On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Read a discussion of the May 13 settlement by David Kessler, Susan Ross and Patrick … Continue Reading
The New York Department of Financial Services recently reached a settlement with National Securities Corp. related to multiple cybersecurity violations.… Continue Reading
On March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. (In the matter of Residential Mortgage Services, Inc., March 3, 2021). As a result of the regular safety and soundness examination of … Continue Reading
On April 30, 2020, the US Federal Financial Institutions Examination Council (FFIEC), an interagency group of federal and state banking regulators, issued guidance on “Security in a Cloud Computing Environment.” The FFIEC guidance focuses on security risk management principles and the financial services sector’s use of cloud computing, and supplements its publications on outsourcing of … Continue Reading
On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, … Continue Reading
On 3 October 2019, the UK and US governments signed the first bilateral Data Access Agreement (the Agreement) under the US Clarifying Lawful Overseas Use of Data Act 2018 (CLOUD Act) and the UK Crime (Overseas Production Orders) Act 2019. The Agreement seeks to facilitate faster and more direct access by each country’s agencies in criminal … Continue Reading
Last month, the Venezuelan Ministry of National Commerce issued a notice requiring patent and trademark fees to be paid in the cryptocurrency issued by the Venezuelan government — the Petro, which supposedly is backed by Venezuela’s oil and mineral reserves. As noted in previous posts, the United States has been increasing its economic sanctions on … Continue Reading
The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other … Continue Reading
On October 22, 2018, a U.S. federal trial court in Manhattan granted web services conglomerate Alibaba Group Holding Limited’s request for a preliminary injunction against several defendants that were offering cryptocurrency for sale, under the name “AlibabaCoin.” (Alibaba Group Holding Ltd. v. Alibabacoin Foundation, No. 18-CV-2897 (JPO) (S.D.N.Y. Oct. 22, 2018) Although neither Alibaba nor … Continue Reading
On September 18, 2018, the New York State Attorney General issued a 32- page report on its findings on the state of cryptocurrency platforms with respect to consumer protections. The Virtual Markets Integrity Initiative Report summarizes the results of the New York Attorney General’s April 2018 survey sent to 13 cryptocurrency platforms, including some located … Continue Reading
On March 16, 2018, a federal US District Court judge in Florida unsealed a March 12, 2018, temporary restraining order he had granted at the request of the Federal Trade Commission (FTC) against four individuals and their companies, relating to allegedly deceptive acts or practices involving cryptocurrencies. The order is set to expire on March … Continue Reading
February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date. New York imposes cybersecurity requirements on all entities (covered entities) subject to the jurisdiction of … Continue Reading
In an order dated November 28, 2017, a U.S. federal magistrate judge ordered cryptocurrency exchange Coinbase to turn over certain limited identifying information on 14,355 of their account holders to the U.S. Internal Revenue Service (IRS). This is the latest move in a case that began in 2016 when the IRS issued a so-called “John … Continue Reading
On November 1, 2017, the U.S. Securities and Exchange Commission (SEC) joined the U.S. Federal Trade Commission (FTC) in warning celebrities about social media endorsements. SEC Warning The SEC issued both a public statement and an investor alert regarding celebrity endorsements of Initial Coin Offerings (ICOs). We published a blog post in August regarding the … Continue Reading
The U.S. Securities and Exchange Commission (SEC) denied proposals to list and trade shares of two bitcoin trust exchanges: one denial issued on March 10 and the other on March 28, 2017. In both matters, the SEC found that an exchange that lists commodity-trust exchange-traded products (“ETPs”) must meet applicable requirements, including that (1) the … Continue Reading
On November 30, 2016, Judge Jacqueline Scott Corley of the U.S. District Court for the Northern District of California signed an order granting the request of the Internal Revenue Service (IRS) to serve a summons on a virtual currency exchanger for the names of its bitcoin account holders and their associated transaction records, account statements, … Continue Reading
On October 11, 2016, the U.S. Court of Appeals for the District of Columbia Circuit ruled that the Consumer Financial Protection Bureau’s (CFPB) structure was unconstitutional, but that the violation was easily remedied by severing the part of the statute that created the CFPB that permitted its Director to be removed only for cause. Instead, … Continue Reading
On September 13, 2016, New York State Governor Andrew Cuomo unveiled proposed Department of Financial Services (DFS) regulations that would impose new and wide-ranging cybersecurity requirements on all entities subject to the jurisdiction of the DFS (Covered Entities). Covered Entities include not only banks and insurers, but also any persons regulated by the DFS, including … Continue Reading
On September 19, 2016, a federal U.S. District Court judge in New York ruled in a pre-trial motion that bitcoins were “funds” for purposes of a federal indictment relating to illegal money transmitting business and money laundering. The decision comes less than two months after a Florida state criminal court judge found that bitcoin was … Continue Reading
In a current money laundering prosecution in Miami, Florida, that has generated a lot of buzz in the press because it concerns Bitcoin, a Florida state trial judge ruled on July 22 that Bitcoin cannot be considered “money” under some of Florida’s state criminal laws. Given the particular facts of the case, however, it is … Continue Reading
On February 18, 2016, the Federal Trade Commission (FTC) announced a settlement in its case against Butterfly Labs and two of its officers relating to computers that allegedly could be used to “mine” the cryptocurrency known as Bitcoins. In an earlier stage of the case in 2014, a federal trial court in Missouri granted the … Continue Reading
On December 4, 2015, President Obama signed HR 22 into law (now Public Law 114-94). Although HR 22’s official name is Fixing America’s Surface Transportation Act (“FAST Act”), the 490-page law contains some provisions of particular importance to banks and other financial institutions, including providing an exception to the annual privacy notice requirement under the … Continue Reading
On October 7, 2015, the US Consumer Financial Protection Bureau (“CFPB”) announced a proposal to prohibit financial services companies from using certain types of arbitration clauses in consumer contracts. The CFPB has proposed prohibiting financial services companies from using arbitration clauses to prevent consumer class action proceedings in court, but would continue to permit arbitration in … Continue Reading
As of September 1, 2015, in New York City, employers with four or more employees are prohibited from having credit checks run on most employees and applicants. [NYC Admin. Code Sections 8102(29), 8-107(9)(d), (24); Local Law No. 37 (2015).] On September 2, the New York City Commission on Human Rights released enforcement guidance on the … Continue Reading