On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) filed the first consent order (Order) addressing data privacy since the CFPB’s inception in 2010. The Order serves as a warning to all companies that collect, store and use sensitive customer information that misrepresentation of security practices, as well as noncompliant data protection procedures, will
Financial Information
Know Your Vendors: The Importance of Comprehensive Risk Assessment Programs
As companies continue to explore new outsourcing and cloud services models in search of improved cost and productivity efficiencies, service providers are being asked to handle increasingly sensitive types of data. However, some customers are not seeking heightened security measures from their vendors to safeguard this sensitive data.
A recent study by Gemalto regarding The…
SEC Expands Cybersecurity Compliance Requirements For 2016
On January 11, 2016, the Securities and Exchange Commission announced the 2016 examination priorities list. For the third year in a row, cybersecurity is a top concern, especially with regard to internal security program assessment and evaluation. This year the Office of Compliance Inspections and Examinations (OCIE) will focus on cybersecurity protocols implemented by financial…
FAST Act Drives Long-Awaited Gramm-Leach-Bliley Amendment
In late 2015, Congress passed the Fixing America’s Surface Transportation Act − a vehicle for an amendment to the Gramm-Leach-Bliley Act (GLBA) meant to eliminate the need for certain companies to provide annual privacy disclosures to consumers.
The amendment, which took effect immediately, eliminates the annual notice requirement for financial institutions that:
- do not share
…
2016: A Turning Point For Personal Data Protection
In 2015, a number of high-profile media and political events and several legal cases raised questions about personal data protection in the European Union. 2016 looks to be a pivotal year for reforms in personal data protection, including issues related to recent matters.
The following developments are anticipated:
- The General Data Protection Regulation will form
…
Quantum Dawn 3: SIFMA’s Cybergames
It reads like a movie script: First, the financial services industry experiences a bout of firm-specific attacks in the form of distributed denial of service (DDoS), domain name system (DNS) poisoning, or breach of personally identifiable information (PII). One day later, trade order processing at major exchanges and alternative trading systems (ATS) is disrupted. On…
NFA Adopts Cybersecurity Guidance for NFA Members
On October 23, 2015, the National Futures Association (NFA) adopted its Interpretive Notice Regarding Information Systems Security Programs (the Notice). As noted in our prior Password Protected update, the Notice requires NFA member firms − including swap dealers, major swap participants, futures commission merchants, commodity trading advisors, commodity pool operators and introducing brokers (collectively…
SIFMA Urges Senate to Pass Cyber Sharing Bill
It seems as if every day there is a new report of a data breach or cyber attack. For the same reason that Willie Sutton robbed banks — “because that’s where the money is” — cyber criminals have been incessant in their targeting of financial institutions. So it should come as no surprise that in…
IRS, States, Industry Continue Progress to Protect Taxpayers from Identity Theft
On October 20, 2015, the IRS, state taxing authorities, and leaders of the tax industry announced continued progress to expand and strengthen protection against identity theft in refund fraud for the 2016 tax season. “We are taking new steps upfront to protect taxpayers at the time they file and beyond,” said IRS Commissioner John Koskinen in announcing this development. “Thanks to the cooperative efforts taking place between the industry, the states and the IRS, we will have new tools in place this January to protect taxpayers during the 2016 filing season.”
(Tax-related identity theft occurs when someone uses a taxpayer’s stolen Social Security number to file a tax return claiming a fraudulent refund. Generally, an identity thief will use a taxpayer’s SSN to file a false return early in the year. The taxpayer may be unaware he or she is a victim until the taxpayer tries to file a tax return and learns one already has been filed using his or her SSN.)
The strengthened and expanded protections include the following:
Continue Reading IRS, States, Industry Continue Progress to Protect Taxpayers from Identity Theft
Through the Wire: SEC Turns its Sights on Insider Trading, Hacking and Data Thievery
There once existed a time when a crew of skydiving surfers could throw on surprisingly well crafted ex-president masks, stroll into a cash-heavy bank and rob the institution blind. There was a time when the weapon of choice for a bank robbery was a sawn off shotgun and an ingenious disguise. There was a time when a handwritten note riddled with grammatical errors was handed over to a shaking bank teller or power tools and explosives were used to bust open vault doors as a get-away driver idled at the curb waiting for the right moment to disappear in a fog of tire smoke. But that time has faded. That time is over. The ex-presidents are finished, and new, invisible and far more effective crews are moving in and taking over the very old and familiar business model of robbery.
Organized gangs of international hackers have replaced the old tools and techniques of the trade with skills and technology that yield results and efficiencies unimaginable to even the most prolific robbers and thieves of the past era. And by some experts’ accounts, these organizations are just getting started. This is not news though. It is well-known that hackers are so adept at navigating code and circumventing security systems that, with the assistance of only a laptop, an internet connection and likely some Red Bull, Adderall and a few late nights, they are able to access the most sensitive data on the most sensitive servers. Amongst many other companies, Adobe, Zappos and AshleyMadison.com have all been hacked. Even the United States Office of Personnel Management suffered the largest breach of government data in history this year. And now, increasingly, the financial securities industry needs to be worried.
This week, the Securities and Exchange Commission (SEC) announced in a press release that Ukrainian-based Jaspen Capital Partners Limited and CEO Andriy Supranonok have agreed to pay $30 million to settle allegations that they made massive financial gains from trading on non-public corporate news releases that were hacked and stolen from newswire services. It appears now that the glory days of receiving stock tips while enjoying a 25-year-old scotch at a roof-top party in Manhattan have diminished in favor of those traders obtaining their tips from the murky labyrinth of the hacking world.
Continue Reading Through the Wire: SEC Turns its Sights on Insider Trading, Hacking and Data Thievery