As regulators ramp up their cybersecurity enforcement, one area of increasing focus is in-house expertise.  Regulators are starting to explicitly require companies to have qualified data protection personnel.  For example, the New York Department of Financial Services (NYDFS) cyber rules require that companies’ cybersecurity personnel be qualified to manage the
Continue Reading Lack of In-House Cyber Expertise, a Growing Concern for Regulators, Leads to $1.5M CFTC Penalty

For the first time, the CFTC has fined a company for poor cybersecurity practices that resulted in a third-party breach of the company’s information systems.  This development is consistent with an increasing trend of regulators holding companies responsible for the cybersecurity failures of third-party service providers.

AMP Global Clearing LLC
Continue Reading Delegation, Not Abdication: The CFTC Fines AMP Global Clearing LLC for Failing to Supervise a Third-Party Service Provider