Norman Roos

Norman Roos

Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Subscribe to all posts by Norman Roos

The Future of Stablecoins—Anything But Stable?

Stablecoin currencies such as Facebook’s Libra may pose systemic risks to the global financial system, according to a recently released Federal Reserve Report (the Fed). In its Financial Stability Report released on November 19th, the Fed states that a global stablecoin network, if poorly designed and unregulated, could pose risks to financial stability and that … Continue Reading

Federal Reserve White Paper on Synthetic Identity Payments Fraud—A Growing Problem in the U.S. That Affects Consumers, Businesses, Financial Institutions, Government Agencies and the Health Care Industry

In the Federal Reserve’s July 11, 2019 White Paper, “Synthetic Identity Fraud in the U.S. Payment System, A Review of Causes and Contributing Factors,” the authors conclude that synthetic identity fraud is a serious and growing problem for the U.S. payments ecosystem that can only be addressed by a collaborative effort among all payments industry … Continue Reading

New FinCEN Cryptocurrency Guidance Clarifies Applicability of Anti-Money Laundering Regulations to Virtual Currency Business Models

The Financial Crimes Enforcement Network (FinCEN) is the U.S. Treasury Department bureau charged with monitoring financial transactions in order to combat domestic and international money laundering, terrorist financing, and other financial crimes. Under FinCEN’s Bank Secrecy Act/Anti-Money Laundering regulations, money transmitters and other money service businesses are required to develop anti-money laundering/countering the financing of … Continue Reading

FSB Releases its Directory of Crypto-Assets Regulators—In Anticipation of Upcoming G20 Meeting

The Financial Stability Board issued its Crypto-assets regulators directory on April 5, 2019, in anticipation of this week’s upcoming G20 Meeting. The directory contains a listing of the regulatory and standard-setting bodies in each FSB jurisdiction having responsibility for the supervision of crypto-assets and the enforcement of relevant legal and regulatory requirements. The directory will be provided to … Continue Reading

ILCs, the OCC, and the Future of Fintech Banking

Industrial Loan Companies (ILCs) are a different kind of financial institution. The ILC is a state-chartered FDIC-insured depository financial institution with certain advantages common to banks but without all of the corresponding regulatory overlay. This is one reason why aspiring fintech companies may consider foregoing the pursuit of a federal OCC “fintech” charter in favor … Continue Reading

A Very Smart Primer on Smart Contracts—An Example of What One Financial Services Regulator is Doing to Foster FinTech

The Commodity Futures Trading Commission’s LabCFTC recently released “A CFTC Primer on Smart Contracts” as part of LabCFTC’s effort to engage with innovators and market participants on a range of financial technology (FinTech) topics. The Primer offers a clear and concise explanation of “smart contracts” and their potential impact on the CFTC’s mission to foster … Continue Reading

The Financial Stability Board’s “Cyber Lexicon” – Global Jargon for a Global Mission

On November 12, the Financial Stability Board (FSB) published a Cyber Lexicon, designed to help financial institutions around the globe address “financial sector cyber resilience.” The Cyber Lexicon sets forth definitions for 54 “core terms related to cybersecurity and cyber resilience in the financial sector.” “Cyber Resilience,” one of the 54 definitions, is defined as … Continue Reading

Treasury’s “Unified Regulatory Sandbox” Proposal– Keeping America’s Financial Technology Sector Competitive Will Require Innovation—And Cooperation

In its July 2018 report on “A Financial System that Creates Economic Opportunities,” the U.S. Treasury Department outlined its proposals to identify improvements to the regulatory landscape to “better support nonbank financial institutions, embrace financial technology, and foster innovation.” The Treasury Report contains over 80 specific recommendations for “Embracing Digitization, Data and Technology,” “Aligning the … Continue Reading

U.S. Moves Ahead with Federal “Fintech Sandbox” — CFPB Announces Creation of Office of Innovation

In an effort to promote the development of new financial technology (fintech) products, Mick Mulvaney, Acting Director of the Consumer Financial Protection Bureau (CFPB), announced last week the creation of the Office of Innovation. Mulvaney said the new division, to be run by Paul Watkins under the umbrella of the CFPB, is designed to foster … Continue Reading

Data Breach Results in $1.4 Million Theft from CHET 529 College-Savings Accounts

On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018. Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct … Continue Reading

Rumor Mill Suggests Fidelity Investments Might Open Cryptocurrency Exchange

While many traditional financial institutions hesitate to embrace cryptocurrencies such as bitcoin, a recent news report suggests that Fidelity Investments, the fourth largest U.S. asset manager, is looking to enter the fray. Business Insider reported last week that Fidelity has posted internal job listings for systems engineers “to help engineer, create, and deploy a digital … Continue Reading

Opening a Bank Account with a Smartphone—Dodd-Frank Roll-Back Making Online Banking Easier

President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also … Continue Reading

FFIEC Members Issue Joint Statement to Financial Institutions on Role of Cyber Insurance as Risk Management Tool

On April 10, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement discussing cyber insurance and its potential role in the risk management programs of financial institutions. Members of the FFEIC include the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union … Continue Reading

New York Department of Financial Services Updates Cybersecurity Guidance: Coverage of Cybersecurity Requirements Addressed in 4 New FAQs

On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”). To aid in compliance with the regulation, the NYDFS recently added new … Continue Reading

New York Financial Services Cybersecurity Regulations Deadline Looming This Week

On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements: 23 NYCRR … Continue Reading

New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”). The Regulation, which became effective on March 1, 2017, … Continue Reading

Another Hitch in the Crypto Boom? North Korean Malware Hijacks Computers to Mine Monero Cryptocurrency

Researchers at cybersecurity firm AlienVault have discovered a computer virus of North Korean origin which infects and hijacks computers in order to mine Monero, a private digital currency which styles itself as “secure, private and untraceable.” Cryptocurrency mining is the resource-intensive process by which computers or “miners” running specific software verify cryptocurrency transactions. In exchange … Continue Reading

Early Adopter—Vanguard Announces Plan to Utilize Blockchain Technology

Top mutual fund firm The Vanguard Group, Inc. unveiled a plan last week to incorporate blockchain smart contract technology into some of its indexing operations beginning early next year. Vanguard’s initiative will be carried out through a partnership with the Center for Research in Security Prices (CRSP) and technology provider Symbiont and is intended to … Continue Reading

U.S. Treasury Warns Financial Institutions of Venezuelan Corruption and Money Laundering

The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and identified … Continue Reading

Data Breach at Italy’s No. 1 Bank Exposes 400,000 Accounts

Italy’s top bank, UniCredit SpA, is yet another victim in a series of cyberattacks exploiting vulnerabilities in the financial services industry. Criminals made off with biographical and loan data from 400,000 UniCredit loan accounts after gaining access to the bank’s computer system through one of UniCredit’s third-party commercial partners. The series of data breaches was … Continue Reading

New Nevada Law Recognizes Enforceability of Blockchain Transactions; Blocks Local Government Regulation and Taxation

Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions. Originally conceived … Continue Reading

SWIFT Shores Up Network Security With Real Time Cybersecurity Tools

In an effort to combat an increasing number of fraudulent transfers carried out using its network, SWIFT, the international bank transfer network, announced this month that it is adding new tools and controls designed to prevent fraudulent transfers in real time. SWIFT reported that the new tools integrate into the SWIFT system directly without the … Continue Reading

Sony Cyber-Attackers Lurking at Financial Supervisor “Watering Hole” Target Banks and Others

Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to … Continue Reading

Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation

The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks. At the … Continue Reading
LexBlog