Cybersecurity Requirements for Insurance Companies – The NYDFS Rules as the Emerging Standard

by Luke Dembosky, Avi Gesser, and AJ Salomon

As we have discussed in recent webinars and blog posts, the New York Department of Financial Services has recently brought its first enforcement action under its cybersecurity rules (23 N.Y.C.R.R. Part 500).  When the NYDFS cyber rules were first enacted in 2017, they were widely regarded as the most comprehensive cybersecurity regulation in the United States. Almost all insurance companies that are licensed to do business in New York state were required to comply, leading to speculation that Part 500 would eventually emerge as the cybersecurity standard for insurance companies nationwide. Three years later, that appears to be the case.

Continue reading

A Path to Data-Driven Health Care Enforcement

by Jacob T. Elberg

In recent years, the U.S. Department of Justice (DOJ) has increased guidance to entities regarding government expectations as to what I refer to as “compliant behaviors” – maintenance of an effective pre-existing compliance program, post-enforcement adoption of an effective compliance program, cooperation with a government investigation, and self-disclosure of misconduct – and increased transparency in criminal cases as to the benefits defendants can expect to receive for engaging in those behaviors. In the health care industry, however, it is not criminal prosecution but the civil False Claims Act (FCA) which represents the government’s primary means of fraud enforcement. With no parallel increase in transparency with regard to FCA cases, the health care industry and the defense bar have expressed skepticism regarding the actual payoff they might realize by engaging in compliant behaviors, even as resources devoted to health care compliance have skyrocketed. DOJ’s response has been a series of public statements amounting to, “trust us, they matter,” and there has been no mechanism to test those assurances – until now.

Continue reading

Prepared Remarks of Former Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”) Neil M. Barofsky Before the U.S. Senate Committee on Homeland Security and Governmental Affairs (Part IV of IV)

by Neil M. Barofsky

These remarks have been edited for length and are being published in four parts. The following post is Part IV of Neil M. Barofsky’s prepared remarks, which were delivered on July 28, 2020. For Part I of this post, click here. For part II, click here. For Part III click here. 

With so much public money at stake, it is critical that Congress do what it can to ensure that government aid is not being stolen, wasted, or given to political cronies.  It is just as critical, as already noted, that taxpayers are aware of how and to whom their money is being distributed.  In the CARES Act, Congress demanded comprehensive oversight to guard government aid, and provided what was described as overlapping and redundant oversight entities to ensure full coverage.  It also included some conflicts of interest provisions intended to prevent government officials and their families from benefitting from certain programs.

Continue reading

Updating the Safeguards Rule: FTC Touts Proposed Changes at Virtual Workshop

by Luke Dembosky, Jeremy Feigelson, Avi Gesser, Jim Pastore, Suchita Mandavilli Brundage, and Marissa MacAneney

On July 13, 2020, the Federal Trade Commission (“FTC”) hosted a virtual workshop on its proposed changes to the Standards for Safeguarding Customer Information (“Safeguards Rule”). The workshop followed up on the FTC’s 2019 notice of proposed rulemaking requesting public comment on its proposal to amend the Safeguards Rule.

Continue reading

10 Key Takeaways from the Federal Reserve’s Final Rule on CSI and FOIA

by Luigi L. De Ghenghi, Randall D. GuynnJai R. Massari, Margaret E. Tahyar, Eric McLaughlin, Daniel E. Newman, and Eric B. Lewin 

The Federal Reserve’s recent updates to its regulations on confidential supervisory information (CSI) and availability of information under the Freedom of Information Act (FOIA)[1] include several meaningful modifications to adapt these rules for the digital age of emails, data rooms and slide decks and the modern organizational structure and operations of banking organizations.  

Continue reading

Prepared Remarks of Former Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”) Neil M. Barofsky Before the U.S. Senate Committee on Homeland Security and Governmental Affairs (Part III of IV)

by Neil M. Barofsky

These remarks have been edited for length and are being published in four parts. The following post is Part III of Neil M. Barofsky’s prepared remarks, which were delivered on July 28, 2020. For Part I of this post, click here. For part II, click here. 

I will now turn to the various Federal Reserve programs I previously detailed.  For the first two of the Federal Reserve’s key CARES Act facilities mentioned above—the Main Street Program and the Municipal Liquidity Facility—lending is still largely non-existent several months after they were announced, even after the Federal Reserve made repeated attempts to expand eligibility for the programs.  This is, in part, because these facilities were intended by Treasury and the Federal Reserve as a backstop for eligible entities, which by design are intended to become most attractive to borrowers should the debt markets for such entities seize up again.  And it is undeniable that the mere announcement of the Federal Reserve’s programs had the intended effect, helping to restore liquidity to these markets.  But it is a question for Congress as to whether this is enough, and whether these funds should be distributed more immediately to a broader set of struggling entities, on more generous terms.  This would certainly get more money into the economy more quickly, but would also significantly increase the risk of losses, as well as the possibility of depleting funds should the debt markets take a significant turn for the worse. 

Continue reading

Prepared Remarks of Former Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”) Neil M. Barofsky Before the U.S. Senate Committee on Homeland Security and Governmental Affairs (Part II of IV)

by Neil M. Barofsky

These remarks have been edited for length and are being published in four parts. The following post is Part II of Neil M. Barofsky’s prepared remarks, which were delivered on July 28, 2020. For Part I of this post, click here.

My testimony concerning the effectiveness of the CARES Act will focus on the lending programs administered by the SBA, Treasury, and the Federal Reserve, with specific attention on the most active of these programs, the PPP.  First, there is no question that the PPP has had a significant and positive impact on millions of small businesses, with a recent study by the Federal Reserve and others estimating that it helped preserve more than 2.3 million jobs.[1]  But by no means should there be a declaration of mission accomplished.  Chiefly, there has been a significant lack of transparency by Treasury and the SBA in the program that makes it difficult to fully assess its integrity, fairness (particularly to traditionally underbanked businesses), or overall effectiveness.  In order to fully assess the program, additional measures will be needed to increase transparency and oversight.  In addition, available information suggests that meaningful sums may have been lost or misdirected because the program design elevated the risk of fraud and misuse by borrowers.

Continue reading

Unexplained Wealth Orders, Explained: The UK Regime and Considerations for the United States (Part II of II)

by Alun Milford and Alicyn Cooley

In Part One of this article, we described the history of Unexplained Wealth Orders (“UWOs”) in England and Wales, and their use by UK authorities to date. As litigation challenging UWOs already has shown, respondents against whom such orders are entered face a binding precedent to the contrary should they seek to persuade a court that a UWO violates their or their spouse’s privilege against self-incrimination. Although the self-incrimination concern presented by UWOs is just one of many reasons that this investigative tool is unlikely to be adopted in the United States, as we detail below, the UWO regime in the United Kingdom presents important considerations—and, potentially, applications—for U.S. authorities. At the same time, the U.S. example of targeted increases in transparency around real estate transactions might give the UK authorities food for thought.

Continue reading

Schrems II – Where are we now?

As covered in our previous blog post, the CJEU has invalidated the EU-U.S. Privacy Shield for cross-border transfers of personal data from the EU to the U.S. (the “Schrems II” decision) and cast significant doubts over whether companies can continue to use the European Commission-approved Standard Contractual Clauses (“SCCs”) to transfer EU personal data to the U.S., or to other jurisdictions with similarly broad surveillance regimes.

Continue reading

Prepared Remarks of Former Special Inspector General for the Troubled Asset Relief Program (“SIGTARP”) Neil M. Barofsky Before the U.S. Senate Committee on Homeland Security and Governmental Affairs

by Neil M. Barofsky

These remarks have been edited for length and are being published in four parts. The following post is Part I of Neil M. Barofsky’s prepared remarks, which were delivered on July 28, 2020.

As the former Special Inspector General of the Troubled Asset Relief Program (“SIGTARP”), I established and supervised the audit division that monitored the financial assistance provided to companies and individuals as part of the historic TARP program.  I also provided real-time advice and oversight as the U.S. Department of Treasury (“Treasury”) developed and implemented the programs that are serving as the model for much of what it is using in response to the current crisis.  I regularly reported to Congress on that work.

Continue reading