Photo of Jeff Kern

In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”).  While the revisions pare back some of the DFS Rule’s original requirements and add some much needed flexibility, the regulation will still impose many new obligations upon a wide array of financial institutions doing business in New York.  The DFS Rule will become effective on March 1, 2017.
Continue Reading New York State Department of Financial Services Cybersecurity Regulation Poised to Reshape Existing Regulatory Landscape

If the New York State Department of Financial Services (“DFS”) has its way, come January 1, 2017, financial services companies that require a form of authorization to operate under the banking, insurance, or financial services laws (“Covered Entities”) will be required to comply with a new set of comprehensive cybersecurity regulations aimed at safeguarding information systems and nonpublic information.
Continue Reading New York State Department of Financial Services Proposes Cybersecurity Regulations for Financial Services Companies

The Securities and Exchange Commission’s (“SEC”) recent $1 million settlement with Morgan Stanley Smith Barney LLC (“MSSB”) marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years.  The MSSB settlement addressed various cybersecurity deficiencies that led to the misappropriation of sensitive data for approximately 730,000 customer accounts.
Continue Reading SEC Steps Up Cybersecurity Enforcement with $1 Million Fine Against Morgan Stanley