Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner


Like what you see? Share!

Our Attorneys

Entries in information technology (6)


FFIEC Proposes Compliance and Risk Management Guidance for Social Media Use

The Federal Financial Institutions Examination Council (“FFIEC”) has issued proposed guidance on compliance issues and risk management in the use of social media (the "Proposed Guidance"). The term "social media" as used in the Proposed Guidance applies to "interactive online communication" where users "generate and share content." (i.e., Facebook, Yelp, LinkedIn, YouTube, etc.) Financial institutions are increasingly using social media to generate new business and develop stronger relationships with customers. The Proposed Guidance is intended to assist financial institutions in identifying and addressing potential areas of risk, including compliance, legal, operational and reputational risk...

Click to read more ...


Federal Agencies Publish Guidance On Technology Outsourcing

The FFIEC and several federal banking agencies (the Federal Reserve, FDIC, and OCC) recently announced the publication of new and revised guidance on the use of third-party technology service providers (“TSPs”) by federally-regulated financial institutions...

Click to read more ...


FFIEC Issues Statement on Outsourced Cloud Computing

The Federal Financial Institutions Examination Council (FFIEC) issued a statement on July 10, 2012, discussing the risks associated with outsourced cloud computing services. The FFIEC generally considers cloud computing (outsourced IT services received from vendors via the Internet "cloud") to be subject to the same risk characteristics and management requirements as traditional outsourcing arrangements. The FFIEC, however, highlights the need to focus on certain key considerations specific to cloud computing.

Click to read more ...


Maine Banker Publishes Article on Internet Banking Issues

Maine Banker, the trade magazine for the Maine Bankers Association, recently published an article entitled Internet Banking: Six (or so) Key Lessons in its March-April 2012 edition.  The article was co-authored by James Cohen and Alistair Raymond of Verrill Dana, LLP.  The article addresses a number of key considerations for banks when managing their Internet banking platforms.


Mass. Data Security Regulations are a Reminder to Review Third-Party Service Agreements

As you may know, the Commonwealth of Massachusetts requires that all persons who “own or license” the personal information of Massachusetts residents implement safeguards to protect such information from unauthorized acquisition or use.  See 201 CMR 17.00 (the “Regulations”).  March 1 was the deadline for persons covered by the Regulations to require by contract that third-party service providers with access to protected personal information implement and maintain appropriate security safeguards.  Although the Regulations’ underlying statute provides a limited carve-out for federally-regulated entities, the Commonwealth enforced the Regulation against a state-chartered bank in 2011.

For years, banks have been subject to a similar contract requirement with respect to third-party service providers pursuant to Gramm-Leach-Bliley, as well as obligations with respect to due diligence and monitoring.  The recent March 1 deadline, however, is a reminder to review service provider contracts and consider additional protections.  For example, in addition to implementation of appropriate safeguards, a contract may include protections such as indemnification for a data breach suffered by the service provider, data breach insurance coverage, the right to audit for compliance, and preapproval of subvendors with access to personal information.