Archive: November 2022

On July 13, 2022, the Uniform Law Commission approved the final draft of its joint proposal with the American Law Institute Emerging Technology Committee for amendments to the Uniform Commercial Code (UCC). These proposed UCC amendments aim at establishing ground rules for transferring property rights in certain digital assets — notably cryptocurrencies such as Bitcoin and Ether, stablecoins, and non-fungible tokens (NFTs) — and in particular setting up a regulatory framework to use such assets as collateral in secured transactions.

Every month we provide the Global Blockchain Business Council’s Post-Trade Distributed Ledger group with a global regulatory FinTech updater, the latest version of which can be found here.

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here. NYDFS retained many of those earlier proposed changes, and made a few clarifications, but has made some significant changes in this version. Unless otherwise indicated, most changes would take effect 180 days from NYDFS’ adoption of the final regulations (which will be sometime after the close of the comment period on January 9, 2023, so no earlier than July 8, 2023).

Managing vendor risks includes putting pen to paper. Organizations are increasingly susceptible to risks outside their controlled IT infrastructure as they engage third-party vendors to manage online platforms and process data. Even though an organization may have little to no control over a vendor’s security practices, it bears the ultimate responsibility for safeguarding its own data and systems. Accordingly, an organization’s systems are only as strong as their weakest link.

On 1 November 2022, the FCA launched a new webpage on the cost of living consumer credit data collection.

On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, the CPGs are voluntary measures that organizations within the critical infrastructure sectors can implement to kickstart their cybersecurity efforts, and according to CISA, will be regularly updated at least every six to twelve months.

As the global crypto-economy continues to grow and mature, members of our financial services team explore the latest global regulatory developments and hot topics in the crypto space.

Major privacy law reform in Australia gathered pace this week, with newly tabled legislation proposing to significantly increase penalties for privacy breaches, among other reforms.