Menu
Photo of Consumer Crossroads: Where Financial Services and Litigation Intersect Heather D. McArn
Partner
HMcArn@hinshawlaw.com
212-471-6208
View Bio
Heather McArn advises financial services businesses on regulatory compliance, the integration of financial technology with business operations …

Showing 13 posts by Heather D. McArn.

New York State DFS Urges Financial Institutions to Consider and Prepare for Impact of Climate Change

Having sent a similar letter to New York's domestic and foreign insurance companies, the New York State Department of Financial Services (DFS) issued a letter on October 29, 2020 explicitly calling on its regulated financial institutions to start integrating financial risks associated with climate change into their business strategies, risk management processes, and governance frameworks. DFS' expectations apply to New York-regulated banks, mortgage bankers and servicers (Regulated Organizations), as well as to other New York-regulated non-depositories, including money transmitters, licensed lenders, sales finance companies, and virtual currency firms (Regulated Non-Depositories). More ›

NYS DFS Publishes its Investigative Report of the Twitter Hack of July 2020

The New York State Department of Financial Services issued a press release on Thursday announcing the publication of its investigative report of the July 2020 Twitter hack. The exhaustive report reviews the facts surrounding the hack, provides a visual timeline, and explores the cybersecurity weaknesses at Twitter that made the hack possible, including a lack of leadership, vulnerability to social engineering, and a failure to address the new vulnerabilities caused by the pandemic-driven shift to mass remote working. More ›

Validating Cyber Compliance in Light of the First DFS Enforcement Action

We recently reported on the New York State Department of Financial Services' (DFS) first enforcement action under its 2017 cybersecurity regulation ("Part 500"), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. DFS' statement of charges provides important insight into the agency's priorities and expectations when assessing how a company has addressed and mitigated a data exposure, and offers a roadmap for how other regulators might interpret similar data security laws being implemented across the country. Given increasing regulatory scrutiny and the fact that inappropriate cybersecurity procedures and practices could result in significant financial liabilities, companies should proactively re-assess where they stand in relation to applicable cyber mandates.

We highlight here some key takeaways from the recent DFS enforcement action that entities subject to Part 500 should carefully consider when validating their current state of compliance. More ›

Another Cybersecurity Wake Up Call: Connecticut Insurance Department Issues Guidance on Cyber Law Set to go Into Effect

Covered entities received two cybersecurity wake up calls from insurance regulators this month. As we have reported, the New York State Department of Financial Services (DFS) issued its long-awaited first cyber enforcement action pursuant to its groundbreaking and first-in-nation cybersecurity regulation. In addition, the Connecticut Insurance Department issued a Bulletin to all licensees, providing guidance for compliance with the Connecticut Insurance Data Security Law (the Act), which goes into effect on October 1, 2020. The Act was modeled after the National Association of Insurance Commissioners Model Cybersecurity Law, which itself was modeled after the DFS cybersecurity regulation. More ›

Long-Awaited DFS Cyber Enforcement Action Sees Charges Filed Against Title Insurer For Exposing Millions of Documents Containing Consumer Personal Information

After several years of anticipation, the New York State Department of Financial Services (DFS) has filed its first enforcement action under the agency's groundbreaking and first-in-the-nation 2017 cybersecurity regulation (Part 500 of Title 23 of the New York Codes, Rules, and Regulations), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. This action is a wakeup call to covered entities to fully implement the directives of Part 500. More ›

New York DFS Launches "FastForward" Program Aimed at Driving Innovative Financial Services and Products

In support of re-opening and adapting New York to the new economic and social normal caused by COVID-19, New York's Department of Financial Services (DFS) announced the launch of a program called "DFS FastForward" which will support innovators who can deliver novel digital solutions that advance the state's recovery from the pandemic. The program builds on the successful launch in February of an InsurTech pilot program by DFS, and promises to "reduce barriers and speed up" the regulatory process for qualifying services and products. More ›

CFPB Issues New Mortgage Servicer Guidelines for Transferring Loans to a New Servicer

The Consumer Financial Protection Bureau (CFPB) recently published compliance guidanceeffective immediately—on the handling of information and documents during the transfer of a mortgage loan to a new servicer. Following related guidance issued in 2014 on these mortgage servicer transfers, CFPB supervisory examiners have continued to document weaknesses in servicer compliance management systems and violations of Regulation X, including inadequate policies and procedures for transferring loan information and documents in a timely and accurate manner that ensures uninterrupted continuation of required servicing functions. More ›

Popular Video Conferencing Zoom App Hit with CCPA Class Actions

We recently reported on the California Attorney General's ongoing and active enforcement of the California Consumer Privacy Act (CCPA) despite COVID-19 and the availability of private actions. In Robert Cullen v. Zoom Video Communications, Inc., N.D. Cal., No. 20-cv-02155, filed on March 30, 2020, plaintiff alleges that Zoom failed to properly safeguard the personal information of him and other users of its software application (Zoom App) and video conferencing platform. More ›

CCPA Litigation Has Arrived and COVID-19 Will Not Delay Enforcement

Despite concerns expressed by the business community, enforcement of the California Consumer Privacy Act (CCPA) will not be delayed as a result of the COVID-19 pandemic. California Attorney General Xavier Becerra recently clarified that his office "is committed to enforcing the law upon finalizing the rules or July 1, whichever comes first. … [W]e are all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers' privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency." More ›

Interactive COVID-19 Regulatory Map for Consumer Financial Institutions

To assist consumer financial services lenders, servicers and investors, Hinshaw has developed an interactive tracker of state regulations related to the COVID-19 pandemic. The tracker documents actions by various state regulators, along with the limits imposed by states on foreclosures, evictions, and debt collections, and allows users to click on any state to view applicable provisions. We recommend adding the tracker to your browser bookmarks, as we will update it on a regular basis. More ›

Search
Subscribe via Email