Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner


Like what you see? Share!

Our Attorneys

Federal Bank Regulators Seek Comments on "Enhanced" Cybersecurity Rules

Just one day after the Federal Financial Institutions Examination Council issued FAQs to help financial institutions utilize FFIEC’s Cybersecurity Assessment Tool, three federal banking regulators issued an Advance Notice of Proposed Rulemaking regarding “Enhanced Cyber Risk Management Standards.”

The rulemaking notice was issued on October 19, 201 by the Federal Reserve Board, the FDIC, and the OCC.  A copy of the notice can be found here

As proposed, the enhanced cybersecurity rules would not apply to community banks, but would apply to any of the following institutions as well as third parties who provide services to these institutions:  (1) depository institution and depository institution holding companies with assets of $50 billion or more; (2) US operations of foreign banking organizations with US assets of $50 billion or more; and (3) financial market infrastructure companies and nonbank financial companies supervised by the Federal Reserve Board.  These institutions were identified to the extent they provide “key functionality to the financial sector.”

The enhanced rules are being considered based on the reality that technology dependence is growing and the US financial sector is becoming more interdependent. As such, a cybersecurity induced failure of one major institution could impact the safety and soundness of other institutions.

The enhanced rules would fall within five different categories: (1) cyber risk governance; (2) cyber risk management; (3) internal dependency management; (4) external dependency management; and (5) incident response, cyber resilience, and situational awareness.  The proposed rulemaking includes 36 questions across the foregoing categories for which comments are being sought.

Comments are due January 17, 2017.


Know Your Risks: FFIEC issues FAQs on its Cybersecurity Assessment Tool

On October 18, 2016, the Federal Financial Institutions Examination Council published a set of Frequently Asked Questions to help financial institutions utilize the Council’s Cybersecurity Assessment Tool.  The FAQs were announced as part of FIL-68-2016.

The Cybersecurity Assessment Tool is a voluntary process designed to help the management of financial institutions measure their cybersecurity risks and their ability to respond to a threat.  The Tool was issued in June of 2015.

The FAQs address questions such as:

  • Why did the FFIEC release the Assessment?  A. To help institutions develop a “measurable” and “repeatable” mechanism to address the growing cybersecurity threats;
  • How does the Assessment align with the NIST Cybersecurity Framework?  A. The Assessment was developed using this framework along with the FFIEC IT Examination Handbook and “industry accepted cybersecurity practices.”
  • Will the FFIEC release an automated version of the Assessment.  A. Not at this time.
  • Can the Assessment be used as part of my institutions’ oversight of third parties?  A. Yes.
  • Does the FFIEC plan to update the assessment?  A.  Yes, as threats and risks evolve.

The FAQ’s are available here, and the Assessment Tool is available here.


Sabina v. JP Morgan Chase: Maine Mortgage Holders Must Send Original Discharge to Mortgagor

In Sabina v. JPMorgan Chase Bank, N.A., the Maine Law Court reaffirmed that mortgage holders in Maine must timely mail a discharge within 60 days after the conditions of the mortgage have been satisfied. 2016 ME 141. The Court further found that a photocopy of the discharge was not sufficient.

Click to read more ...


US Bank v. Decision One: Proving Assignment Of A Mortgage Just Got Harder

A recent Maine Superior Court decision in US Bank v. Decision One Mortgage highlights the challenge of a foreclosing party to prove that it owned -- or had sufficient rights in -- both the note and the mortgage.  The importance of establishing ownership in order to foreclose on a mortgage was established by Bank of America, N.A. v. Greenleaf, 2014 ME 89, a seminal decision of Maine’s highest court in 2014.

Click to read more ...


Financial Institutions . . . In the News

  • Acadia Trust merges with Camden National Bank and will now be called Camden National Wealth Management.  (Central Maine 9.14.2016)
  • Senate Committee prepares to question Wells Fargo CEO on high-pressure sales tactics. (Central Maine 9.19.2016)
  • Wells Fargo CEO Stumpf receives harsh criticism from members of the Senate Banking Committee.  (Central Maine 9.21.2016)
  • Some the $300 million Wells Fargo top executives received in bonuses may be returned because of Wells Fargo banking scandal.  (Central Maine 9.27.2016)
  • Portlander Michael Bopp to represent Wells Fargo with government investigations at congressional hearings.  (Washington Post 9.29.2016)
  • York County sees skimming devices at three locations:  Wells, Sanford, and Waterboro.  (Central Maine 10.2.2016)
  • Concerns arise from community banks and credit unions with potential new regulations because of the Wells Fargo scandal. (The Hill 10.3.2016)
  • Five of the largest U.S. banks submitted their new financial distress plans (“living wills”) as required by the Federal Reserve.  (The Hill 10.4.2016)
  • The Consumer Financial Protection Bureau issued new rules for prepaid cards.  (The Hill 10.5.2016)
  • Bangor Savings Bank’s customers being targeted with text scam. (BDN 10.6.2016)