Photo of Norman Roos

Norman Roos

Subscribe to Norman Roos's Posts

Norman Roos, a member of Robinson+Cole's Business Transactions Group, concentrates his practice on transactional, regulatory, and technology matters relating to the financial services and real estate industries. He is also a member of the firm's Financial Services Cyber-Compliance Team and advises financial institutions concerning data privacy and security matters, particularly in relation to policy planning and implementation.

Mr. Roos is counsel to the Connecticut Mortgage Bankers Association, Inc., and is president-elect of the American College of Mortgage Attorneys where he has served on the Board of Regents and as Connecticut State Chair. A member of the Connecticut Bar Association, Mr. Roos is Past Chair of the Financial Institutions Law Section. He has served on a number of Connecticut Law Revision Study Committees including those on Uniform Common Interest Ownership Act, Electronic Communications, Mortgagor Liability, and Electronic Recording of Land Records. Read his full bio here.

Contact:Read more about Norman Roos

Italy’s top bank, UniCredit SpA, is yet another victim in a series of cyberattacks exploiting vulnerabilities in the financial services industry. Criminals made off with biographical and loan data from 400,000 UniCredit loan accounts after gaining access to the bank’s computer system through one of UniCredit’s third-party commercial partners. The series of data breaches was

Senate Bill 398, unanimously passed by the Nevada legislature and signed into law by the Governor on June 5th, represents the most far-reaching state legislation to date concerning the use of blockchain technology. Blockchain is a decentralized database system that can be used to track and manage a broad range of digital transactions.

In an effort to combat an increasing number of fraudulent transfers carried out using its network, SWIFT, the international bank transfer network, announced this month that it is adding new tools and controls designed to prevent fraudulent transfers in real time.

SWIFT reported that the new tools integrate into the SWIFT system directly without the need for new hardware or software and allow financial institutions to screen SWIFT message flows according to a set of pre-defined parameters. Suspicious money transfer requests would be immediately flagged and can be reviewed by a financial institution before processing.
Continue Reading SWIFT Shores Up Network Security With Real Time Cybersecurity Tools

Cybersecurity specialists at BAE Systems and Symantec announced last week new evidence suggesting that the criminals behind the notorious 2014 attack on Sony Corp. are also responsible for recent cyber-attacks involving 104 organizations in 31 countries. Researchers and investigators have long attributed the 2014 Sony attack, which crippled computer systems and revealed internal emails, to the North Korea-linked group known as “Lazarus.” Malware recently discovered running on the computers of a Polish bank suggest that the Lazarus group is now targeting global financial institutions using a sophisticated “watering hole” technique.
Continue Reading Sony Cyber-Attackers Lurking at Financial Supervisor “Watering Hole” Target Banks and Others

The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks.

At the hearing, bankers lamented that the proposed regulation will prove too burdensome to implement, particularly for small community banks.
Continue Reading Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation

UK-based Tesco Bank froze online transactions on Monday after discovering that cyber-criminals stole money from 20,000 different customer accounts. The exact method used by the perpetrators is still under review, but preliminary analysis suggests the attackers exploited weaknesses in the bank’s online payment system related to the  processing of debit card transactions. The Bank has

As cyber-attacks involving the global payment system SWIFT increase in frequency abroad, U.S. regulators are discussing steps designed to protect against similar attacks on U.S. financial institutions. The Federal Reserve, Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. issued a joint letter last week to Representative Carolyn Maloney (D-NY) of

An unnamed bank in Ukraine is the most recent victim in a series of cyber-attacks exploiting vulnerabilities in the international banking communications system. According to an independent IT monitoring organization, hackers stole approximately $10 million by breaking into the Ukrainian bank’s internal network and submitting fraudulent money orders via SWIFT, the messaging system responsible for

In order to better address both the opportunities and risks associated with the innovative use of consumer data by financial institutions, the European Banking Authority (EBA) released a discussion paper last week seeking public comments on the subject.

The EBA notes in the paper that the increasing digitalization of the economy and the adoption of

In an era of cyberwarfare, financial institutions can find themselves in the crossfire. The U.S. government indicted seven Iranian hackers last week, charging the individuals for their roles in a 2011 series of cyber-attacks targeting at least 46 major banking institutions. The attacks, which Attorney General Loretta Lynch called “relentless,” “systematic” and “widespread,” were carried