BankBryanCave.com

Bank Bryan Cave

Zetoony

Main Content

Do you get Bragging Rights if the Malware Infecting your Computer was Named after Zeus?

April 17, 2017

Authors

Jerry Blanchard and David Zetoony

Do you get Bragging Rights if the Malware Infecting your Computer was Named after Zeus?

April 17, 2017

by: Jerry Blanchard and David Zetoony

Over the last decade as the specter of cyber attacks has increased dramatically, financial institutions have been encouraged to look into the use of cyber fraud insurance as one means of minimizing risk. A recent decision by the 8th Circuit provides an interesting opportunity to see how such policies are going to be interpreted by the courts.

In 2011, an employee at Bellingham State Bank in Minnesota initiated a wire transfer through the Federal Reserve’s FedLine Advantage Plus system (FedLine). Wire transfers were made through a desktop computer connected to a Virtual Private Network device provided by the Federal Reserve. In order to complete a wire transfer via FedLine, two Bellingham employees had to enter their individual user names, insert individual physical tokens into the computer, and type in individual passwords and

Read More

What Will The Proposed New York Cybersecurity Requirements For Financial Institutions Really Make Companies Do?

January 23, 2017

Authors

David Zetoony

What Will The Proposed New York Cybersecurity Requirements For Financial Institutions Really Make Companies Do?

January 23, 2017

by: David Zetoony

In early September 2016, the New York Department of Financial Services (“DFS”) proposed a set of data security regulations (the “Proposal”) that would govern financial institutions, banks, and insurance companies subject to the jurisdiction of the agency (“covered entities”).  After receiving public comments, DFS revised and resubmitted the Proposal on December 28, 2016.  If the Proposal ultimately goes into effect it would require that covered entities have a written information security policy (“WISP”) and outline specific provisions (substantive and procedural) that must be contained in that document.  While the Proposal has garnered a great deal of public attention, the majority of the provisions in the latest version are not unique.

Prior to the Proposal at least four states already required that if a company collected financial information about consumers within their

Read More

FDIC Examinations and Cyberattack Risk

May 7, 2015

Authors

Jerry Blanchard and David Zetoony

FDIC Examinations and Cyberattack Risk

May 7, 2015

by: Jerry Blanchard and David Zetoony

FDIC bank examinations generally include a focus on the information technology (“IT”) systems of banks with a particular focus on information security. The federal banking agencies issued implementing Interagency Guidelines Establishing Information Security Standards (Interagency Guidelines) in 2001. In 2005, the FDIC developed the Information Technology—Risk Management Program (IT-RMP), based largely on the Interagency Guidelines, as a risk-based approach for conducting IT examinations at FDIC-supervised banks. The FDIC also uses work programs developed by the Federal Financial Institutions Examination Council (FFIEC) to conduct IT examinations of third party service providers (“TSPs”).

The FDIC Office of the Inspector General recently issued a report evaluating the FDIC’s capabilities regarding its approach to evaluating bank risk to cyberattacks. The FDIC’s supervisory approach to cyberattack risks involves conducting IT examinations at FDIC-supervised banks and their TSPs; staffing IT examinations with sufficient, technically qualified staff; sharing information about incidents and cyber risks with regulators and

Read More
The attorneys of Bryan Cave LLP make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.