According to media reports, Russian government hackers have penetrated the systems of thousands of companies across a variety of industries, as well numerous US government agencies. Moreover, what has been publicly reported may be only the tip of the iceberg in terms of both the scope of the attacks’ victims and the attackers’ methodologies. The most recent reporting also suggests that victim companies are not just those that would be of obvious interest to Russian intelligence services. Accordingly, all companies should assess whether they have been affected by this attack, what steps they need to take to remediate those effects, and what legal and contractual obligations they may have to notify government agencies, business partners, customers, and individuals.
Continue Reading The Urgent Need to Assess and Respond to Russian Supply Chain Attacks

On Wednesday, December 16, 2015, the Commodity Futures Trading Commission (CFTC or Commission) approved for publication two proposed rules to amend existing regulations addressing cybersecurity.  The proposed rules would establish testing obligations and safeguards for the automated systems used by designated contract markets (DCMs), swap execution facilities (SEFs), swap data repositories (SDRs) (the Exchange Proposal), and derivatives clearing organizations (DCOs) (the Clearing Proposal and, together, the Proposals).1

The Commission’s Proposals grant regulated entities with significant deference with respect to the development and implementation of policies and procedures reasonably designed to demonstrate compliance with the new cybersecurity provisions.  However, these new regulatory burdens will come with significant operational, technology, and other resource burdens, including ongoing testing and engagement with third-party service providers.  Furthermore, the scope of the Proposals for testing may extend further than similar cybersecurity standards established by other federal agencies.

The Commission unanimously approved the Proposals.  They were published in the Federal Register on December 23, 2015 and are subject to a 60-day public comment period ending on February 22, 2016.
Continue Reading CFTC Adopts Proposed Cybersecurity Regulations

In prior posts we’ve observed that the technology underlying Bitcoin – the “blockchain” – presents a world of possible applications unrelated to the use of Bitcoin as a currency. From securities settlement to remittances to asset transfer to the Internet of Things, the possibilities are endless, and some of the best and brightest minds in

On Thursday, April 23, I spoke at the Bretton Woods Committee seminar, “Digital Payments and Currencies: Global Threat or Opportunity?”  The panel discussed the changes digital currencies and payment systems have brought to the market and the disruptive potential of a future in which they may become more conventional.

An audio clip of the seminar

It’s only been about a week since New York’s outgoing Superintendent of Financial Services Ben Lawsky released the long-awaited “BitLicense” rules for digital currency businesses operating in New York, but it’s not too early to try to assess the potential impact of those rules on the development of Bitcoin-related businesses and emerging financial technologies.

The