On 26 September 2024, the European Central Bank (ECB) issued a paper which outlines how the European framework for threat intelligence-based ethical red teaming – the TIBER-EU framework – can help Member State competent authorities (NCAs) and financial entities fulfil the threat-led penetration testing (TLPT) requirements in the Digital
On 1 December 2023, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published its second publication on the Digital Operational Resilience Act (Regulation (EU) 2022/2554, the DORA). The publication focuses on the management of information, communication and technology (ICT) risks for third-party providers and aims
Noting that ransomware incidents have become increasingly prevalent in the financial services sector, the Federal Financial Institutions Examination Council has released an update to its Cybersecurity Resource Guide for Financial Institutions – a publication that was last updated in October 2018. Read our update here.
Le lancement du nouveau registre canadien de la propriété effective est prévu pour 2023, mais les détails à son sujet demeurent vagues. Pour se préparer à ces changements, les sociétés peuvent déjà jeter un coup d’œil au mode de fonctionnement de registres similaires d’autres territoires.
La faiblesse relative du régime canadien de lutte contre le
On 10 March 2022, the Information Commissioner’s Office (ICO) issued a monetary penalty notice to a professional services firm (the Firm) to the tune of £98,000 for a breach of Article 5(1)(f) of the General Data Protection Regulation (GDPR).
The Firm was the victim of a ransomware attack which it first became aware of on
On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019.
Read a discussion of the May 13 settlement by David Kessler, Susan Ross and Patrick
On March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. (In the matter of Residential Mortgage Services, Inc., March 3, 2021).
As a result of the regular safety and soundness
On December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve Board and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification
When an entity (Affected Entity) experiences a data breach incident (Breach Incident), it is instantly faced with a number of issues that it must address with urgency. Among such, an Affected Entity must manage crucial regulatory compliance obligations that may be triggered by the Breach Incident. The most obvious of these obligations arise under the
In response to the growing use of artificial intelligence (AI) by banks, the Hong Kong Monetary Authority (HKMA) has provided guidance to the banking industry on the use of AI applications. These are high level principles (set out briefly below) which banks are expected to take into account when designing and