February 2020 Compliance Newsletter
CFPB’s Statement of Policy Regarding Prohibition on Abusive Acts of Practices
On January 27, 2020, the CFPB issued a Policy Statement to provide more clarity about how it intends to approach its use of the “abusiveness” standard in its supervision and enforcement matters going forward.
The Policy Statement is intended to provide information regarding the CFPB’s general plans to exercise its discretion and does not impose any legal requirements on external parties, nor does it create or confer any substantive rights on external parties that could be enforceable in any administrative or civil proceeding. In addition, the Policy Statement does not impose any new or revise any existing record-keeping, reporting, or disclosure requirements on covered entities.Download
February 2020 AccumeView: Executive Cybersecurity Pulse Newsletter
27% of IT managers believe that attacks against their network can be attributed to nation states. This figure is up significantly from a year ago, and it should wake up anyone involved in Risk and Security. Ensure that you have properly adjusted the risk to your organization for the possibility of a sophisticated attack from a Nation State and calculated for the type of damage that they could inflict.
A new study shows that attackers, once inside your network, are able to stay in longer (aka “dwell time”) in order to get to know your business, processes and technology. The longer they stay in your network, the more damage they can do to you, your clients and your data. Most security systems are designed to monitor the perimeter, not the inside systems, so ensure that you have security controls and alerting for critical internal systems to detect unusual behavior and lateral movement.Download
January 2020 Compliance Newsletter
Nacha Third Party Sender Registration
This rule requires Originating Depository Financial Institutions (ODFIs) to identify and register their Third-Party Sender customers. The registration process promotes consistent customer due diligence among all ODFIs, and serves as a tool to support Nacha’s continuing efforts to maintain ACH Network quality. This requirement became effective on March 1, 2018.
As a result of recent audit’s, Accume Partner’s has become aware of an ongoing issue concerning Nacha requirements. Financial institutions have been receiving a notice regarding failure to register their Third Party Sender status as well as re-registering their direct access status required since March 1, 2018.
Nacha considers this a Class 2 Rules violation and subject to fines up to $100,000 at the discretion of the Nacha panel referenced notice received. Per contacts at Nacha, Accume has been informed that Nacha is aggressively pursuing financial institutions that haven’t registered as required. Registration (confirming or denying) is required for ALL originators.Download
January 2020 AccumeView: Executive Cybersecurity Pulse Newsletter
With tension rising between Iran and the United States, cyber warfare is on the rise. Many government agencies are releasing statements advising company’s and governments to stay protected and aware of potential threats. This past week we have seen pro Iran targets deface government websites and launch multiple attacks. Some of these are effecting entire cities and states. Both the state of Texas and the city of Las Vegas were targets for cyber attacks that believe to either be initiated by Iran or Pro Iran attackers. Thankfully, some of these attacks have been prevented but it is expected that these attacks will continue to rise in numbers. Texas Governor Greg Abbott warned Texans to be vigilant regarding cyberterrorism from Iran. The Texas Department of Information Resources released a statement advising that as many as 10,000 attempted attacks per minute from Iran had been detected over the past 48 hours on state agency networks. This number is especially startling when considering the normal occurrence of these attacks, about 420.Download