Earlier this year, the U.S. Department of Housing and Urban Development (“HUD”) released an unannounced and immediately effective Cyber Incident Reporting Requirement (the “Original Requirements”) in Mortgagee Letter 2024-10, which…
This is the second post in our two-part Debevoise Data Blog series covering the U.S. Treasury Department’s report on Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector (the “Report”). In…
On May 23, 2024, the U.S. Department of Housing and Urban Development (“HUD”) announced that, effective immediately, Federal Housing Administration (“FHA”)-approved Mortgagees are subject to a drastically heightened cybersecurity incident…
On Thursday, September 16, 2022, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) published a report (the “Report”) detailing the regulatory risks of Buy Now, Pay Later (“BNPL”) products…
On May 25, 2022, the Review of Banking & Financial Services published an article on the recently-issued banking agencies’ Final Rule on Computer-Security Incident Notification Requirements for Banking Organizations and…
On Tuesday, March 22, Anna Gressel and Avi Gesser from our Data Strategy and Security Group and Tigist Kassahun of our M&A and Corporate IP practices hosted a timely discussion on emerging…
On December 16, 2021, Anna Gressel and Avi Gesser from our Data Strategy and Security Group were joined by Maeve O’Connor and Jyotin Hamid of our Commercial Litigation Group for a special…
On December 7, 2021, the New York Department of Financial Services (“DFS”) released new guidance on multifactor authentication (“MFA”), indicating that it is increasing its review of MFA during examinations,…
On November 18, 2021, federal banking regulators published a Final Rule that imposes new notification requirements on banking organizations for certain cybersecurity incidents. Most significantly, the Final Rule requires that…