On 1 December 2023, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published its second publication on the Digital Operational Resilience Act (Regulation (EU) 2022/2554, the DORA). The publication focuses on the management of information, communication and technology (ICT) risks for third-party providers and aims

Noting that ransomware incidents have become increasingly prevalent in the financial services sector, the Federal Financial Institutions Examination Council has released an update to its Cybersecurity Resource Guide for Financial Institutions – a publication that was last updated in October 2018. Read our update here.

On 19 October 2021, the Financial Stability Board (FSB) published a report exploring whether greater convergence in the reporting of cyber incidents is achievable in light of increasing financial stability concerns, especially given the digitalisation of financial services and increased use of third party service providers.

The FSB found that fragmentation exists across

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019.

Read a discussion of the May 13 settlement by David Kessler, Susan Ross and Patrick

On March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. (In the matter of Residential Mortgage Services, Inc., March 3, 2021).

As a result of the regular safety and soundness