SlideShare una empresa de Scribd logo

Cyber Security Unit laws_and_regulatory_requirements.pptx

Descargar como PPTX, PDF
S
SourabhNath4

Hello, cyber security notes and all. Details and various things.jsksjdhrjkdhdjdjdksjsbdks skgidbsks. Dudye8heueodheieheidhieheue. Sjsjsuowbsiskwbwiwngeiee wjehueowneur

Software
1 de 35
Laws and Regulatory Requirements
 Sarbanes-Oxley Act (SOX)  Payment Card Industry Data Security Standard (PCI DSS)  Gramm-Leach-Bliley Act (GLB) Act  Electronic Fund Transfer Act, Regulation E (EFTA)  Customs-Trade Partnership Against Terrorism (C-TPAT)  Free and Secure Trade Program (FAST)  Children's Online Privacy Protection Act (COPPA)  Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule; Federal Rules of Civil Procedure (FRCP) Broadly applicable laws and regulations
 Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s.  It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.  Who is affected: U.S. public company boards, management and public accounting firms. Sarbanes-Oxley Act (aka Sarbox, SOX)
Key requirements/provisions: The Act is organized into 11 titles: 1. Public Company Accounting Oversight 2. Auditor Independence 3. Corporate Responsibility 4. Enhanced Financial Disclosures 5. Analyst Conflicts of Interest 6. Commission Resources and Authority 7. Studies and Reports 8. Corporate and Criminal Fraud Accountability 9. White-Collar Crime Penalty Enhancements 10. Corporate Tax Returns 11. Corporate Fraud Accountability Sarbanes-Oxley Act (aka Sarbox, SOX)
 The PCI DSS is a set of requirements for enhancing security of payment customer account data.  It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures.  PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.  The Council has also issued requirements called the Payment Application Data Security Standard (PA DSS) and PCI Pin Transaction Security (PCI PTS).  Who is affected: Retailers, credit card companies, anyone handling credit card data. Payment Card Industry Data Security Standard (PCI DSS)
 Key requirements/provisions: Currently, PCI DSS specifies 12 requirements, organized in six basic objectives:  Objective 1: Build and Maintain a Secure Retail Point of Sale System - Requirement 1: Install and maintain a firewall configuration to protect cardholder data - Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters  Objective 2: Protect Cardholder Data - Requirement 3: Protect stored cardholder data - Requirement 4: Encrypt transmission of cardholder data across open, public networks Payment Card Industry Data Security Standard (PCI DSS)
 Objective 3: Maintain a Vulnerability Management Program - Requirement 5: Use and regularly update anti-virus software - Requirement 6: Develop and maintain secure systems and applications  Objective 4: Implement Strong Access Control Measures - Requirement 7: Restrict access to cardholder data by business need-to-know - Requirement 8: Assign a unique ID to each person with computer access - Requirement 9: Restrict physical access to cardholder data Payment Card Industry Data Security Standard (PCI DSS)
 Objective 5: Regularly Monitor and Test Networks - Requirement 10: Track and monitor all access to network resources and cardholder data - Requirement 11: Regularly test security systems and processes  Objective 6: Maintain an Information Security Policy - Requirement 12: Maintain a policy that addresses information security Payment Card Industry Data Security Standard (PCI DSS)
 Also known as the Financial Modernization Act of 1999, the GLB Act includes provisions to protect consumers' personal financial information held by financial institutions.  There are three principal parts to the privacy requirements: the Financial Privacy Rule, the Safeguards Rule and pretexting provisions. The Gramm-Leach-Bliley Act (GLB) Act of 19999
 Who is affected: Financial institutions (banks, securities firms, insurance companies), as well as companies providing financial products and services to consumers (including lending, brokering or servicing any type of consumer loan; transferring or safeguarding money; preparing individual tax returns; providing financial advice or credit counseling; providing residential real estate settlement services; collecting consumer debts). The Gramm-Leach-Bliley Act (GLB) Act of 19999
 Key requirements/provisions: The privacy requirements of GLB include three principal parts: 1. The Financial Privacy Rule: Requires financial institutions to give customers privacy notices that explain its information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information. The Gramm-Leach-Bliley Act (GLB) Act of 19999
2. The Safeguards Rule: Requires all financial institutions to design, implement and maintain safeguards to protect the confidentiality and integrity of personal consumer information. 3. Pretexting provisions: Protect consumers from individuals and companies that obtain their personal financial information under false pretenses, including fraudulent statements and impersonation. The Gramm-Leach-Bliley Act (GLB) Act of 19999
 Enacted in 1978, this law protects consumers engaging in electronic fund transfers from errors and fraud. It carries out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of EFT consumers of financial institutions that offer these services.  EFTs include ATM transfers, telephone bill-payment services, point-of-sale terminal transfers in stores and preauthorized transfers from or to a consumer's account (such as direct deposit and Social Security payments).  Effective August 2010, a new provision states that institutions may not impose dormancy, inactivity or service fees for pre-paid products, such as gift cards, nor can they have an expiration date of less than five years. Electronic Fund Transfer Act, Regulation E
ЗАКОН КЫРГЫЗСКОЙ РЕСПУБЛИКИ г.Бишкек, от 21 января 2015 года № 21 О платежной системе Кыргызской Республики (В редакции Закона КР от 1 марта 2017 года N 38) Electronic Fund Transfer Act, Regulation E
 Who is affected: Financial institutions that hold consumer accounts or provide EFT services, as well as merchants and other payees.  Key requirements/provisions: Regulation E includes the following provisions:  Definition of access device (debit cards, PINs, phone transfers, bill payment codes, private label cards).  Consumer acceptance of device (either through a request for the device or validation of an unsolicited device).  Financial institution responsibilities, such as disclosure requirements and records retention.  Consumer rights and responsibilities, such as procedures for reporting lost or stolen access devices and notifying the institution of an error.  Rules for preauthorized debits and electronic check transactions.  Error resolution process.  Unauthorized EFTs. Electronic Fund Transfer Act, Regulation E
 C-TPAT is a worldwide supply chain security initiative established in 2004.  It is a voluntary initiative run by U.S. Customs and Border Protection, with the goals of preventing terrorists and terrorist weapons from entering the U.S.  It is designed to build cooperative government-business relationships that strengthen and improve the overall international supply chain and U.S. border security.  Businesses are asked to ensure the integrity of their security practices and communicate and verify the security guidelines of their business partners within the supply chain. Customs-Trade Partnership Against Terrorism (C-TPAT)
 Benefits for participating in C-TPAT include a reduced number of CBP inspections, priority processing for CBP inspections, assignment of a C-TPAT supply chain security specialist to validate security throughout the company's supply chain and more.  Who is affected: Trade-related businesses, such as importers, carriers, consolidators, logistics providers, licensed customs brokers, and manufacturers. Customs-Trade Partnership Against Terrorism (C-TPAT)
 Key requirements/provisions: C-TPAT relies on a multi-layered approach consisting of the following five goals:  Ensure that C-TPAT partners improve the security of their supply chains pursuant to C-TPAT security criteria.  Provide incentives and benefits to include expedited processing of C-TPAT shipments to C-TPAT partners.  Internationalize the core principals of C-TPAT.  Support other CBP initiatives, such as Free and Secure Trade, Secure Freight Initiative, Container Security Initiative.  Improve administration of the C-TPAT program. Customs-Trade Partnership Against Terrorism (C-TPAT)
 Key requirements/provisions: C-TPAT security criteria encompass the following areas:  Business partners  Conveyance security  Physical access control  Personnel security  Procedural security  Physical security  Security training/Threat awareness  Information technology security Customs-Trade Partnership Against Terrorism (C-TPAT)
 FAST is a voluntary commercial clearance program run by U.S. Customs and Border Protection for pre-approved, low-risk goods entering the U.S. from Canada and Mexico.  Initiated after 9/11, the program allows for expedited processing for commercial carriers who have completed background checks and fulfill certain eligibility requirements.  Participation in FAST requires that every link in the supply chain — from manufacturer to carrier to driver to importer — is certified under the C-TPAT program (see above). Cards cost $50 and are valid for 5 years. Free and Secure Trade Program (FAST)
Benefits of using FAST and C-TPAT include:  Upon terrorist alerts, FAST/C-TPAT drivers will be allowed to cross the border.  Dedicated lanes for greater speed and efficiency  Reduced cost of compliance with customs requirements. Who is affected: Importers, carriers, consolidators, licensed customs brokers, and manufacturers. Free and Secure Trade Program (FAST)
Key requirements/provisions: Highway carriers authorized to use the FAST/C-TPAT program need to meet the following requirements:  A demonstrated history of complying with all relevant legislative and regulatory requirements.  Have made a commitment to security-enhancing business practices, as required by the C-TPAT and Canada's PIP program.  Use drivers that are in possession of a valid FAST commercial driver card when using FAST clearance.  In the case of carriers seeking FAST clearance into Canada, be bonded and have the necessary business processes required for the Customs Self Assessment (CSA) program. Free and Secure Trade Program (FAST)
 COPPA, which took effect in 2000, applies to the online collection of personal information from children under 13.  Monitored by the Federal Trade Commission (FTC), the rules limit how companies may collect and disclose children's personal information.  They codify what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children's privacy and safety online.  Who is affected:Operators of commercial Web sites and online services directed to children under 13 that collect personal information from children, as well as general audience Web sites with actual knowledge they are collecting personal Children's Online Privacy Protection Act
Key requirements/provisions: Basic provisions of COPPA include:  Privacy notice, with specifics on placement and content.  A direct notice to parents, with specifics on content.  Verifiable parental consent, for internal use, public disclosure and third-party disclosure of information.  Verification that a parent requesting access to child's information is actually the parent.  Ability for parents to revoke consent and delete information.  The ability for industry groups and others to create self- regulatory programs to govern compliance with COPPA. Children's Online Privacy Protection Act
 Passed in December 2003, FACTA is an amendment to the Fair Credit Reporting Act that is intended to help consumers avoid identity theft.  Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in the legislation.  The Act also says businesses in possession of consumer information or information derived from consumer reports must properly dispose of the information. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
 The Red Flags Rule establishes new provisions within FACTA requiring financial institutions, creditors, etc. to develop and implement an identity theft prevention program.  The Red Flags Rule has been delayed several times and is currently scheduled for enforcement by the FTC starting December 31, 2010.  Who is affected: Credit bureaus, credit reporting agencies, financial institutions, any business that uses a consumer report and creditors. As defined by FACTA, a creditor is anyone who provides products or services and bill for payment. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
Key requirements/provisions: FACTA includes the following key provisions:  Free reports. Consumers can obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies.  Fraud alerts and active duty alerts. Individuals can place alerts on their credit histories if identity theft is suspected or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult.  Truncation: Credit cards, debit cards, Social Security numbers. Credit and debit card receipts may not include more than the last five digits of the card number or the expiration date. Consumers who request a copy of their file can also request that the first five digits of their Social Security number not be included. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
 Information available to victims. A business that provides credit or products and services to someone who fraudulently uses your identity must give you copies of the documents, such as credit applications.  Collection agencies: If a victim of identity theft is contacted by a collection agency about a debt that resulted from the theft, the collector must inform the creditor of that. When creditors are notified that the debt is the work of an identity thief, they cannot sell the debt or place it for collection. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
Red Flags Rule: Several provisions within FACTA require financial institutions, creditors, etc. to develop and implement an identity theft prevention program, aimed at early detection and mitigation of fraud. The program must include provisions to identity relevant "red flags," detect these early warning signs, respond appropriately and periodically update the program. Additional provisions include guidelines and requirements to assess the validity of a change of address request and procedures to reconcile different consumer addresses. The deadline for complying with the Red Flags Rule has been extended several times and is currently December 2010. Questions remain as to which companies need to comply with this part of FACTA. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
 Proper disposal of consumer reports. Consumer reporting agencies and any business that uses a consumer report must adopt procedures for proper document disposal to avoid "dumpster diving" by identity thieves. This includes lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers, attorneys and private investigators, debt collectors, individuals who obtain a credit report on prospective nannies, contractors or tenants.  Disputing inaccurate information. Consumers can dispute data included in reports directly with the company that furnished it. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
 In place since 1938, the FRCP discovery rules govern court procedures for civil lawsuits.  The first major revisions, made in 2006, make clear that electronically stored information is discoverable, and they detail what, how and when electronic data must be produced.  As a result, companies must know what data they are storing and where it is; they need policies in place to manage electronic data; they need to follow these policies; and they need to be able to prove compliance with these policies, in order to avoid unfavorable rulings resulting from failing to produce data that is relevant to a case.  Security professionals may be involved in proving to a court's satisfaction that stored data has not been tampered with. Federal Rules of Civil Procedure (FRCP)
 Who is affected: Any company that is — or could be — involved in a civil lawsuit within the federal courts. In addition, because states have adopted FRCP-like rules, companies involved in litigation within a state court system are also affected. Federal Rules of Civil Procedure (FRCP)
Key requirements/provisions: There are 13 sections to the FCRP. The major changes pertain to Chapter 5, Rules 26-37, as these require a detailed understanding of electronic data retention policies and procedures, what data exists and where, as well as the ability to search for and produce this data within the timeframes stipulated. Here is a summary of these rules:  Rule 26 (a): Makes clear that electronically stored information is discoverable and that companies must be able to produce relevant data. Federal Rules of Civil Procedure (FRCP)
 Rule 26 (b)(2): Clarifies limits on discoverable data; for instance, companies are not required to produce data that would prove to be excessively expensive or burdensome, such as from sources that aren't reasonably accessible, like backup tapes used for disaster recovery and obsolete media.  Rule 26 (f): Stipulates that the parties involved need to discuss issues relating to the disclosure or discovery of electronic data before discovery begins.  Rule 33 (d): Establishes that a reasonable opportunity is provided to examine and audit the data provided. Federal Rules of Civil Procedure (FRCP)
 Rule 34 (b): Establishes that electronic data is as important as paper documents, and that it must be produced in a reasonably usable format.  Rule 37 (f): Provides "safe harbor" when electronic data is lost or unrecoverable, as long as it can be proved that good-faith business operations were routinely followed. Federal Rules of Civil Procedure (FRCP)

Recomendados

The UK Fintech Market
The UK Fintech MarketThe UK Fintech Market
The UK Fintech MarketUKinBrazilNetwork
 
Regulatory Focus - Issue 107
Regulatory Focus - Issue 107Regulatory Focus - Issue 107
Regulatory Focus - Issue 107Duff & Phelps
 
Consumer Data Rights
Consumer Data RightsConsumer Data Rights
Consumer Data RightsBikram Paul Choudhury
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019Roger Coenen
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingNIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies
 
Data protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdData protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
 
Transformational Mobile Payments - What are the central regulatory issues to ...
Transformational Mobile Payments - What are the central regulatory issues to ...Transformational Mobile Payments - What are the central regulatory issues to ...
Transformational Mobile Payments - What are the central regulatory issues to ...Osborne Clarke
 

Recomendados

The UK Fintech Market
The UK Fintech MarketThe UK Fintech Market
The UK Fintech MarketUKinBrazilNetwork
 
Regulatory Focus - Issue 107
Regulatory Focus - Issue 107Regulatory Focus - Issue 107
Regulatory Focus - Issue 107Duff & Phelps
 
Consumer Data Rights
Consumer Data RightsConsumer Data Rights
Consumer Data RightsBikram Paul Choudhury
 
EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019EU regulatory agenda 2018 2019
EU regulatory agenda 2018 2019Roger Coenen
 
Technology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingTechnology Facilitating the Regulatory Reporting
Technology Facilitating the Regulatory ReportingNIIT Technologies
 
NIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies regulatory reporting
NIIT Technologies regulatory reportingNIIT Technologies
 
Data protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdData protection for Lend.io - legal analysis by Bird and Bird
Data protection for Lend.io - legal analysis by Bird and BirdCoadec
 
Transformational Mobile Payments - What are the central regulatory issues to ...
Transformational Mobile Payments - What are the central regulatory issues to ...Transformational Mobile Payments - What are the central regulatory issues to ...
Transformational Mobile Payments - What are the central regulatory issues to ...Osborne Clarke
 
Dodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory ReportingDodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory ReportingHEXANIKA
 
EPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 smallEPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 smallJohn Pauley
 
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...Dr. Oliver Massmann
 
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...Cummings
 
CFPB Supervision and Examination Manual
CFPB Supervision and Examination ManualCFPB Supervision and Examination Manual
CFPB Supervision and Examination ManualCliff Busse
 
AMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptxAMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptxFinTech Belgium
 
Cfpb manual v2 102012
Cfpb manual v2 102012Cfpb manual v2 102012
Cfpb manual v2 102012Hilda Fagan
 
03 regulatory landscape&regtech
03 regulatory landscape&regtech03 regulatory landscape&regtech
03 regulatory landscape&regtechinnov-acts-ltd
 
DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites Philip Vasquez
 
Custody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC NeedsCustody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC NeedsTodd Breeden
 
Amla
AmlaAmla
Amlaelizaveta_ell
 
DATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDataSecretariat
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
 
KYC AML regulation in EU
KYC AML regulation in EUKYC AML regulation in EU
KYC AML regulation in EUMuthu Siva
 
FinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory SandboxFinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory SandboxKullarat Phongsathaporn
 
A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)Kullarat Phongsathaporn
 
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPRPSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPRLatvijas Banka
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsRaghavendra L Rao
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016John Pauley
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 

Más contenido relacionado

Similar a Cyber Security Unit laws_and_regulatory_requirements.pptx

Dodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory ReportingDodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory ReportingHEXANIKA
 
EPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 smallEPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 smallJohn Pauley
 
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...Dr. Oliver Massmann
 
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...Cummings
 
CFPB Supervision and Examination Manual
CFPB Supervision and Examination ManualCFPB Supervision and Examination Manual
CFPB Supervision and Examination ManualCliff Busse
 
AMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptxAMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptxFinTech Belgium
 
Cfpb manual v2 102012
Cfpb manual v2 102012Cfpb manual v2 102012
Cfpb manual v2 102012Hilda Fagan
 
03 regulatory landscape&regtech
03 regulatory landscape&regtech03 regulatory landscape&regtech
03 regulatory landscape&regtechinnov-acts-ltd
 
DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites Philip Vasquez
 
Custody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC NeedsCustody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC NeedsTodd Breeden
 
DATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDataSecretariat
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...Kullarat Phongsathaporn
 
KYC AML regulation in EU
KYC AML regulation in EUKYC AML regulation in EU
KYC AML regulation in EUMuthu Siva
 
FinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory SandboxFinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory SandboxKullarat Phongsathaporn
 
A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)Kullarat Phongsathaporn
 
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPRPSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPRLatvijas Banka
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsRaghavendra L Rao
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016John Pauley
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ, Inc.
 

Similar a Cyber Security Unit laws_and_regulatory_requirements.pptx (20)

Dodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory ReportingDodd-Frank's Impact on Regulatory Reporting
Dodd-Frank's Impact on Regulatory Reporting
 
EPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 smallEPA AML presentation 23 February 2016 small
EPA AML presentation 23 February 2016 small
 
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
LAWYER IN VIETNAM DR. OLIVER MASSMANN – E-COMMERCE - THE WORLD BANK IS ASKING...
 
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
Legal shorts 05.12.14 including Chancellor’s 2014 Autumn statement and FCA up...
 
CFPB Supervision and Examination Manual
CFPB Supervision and Examination ManualCFPB Supervision and Examination Manual
CFPB Supervision and Examination Manual
 
AMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptxAMS_03 François De Witte_. .pptx
AMS_03 François De Witte_. .pptx
 
Cfpb manual v2 102012
Cfpb manual v2 102012Cfpb manual v2 102012
Cfpb manual v2 102012
 
03 regulatory landscape&regtech
03 regulatory landscape&regtech03 regulatory landscape&regtech
03 regulatory landscape&regtech
 
DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites DLT - AML & CFT - Risks & Opportunites
DLT - AML & CFT - Risks & Opportunites
 
Custody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC NeedsCustody Banking and Emerging KYC Needs
Custody Banking and Emerging KYC Needs
 
Amla
AmlaAmla
Amla
 
DATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best Practices
 
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
S26: Techsauce | A New World of FinTech Regulation: What the Future Holds (23...
 
KYC AML regulation in EU
KYC AML regulation in EUKYC AML regulation in EU
KYC AML regulation in EU
 
FinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory SandboxFinTech_Thailand's FinTech Regulatory Sandbox
FinTech_Thailand's FinTech Regulatory Sandbox
 
A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)A4: Kasetsart University | FinTech and Contracts (2018)
A4: Kasetsart University | FinTech and Contracts (2018)
 
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPRPSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
PSD2 un GDPR savstarpējā ietekme. Intersections of PSD2 and GDPR
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory Aspects
 
EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016EPA PSD2 Presentation 23 February 2016
EPA PSD2 Presentation 23 February 2016
 
CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018CBIZ Banking & Financial Services Hot Topics - January 2018
CBIZ Banking & Financial Services Hot Topics - January 2018
 

Último

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 

Último (20)

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 

Cyber Security Unit laws_and_regulatory_requirements.pptx

  • 1. Laws and Regulatory Requirements
  • 2.  Sarbanes-Oxley Act (SOX)  Payment Card Industry Data Security Standard (PCI DSS)  Gramm-Leach-Bliley Act (GLB) Act  Electronic Fund Transfer Act, Regulation E (EFTA)  Customs-Trade Partnership Against Terrorism (C-TPAT)  Free and Secure Trade Program (FAST)  Children's Online Privacy Protection Act (COPPA)  Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule; Federal Rules of Civil Procedure (FRCP) Broadly applicable laws and regulations
  • 3.  Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s.  It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.  Who is affected: U.S. public company boards, management and public accounting firms. Sarbanes-Oxley Act (aka Sarbox, SOX)
  • 4. Key requirements/provisions: The Act is organized into 11 titles: 1. Public Company Accounting Oversight 2. Auditor Independence 3. Corporate Responsibility 4. Enhanced Financial Disclosures 5. Analyst Conflicts of Interest 6. Commission Resources and Authority 7. Studies and Reports 8. Corporate and Criminal Fraud Accountability 9. White-Collar Crime Penalty Enhancements 10. Corporate Tax Returns 11. Corporate Fraud Accountability Sarbanes-Oxley Act (aka Sarbox, SOX)
  • 5.  The PCI DSS is a set of requirements for enhancing security of payment customer account data.  It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures.  PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.  The Council has also issued requirements called the Payment Application Data Security Standard (PA DSS) and PCI Pin Transaction Security (PCI PTS).  Who is affected: Retailers, credit card companies, anyone handling credit card data. Payment Card Industry Data Security Standard (PCI DSS)
  • 6.  Key requirements/provisions: Currently, PCI DSS specifies 12 requirements, organized in six basic objectives:  Objective 1: Build and Maintain a Secure Retail Point of Sale System - Requirement 1: Install and maintain a firewall configuration to protect cardholder data - Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters  Objective 2: Protect Cardholder Data - Requirement 3: Protect stored cardholder data - Requirement 4: Encrypt transmission of cardholder data across open, public networks Payment Card Industry Data Security Standard (PCI DSS)
  • 7.  Objective 3: Maintain a Vulnerability Management Program - Requirement 5: Use and regularly update anti-virus software - Requirement 6: Develop and maintain secure systems and applications  Objective 4: Implement Strong Access Control Measures - Requirement 7: Restrict access to cardholder data by business need-to-know - Requirement 8: Assign a unique ID to each person with computer access - Requirement 9: Restrict physical access to cardholder data Payment Card Industry Data Security Standard (PCI DSS)
  • 8.  Objective 5: Regularly Monitor and Test Networks - Requirement 10: Track and monitor all access to network resources and cardholder data - Requirement 11: Regularly test security systems and processes  Objective 6: Maintain an Information Security Policy - Requirement 12: Maintain a policy that addresses information security Payment Card Industry Data Security Standard (PCI DSS)
  • 9.  Also known as the Financial Modernization Act of 1999, the GLB Act includes provisions to protect consumers' personal financial information held by financial institutions.  There are three principal parts to the privacy requirements: the Financial Privacy Rule, the Safeguards Rule and pretexting provisions. The Gramm-Leach-Bliley Act (GLB) Act of 19999
  • 10.  Who is affected: Financial institutions (banks, securities firms, insurance companies), as well as companies providing financial products and services to consumers (including lending, brokering or servicing any type of consumer loan; transferring or safeguarding money; preparing individual tax returns; providing financial advice or credit counseling; providing residential real estate settlement services; collecting consumer debts). The Gramm-Leach-Bliley Act (GLB) Act of 19999
  • 11.  Key requirements/provisions: The privacy requirements of GLB include three principal parts: 1. The Financial Privacy Rule: Requires financial institutions to give customers privacy notices that explain its information collection and sharing practices. In turn, customers have the right to limit some sharing of their information. Financial institutions and other companies that receive personal financial information from a financial institution may be limited in their ability to use that information. The Gramm-Leach-Bliley Act (GLB) Act of 19999
  • 12. 2. The Safeguards Rule: Requires all financial institutions to design, implement and maintain safeguards to protect the confidentiality and integrity of personal consumer information. 3. Pretexting provisions: Protect consumers from individuals and companies that obtain their personal financial information under false pretenses, including fraudulent statements and impersonation. The Gramm-Leach-Bliley Act (GLB) Act of 19999
  • 13.  Enacted in 1978, this law protects consumers engaging in electronic fund transfers from errors and fraud. It carries out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of EFT consumers of financial institutions that offer these services.  EFTs include ATM transfers, telephone bill-payment services, point-of-sale terminal transfers in stores and preauthorized transfers from or to a consumer's account (such as direct deposit and Social Security payments).  Effective August 2010, a new provision states that institutions may not impose dormancy, inactivity or service fees for pre-paid products, such as gift cards, nor can they have an expiration date of less than five years. Electronic Fund Transfer Act, Regulation E
  • 14. ЗАКОН КЫРГЫЗСКОЙ РЕСПУБЛИКИ г.Бишкек, от 21 января 2015 года № 21 О платежной системе Кыргызской Республики (В редакции Закона КР от 1 марта 2017 года N 38) Electronic Fund Transfer Act, Regulation E
  • 15.  Who is affected: Financial institutions that hold consumer accounts or provide EFT services, as well as merchants and other payees.  Key requirements/provisions: Regulation E includes the following provisions:  Definition of access device (debit cards, PINs, phone transfers, bill payment codes, private label cards).  Consumer acceptance of device (either through a request for the device or validation of an unsolicited device).  Financial institution responsibilities, such as disclosure requirements and records retention.  Consumer rights and responsibilities, such as procedures for reporting lost or stolen access devices and notifying the institution of an error.  Rules for preauthorized debits and electronic check transactions.  Error resolution process.  Unauthorized EFTs. Electronic Fund Transfer Act, Regulation E
  • 16.  C-TPAT is a worldwide supply chain security initiative established in 2004.  It is a voluntary initiative run by U.S. Customs and Border Protection, with the goals of preventing terrorists and terrorist weapons from entering the U.S.  It is designed to build cooperative government-business relationships that strengthen and improve the overall international supply chain and U.S. border security.  Businesses are asked to ensure the integrity of their security practices and communicate and verify the security guidelines of their business partners within the supply chain. Customs-Trade Partnership Against Terrorism (C-TPAT)
  • 17.  Benefits for participating in C-TPAT include a reduced number of CBP inspections, priority processing for CBP inspections, assignment of a C-TPAT supply chain security specialist to validate security throughout the company's supply chain and more.  Who is affected: Trade-related businesses, such as importers, carriers, consolidators, logistics providers, licensed customs brokers, and manufacturers. Customs-Trade Partnership Against Terrorism (C-TPAT)
  • 18.  Key requirements/provisions: C-TPAT relies on a multi-layered approach consisting of the following five goals:  Ensure that C-TPAT partners improve the security of their supply chains pursuant to C-TPAT security criteria.  Provide incentives and benefits to include expedited processing of C-TPAT shipments to C-TPAT partners.  Internationalize the core principals of C-TPAT.  Support other CBP initiatives, such as Free and Secure Trade, Secure Freight Initiative, Container Security Initiative.  Improve administration of the C-TPAT program. Customs-Trade Partnership Against Terrorism (C-TPAT)
  • 19.  Key requirements/provisions: C-TPAT security criteria encompass the following areas:  Business partners  Conveyance security  Physical access control  Personnel security  Procedural security  Physical security  Security training/Threat awareness  Information technology security Customs-Trade Partnership Against Terrorism (C-TPAT)
  • 20.  FAST is a voluntary commercial clearance program run by U.S. Customs and Border Protection for pre-approved, low-risk goods entering the U.S. from Canada and Mexico.  Initiated after 9/11, the program allows for expedited processing for commercial carriers who have completed background checks and fulfill certain eligibility requirements.  Participation in FAST requires that every link in the supply chain — from manufacturer to carrier to driver to importer — is certified under the C-TPAT program (see above). Cards cost $50 and are valid for 5 years. Free and Secure Trade Program (FAST)
  • 21. Benefits of using FAST and C-TPAT include:  Upon terrorist alerts, FAST/C-TPAT drivers will be allowed to cross the border.  Dedicated lanes for greater speed and efficiency  Reduced cost of compliance with customs requirements. Who is affected: Importers, carriers, consolidators, licensed customs brokers, and manufacturers. Free and Secure Trade Program (FAST)
  • 22. Key requirements/provisions: Highway carriers authorized to use the FAST/C-TPAT program need to meet the following requirements:  A demonstrated history of complying with all relevant legislative and regulatory requirements.  Have made a commitment to security-enhancing business practices, as required by the C-TPAT and Canada's PIP program.  Use drivers that are in possession of a valid FAST commercial driver card when using FAST clearance.  In the case of carriers seeking FAST clearance into Canada, be bonded and have the necessary business processes required for the Customs Self Assessment (CSA) program. Free and Secure Trade Program (FAST)
  • 23.  COPPA, which took effect in 2000, applies to the online collection of personal information from children under 13.  Monitored by the Federal Trade Commission (FTC), the rules limit how companies may collect and disclose children's personal information.  They codify what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent and what responsibilities an operator has to protect children's privacy and safety online.  Who is affected:Operators of commercial Web sites and online services directed to children under 13 that collect personal information from children, as well as general audience Web sites with actual knowledge they are collecting personal Children's Online Privacy Protection Act
  • 24. Key requirements/provisions: Basic provisions of COPPA include:  Privacy notice, with specifics on placement and content.  A direct notice to parents, with specifics on content.  Verifiable parental consent, for internal use, public disclosure and third-party disclosure of information.  Verification that a parent requesting access to child's information is actually the parent.  Ability for parents to revoke consent and delete information.  The ability for industry groups and others to create self- regulatory programs to govern compliance with COPPA. Children's Online Privacy Protection Act
  • 25.  Passed in December 2003, FACTA is an amendment to the Fair Credit Reporting Act that is intended to help consumers avoid identity theft.  Accuracy, privacy, limits on information sharing, and new consumer rights to disclosure are included in the legislation.  The Act also says businesses in possession of consumer information or information derived from consumer reports must properly dispose of the information. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 26.  The Red Flags Rule establishes new provisions within FACTA requiring financial institutions, creditors, etc. to develop and implement an identity theft prevention program.  The Red Flags Rule has been delayed several times and is currently scheduled for enforcement by the FTC starting December 31, 2010.  Who is affected: Credit bureaus, credit reporting agencies, financial institutions, any business that uses a consumer report and creditors. As defined by FACTA, a creditor is anyone who provides products or services and bill for payment. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 27. Key requirements/provisions: FACTA includes the following key provisions:  Free reports. Consumers can obtain a free credit report once every 12 months from each of the three nationwide consumer credit reporting companies.  Fraud alerts and active duty alerts. Individuals can place alerts on their credit histories if identity theft is suspected or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult.  Truncation: Credit cards, debit cards, Social Security numbers. Credit and debit card receipts may not include more than the last five digits of the card number or the expiration date. Consumers who request a copy of their file can also request that the first five digits of their Social Security number not be included. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 28.  Information available to victims. A business that provides credit or products and services to someone who fraudulently uses your identity must give you copies of the documents, such as credit applications.  Collection agencies: If a victim of identity theft is contacted by a collection agency about a debt that resulted from the theft, the collector must inform the creditor of that. When creditors are notified that the debt is the work of an identity thief, they cannot sell the debt or place it for collection. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 29. Red Flags Rule: Several provisions within FACTA require financial institutions, creditors, etc. to develop and implement an identity theft prevention program, aimed at early detection and mitigation of fraud. The program must include provisions to identity relevant "red flags," detect these early warning signs, respond appropriately and periodically update the program. Additional provisions include guidelines and requirements to assess the validity of a change of address request and procedures to reconcile different consumer addresses. The deadline for complying with the Red Flags Rule has been extended several times and is currently December 2010. Questions remain as to which companies need to comply with this part of FACTA. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 30.  Proper disposal of consumer reports. Consumer reporting agencies and any business that uses a consumer report must adopt procedures for proper document disposal to avoid "dumpster diving" by identity thieves. This includes lenders, insurers, employers, landlords, government agencies, mortgage brokers, automobile dealers, attorneys and private investigators, debt collectors, individuals who obtain a credit report on prospective nannies, contractors or tenants.  Disputing inaccurate information. Consumers can dispute data included in reports directly with the company that furnished it. Fair and Accurate Credit Transaction Act (FACTA), including Red Flags Rule
  • 31.  In place since 1938, the FRCP discovery rules govern court procedures for civil lawsuits.  The first major revisions, made in 2006, make clear that electronically stored information is discoverable, and they detail what, how and when electronic data must be produced.  As a result, companies must know what data they are storing and where it is; they need policies in place to manage electronic data; they need to follow these policies; and they need to be able to prove compliance with these policies, in order to avoid unfavorable rulings resulting from failing to produce data that is relevant to a case.  Security professionals may be involved in proving to a court's satisfaction that stored data has not been tampered with. Federal Rules of Civil Procedure (FRCP)
  • 32.  Who is affected: Any company that is — or could be — involved in a civil lawsuit within the federal courts. In addition, because states have adopted FRCP-like rules, companies involved in litigation within a state court system are also affected. Federal Rules of Civil Procedure (FRCP)
  • 33. Key requirements/provisions: There are 13 sections to the FCRP. The major changes pertain to Chapter 5, Rules 26-37, as these require a detailed understanding of electronic data retention policies and procedures, what data exists and where, as well as the ability to search for and produce this data within the timeframes stipulated. Here is a summary of these rules:  Rule 26 (a): Makes clear that electronically stored information is discoverable and that companies must be able to produce relevant data. Federal Rules of Civil Procedure (FRCP)
  • 34.  Rule 26 (b)(2): Clarifies limits on discoverable data; for instance, companies are not required to produce data that would prove to be excessively expensive or burdensome, such as from sources that aren't reasonably accessible, like backup tapes used for disaster recovery and obsolete media.  Rule 26 (f): Stipulates that the parties involved need to discuss issues relating to the disclosure or discovery of electronic data before discovery begins.  Rule 33 (d): Establishes that a reasonable opportunity is provided to examine and audit the data provided. Federal Rules of Civil Procedure (FRCP)
  • 35.  Rule 34 (b): Establishes that electronic data is as important as paper documents, and that it must be produced in a reasonably usable format.  Rule 37 (f): Provides "safe harbor" when electronic data is lost or unrecoverable, as long as it can be proved that good-faith business operations were routinely followed. Federal Rules of Civil Procedure (FRCP)