Emory Corporate Governance and Accountability Review


The regulation of data privacy and cyber security in the financial services sector is in its infancy. This is partly due to the fact that the regulation of Financial Services is fragmented with multiple regulators covering different risks across different entities including the Federal Reserve, FDIC, OCC, SEC, FINRA, CFPB, FinCEN, as well as all the applicable State Agencies covering traditional commercial banking, consumer lending, investment banking, and broker dealer activity. We will review what standards are currently being utilized by both the prudential regulators, the CFPB, as well as the New York Department of Financial Services, and the best practices that those in the commercial banking and consumer lending spaces should implement including review of the FFIEC's Cyber Security tool. After our discussion of compliance on the front end, we will close with best practices to implement in the event of a breach and how the best practices put place prior to the breach will help in limiting your regulatory, reputational and litigation liability post breach.