October 04, 2017
Cadwalader, Wickersham & Taft LLP was well represented at the recent ABS East Conference in Miami, participating in several key panels and presentations.
White Collar Litigation partner Joseph Moreno was a featured speaker on “Cybersecurity and Data Protection: What the Financial Services Professional Needs to Know.” He presented together with Peter Kolchmeyer, Managing Director and Senior Risk Information Officer, BNY Mellon, and Joshua Larocca, Managing Director, Stroz Friedberg.
Moreno set the stage by noting that while cyber-attacks of retailers such as Target and Home Depot traditionally have dominated the headlines, the fact is that hackers are becoming more creative with both their methods and victims. Investment banks, exchanges, law and accounting firms, third-party vendors and virtually any institution in the financial sector that possesses sensitive information should consider themselves on notice of a potential attack. Firms also must take into account that sophisticated attacks, such as the one that recently hit Equifax, may be backed by the resources of a foreign government, such as China, Russia, or North Korea, which considerably elevates the threat profile. Moreno noted that while hackers once appeared to focus solely on stealing customer identifications and banking and credit card information, now insider trading, corporate espionage, blackmail, and destabilization are all potential motives.
“It is essential that firms constantly maintain proper cyber hygiene to help stop attack, and have an incident response plan in place in case a hacker does get through,” Moreno told the audience. He also noted that the human element is always the weakest, saying that “along with your systems, you also have to constantly pressure-test your people who are most at risk for purposefully or inadvertently contributing to a data breach.”
In addition to the threat of a breach, firms also must be aware of the ever-growing collection of federal, state and international cybersecurity and data protection rules. In New York, banks and other financial institutions that are subject to supervision by the Department of Financial Services now are subject to data breach reporting and other requirements. Outside the U.S., the upcoming EU General Data Protection Regulation will impose similar notification and other cybersecurity requirements when they go into effect in 2018, applicable to all companies that seek customers in the EU. According to Moreno, “in the aftermath of a data breach, when you are facing serious security, legal, and reputational issues, the last thing you want to discover is that you are also out of compliance with cyber reporting and other requirements.”
Also in Miami, Cadwalader partner Peter Morreale was one of the featured participants in a special RMBS roundtable hosted by GlobalCapital. Joining Morreale on the panel were Grant Bailey, Managing Director, Fitch Ratings; Sam Dunlap, Senior Portfolio Manager, Angel Oak Capital Advisors; Lauren Hedvat, Director, Angel Oak Capital Advisors; and Sonal Patel, Managing Director, BNY Mellon. Moderating the panel was GlobalCapital editor Max Adams.
Morreale provided some context to help explain some hesitation among investors to move aggressively into the residential housing market. “There’s a lot more work being done around ensuring that the assets are what we think they are, and were originated the way we were told they were originated,” Morreale said. “So I think whereas pre-crisis maybe you saw a throwaway line about exceptions, now you’re seeing a real meaningful 50 pages of disclosure so that investors really can make a much better decision around whether they want to take a particular risk or not.” He added, “The disclosures are better at explaining to the investor: here is what we did, here’s what we didn’t do, here’s what this might mean, and you can make a judgment about whether you have confidence in that process.”
Morreale and the panel also debated the role of the CFPB and other regulators in providing oversight to the industry. Morreale expressed concern that, for large institutions, the CFPB is “not the only regulator dictating what they should and shouldn’t be doing.”
The roundtable discussion then turned to developments in the FinTech space, and Morreale shared a strong point of view. He said, “FinTech and technology can solve a lot of problems, but it presents a whole new set of issues to grapple with. . . . A borrower, even if they’re going to do it on a screen at home, they’re going to still need to be able to go back and look at what it is exactly they agreed to, and some of the issues that came up in that market were that those things were not clear – that a borrower had the ability to go back and say, okay, on this day, this was the loan form, those are the terms I agree to and, most importantly, that I can enforce. The spirit of the regulation . . . is to preserve the borrowers’ ability to know what they’re doing, what the risks are of what they’re doing, to get all the mandated disclosures in a way that they can read them, and they’re understandable.”