Photo of Norman Roos

Norman Roos, a member of Robinson+Cole's Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm's Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018.

Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct

While many traditional financial institutions hesitate to embrace cryptocurrencies such as bitcoin, a recent news report suggests that Fidelity Investments, the fourth largest U.S. asset manager, is looking to enter the fray. Business Insider reported last week that Fidelity has posted internal job listings for systems engineers “to help engineer, create, and deploy a digital

President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also

On April 10, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement discussing cyber insurance and its potential role in the risk management programs of financial institutions. Members of the FFEIC include the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union

On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”).

To aid in compliance with the regulation, the NYDFS recently added new

On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:

23 NYCRR

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).

The Regulation, which became effective on March 1, 2017,

Researchers at cybersecurity firm AlienVault have discovered a computer virus of North Korean origin which infects and hijacks computers in order to mine Monero, a private digital currency which styles itself as “secure, private and untraceable.” Cryptocurrency mining is the resource-intensive process by which computers or “miners” running specific software verify cryptocurrency transactions. In exchange for their computing power, miners are given small amounts of cryptocurrency. In the case of North Korean’s Monero malware, the virus installs mining software on infected computers unbeknownst to their owners or users. The software then secretly mines Monero and sends mining rewards back to a server located at Kim II Sung University in Pyongyang. Researchers are unsure how many computers may be affected.
Continue Reading Another Hitch in the Crypto Boom? North Korean Malware Hijacks Computers to Mine Monero Cryptocurrency

Top mutual fund firm The Vanguard Group, Inc. unveiled a plan last week to incorporate blockchain smart contract technology into some of its indexing operations beginning early next year. Vanguard’s initiative will be carried out through a partnership with the Center for Research in Security Prices (CRSP) and technology provider Symbiont and is intended to simplify Vanguard’s index data sharing process. By utilizing a dedicated blockchain network created by Symbiont, Vanguard hopes to make CRSP data available to investment managers on a nearly instantaneous basis.
Continue Reading Early Adopter—Vanguard Announces Plan to Utilize Blockchain Technology

The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury issued an advisory on September 20 warning U.S. financial institutions of “money laundering schemes used by corrupt Venezuelan officials.” The advisory was addressed to Private Banking Units, Chief Risk Officers, Chief Compliance Officers, AML/BSA Analysts, Sanctions Analysts and Bank Legal Departments, and