Tag Archives: Jennifer E. Kerslake

The FTC Moves Toward a Rules-Based Approach to Cybersecurity Regulation for Financial Institutions

by Avi Gesser, Kelsey Clark, Jennifer E. Kerslake, and Eric McLaughlin

In our first Cyber Blog post, we predicted that the rules-based approach adopted by the NYDFS would become the model for cybersecurity regulation.  Two years later, we’re feeling pretty good about that prediction, as the FTC recently proposed incorporating a number of aspects of the NYDFS cybersecurity rules into its Standards for Safeguarding Customer Information rule (the “Safeguards Rule”).  The proposal would also expand the Safeguards Rule’s definition of “financial institution” to include “finders,” or companies that connect potential parties to a transaction.  As a reminder, the Safeguards Rule applies to financial institutions that are not regulated by the federal banking agencies, the SEC, or state insurance authorities, including non-bank mortgage lenders, payday lenders, finance companies, check cashers, money transmitters, collection firms, and tax preparers. Continue reading