Regulatory Rollback: Impact of the CFPB's Withdrawal of Overdraft and Deposit Account Fee Guidance on Financial Institutions and Related Litigation Risks — The Consumer Finance Podcast
Crypto's Capital Markets Revolution: Insights From GSR's Josh Riezman — The Crypto Exchange Podcast
10 For 10: Top Compliance Stories For the Week Ending August 23, 2025
Daily Compliance News: August 22, 2025, The WADA Returns Edition
Enhancing Card Partnerships and Compliance: A Conversation With Matthew Goldman — Payments Pros – The Payments Law Podcast
Institutional Adoption, Tax Challenges, and What's Next for Crypto in the US — Insights from KPMG's Tony Tuths - The Crypto Exchange Podcast
10 For 10: Top Compliance Stories For the Week Ending August 9, 2025
Daily Compliance News: August 5, 2025, The Staying Focused Edition
Wild Times for the Community Reinvestment Act
10 For 10: Top Compliance Stories For the Week Ending, July 26, 2025
Compliance Tip of the Day: Citibank and Continuous Monitoring
Daily Compliance News: July 24, 2025, The In Phone Hell Edition
Wire Fraud Litigants Beware: Fourth Circuit Ruling Protects the Banks — The Consumer Finance Podcast
Top challenges with Compliance Management
Daily Compliance News: July 15, 2025, The Fighting Workplace Bullying Edition
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
#Risk New York Speaker Series – Exploring Future Regulatory Trends and Compliance Strategies with Rory McGrath
The Capital Ratio Podcast | Entering the US Banking Market
Point-of-Sale Finance Series: Banking on Lending Models — The Consumer Finance Podcast
Great Women in Compliance: GWIC X EC Q2 2025 - Exploring Compliance Innovations
On May 16, 2024, the Securities and Exchange Commission (SEC) adopted sweeping amendments to Regulation S-P, which governs the privacy of nonpublic consumer personal and financial information for a broad range of financial...more
The New York State Department of Financial Services (the “Department”) has issued guidance (“Guidance”) to all individuals and entities regulated by the Department (“Regulated Entities”) to underscore the importance of...more
DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as...more
The European Union’s Digital Operational Resilience Act (DORA) came into effect on January 17, 2025. DORA aims to harmonise rules concerning the provision of information and communication technology (ICT) services to...more
After a two-year implementation period, the EU Digital Operational Resilience Act (DORA) takes effect on 17 January 2025. DORA is part of the EU’s Digital Finance Package and aims to strengthen the financial sector’s...more
The EU Digital Operational Resilience Act (“DORA”) is due to apply from 17 January 2025. It is designed to ensure regulated financial entities can withstand and recover from technology issues such as cyber events and...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS) released guidance highlighting the cybersecurity risks associated with artificial intelligence (AI) and how covered entities regulated by NYDFS...more
Long IT sub-contracting chains can make it hard for financial institutions to understand the vulnerabilities in their IT estate and the location of key functions (where these may be located in entities who do not have a...more
Share on Twitter Print Share by Email Share Back to top “The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” Those were among the remarks that U.S. Securities and...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
A major amendment to the New York State Department of Financial Services' cybersecurity regulations establishes affirmative cybersecurity oversight duties and requires companies to report extortion payments to the agency....more
There will be additional compliance obligations and mandatory contractual provisions introduced for financial entities and outsourced IT service providers. The new DORA seeks to strengthen the resilience of financial...more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
Recently, the Federal Reserve Board (Fed) published its annual Cybersecurity and Financial System Resilience report describing measures it has taken to strengthen cybersecurity in the financial services sector, including the...more
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk. In her...more
In December 2019, we published a blog post introducing open banking; here, we provide an update for 2020. To briefly summarize, open banking comprises a set of rules which permit third-party providers (TPPs) of financial...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more
The FDIC and OCC have issued new guidance for banks on heightened cybersecurity risks facing the financial services industry because of increased geopolitical tensions and threats of aggression. The guidance published on...more
March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers (e.g.,...more
Financial institutions regulated by the New York Department of Financial Services (DFS)—referred to in this post as “Covered Entities”—should by now be well familiar with the department’s sweeping cybersecurity regulation, 23...more