The New York State Department of Financial Services (NYDFS) has made available Update on Cyber Security in the Banking Sector: Third-Party Service Providers (April 2015) (the Update Report), which is based on a survey NYDFS conducted of 40 banking firms about the "cyber security standards those firms have in place for their third-party vendors". The Update Report provides an update on NYDFS's Report on Cyber Security in the Banking Sector (May 2014), which "highlighted the [banking] industry's reliance on third-party service providers for critical banking functions as a continuing challenge".
According to NYDFS, key findings of the Update Report include that:
- "[n]early 1 in 3 ... of the banks surveyed do not require their third-party vendors to notify them in the event of an information security breach or other cyber security breach";
- "[f]ewer than half of the banks surveyed conduct any on-site assessments of their third-party vendors";
- "[a]pproximately 1 in 5 banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements"; and
- "[n]early half of the banks do not require a warranty of the integrity of the third-party vendors' data or products".
NYDFS's media release (9 April 2015)
Related news item:
The New York Times: Wall St. Is Told to Tighten Digital Security of Partners (8 April 2015)
(Source: NYDFS; The New York Times)
Beginning in early December 2014, SAI Global Compliance conducted a survey among compliance professionals in the Financial Services industry. Respondents were asked questions relating to budget and priority areas for their compliance departments in 2015. A broad assortment of compliance professionals responded to the survey, representing a variety of financial services organizations from across the U.S., ranging in size from organizations with less than $2 billion in assets all the way up to organizations with assets greater than $100 billion.
Michael Kieval, Partner, Weiner Brodsky Kider PC and Jason W. McElroy, Partner, Weiner Brodsky Kider PC
Regulatory reform under Dodd-Frank has impacted the entire financial services sector over the last few years. The impact has been notable for mortgage providers and services, and based on proposed rulemaking, there are more changes to come. Revisions to RESPA went into effect this time last year and the industry is still working out what the changes mean on a more practical level.
David K. Stein, Bricker & Eckler LLP
Regulations and regulator expectations seem to be changing and evolving at a rapid pace for financial service providers. Both organizations and regulators are doing their best to keep up with the fast paced technological world in which we exist. One area of growing importance and concern is Social Media. As organizations face increasing pressure to be involved and active on social media, regulators are realizing it is another avenue they need to be monitoring.
The Consumer Financial Protection Bureau’s (CFPB) has completely altered the regulatory landscape for financial service companies, and now the CFPB is examining the entities under their jurisdiction. They have established their supervisory authority, as well as the breadth of their enforcement range under UDAAP. There have also been quite a few rules finalized and numerous guidance documents published by the CFPB. Financial service providers being examined need to be able to provide proof of compliance with these legal and regulatory requirements.
Carol Stern, Senior Consultant, First Consulting Operational Compliance
Market Conduct Examinations are a time consuming and costly reality for insurance companies. With resource and time constraints, Market Conduct Exams are a serious burden to compliance departments. Having a better understanding of what regulators are focusing on and what events are triggering targeted exams can help your organization be more prepared. Also, by staying on top of trends, triggers and top findings, insurance organizations can better avoid common pitfalls.
Jason W. McElroy, Associate - Weiner Brodsky Kider PC
The Consumer Financial Protection Bureau’s (CFPB) has dramatically changed the regulatory landscape for mortgage providers and servicers. They have established their supervisory authority, as well as the breadth of their enforcement range under UDAAP (Unfair, Deceptive, or Abusive Acts or Practices). Additionally, quite a few rules have been finalized and numerous guidance documents published by the CFPB directly affecting the mortgage industry. And now, the CFPB has begun examining the entities under their jurisdiction.
The Australian Securities and Investments Commission (ASIC) has announced that it has fined the following financial services providers for making potentially misleading representations to consumers:
Former National Australia Bank Ltd worker Lukas Kamay and former Australian Bureau of Statistics worker Christopher Hill have entered guilty pleas to insider trading and conspiracy charges in relation to their roles in a A$7 million insider trading scheme, one of the largest in Australian history.
The United States Commodity Future Trading Commission (CFTC) has announced that it has ordered (15 September 2014) Morgan Stanley Smith Barney (Morgan Stanley) to pay disgorgement and a US$280,000 penalty after finding that the futures commission merchant "failed to diligently supervise" workers' opening and handling of accounts held in the name of a group of entities that purported to have operations in a jurisdiction deemed "high-risk" under Morgan Stanley's compliance procedures.
- Anti-Bribery & Anti-Corruption (32)
- Anti-Money Laundering (1)
- Authors (37)
- Business Ethics & Corporate Culture (28)
- Careful Communication & Proper Use of Computers (3)
- Code of Conduct (3)
- Competition (8)
- Compliance & Ethics Learning (1)
- Compliance & Ethics Risk Management (11)
- Compliance Programs -- In Practice (41)
- Confidentiality & Intellectual Property (5)
- Conflicts of Interest (2)
- Consumer Protection (0)
- Corporate Responsibility & Sustainability (1)
- Employment & Workplace Issues (12)
- Environment, Health & Safety (9)
- European Perspective (4)
- Financial Integrity (1)
- Government Contracting (6)
- GRC Technology (0)
- Information Security (2)
- Insider Trading (5)
- Other (3)
- Privacy & Data Protection (16)
- Records Management (0)
- Respect in the Workplace (0)
- Risk Management (8)
- Providing employees with a framework for ethical… Written by Jamie McKillop 2012-01-18 01:36:42 Improving Organizational Behavior (Expert Commentaries)
- Many companies find sexual harassment to be… Written by Jamie McKillop 2012-01-18 01:35:35 Employment Law Regarding Harassment (Expert Commentaries)
- Vignettes and enactments are effective tools in… Written by Mary Snyder 2012-01-12 17:15:57 Employment Law Regarding Harassment (Expert Commentaries)