Bank Law Monitor

Bank Law Monitor

A Legal Blog for the Financial Services Industry

Cyber-Insurance Tips for an Evolving Risk Landscape

Posted in Cybersecurity

Seth is editor of The Northwest Policyholder,, the firm’s insurance coverage blog, where portions of this article previously appeared.

Surveys of C-suite executives continually rank cyber-related risks near the top of risk-management concerns. “Phishing,” hacking, and cyber-ransom events are constantly in the news and are affecting companies of all sizes. Regulators are increasingly focusing on what companies are doing to protect themselves from these risks, including what insurance has been procured in case frontline defenses fail. The banking industry is no different and, as a result, cyber-security and cyber-risk management are becoming board-level concerns.

At the same time, bankers are rightly concerned about the resiliency of their customers and business partners from cyber-events. A key component of that resiliency is, of course, insurance. The insurance industry, for its part, is concerned about the scope of financial exposure from cyber-events, and has responded by creating specialized coverage forms to channel the risk toward products that are written specifically for cyber-risk and are underwritten and priced accordingly. Insurers are also pushing back at attempts to obtain coverage for new risks under traditional products.

With cyber-losses becoming a regular occurrence in the business world, litigation between policyholders and insurers about those losses is helping to illuminate some particular areas where vigilance is needed. Continue Reading

Straight Talk About Community Banks

Posted in Cyber-Graham

As many of you know, I spent six years as a bank regulator in the Securities Disclosure Division of the OCC. Since moving out to the Northwest, I have had the privilege of being involved with several hundred community banks ranging from de novos to capital raises and from enforcement actions to mergers and acquisitions. I think it is fair to say that I have seen both sides of the regulatory equation in banks throughout the U.S. and heavily in the West.

I have worked on the Bert Lance investigation, the Change in Bank Control Act, SEC Guide 3, and participated in meetings with the full SEC commission and its senior enforcement staff, as well as all of the federal banking agencies and many state banking agencies. I have witnessed the ebb and flow of the economy and regulatory environment. Recent events have compelled me to write this article about my observations regarding community banking and its future. No one has a crystal ball, but reading the tea leaves isn’t that challenging, so here we go. Continue Reading

Three Takeaways for NW Companies from Recent Cyber-Coverage Events

Posted in Cybersecurity

11008394895_aa4ecc8275_o-300x159In the past few months we have seen a few new developments on the cyber-risk frontier, including a court decision in Arizona in the P.F. Chang’s case, and the emergence of social engineering fraud as a stand-alone coverage. Here are three action items to help Northwest businesses manage cyber-risks effectively through insurance.

1) Read your cyber-policy, then read it again – it may not cover your biggest risks, in which case you must negotiate coverage. First up is the recent court decision—one of the first on a stand-alone cyber risk policy—in the P.F. Chang’s case in Arizona. The restaurant chain experienced a data breach involving customer credit card information. The restaurant did not pay the costs to reissue the cards, cover the fraudulent charges, etc. itself—that was taken care of by a “merchant services” vendor and by Visa/Mastercard.  But the merchant services vendor was entitled to charge all of those costs back to P.F. Chang’s under a contract. P.F. Chang’s looked to its cyber insurer (Chubb) to cover those costs. Chubb paid some, but denied others, relying on a relatively obscure provision excluding payments made because of a contractual obligation. The court agreed that the exclusion barred P.F. Chang’s recovery even though the charges were because of a data breach, which was otherwise covered. Continue Reading

Military Lending Act: It Applies to More Products Than You Think

Posted in Compliance Resources, Trending News

We first posted an article about proposed amendments to the Military Lending Act (MLA) on December 30, 2014. Ultimately, the Department of Defense (DoD) amended its regulation effective October 1, 2015, and extended the MLA’s application to a wide range of closed-end and open-end credit products and to broad classes of creditors as originally proposed. With the implementation of the final rule, the MLA now essentially uses the definition of “consumer credit” as defined in the Truth in Lending Act. Compliance with the amended MLA is required by October 3, 2016. However compliance with the rules for credit cards in the MLA is delayed until October 3, 2017.

Expanded Coverage
The final regulation applies to “creditors,” which is broadly defined as “banks, credit unions, savings associations, finance companies and other lenders, as well as any assignee of a creditor.” Although many bank and credit unions attempted to argue for an exemption from the regulation on the grounds that they are already highly regulated, the DoD declined to exempt credit unions and banks from the rules.

The final rule also defines “consumer credit” in broad terms to cover all “credit offered or extended to a covered borrower primarily for personal, family, or household purposes, and that is (i) subject to a finance charge or (ii) payable by a written agreement in more than four installments.” As defined, the final rules applies to both closed-end and open-end credit, including installment loans, boat loans, single payment loans, lines of credit, credit cards, pay-day loans, and other consumer credit transactions. This means that only residential mortgage loans, secured motor vehicles, personal property loans and other transactions not covered by Regulation Z are not covered by the MLA. Unlike the Servicemembers Civil Relief Act, the MLA does not apply to business purpose loans. Continue Reading