Posts Authored by David K. Stein

Ohio DFI issues data security guidelines

In response to increased financial fraud issues, the Ohio Division of Financial Institutions (DFI) recently issued data security guidelines. While the DFI specifically addressed debit card issues, its language indicates expectations for all institutions, requiring active steps to implement data security measures.

The DFI emphasized the following obligations:

  • Daily review of security-related issues
  • Email security and encryption
  • Timely review of security and activity reports
  • Suspicious activity report (SAR) training
  • Standardized security controls
  • After hours mechanisms to control suspicious activity

At its Ohio Banker’s Day on March 31, 2016, the DFI spent considerable time discussing financial fraud. It is apparent that further guidelines and bulletins will be forthcoming and will apply to all consumer-related activity, including lending. In light of its supervisory bulletin, verbal statements and the Consumer Financial Protection Bureau’s recent order in Dwolla, it is expected that data security will be a priority item in any future Ohio financial institution examinations.

Compliance Management, Consumer Lending and Services, State Regulatory

Announcing our Cybersecurity Law blog

Readers of the Financial Services Law blog are invited to visit our newly-launched Cybersecurity Law blog, an online resource featuring news, information and legal analysis on current cybersecurity and data breach issues. Articles and posts, authored by Bricker & Eckler attorneys, share in-depth insights and legal implications on topics that have both local and global significance.  

We encourage you to subscribe to the blog via FeedBurner to have frequent updates sent directly to your inbox. Additionally, be sure to visit the blog and bookmark the site for easy reference. 

Compliance Management, Consumer Lending and Services, Depository Institutions, Fair Lending, Federal Regulatory, Federal Regulatory, Legal Developments, Non-Depository Institutions, State Regulatory

Do your company’s cybersecurity practices deceive consumers?

Not a day goes by without breaking news of a cybersecurity breach. Indeed, thoughts of a system hack keep many executives up at night. Small- and medium-sized businesses often fear that they do not have the robust resources or staff to adequately handle these threats.

The Consumer Financial Protection Bureau (CFPB) has now weighed in on these issues with a consent order that delivers cybersecurity guidelines.Of particular importance is the fact that the CFPB has now used its ultimate weapon — Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) — as a tool to ensure that companies adopt effective security protocols.

For a detailed analysis of the CFPB's consent order and what it means for consumer-facing businesses, read the latest Cybersecurity Insight

Federal Regulatory