Bank Law Monitor

Bank Law Monitor

A Legal Blog for the Financial Services Industry

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Cyber-Insurance Tips for an Evolving Risk Landscape

Posted in Cybersecurity
Seth is editor of The Northwest Policyholder,, the firm’s insurance coverage blog, where portions of this article previously appeared. Surveys of C-suite executives continually rank cyber-related risks near the top of risk-management concerns. “Phishing,” hacking, and cyber-ransom events are constantly in the news and are affecting companies of all sizes. Regulators are increasingly focusing… Continue Reading

California Attorney General Explains “Requirement” to Comply with the 20 Controls Identified in the Center for Internet Security’s Critical Security Controls

Posted in Cybersecurity, Data Privacy
In February, the California Attorney General issued the “California Data Breach Report.” That report contained several recommendations, the most controversial of which related to the Center for Internet Security’s Critical Security Controls (the “CCS”). The report stated that “failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable… Continue Reading

Coping with the CAMELS

Posted in Compliance Resources, Cybersecurity
Introduction In connection with a presentation I was asked to make by the Federal Home Loan Bank to some of its member banks, I crafted this article on “Coping with the CAMELS.” As you know, this is an acronym for the six ratings in commercial bank exams – Capital, Asset Quality, Management, Earnings, Liquidity and… Continue Reading

Beware: Data Breaches May Expose You to UDAP Liability

Posted in CFPB, Cybersecurity, Regulatory Developments, Trending News, UDAAP
Recently, the U.S. Court of Appeals for the Third Circuit ruled that the Federal Trade Commission (FTC) may pursue a lawsuit against Wyndham Worldwide Corporation, a hotel and time share operator for “unfair and deceptive” cybersecurity practices. In its complaint, the FTC alleged that Wyndham “unreasonably and unnecessarily” exposed consumers’ personal data in more than… Continue Reading

States Are Amending Their Data Breach Laws. Why Should Banks Care?

Posted in Banking Technology, Cybersecurity
Data security and data breach notifications are—or should be—on everyone’s mind these days. Banks are certainly no exception. And banks, in general, are setting good examples for other businesses because banks’ data security systems and incident-response plans are usually up to date, tested for effectiveness, and the subject of board-level discussions. But how many banks… Continue Reading


Posted in Cybersecurity
It Can Happen to You I woke up this morning to a fraud alert from Citibank on my credit card. After going through the Spanish Inquisition to secure my identity, I finally learned what had triggered the alert—a small transaction in Spain. When I attempted to verify that the Citibank people were legitimate and not… Continue Reading