Norman Roos

Norman Roos

Norman Roos, chair of Robinson+Cole’s Finance Group, concentrates his practice on transactional and regulatory matters relating to the real estate and financial services industries. He represents banks, insurance companies, diversified financial service companies, and other publicly and privately held entities on a broad range of matters involving mortgage banking, consumer and commercial credit transactions, and regulatory compliance. He has advised financial institutions concerning data privacy and security matters and counseled clients as to the development and implications of incident response policies. Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is a member of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Subscribe to all posts by Norman Roos

U.S. Treasury Warns Financial Institutions of Venezuelan Corruption and Money Laundering

The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and identified … Continue Reading

Data Breach at Italy’s No. 1 Bank Exposes 400,000 Accounts

Italy’s top bank, UniCredit SpA, is yet another victim in a series of cyberattacks exploiting vulnerabilities in the financial services industry. Criminals made off with biographical and loan data from 400,000 UniCredit loan accounts after gaining access to the bank’s computer system through one of UniCredit’s third-party commercial partners. The series of data breaches was … Continue Reading

New Nevada Law Recognizes Enforceability of Blockchain Transactions; Blocks Local Government Regulation and Taxation

Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions. Originally conceived … Continue Reading

SWIFT Shores Up Network Security With Real Time Cybersecurity Tools

In an effort to combat an increasing number of fraudulent transfers carried out using its network, SWIFT, the international bank transfer network, announced this month that it is adding new tools and controls designed to prevent fraudulent transfers in real time. SWIFT reported that the new tools integrate into the SWIFT system directly without the … Continue Reading

Sony Cyber-Attackers Lurking at Financial Supervisor “Watering Hole” Target Banks and Others

Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to … Continue Reading

Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation

The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks. At the … Continue Reading

Tesco Bank Cyber-Robbery—Some Implications for U.S. Banks—and their Depositors

UK-based Tesco Bank froze online transactions on Monday after discovering that cyber-criminals stole money from 20,000 different customer accounts. The exact method used by the perpetrators is still under review, but preliminary analysis suggests the attackers exploited weaknesses in the bank’s online payment system related to the  processing of debit card transactions. The Bank has … Continue Reading

In Wake of Cyber-Attacks, Regulators Focus on SWIFT as Senators Urge Obama to Press G20 to Combat Cybercrime

As cyber-attacks involving the global payment system SWIFT increase in frequency abroad, U.S. regulators are discussing steps designed to protect against similar attacks on U.S. financial institutions. The Federal Reserve, Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. issued a joint letter last week to Representative Carolyn Maloney (D-NY) of … Continue Reading

Ukrainian bank loses $10 million in latest SWIFT cyber-attack

An unnamed bank in Ukraine is the most recent victim in a series of cyber-attacks exploiting vulnerabilities in the international banking communications system. According to an independent IT monitoring organization, hackers stole approximately $10 million by breaking into the Ukrainian bank’s internal network and submitting fraudulent money orders via SWIFT, the messaging system responsible for … Continue Reading

European Banking Authority contemplates the use of consumer data by financial institutions

In order to better address both the opportunities and risks associated with the innovative use of consumer data by financial institutions, the European Banking Authority (EBA) released a discussion paper last week seeking public comments on the subject. The EBA notes in the paper that the increasing digitalization of the economy and the adoption of … Continue Reading

Recent indictment underscores threat to financial institutions’ cybersecurity

In an era of cyberwarfare, financial institutions can find themselves in the crossfire. The U.S. government indicted seven Iranian hackers last week, charging the individuals for their roles in a 2011 series of cyber-attacks targeting at least 46 major banking institutions. The attacks, which Attorney General Loretta Lynch called “relentless,” “systematic” and “widespread,” were carried … Continue Reading

FDIC cybersecurity framework features four areas critical to bank security

Long gone are the days when a financial institution’s primary security concern was protecting cash in the bank vault, the Federal Deposit Insurance Corporation (FDIC) acknowledges in its recent article, “A Framework for Cybersecurity,” released February 1, 2016. Instead, the framework asserts that cyber-attacks now represent “one of the most critical challenges facing the financial … Continue Reading

FAST Act loosens financial institutions’ privacy policy notice requirements

In addition to providing long-term funding for highway infrastructure improvements and other transportation projects, the newly enacted Fixing America’s Surface Transportation Act (FAST Act) seeks to reduce consumer confusion by eliminating annual privacy notice requirements for financial institutions in some circumstances. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide consumers with notice of the … Continue Reading

Cybersecurity and resiliency: The Financial Sector’s “New Frontier”

“The Internet has a dark side,” Deputy Treasury Secretary Sarah Bloom Raskin remarked while addressing senior level banking executives at this year’s Clearing House Annual Conference. Raskin focused her comments on malicious cyber activity, pointing out that weaknesses in the financial sector’s complex interconnected system attract bad actors like water “drawn to cracks in a … Continue Reading

New Landmark Consumer Disclosure Rules Trigger Privacy Concerns

The Consumer Financial Protection Bureau’s new “Know Before You Owe” mortgage disclosure rule is designed to prevent surprises at the closing table, but with increased transparency come concerns over borrower and seller privacy. The TILA RESPA Integrated Disclosure Rule (TRID) took effect October 3, 2015 and replaces four previous disclosure forms with just two, the … Continue Reading

Protecting financial institutions in cyberspace—U.S. financial regulators come up with a new tool kit to stem cyberthreats

The Federal Financial Institutions Examination Council (FFIEC) has recently developed a new tool to help U.S. financial institutions combat the increasing volume and sophistication of cyber attacks. To blunt threats to a financial institution’s computers, computer systems, electronic communications network and infrastructure, the FFIEC’s June 2015 Cybersecurity Assessment Tool is designed to help financial institutions … Continue Reading
LexBlog