cybersecurity Incident Disclosure - A group of financial services industry trade associations submitted a joint petition for rulemaking requesting that the SEC amend the...more

Mayer Brown Free Writings + Perspectives

SIFMA and Other Industry Groups Petition SEC for Recission of Cybersecurity Disclosure Requirement

In late May 2025, the Securities Industry and Financial Markets Association (SIFMA), together with the American Bankers Association, Bank Policy Institute, Independent Community Bankers of America, and Institute of...more

A&O Shearman

FSB publishes finalised format for FIRE framework

A&O Shearman on

The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more

BCLP

Cybersecurity Risks for Financial Services Firms: Proactive Strategies to Stay Ahead

BCLP on

The 2024 CrowdStrike outage and the ransomware attack on NHS partner Synnovis hit mainstream news and highlighted the fragility of ICT supply chains and the risks posed by cyber incidents....more

King & Spalding

EU DORA: Are you in scope, and if so, how can you prepare?

King & Spalding on

The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more

Ballard Spahr LLP

FHA issues revised cybersecurity requirements

Ballard Spahr LLP on

As previously reported in May 2024 FHA announced a requirement for FHA approved lenders to notify the U.S. Department of Housing and Urban Development (HUD) of Significant Cybersecurity Incidents, and the requirement was...more

Constangy, Brooks, Smith & Prophete, LLP

FTC cyber breach notification rules: If you’re a non-banking financial institution, here’s what you need to know.

Financial institutions are now required to notify the Federal Trade Commission about any security breach that involves the information of 500 customers or more. The breach must be reported no later than 30 days after it is...more

NAVEX

DORA: Exploring Finance Compliance Requirements

NAVEX on

Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more

A&O Shearman

Financial Stability Board Letter to G20 Finance Ministers and Central Bank Governors – Cyber and Operational Resilience

A&O Shearman on

The Financial Stability Board has published a letter sent to G20 finance ministers and central bank governors providing an update on various workstreams, including on cyber and operational resilience...more

Wyrick Robbins Yates & Ponton LLP

Maybe Not Practical After All: HUD Proposes Revised Cyber Incident Reporting Requirement for FHA-Approved Mortgagees

As we discussed in a recent post, earlier this year the U.S. Department of Housing and Urban Development (“HUD”) issued Mortgagee Letter 2024-10, which imposed a new requirement on all FHA-approved mortgagees to report...more

Barnea Jaffa Lande & Co.

Understanding DORA: An Overview of the Digital Operational Resilience Act

The Digital Operational Resilience Act (DORA) is an EU regulatory framework, aimed at enhancing the financial sector’s ability to withstand and recover from ICT (information and communication technology) disruptions....more

Wyrick Robbins Yates & Ponton LLP

Possible… but Practical? HUD’s New 12 Hour Cyber Incident Reporting Requirement for FHA-Approved Mortgagees

On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) issued requirements, effective immediately, for all FHA-approved mortgagees to report certain cyber incidents to HUD within 12 hours of detection....more

ArentFox Schiff

Newly Proposed Rule Expanding Cyber Incident Reporting to Affect Financial Services Companies

ArentFox Schiff on

Recently, the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) issued a notice of proposed rulemaking (NPRM) which, if adopted, would require “covered entities” of critical...more

Alston & Bird

Data Breach Notification Requirements Under the Safeguards Rule Now in Effect

Alston & Bird on

For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial...more

Baker Donelson

[Webinar] New Privacy and Cybersecurity Regulations: What Financial Institutions Need to Know to Stay Compliant - June 13th, 10:00...

Baker Donelson on

The financial services industry has seen a litany of new data privacy and cybersecurity challenges through the first half of 2024. Financial institutions are facing unprecedented compliance hurdles resulting from the...more

Wiley Rein LLP

CISA’s Proposed Cyber Incident Reporting Requirements Would Hit a Range of Industries and Sectors

Wiley Rein LLP on

The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more

Paul Hastings LLP

Revised FTC Safeguards Rule Brings Breach Reporting Obligations to Non-Banking Financial Institutions in May 2024

Paul Hastings LLP on

Federal jurisdiction under the Gramm Leach Bliley Act (“GLBA”) is a patchwork, particularly for banks –the Federal Reserve, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency all...more

Skadden, Arps, Slate, Meagher & Flom LLP

The Informed Board - Winter 2024

The oversight obligations of boards continue to expand. Recent enforcement actions and new laws in areas such as cybersecurity, artificial intelligence and supply chains create new challenges for boards, as we explain in this...more

Troutman Pepper Locke

SEC’s New Cyber Rules for Publicly Traded Companies — The Consumer Finance Podcast

Troutman Pepper Locke on

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Kim Phan, a partner in our firm’s Privacy + Cyber practice, to discuss the Securities and Exchange Commission’s new cyber risk management and incident...more

McGlinchey Stafford

New York Cybersecurity Regulation Amended and Expanded

McGlinchey Stafford on

On November 1, 2023, the New York Department of Financial Services (NYDFS) adopted amendments to its Cybersecurity Regulation, 23 NYCRR Part 500 (Cybersecurity Regulation). This is the second amendment (Amendment) to its...more

Wyrick Robbins Yates & Ponton LLP

Empire State of Security: New York DFS Finalizes Significant Amendment to Financial Services Cybersecurity Regulation

The New York State Department of Financial Services (“NYDFS”), which regulates financial services institutions including banks, insurance companies, and mortgage brokers, finalized an amendment to its Cybersecurity Regulation...more

Davis Wright Tremaine LLP

Broker Dealer Regulatory Digest - October 2023

Editor's Note - The following newsletter provides a roundup summarizing enforcement actions, guidance, rulemakings, and other public statements taken by a federal and/or state financial services regulatory agency,...more

Alston & Bird

What You Should Know About the EU Digital Operational Resilience Act

Alston & Bird on

The European Union’s (EU) new Digital Operational Resilience Act (DORA) will go into effect in January 2025. Our Privacy, Cyber & Data Strategy Team digs into DORA and discusses how the new law may impact businesses inside...more

Polsinelli

FTC Adopts Data Breach Notification Obligations for Non-Banking Financial Institutions

Polsinelli on

On October 27, 2023, the Federal Trade Commission (“FTC”) adopted an amendment to the FTC’s Safeguards Rule that will require non-banking financial institutions to notify the FTC within thirty days of discovering a data...more

Katten Muchin Rosenman LLP

New FTC Rule Requires Certain Financial Institutions to Report Loss of Unencrypted Customer Data

On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more

51 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide