In November 2021, non‑state issued digital assets reached a combined market capitalization of $3 trillion, up from approximately $14 billion in early November 2016.  Several global monetary authorities are exploring, and in some cases introducing, central bank digital currencies (CBDCs).  On March 9, 2022, President Biden issued an executive order to mandate multiple reports and

On November 18, 2021, the Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) approved a new final rule regarding reporting of cyber incidents for U.S. banks and service providers.

Under the new rule, a banking organization must notify its primary federal regulator of “any significant computer

Ascension Data & Analytics LLC, a data analytics company for the mortgage industry, has entered into a proposed settlement agreement with the Federal Trade Commission (FTC) following allegations that it violated the Gramm-Leach-Bliley Act’s (GLB) Safeguards Rule by failing to ensure that a third-party vendor was adequately securing data of mortgage holders. The FTC complaint

On October 7, 2020, The Office of the Comptroller of the Currency (“OCC”) announced that it had assessed a $400 million civil penalty against Citibank, N.A. regarding alleged deficiencies in its enterprise-wide risk management and data governance programs and its internal controls.  In particular, the OCC found violations of 12 CFR Part 30, Appendix D

On July 21, 2020, the New York State Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for breach of state cybersecurity regulations. Specifically, NYDFS alleges that First American exposed tens of millions of documents containing consumers’ sensitive personal information, including bank account numbers and statements, mortgage and tax

Note:  This post was originally posted in our Southeast Financial Litigation Monitor.

Gregory C. Cook & Brandon N. Robinson

The story is becoming all too common.  A merchant (or consumer) is convinced to wire money to a fraudulent account because of an incorrect belief that they are wiring the money to the real party. 

In our Southeast Financial Litigation Monitor, our own Lindsey Catlett posts about a recent opinion in Southern Independent Bank vs. Fred’s Inc., in which the Middle District of Alabama denied class certification following a data breach which allegedly affected over 2,000 financial institutions across the country. Southern Independent, a community bank located in south

The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement providing guidance for financial institutions about the role of cyber insurance in risk management of informational technology systems. The FFIEC comprises the principals of the following: The Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, National Credit Union Administration,

With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up.  Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses.  For those of you

On August 7 2017, the U.S. Securities and Exchange Commission (SEC), through its Office of Compliance Inspections and Examinations (OCIE), published a Risk Alert summarizing observations on how broker dealers, investment advisers, and investment companies have addressed cybersecurity issues. The OCIE examined 75 financial firms registered with the SEC. The examinations focused on the firms’