Data Breaches in Financial Institutions: What Firms Need to Know in 2015
Recently, cyber attacks on large banks have garnered attention from financial institutions and security professionals. The US Federal Bureau of Investigation is reviewing evidence of a significant and serious data breach of the US financial system with a principal focus upon JP Morgan Chase & Co. Russian hackers are suspected of the highly sophisticated cyber attack.
Every organization is at risk of a cyber-attack and, today credentials are the principal focus for cyber attacks. Many organizations now must detect compromised credentials and risky user behavior. Use of cloud services and mobile devices increases the vulnerability of organizations and individuals to attacks that rely on deception and stealth. Attackers need less a day or less, but incident responders take more than a month to detect, investigate, and control an attack. Despite claims of success against cyber attack, current firewalls, intrusion prevention systems, anti-virus programs, and web gateways fail to stop targeted APT attacks and sophisticated malware. Most systems rely too heavily on signatures, penetration patterns, and reputations to be effective at accurately identifying and blocking advanced and focused cyber attacks. Urgently, new methods are needed to identify and prevent cyber attacks.
The Knowledge Group has assembled a panel of key thought leaders to provide the audience with an in-depth analysis of Data Breaches in Financial Institutions, the serious risks, and identification and control methods. The speakers will help attendees understand the basics of developing a robust security program.
Key topics include:
- Data Breaches of Financial Institutions
- Types of Data Breaches
- Cyber Attack Consequences for Banks, and Financial Authorities
- Best Practices to Avoid Attacks and Data Breaches
- Legal and Financial Risks and Pitfalls
Paul Hastings LLP
- The Office of the Comptroller of the Currency ("OCC") -- the primary federal regulator of national banks and thrifts -- has highlighted cyber-threats as a key operational risk for institutions under its supervision. As the OCC has indicated that it does not plan to address this risk through the creation of new regulations, the agency has emphasized its expectation that the financial institutions under its supervision must reexamine and redevelop their own risk management systems to address increasingly sophisticated threats to customer data.
- Subsequent interagency guidance has clarified regulators' expectations for protecting customer information. As such, financial institutions are expected to implement complex and effective systems to identify threats to customer information, design effective security controls responsive to these threats, and establish a response program to be implemented in the case of a security breach.
- Interagency guidance emphasizes that the creation of a risk management system to address cybersecurity risks is alone not sufficient to meet information security standards -- regulators require routine testing of security controls, monitoring of third party service providers, and establishing appropriate corporate governance protocols.
- The cyberattack on JP Morgan detected in October of 2014 highlighted the vulnerabilities of banks' information security systems and the need for increased "cybercontrol"-- stringent monitoring of third party vendors on whom banks rely to safeguard customer data.
- The prevalence of mobile payments and the emergence of new mobile payment platforms present new challenges for institutions seeking to safeguard customer data, requiring the creation of more sophisticated systems and new protective technologies.
O'Melveny & Myers LLP
- The financial services industry, as part of the nation’s critical infrastructure, is a prime target for cyber criminals. These criminals are using a wider array of attack methods than ever before, and the speed of attacks is increasing. The potential costs to financial institutions are enormous and varied. They can include financial costs, reputational costs, litigation costs, and regulatory enforcement consequences. As such, companies should take proactive measures to protect themselves, their shareholders, and their customers.
- The federal government has amplified and sharpened its focus on cybersecurity. The major regulatory agencies, especially the FTC and the SEC, have intensified their enforcement actions, scrutinizing companies who fail to protect their customers’ data and privacy. Law enforcement agencies including the FBI and the Secret Service are working harder than ever to combat cyber-attacks, and financial services companies will likely work with them in the event of a breach. And cybersecurity is a hot topic of Congressional debate and executive action by the President.
- As much focus as there has been on cybersecurity in Washington D.C., there are a number of large unresolved policy issues subject to intense debate. They include questions around providing liability protection to companies who share information with the government and others about breaches of their security, crafting a national data breach notification standard, and ways to protect consumers’ privacy.
- There is both cooperation and tension between the financial services industry and retailers in the area of cybersecurity, from where the biggest security gaps exist, to how those gaps should be closed, to who bears responsibility for closing them.
- There are a number of best practices financial services companies can use to manage cybersecurity risks to prevent a security breach as well as to respond effectively in the event of a such a breach.
Who Should Attend:
- Privacy Law Attorneys
- Chief Compliance Officers
- Risk and Compliance Managers
- Bank Compliance Officers
- Data Security Professionals
- Bank and Financial Institution Executives
- Fraud Monitoring
- Bank Regulation Lawyers
- Banking & Finance Lawyers
Kevin L. Petrasic is a partner in the Global Banking and Payments Systems practice of Paul Hastings and is based in the firm’s Washington, D.C., office. He advises banks and financial services firms on a wide array of regulatory, legislative, transactional, and compliance issues under federal and state banking laws, as well as federal securities and commodities laws. Mr. Petrasic also regularly advises national and international financial firms, including national retail securities brokerage and insurance firms, on a wide array of issues under the federal banking laws and issues within the jurisdiction of the Consumer Financial Protection Bureau.
Mr. Petrasic has extensive experience in Dodd-Frank compliance, bank/thrift and holding company regulation, credit card and consumer financial compliance laws, UDAAP issues, data privacy/protection and data breach issues, compliance laws impacting payments systems, mergers and acquisitions, anti-money laundering issues and OFAC compliance, depository institution charter powers and activities, the regulation of swaps and related derivatives activities by the Commodity Futures Trading Commission, legislative matters and analysis, mortgage market regulation, and corporate governance.
Kevin L. Petrasic is a partner in the Global Banking and Payments Systems practice of Paul Hastings and is based …
Danielle Gray is a litigation partner in O’Melveny & Myers LLP’s New York and Washington, DC offices. She provides counseling to companies on complex regulatory problems and litigation, and also plays an active role in the firm’s Appellate and White Collar and Corporate Investigations Practices. Ms. Gray served in the administration of President Barack Obama for five years in senior legal and policy positions, most recently as Assistant to the President and Cabinet Secretary. Prior to this role, Ms. Gray served as Deputy Director of the National Economic Council, where she focused on labor, consumer financial protection, education, and training issues. Previously, as Associate Counsel to the President, she served as one of the principal lawyers advising on the Affordable Care Act and played a lead role in judicial selection and confirmation proceedings. Ms. Gray received her J.D. from Harvard Law School, where she was an Editor of the Harvard Law Review, and her B.A. from Duke University. She served as a law clerk to Chief Judge Merrick Garland on the U.S. Court of Appeals for the D.C. Circuit and to Justice Stephen Breyer on the U.S. Supreme Court.
Danielle Gray is a litigation partner in O’Melveny & Myers LLP’s New York and Washington, DC offices. She provides counseling …
Print and review course materials
Method of Presentation:
On-demand Webcast (CLE)
NASBA Field of Study:
Specialized Knowledge of Applications
NY Category of CLE Credit:
Areas of Professional Practice
2.0 CPE (Not eligible for QAS (On-demand) CPE credits)
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Paul Hastings LLP
Paul Hastings provides innovative legal solutions to many of the world’s top financial institutions and Fortune 500 companies in markets across Asia, Europe, Latin America, and the United States. we offer a complete portfolio of services to support our clients’ complex, often mission-critical needs—from structuring first-of-their-kind transactions to resolving complicated disputes to providing the savvy legal counsel that keeps business moving forward.
Our Global Banking and Payment Systems team brings together the knowledge, experience, and insight to guide clients through today’s evolving regulatory landscape. We represent our clients before every U.S. federal banking agency and many state banking agencies in matters involving regulatory initiatives, regulatory legislation, and enforcement actions, as well as before the Financial Services Authority in the U.K.
About O'Melveny & Myers LLP
With approximately 750 lawyers in 15 offices worldwide, O’Melveny & Myers LLP helps industry leaders across a broad array of sectors manage the complex challenges of succeeding in the global economy. We are a values-driven law firm, guided by the principles of excellence, leadership, and citizenship. Our commitment to these values is reflected in our dedication to improving access to justice through pro bono work and championing initiatives that increase the diversity of the legal profession. For more information, please visit www.omm.com.