2018 has a tough act to follow, after a 2017 full of momentous developments—starting with a new Administration and wrapping up with a showdown over the right to serve as Acting Director of the Consumer Financial Protection Bureau (CFPB) (a fight that continues as of this writing, as discussed below).

But 2018 is unlikely to be a quiet year. In addition to developments in the CFPB leadership battle and other litigation, the year is expected to bring developments such as effective and compliance dates for major regulations on data protection, Bank Secrecy Act/anti-money-laundering (BSA/AML), mortgage servicing, and other topics, and could bring changes in supervisory focus at multiple federal agencies.  Continue Reading Fasten Your Seatbelts: Are You Ready for Another Eventful Year?

The SEC’s recent settlement with Morgan Stanley highlights the agency’s continued focus on enforcing cybersecurity measures. On June 8, 2016, Morgan Stanley agreed to pay a $1 million penalty to settle charges relating to its alleged failure to adopt written policies and procedures reasonably designed to protect customer records and information, a violation of the “Safeguards Rule.”

Continue Reading SEC’s Focus on Enforcing Data Security Safeguards Continues: Lessons Learned from Its $1M Fine of Morgan Stanley

The FTC’s focus on data security appears to be expanding, with the agency now investigating the processes by which private industry measures data security compliance. On March 7, 2016, the FTC ordered nine different companies who are “Qualified Independent Assessors” to provide detailed information about how they assess their clients’ compliance with the Payment Card Industry Data Security Standards (“PCI DSS”). The nine companies receiving orders range from large accounting firms such as PricewaterhouseCoopers, LLP, to security-focused companies such as Foresite MSP, LLC. They must respond to the Commission within 45 days (absent any extensions that the Commission might grant). The FTC did not state that the orders were issued in connection with any apparent breach or other specific problem, and the agency’s ultimate goal for this inquiry remains to be seen.

Continue Reading QUICK REVIEW—Watching the Watchers: FTC Orders Investigation Into Third Party PCI DSS Qualified Independent Assessors