On October 13, 2020, state financial regulators in partnership with the Bankers Electronic Crimes Taskforce and the U.S. Secret Service, released the Ransomware Self-Assessment Tool (R-SAT) to help financial institutions mitigate the risks of ransomware. The R-SAT is a detailed questionnaire designed to evaluate the effectiveness of an institution’s general security controls as well as […]
Board Governance & Cyber Risk Management
FinCEN Alerts Financial Institutions on Role in Facilitating Ransomware Attacks
With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]
OFAC Ransomware Advisory Warns Companies of Potential Civil Liability
Yesterday, October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued its “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory begins with the observation that “ransomware attacks have become more focused, sophisticated, costly, and numerous,” citing certain FBI statistics, before making clear what was already well […]
U.S. Department of Commerce Releases White Paper to Assist Organizations in Conducting Schrems II Assessments
In a letter from Deputy Assistant Secretary James Sullivan, the U.S. Department of Commerce introduced a white paper, “Information on U.S. Privacy Safeguards Relevant to SCCs and Other EU Legal Bases for EU-U.S. Data Transfers after Schrems II,” to assist organizations in conducting independent analyses of data transfers in light of the July 16, 2020 […]
SEC Focused on Protecting Customer Accounts from Credential Stuffing Attacks
OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]