The Federal Financial Institutions Examination Council (“FFIEC”), a U.S. governmental body comprised of banking regulators, recently issued guidance to financial institutions directing them to consider implementing dedicated cyber insurance programs to offset financial losses resulting from cyber incidents. Financial institutions face a number of potentially crippling risks arising from cyber incidents, including financial, operational, legal, compliance, strategic, and reputational risks resulting from fraud, data loss, or disruption of service. While cyber insurance can mitigate these risks, it is not required by financial regulators, and thus many financial institutions may not have obtained such insurance specifically designed to cover their cyber risks. Nonetheless, the FFIEC now is urging financial institutions to include dedicated cyber insurance as part of a multi-faceted cyber risk management strategy and not to rely solely on traditional insurance. In addition, the FFIEC is recommending that financial institutions have their outside advisors review their potential cyber insurance coverage to ensure that it will cover the relevant risks.
May 25, 2018 should be a day circled on many company calendars. On that day, the European Union’s long-awaited Global Data Protection Regulation (“GDPR”) will go into effect. It is crucial for U.S. companies to prepare for the GDPR, as they, too, will be required to comply with a new set of data privacy rules if they are handling data from EU-based customers, suppliers, or affiliates. As long as you collect personal or behavioral data from someone in the EU, you must comply with the GDPR.
Earlier this week, Canada’s transport minister announced that a drone had collided with a commercial aircraft, the first confirmed collision of its kind in North America. Thankfully, the aircraft sustained only minor damage and was able to land safely. But this recent incident, which many commentators believed was inevitable given the proliferation of consumer and commercial drones, highlights the potential risks associated with drone operations.
From disaster preparedness and workplace safety to autonomous deliveries and performance arts, companies worldwide increasingly rely on drones as a natural extension of their business. Recent Federal Aviation Administration forecasts predict that nearly 4 million drones—over 420,000 of which will be used for commercial operations—will be operating in the U.S. by the year 2021.
The frequency and magnitude of Foreign Corrupt Practices Act of 1977 (FCPA) (15 U.S.C. § 78dd-1, et seq.) investigations and claims continue to grow. Last month, the U.S. Securities and Exchange Commission announced that Halliburton Co. had agreed to pay $29.2 million in fines and penalties to settle allegations that its operations in Angola and Iraq violated the FCPA’s books and records and internal accounting controls provisions. In its press release, Halliburton vowed that it had “continuously enhanced its global ethics and compliance program” since first receiving an anonymous tip in December 2010, but the recent settlement serves as a reminder that even the most robust compliance program cannot guarantee that FCPA violations will not occur.
On July 28, 2015, the New York Supreme Court in Navigators Insurance Company v. Sterling Infosystems, Inc., Index No. 653024/2013, (N.Y. Sup. Ct. July 28, 2015), held that Navigators Insurance Company must defend and indemnify its policyholder for claims seeking statutory damages under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 et seq., despite a policy exclusion for claims involving “[f]ines, penalties, forfeitures or sanctions.” The decision may have broad implications for policyholders pursuing coverage for the defense of lawsuits seeking statutory damages under privacy and consumer credit statutes, as well as other statutes that have traditionally been viewed to be punitive in nature.