On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) announced that, effective immediately, Federal Housing Administration (“FHA”)-approved Mortgagees are subject to a drastically heightened cybersecurity incident…
Many public companies are starting to face increased risks of securities class action litigation based on statements about their use of AI that are alleged to have been false or…
On Thursday, September 16, 2022, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) published a report (the “Report”) detailing the regulatory risks of Buy Now, Pay Later (“BNPL”) products…
The Data Strategy and Security team at Debevoise & Plimpton LLP has authored the 2022 edition of the Privacy Law Answer Book (Practising Law Institute, 2021), a user-friendly guide to…
On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…
As financial institutions increasingly deploy artificial intelligence (“AI”), including machine learning and automated decision-making technologies, across their business lines, U.S. federal regulators have started to scrutinize the consumer protection implications…
Last year, we discussed the first enforcement action brought by the New York State Department of Financial Services (“DFS”), which involved charges against First American Title Insurance Company. That hearing…
On January 12, 2021, the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”) and the Federal Reserve Board (“FRB”) (together the “Agencies”) published a…