Photo of A.J. Dhaliwal

A.J. Dhaliwal

Subscribe to A.J. Dhaliwal's Posts

A.J. is a special counsel in the Finance and Bankruptcy Practice Group in the firm's Washington, D.C. office.

Follow: Read more about A.J. Dhaliwal

On June 13, US and UK governments announced that they are developing prize challenges focused on advancing the maturity of privacy-enhancing technologies (PETs) to combat financial crime. The announcements highlight that up to $2 trillion of cross-border money laundering takes place each year. The White House explained that PETs could address financial crime through maturing technologies, which allows machine learning models to be trained on high quality datasets, without the data leaving safe environments. PETs also facilitate privacy-preserving financial information sharing and collaborative analytics; allowing suspicious types of behavior to be identified without compromising the privacy of individuals, or requiring the transfer of data between institutions or across borders.

Continue Reading US, UK Collaborate on Prize Challenges for Privacy-Enhancing Technologies

On June 7, Sen. Sherrod Brown (D-OH), Chair of the Senate Committee on Banking, Housing, and Urban Affairs, sent a letter to Treasury Secretary Janet Yellen to request a review by the Financial Stability Oversight Council of financial institutions’ consumer data activities and their potential threat to U.S. financial stability and security. The letter raised concerns that this information may be sold to third-party purchasers or data brokers who compile it with personal data collected from other sources often associated with advertising and exploited for other uses. The Committee also raised concerns that such data could be used for nefarious purposes including “glean[ing] consumers’ tolerance for price hikes, or using certain people’s spending patterns to target them for blackmail or ransomware.” 

Continue Reading Senate Banking Committee Sends Letter to Yellen on Collection, Use of Consumer Data

The May 1 change to banks’ cyber-notification process is fast approaching. As we wrote previously the OCC, FDIC, and Federal Reserve Board implemented a final rule under which banks and their service providers must notify their primary federal regulators within 36 hours of certain incidents.  A notification incident that triggers this requirement is defined as a computer security incident that materially disrupts a banking organization’s operations or lines of business. Thus not all incidents will meet these levels. For those that do, banks will need to be prepared. Part of that is having the right points of contact, which include:
Continue Reading On the Clock: Cyber Incidents Notification Deadline Approaching for Banks

In light of Russia’s recent military actions in Ukraine, the New York Department of Financial Services issued guidance on its cybersecurity and virtual currency regulations. The Department is specifically concerned about heightened risk for Russia’s cyberattacks against Ukraine, which could in turn lead to retaliatory attacks against U.S. critical infrastructure due to U.S. sanctions against Russia.
Continue Reading NYDFS Issues Cybersecurity Guidance in Response to Events in Ukraine

A California-based lead generation company recently settled with the FTC for $1.5 million over alleged privacy violations. The FTC argued that the company deceptively acquired consumer personal information and improperly
Continue Reading FTC Fines Lead Generation Company $1.5M Citing Misuse of Consumer Financial Data

Last month, the CFPB utilized its market monitoring authority to issue a series of orders to five companies offering “buy now, pay later” credit.  Buy now, pay later, or BNPL, is a deferred payment option that allows consumers to split a purchase into smaller installments, typically four or less, often with a down payment of 25 percent due at checkout.

Continue Reading CFPB’s Latest Orders Place Data Practices Front and Center for 2022

Federal banking regulators issued a final rule that impacts how banks and other regulated entities report certain data incidents.  Those subject to these new reporting requirements include U.S. banks and bank service providers. The rule is effective April 1, 2022, and covered entities are expected to comply with the final rule by May 1, 2022. The new requirements reflect ongoing concern to identify and stop computer security incidents before they become systemic.
Continue Reading Beginning in May 2022 Banks Will Have 36 Hours to Disclose Certain Types of Cyber Incidents

The FTC recently announced a final rule updating its GLBA Safeguards Rule to “strengthen the data security safeguards” of consumer financial information. The FTC reported that it was making these changes in response to widespread data breaches and cyberattacks.  As we reported in our sister blog, the changes will mean that a broad range of non-banking financial institutions may need to make updates to their data security policies and procedures. The new requirements go into effect in November 2022.

Continue Reading Non-Banking Institutions Will Want to Review Security Measures in Light of Update to Safeguards Rule

The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, recently announced that it fined UnaVista Limited, a UK-based trade repository, €238,500 ($280,000) for eight breaches of the European Market Infrastructure Regulation (EMIR).  The EMIR includes rules regulating the conduct of trade repositories, and in conjunction with its role as the supervisor of trade repositories under EMIR, ESMA is empowered to file enforcement actions in response to infringements of EMIR by trade repositories.

Continue Reading European Securities Watchdog Fine Highlights Importance of Data Integrity and Regulatory Access

The New York State Department of Financial Services recently announced new guidance addressing ransomware attacks, and highlighting cybersecurity measures to significantly reduce the risk of an attack.  The guidance comes as ransomware rates have been increasing, and builds on the post SolarWinds guidance from NYDFS about supply chain management. It was released just prior to the most recent large attack, namely the July 2nd supply-chain ransomware attack centered on the U.S. information technology firm Kaseya.

Continue Reading NYDFS Issues Ransomware Guidance