A recent cybersecurity report finds that nearly one in five middle market organizations experienced a data breach in the last year, despite the fact most executives are confident in their security measures.
The report, the 10th annual RSM US Middle Market business Index Special Report: Cybersecurity 2025, said that while reported breaches have fallen significantly since 2024, companies need to remain diligent in their cybersecurity efforts. The report was created by RSM US in partnership with the U.S. Chamber of Commerce and looked into cybersecurity trends, strategies and concern in the midsize business marketplace.
The report said larger companies (between $50 million and $1 billion in revenue) were twice as likely as smaller companies (between $10 million and $50 million in revenue) to suffer a breach in the past year. Twenty-four percent of larger company respondents reported a breach, compared to 12 percent of smaller companies. The data also shows, however, that smaller firms seem to lag in cybersecurity budgets and staffing when compared to their larger counterparts, the report said.
“While this year’s survey results are encouraging, the drop in reported breaches may be attributed to normalization following a spike in 2024 due to the sanctions and disruption in the financial network related to the Russia-Ukraine conflict,” Tauseef Ghazi, national leader of security and privacy with RSM US LLP, said. “With the increasing complexity of attacks, it’s also possible that some companies may not have identified the presence of an attacker in their systems. This means continued vigilance is necessary, especially with the augmentation of AI to support malicious activities.”
The report also found that U.S. firms are prioritizing cybersecurity, with 91 percent of respondents who said they expect their company’s cybersecurity budget to increase in the coming year. The report recommends firms take advantage of consultants who could help drive automation to solve problems at a lower cost.
The report also found that the percentage of firms carrying cyber insurance has increased from 76 percent last year to 82 percent this year. Firms are also implementing strategies to limit business disruptions with 52 percent of respondents saying they are developing crisis or disruption communications plans, 51 percent developing a business continuity plan, and 50 percent implementing a disaster recovery plan for critical systems.
“As the cyber landscape continues to evolve, it’s more important than ever for businesses to understand and incorporate advanced technologies to bolster their cyber posture,” Christopher D. Roberti, Senior Vice President for Cyber, Space and National Security Policy at the U.S. Chamber of Commerce, said. “As we enter this new era of risk and uncertainty, the U.S. Chamber is advocating for a collaborative approach to cybersecurity, emphasizing the importance of public-private partnerships and industry-led standards to enhance our collective security and resilience.”
By Liz Carey, Financial Regulation News
The possible reclassification of marijuana under the federal Controlled Substances Act is sparking debate about dismantling barriers to interstate commerce and the future of the industry.
While many states have created regulated marijuana markets for medical or recreational use or both, federal law remains a roadblock to nationwide market integration. According to a report titled “Where Will Weed Win” by Robin Goldstein, director of the Cannabis Economics Group at the University of California, Davis, the future of the industry depends on federal regulatory outcomes.
The future of rescheduling or descheduling marijuana remains uncertain, with many executives and operators in the $32 billion marijuana industry wondering whether it will happen under the Trump administration.
“To deschedule, I’d be shocked if it happened in the next five years, and I’d be surprised if it happened in the next 10,” Frank Colombo, managing director at Viridian Capital Advisors, a New York-based, cannabis-focused investment banking and data analytics firm, told MJBizDaily.
Navigate the Evolving Cannabis Banking Landscape at the NASCUS 2025 Symposium in New Mexico
This two-day symposium brings together credit union leaders, compliance specialists, cannabis industry experts, and key stakeholders for a deep dive into the complexities and opportunities within cannabis banking.
Rescheduling versus descheduling
Opinions vary about the impact of rescheduling or descheduling will have on the marijuana industry. Although rescheduling – as opposed to descheduling – marijuana to Schedule 1 is unlikely to result in interstate commerce, it would grant federal tax benefits to licensed cannabis businesses under Section 280E of the Internal Revenue Code, according to Goldstein’s report.
“Schedule 3 doesn’t do much beyond 280E relief,” said Avis Bulbulyan, CEO of California-based cannabis consulting firm Siva. “280E doesn’t apply to you if you’re Schedule 1 or Schedule 2. It doesn’t change the supply chain or dynamics, but it could open opportunities for listings on stock exchanges.”
If marijuana is rescheduled, it would require additional legislation, such as SAFE Banking, to enable interstate commerce, Bulbulyan said. States also would have to decide whether to tax cannabis products that are imported into their jurisdiction, he said.
Rescheduling marijuana could result in a moderate expansion of the pharmaceutical cannabis market. But any cannabis-based products likely would have to be approved by the Food and Drug Administration before they could be sold in pharmacies. But the cost to enter the market for FDA-approved medicine might not generate ample returns to be worth it.
“Business models in this market segment are typically built around patents and health insurance, which would probably not translate well to weed,” according to the “Where Will Weed Win” report. “The product is already widely available in generic forms that could not be patented and markups over production costs could not compete well with the margins of most profitable pharmaceutical products.”
Who would be winners and losers in cannabis space?
Descheduling would likely legalize interstate commerce for the industry, which would accelerate its growth, according to the report.
It also could result in federal government regulation of the industry and taxation of marijuana products, which would slow the industry, create new costs for struggling businesses and make it more difficult for licensed cannabis businesses to compete with the illicit market.
Viridian’s Colombo said Western states such as California, Oregon and Washington, where cultivation is cheaper – and perhaps Oklahoma – would be the winners under a descheduling scenario. The biggest losers would be cannabis multistate operators that have built indoor cultivation facilities in states where it’s not practical to grow marijuana outdoors.
States also would be losers because descheduling would cut into their tax revenue. “Every state that legalized for medical or adult-use/rec did it for a reason,” Colombo said. “Caring about the patients is not one of them. It’s jobs and taxes. “There would be no reason for anyone to build an indoor cultivation facility in New York if they didn’t have to. “If you could put a regional production facility in Tennessee and ship to New York, you would do that. “New York doesn’t want to do that. There’s a lot of jobs and taxes coming from cultivation facilities in New York.”
Hemp-derived THC is X factor
Interstate commerce might not be legal for the marijuana industry, but it is for businesses that produce intoxicating hemp products and have captured a substantial share of legal cannabis dollars, according to Goldstein’s report.
“Many THC products now being sold in thousands of stores in hemp states are equivalent to licensed cannabis products being sold in other states,” the report said. That’s why states such as California and Missouri want to regulate or ban it, Colombo said. “They know which side their bread is buttered on,” he said. “They’re making taxes on (marijuana) but not hemp.”
Bulbulyan agrees.
“A governor in a state that has an adult-use program has a piggy bank, and they’re not going to let go of it and allow hemp,” he said. States trying to stamp out intoxicating hemp products argue that they are unsafe, untested and sold to minors. But such claims are merely excuses, Colombo said.
Given that the intoxicating hemp industry is growing faster than the marijuana sector indicates that consumers are voting with their wallets. They know the products aren’t tested, but they’re still buying it because it’s more convenient, Colombo said.
“Convenience stores and gas stations sell beer as well and manage not to sell it to minors,” he said. “Is it possible to have sales of intoxicating hemp products and still protect minors? “Yeah, of course it is.”’
Margaret Jackson, MJBizDaily.com
The agency’s restructuring will merge the supervision of large, midsize, and community banks
The Office of the Comptroller of Currency (OCC) is set to implement an organizational restructuring that removes the division dedicated to supervising community banks. Effective June 2, the regulator will combine the Midsize and Community Bank Supervision with the Large Bank Supervision function to create the Bank Supervision and Examination line of business.
Greg Coleman, who currently serves as senior deputy comptroller of Large Bank Supervision, will lead the newly formed Bank Supervision and Examination office. Meanwhile, Beverly Cole, who oversees Midsize and Community Bank Supervision, will retire after 43 years with the agency.
The OCC says the restructuring is designed to better address current challenges, streamline operations by aligning similar functions, and improve efficiency. By blending the supervision of large, midsize, and community banks, the agency aims to enhance collaboration and more effectively respond to bank-specific or emerging issues.
However, the Independent Community Bankers of America (ICBA) has pushed back against the plan, urging the OCC to maintain a dedicated supervision framework for community banks and calling the merger “counterintuitive.”
With policymakers demanding stronger financial oversight, the ICBA argues it is counterintuitive to consolidate supervisory approaches for institutions with vastly different business models and risk profiles. “This change marks a step in the wrong direction and contradicts the agency’s own stated commitment to tailoring supervision based on a bank’s size, complexity and risk profile — rather than applying a one-size-fits-all model,” the group said.
It added that the removal of a dedicated supervision for community banks threatens to weaken the nuanced oversight that effective community bank supervision requires and undermines the tailored regulatory approach they rely on.
As a result, the group has urged the OCC to maintain a dedicated supervision framework for community banks, one that acknowledges their unique role, ensures balanced oversight, and safeguards the stability and choice they offer consumers and local economies.
Written by Banking Exchange staff
The Consumer Financial Protection Bureau (CFPB) said Friday (April 11) that it will not prioritize enforcement of a regulation requiring a registry of nonbank financial companies that have broken consumer laws and are subject to federal, state or local government or court orders.
“The Bureau will instead continue to focus its enforcement and supervision activities on pressing threats to consumers,” the CFPB said in a Friday press release. “The Bureau is further considering issuing a notice of proposed rulemaking to rescind the regulation or narrow its scope.”
The regulation, “Registry of Nonbank Covered Persons Subject to Certain Agency and Court Orders,” was announced by the CFPB in June.
The Bureau said at the time in a press release that the regulation required covered nonbank companies to register with the CFPB when they have been caught violating consumer law and to provide an attestation from a senior executive that the company follows any relevant orders.
It added that the registry is meant to help law enforcement across the United States identify and stop repeat offenders.
“Too many American families have been harmed by corporate repeat offenders in a rinse-and-repeat cycle of illegality, where bad actors see fines and penalties as the cost of doing business,” then-CFPB Director Rohit Chopra said at the time. “Throughout our economy, we have seen fraudsters and scam artists get caught in one part of the country and restart their scheme in a new place hoping to not get caught again.”
Regulators did not offer up cost-benefit analyses as to how the expanded disclosures would impact and improve earlier procedures — and what the impact might be, ultimately, to firms and their end customers — PYMNTS reported at the time.
Commenting on the registry when it was proposed, the U.S. Chamber of Commerce said in a March 2023 letter to the CFPB that “in publicizing information that is already public, the Proposed Rule would not help consumers. In contrast, the Proposed Rule would impose very real costs upon consumer financial services companies that are subject to its requirements, including by driving up compliance costs through an unlawful executive attestation requirement … specifically, the contemplated public disclosures will lack critical context, particularly when a final order does not disclose potential weaknesses in the agency’s case, the reasons the company chose to enter a settlement agreement and whether the company admitted fault.”
The CFPB said in its Friday press release that it aims to give “regulatory relief” from the registration requirements for small loan providers.
Key Points
- The share of borrowers applying for adjustable-rate loans jumped to the highest in over two years.
- Mortgage rates jumped 20 basis points in one week.
- Homebuyers pulled back, despite much higher inventory of homes for sale.
Mortgage rates jumped to the highest level since February last week, dampening overall demand and sending homebuyers in search of riskier loans with lower rates.
Total mortgage application volume fell 8.5% last week compared with the previous week, according to the Mortgage Bankers Association’s seasonally adjusted index.
The average contract interest rate for 30-year fixed-rate mortgages with conforming loan balances, $806,500 or less, increased to 6.81% from 6.61%, with points decreasing to 0.62 from 0.63, including the origination fee, for loans with a 20% down payment.
Applications for a mortgage to purchase a home dropped 5% for the week and were 13% higher than the same week one year ago. Demand from buyers may be higher than a year ago, but there is 30% more active inventory on the market than there was last year at this time, according to Realtor.com. That suggests the annual comparison should be much larger, as low inventory was blamed for weak sales last year.
“Economic uncertainty and the volatility in rates is likely to make at least some prospective buyers more hesitant to move forward with a purchase,” said Mike Fratantoni, senior vice president and chief economist at the MBA.
Home prices are also higher than they were a year ago, and that has more borrowers looking to lower their potential monthly payments. Adjustable-rate mortgages offer lower interest rates but are considered riskier because they have a shorter fixed term and then can adjust higher.
“Given the jump in rates, more borrowers are opting for the lower initial rates that come with an ARM, with initial fixed rates closer to 6 percent in our survey last week,” said Fratantoni, noting a full percentage point jump in the ARM share in just a week.
“The ARM share at 9.6 percent was the highest since November 2023, and this reflects the share of units. On a dollar basis, almost a quarter of the application volume last week was for ARMs, as borrowers with larger loans are even more likely to opt for an ARM,” he added.
Applications to refinance a home loan dropped 12% for the week but were 68% higher than the same week one year ago. Rates at this time last year were 32 basis points higher.
Mortgage rates moved lower to start this week, as markets were far calmer than they were last week. But experts warn there is likely more volatility to come.
“Despite the friendly move and the relative calm, this still isn’t an environment where it makes sense to take anything for granted in terms of today’s rates being available beyond the present day,” said Matthew Graham, chief operating officer at Mortgage News Daily.
The Office of the Comptroller of the Currency will merge its large, midsize and community bank supervision units into a single office, according to an agency announcement on Wednesday.
According to the OCC, the change — which will result in a unified bank supervision and examination division — aims to streamline oversight and reduce inefficiencies at the regulator, which oversees nationally chartered banks.
“Blending the large, midsize and community bank supervision activities will allow for the seamless sharing of expertise and resources to address bank-specific issues or novel needs and provides opportunities for career development and progression for the agency’s entire examination workforce,” an agency release stated. “To ensure [our] approach to supervision evolves to better address today’s challenges, align similar functions within the agency, and leverage opportunities for efficiencies.”
Deputy Comptroller Beverly Cole, who oversees the agency’s Midsize and Community Bank Supervisory unit, will retire after over four decades at the agency. Senior Deputy Comptroller Greg Coleman, currently overseeing large bank supervision, will lead the new unified division.
Click here to continue reading
Courtesy of Ebrima Santos Sanneh, American Banker
As cyberattacks grow more sophisticated, organizations are increasingly worried not just about data theft but also about threats to their critical infrastructure.
Courtesy of Tom Nawrocki, Payments Journal
With hackers backed by rogue nation-states, the risk landscape has expanded exponentially—affecting consumers, employees, and even supply chains.
A report from Javelin Strategy & Research, New Stakes of Cyber Resiliency in the Era of Cyber Warfare, explores how large organizations can protect themselves against these risks. Tracy Goldberg, Javelin’s Director of Fraud and Security and author of the report, emphasizes the importance of cyber resiliency, which she defines as an organization’s ability to withstand and recover from attacks.
Attacks From an Array of Enemies
Privacy risks associated with social media and artificial intelligence have become even more severe, especially as political adversaries such as Iran and China back these cyber threats. These groups are researching financial institutions’ supply chains, exploiting vulnerabilities in API networks through island hopping techniques, and launching attacks to infiltrate systems.
Cyber resiliency is essential for long-term defense against these escalating threats. To enforce cyber resiliency, Goldberg recommends a holistic approach. This includes securing every device connected to the enterprise, educating employees on phishing attacks, ensuring the use of VPNs, and thoroughly assessing third-party connections and supply chain risks.
All of this requires a forward-thinking mindset. Organizations building a cybersecutiry strategy should look not just at the next year but at the strategic evolution of cyber resiliency as the company grows.
A holistic approach is especially necessary as hackers have become sophisticated enough to launch multi-pronged attacks. Take, for example, a distributed denial-of-service (DDos) attack that could serve as a smokescreen for something more nefarious on the back end.
“When a DDoS attack takes an online banking site down and consumers can’t get to their online banking, that’s going to distract cybersecurity teams from getting the site back up,” Goldberg said. “It also takes them away from another attack that could be using some kind of back door to get into the network.”
Target suffered such an attack through its supply chain over a decade ago. Cybercriminals infiltrated a heating and refrigeration vendor, then used that access to funnel their way through and breach Target’s network.
“It’s outside of your purview if one of your vendors gets hacked,” said Goldberg. “But if you have a vendor that’s connecting to your network, there should be certain access points they can’t enter through.”
The Risk for Financial Institutions
Financial institutions have a specific vulnerability in this area. With the instability of the financial market and the rise of mergers and acquisitions, some smaller institutions will either close down or be acquired by other institutions.
These mergers and acquisitions pose significant cybersecurity risks. As entities merge, disparate systems must be integrated, creating potential security gaps.
Obsolete servers may still house sensitive information or provide access to forgotten networks. If not properly secured, they present a tempting target for hackers.
The Threat from Nation-States
The lines between nation-state threat actors and cybercriminal rings have become blurred. Nation-states are funding and supporting cybercriminals who often serve as a front for more nefarious.
“We have not done a good job as an industry of attributing the attacks to specific groups,” said Goldberg. “There was an argument a decade ago that indicators of compromise and attribution didn’t really matter–if you were seeing fraud, you were seeing fraud. But now we’re finally realizing that that’s not necessarily the case.”
Nowadays, proceeds from cybercrime are being used to finance terrorism and launder funds that ultimately support entities like the Iranian government, for example. What might seem like a simple romance scam could, in reality, be tied to a significant national security threat.
The Promise of Anti-Money Laundering Tools
Financial institutions have tools at their disposal that can effectively promote cyber resiliency. Anti-money laundering (AML) processes can connect many dots, but because these tools have been used in isolation for decases, they have failed to make critical connections that could more readily detect fraud and preemptively prevent cybercrime.
According to the U.S. Patriot Act and the Bank Secrecy Act, from an AML standpoint, there are certain entities that banks cannot provide funds to. Red flags may be raised on the AML side, preventing funds from being transferred to an account holder in a particular region. However, similar alerts are often absent when the fraud team reviews a consumer’s claim of being scammed. These teams should be working in tandem.
Fraud, cyber and AML often compete for budget. AML teams typically receive larger budgets for technology investments due to regulatory compliance mandates, but the same technology can be leveraged across all three departments when signals are shared. This approach reduces cybersecurity gaps and AML concerns simultaneously.
Technology investments across the enterprise can ultimately enhance cyber resiliency. For example, anti-phishing campaigns led by the fraud department could contribute to cyber resiliency by tracking suspicious actors. Even if individuals don’t initially appear to be the same, the fraud team might identify commonalities, such as shared IP addresses or mobile phone numbers linking multiple accounts.
Looking for Direction
In the past, the federal government has set standards for organizations to adhere to. But in the new landscape, financial institutions will have only themselves to turn to.
The Biden administration issued an 11th-hour cybersecurity executive order, calling for far-reaching inclusivity and accountability among government agencies, industry sectors, and tech and software providers to strengthen cybersecurity resilience. However, with the transition to a new administration, the order will have little direct impact on cybersecurity resilience and responsibility.
“When there’s no policy, what standards do we look to?” asked Goldberg. “Financial institutions need to find other standards or regulatory agencies to look to for guidance. Cyber resiliency is going to be the responsibility of the organizations themselves.”
Reps. Andy Barr (R-Ky.) and Ritchie Torres (D-N.Y.) announced today they have introduced the House version of the Financial Integrity and Regulation Management Act, which would remove reputational risk as a component in bank supervision. The Senate version of the bill is sponsored by Senate Banking Committee Chairman Tim Scott (R-S.C.).
In a statement, Barr and Torres said the FIRM Act ensures that banking supervision remains focused on legitimate financial risks, “not political agendas.” The American Bankers Association supports both the House and Senate versions of the bill.
“We applaud the introduction of the FIRM Act in the House and thank Reps. Barr and Torres for their leadership on this issue,” ABA President and CEO Rob Nichols said. “The FIRM Act would remove ‘reputational risk’ as a component of federal supervision when determining a financial institution’s safety and soundness, ensuring banks have the flexibility they need to serve their communities without political interference. We look forward to working with Rep. Barr and other stakeholders to move this commonsense bill forward to protect bank customers from regulatory overreach.”
Courtesy of the ABA Banking Journal
Introduction to DORA and its Implications
As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and certain critical Information and Communications Technology (ICT) service providers. It aims to strengthen digital operational resilience across the financial sector through a fundamental shift from reactive to more proactive prevention, ensuring that entities can anticipate, withstand, and recover from digital disruptions, particularly those caused by cyber threats.
DORA applies to approximately 22,000 financial entities, including central securities depositories, credit institutions, insurance firms, crypto-asset service providers, investment firms, and various other financial market participants. Its focus extends beyond internal operations to the critical role that third-party vendors–including service providers– play in maintaining operational continuity and resilience.
Given the increasing reliance on external vendors—many of which handle sensitive data or integrate deeply into client environments—the risk of disruption is often heightened through third-party relationships. DORA seeks to address these risks, with particular emphasis on vendors whose services involve accessing a client’s digital environment or handling confidential client data.
Navigating DORA Compliance: Vendor Due Diligence Simplified
Corporate legal departments and law firms have recognized that DORA compliance requires a significant shift in how vendor relationships are managed. Compliance is no longer solely confined to internal controls; it also extends those controls to every third-party partner with access to sensitive systems or data. For legal teams, meeting DORA’s obligations means ensuring that vendors not only meet stringent security and operational resilience requirements but also that they can provide the necessary evidence to support due diligence of these requirements, which is critical for minimizing risks and avoiding penalties.
Given the evolving regulatory landscape, organizations are making considerable investments to align their operations and vendor management strategies with DORA’s requirements. For example, vendor selection criteria can be taken into account if a proposed vendor has earned the Financial Services Qualifications System (FSQS) registration certification, a rigorous, comprehensive vendor assessment process developed and accepted by many of the largest financial institutions in Europe. Many organizations are also focused on strengthening their vendor onboarding processes to ensure they can quickly respond to compliance assessments and meet the stringent criteria set by DORA.
Vendor Assessments and Compliance Efficiencies
Vendor assessments are often a challenge for legal teams, particularly when managing large numbers of complex client relationships. To help ease this process, many service providers have invested in making the vendor onboarding experience as smooth as possible, taking a client-centric approach that considers the unique regulatory and operational requirements of each organization. Whether at the RFP, procurement onboarding, or annual assessment stage, firms have increasingly focused on responding to compliance requests with the documentation required to meet various DORA requirements.
Large organization’s legal departments face tight deadlines, whether driven by regulatory timelines or business needs. Vendors that employ cross-functional teams within their organization can address the complexity of DORA-related assessments, often responding to detailed compliance questionnaires within 3-5 business days. This agility allows legal departments to focus on the bigger picture – how their vendors can drive positive business outcomes- while knowing that their vendors are meeting the rigorous compliance standards required under DORA.
In summary, DORA significantly impacts digital supply chain resilience obligations by requiring organizations to strengthen the governance and monitoring of third-party relationships, ensuring that vendors meet the highest standards of operational resilience, and addressing the risks posed by vendor disruptions in a more systematic and comprehensive way. Legal departments, compliance officers, and IT teams must work closely together to ensure that the entire digital supply chain is resilient and complies with DORA, with an emphasis on risk assessments, contractual safeguards, and continuous monitoring of critical third-party vendors.
PODCAST: Ransomware has the ability to instill fear in everyone from the smallest company to the largest corporation. It can affect operations on a global scale in minutes.
And while companies are acutely aware of ransomware’s risks, it reached a new high in the fourth quarter of 2024. According to a recent report from Travelers, this was due in part to bad actors focusing on repeatable methods to identify targets and access data. Today, ransomware still is very much a crime of opportunity. Joining me today to discuss ransomware attacks, how to mitigate their risks and how to respond if your business is targeted, is Dave Cunningham, senior case manager for Alvaka.
Courtesy of Patricia L. Harman, American Banker
The National Security Agency (NSA) and partners are releasing the joint Cybersecurity Advisory (CSA), “Fast Flux: A National Security Threat,” to warn about how cyber actors are using a technique called fast flux to conceal their activities by rapidly changing the IP address associated with a domain name.
The fast flux technique threatens national security as it enables cybercriminals and nation-state actors to create resilient, highly available command and control (C2) infrastructure and hide malicious activities. This infrastructure makes tracking and blocking malicious activity more difficult and can be used by threat actors to conduct espionage and obscure other cyber techniques, such as phishing campaigns and distributed denial of service attempts.
“Fast flux is an ongoing, serious threat to national security, and this guidance shares important insight we’ve gathered about the threat,” said Dave Luber, NSA Cybersecurity Director. “It is imperative cybersecurity providers, especially Protective DNS providers, follow these guidelines to safeguard critical infrastructure and sensitive information.”
NSA and the partnering agencies recommend cybersecurity providers implement a multi-layered approach to detection, and organizations leverage Protective DNS (PDNS) services that offer protection from fast flux enabled threats. Organizations—especially those within the Department of Defense (DoD) and Defense Industrial Base (DIB)—should use cybersecurity and PDNS services that aid in blocking malicious activity.
Additional co-authors are the Cybersecurity and Infrastructure Security Agency (CISA); the Federal Bureau of Investigation (FBI); the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC); the Canadian Centre for Cyber Security (CCCS); and the New Zealand National Cyber Security Centre (NCSC-NZ).
Additionally, NSA offers no-cost cybersecurity services to Defense Industrial Base companies, including PDNS services.
For further information on PDNS, see the joint guidance released by NSA and CISA, Selecting a Protective DNS Service.
Read the full report on Fast Flux here.
Visit our full library for more cybersecurity information and technical guidance.
Three federal bank regulators will propose to rescind the Community Reinvestment Act final rule due to pending litigation, they announced Friday morning.
Courtesy of Gabrielle Saulsbery, Banking Dive
The Federal Reserve, Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. also plan to reinstate the CRA framework that existed prior to the final rule, which was issued in October 2023.
“The agencies will continue to work together to promote a consistent regulatory approach on their implementation of the CRA,” according to a joint announcement.
The October 2023 final rule was the first major revision to CRA regulations, which were established in 1977, in nearly three decades.
Michael Barr, who was the Fed’s vice chair for supervision at the time the rule was finalized, called the final rule a “win-win for all” when it was announced.
“Fair lending is safe and sound lending, and the CRA regulations we promulgate today will help make the financial system safer and fairer,” he said at the time.
But updates drew ire and legal action from industry groups and were also blocked by a Texas judge. Regulators postponed their implementation until 2026.
Spokespeople for the agencies did not immediately respond to requests for comment.