Debevoise Analyzes Revised New York Cybersecurity Regulation for the Financial Sector

New York’s Department of Financial Services (DFS or the Department) has responded to a large volume of comments about its proposed, sweeping cybersecurity regulation for banks, insurers and other financial service providers by softening a number of provisions that many in the industry had criticized as onerous and overly prescriptive. On December 28, 2016, the Department published a revised regulation (the Revised Draft Regulation)[1] that altered its original, “first-in-the-nation” proposal issued on September 13, 2016 (the Original Draft Regulation).

Many had argued that the Original Draft Regulation should be more risk-based, along the lines of the NIST Cybersecurity Framework … Read more

Debevoise & Plimpton discusses New York’s Proposed Cyber Regulations

On September 13, 2016, the New York Department of Financial Services (“DFS” or the “Department”) issued proposed regulations (the “Proposed Regulations”) designed to guard against the onslaught of cyber-attacks faced by banks, insurance companies and other financial services providers.[1] Billed by Governor Andrew Cuomo as a means to assure that regulated banks and insurance companies “protect consumers and ensure that [their] systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible,” the Proposed Regulations provide a baseline with respect to companies’ cybersecurity practices regardless of the size, nature or complexity of the business.[2] Though they mirror … Read more

Debevoise & Plimpton discusses CFPB’s Plan for Reforming Debt Collection Industry

On July 28, in conjunction with a field hearing on debt collection, the Consumer Financial Protection Bureau (“CFPB” or the “Bureau”) released an outline of proposals under consideration to regulate the debt collection industry (the “Outline”).[1] Released as part of the  required consultation with a cross section of small entities likely to be affected by the regulation pursuant to the Small Business Regulatory Enforcement Fairness Act (the “SBREFA”), the Outline contains broad proposals to cover the debt collection activities of third-party collection agencies, debt buyers, collection law firms and loan servicers. The CFPB has indicated that it will convene … Read more