Norman Roos, a member of Robinson+Cole’s Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm’s Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.
Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.
The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks. At the … Continue Reading
UK-based Tesco Bank froze online transactions on Monday after discovering that cyber-criminals stole money from 20,000 different customer accounts. The exact method used by the perpetrators is still under review, but preliminary analysis suggests the attackers exploited weaknesses in the bank’s online payment system related to the processing of debit card transactions. The Bank has … Continue Reading
As cyber-attacks involving the global payment system SWIFT increase in frequency abroad, U.S. regulators are discussing steps designed to protect against similar attacks on U.S. financial institutions. The Federal Reserve, Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. issued a joint letter last week to Representative Carolyn Maloney (D-NY) of … Continue Reading
An unnamed bank in Ukraine is the most recent victim in a series of cyber-attacks exploiting vulnerabilities in the international banking communications system. According to an independent IT monitoring organization, hackers stole approximately $10 million by breaking into the Ukrainian bank’s internal network and submitting fraudulent money orders via SWIFT, the messaging system responsible for … Continue Reading
In order to better address both the opportunities and risks associated with the innovative use of consumer data by financial institutions, the European Banking Authority (EBA) released a discussion paper last week seeking public comments on the subject. The EBA notes in the paper that the increasing digitalization of the economy and the adoption of … Continue Reading
In an era of cyberwarfare, financial institutions can find themselves in the crossfire. The U.S. government indicted seven Iranian hackers last week, charging the individuals for their roles in a 2011 series of cyber-attacks targeting at least 46 major banking institutions. The attacks, which Attorney General Loretta Lynch called “relentless,” “systematic” and “widespread,” were carried … Continue Reading
Long gone are the days when a financial institution’s primary security concern was protecting cash in the bank vault, the Federal Deposit Insurance Corporation (FDIC) acknowledges in its recent article, “A Framework for Cybersecurity,” released February 1, 2016. Instead, the framework asserts that cyber-attacks now represent “one of the most critical challenges facing the financial … Continue Reading
In addition to providing long-term funding for highway infrastructure improvements and other transportation projects, the newly enacted Fixing America’s Surface Transportation Act (FAST Act) seeks to reduce consumer confusion by eliminating annual privacy notice requirements for financial institutions in some circumstances. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide consumers with notice of the … Continue Reading
“The Internet has a dark side,” Deputy Treasury Secretary Sarah Bloom Raskin remarked while addressing senior level banking executives at this year’s Clearing House Annual Conference. Raskin focused her comments on malicious cyber activity, pointing out that weaknesses in the financial sector’s complex interconnected system attract bad actors like water “drawn to cracks in a … Continue Reading
The Consumer Financial Protection Bureau’s new “Know Before You Owe” mortgage disclosure rule is designed to prevent surprises at the closing table, but with increased transparency come concerns over borrower and seller privacy. The TILA RESPA Integrated Disclosure Rule (TRID) took effect October 3, 2015 and replaces four previous disclosure forms with just two, the … Continue Reading
The Federal Financial Institutions Examination Council (FFIEC) has recently developed a new tool to help U.S. financial institutions combat the increasing volume and sophistication of cyber attacks. To blunt threats to a financial institution’s computers, computer systems, electronic communications network and infrastructure, the FFIEC’s June 2015 Cybersecurity Assessment Tool is designed to help financial institutions … Continue Reading