eir outsourcing/vendor management processes. Adopting industry standards and implementing regulatory guidance will help firms perform effective vendor risk management and display awareness to regulators of warnings and recommendations with regards to cybersecurity trends impacting the securities industry.1 FINRA Cybersecurity Advisory – Increasing Cybersecurity Risks at Third-Party Providers (Sept. 9, 2024).2 FINRA Cybersecurity Alert - FINRA Notifies Member Firms of MOVEit Software Vulnerability (CVE-2024-5806) (Jun. 27, 2024).3 FINRA Regulatory Notice 21-29 (FINRA Reminds Firms of their Supervisory Obligations Related to Outsourcing to Third-Party Vendors) (Aug. 13, 2021).4 Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information, Securities Exchange Act of 1934 Release No. 100155A (May 16, 2024), 89 FR 47688 (Jun. 3, 2024), available here.5 23 NYCRR 500.11(a), available here.6 Interagency Guidance on Third-Party Relationships: Risk Management, 88 FR 37920 (Jun. 9, 2023), available here.7 The NIST Cybersecurity Framework (CSF) 2.0 (Feb. 26, 2024).8 NIST Update: Multi Factor Authentication and SP 800-63 Digital Identity Guidelines (Feb. 15, 2022).9 See 23 NYCRR 500.11(b)(1).[View source.]

reased compliance spend. In addition to providing input on these direct costs, we believe it is equally worthwhile for stakeholders to provide input on any indirect costs or tradeoffs, such as whether the Proposal would inadvertently reshape nonbanks’ products and services in a way that is detrimental to end users, undermine their efforts to promote financial inclusion, or introduce new risks.The comment period for the Proposal ends 60 days after its publication in the Federal Register, which we anticipate will occur in the coming days, placing the deadline on or shortly after November 18, 2024. In addition to being able to provide comments on the Proposal itself, interested parties may also consider providing comments on the agencies’ closely related request for information on bank-fintech arrangements and associated risk management practices and implications.[15]Endnotes:[ See FDIC FIL-45-2024 (July 25, 2024).[] See Interagency Guidance on Third-Party Relationships: Risk Management, 88 Fed. Reg. 37920 (June 9, 2023). Although this refers to “third-party relationships,” it also applies to parties in multilayer relationships without a direct relationship to the bank. These indirect sources of risk are sometimes referred to as “nth party risk.”[] See FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo89 Fed. Reg. 3504, (Jan. 18, 2024).[] See, e.g., FDIC Press Release, ”FDIC Demands Five Entities Cease Making False or Misleading Representations About Deposit Insurance” (Jan. 19, 2024).[] See OCC, Federal Reserve, FDIC, and NCUA, Anti-Money Laundering and Countering the Financing of Terrorism Program Requirements (Proposed Rule), 89 Fed. Reg. 65242 (August 9, 2024); FinCEN,Anti-Money Laundering and Countering the Financing of Terrorism Programs(Proposed Rule), 89 Fed. Reg. 55428 (July 3, 2024).[] As just one example of a recent enforcement action, on June 14, 2024, the Federal Reserve Board issued an enforcemen

their funds in a tangled, seemingly irreconcilable ledger hellscape.To jumpstart the standards discussion, the next article in our series will offer several draft principles — building partly from Synapse’s failure — followed by Part III, which delves into technological solutions that could potentially revolutionize account ledgering. For now, we are encouraged by the emerging efforts at setting standard for bank-fintech partnerships. These projects represent the clearest path toward maturing the bank-fintech ecosystem, fostering innovation and competition without sacrificing safety and soundness.See Chapter 11 Trustee’s Eighth Quarterly Bankruptcy Report (Synapse Financial Tech. Inc.) (Bankr. C.D. Cal. 2024), Bloomberg Law at page 7. FDIC, Financial Institution Employee’s Guide to Deposit Insurance at 77 (2024), https://www.fdic.gov/system/files/2024-05/financial-institution-employees-guide-to-deposit-insurance.pdf. Interagency Guidance on Third-Party Relationships: Risk Management, 88 FR 37920 (June 9, 2023).See FFIEC BSA/AML Examination Manual (2021), Customer Identification Program (CIP) Overview, Procedures, and Examination Procedures, at 2. 12 CFR 330.5 and 12 CFR Part 370. See also, Alloy Labs Members Move to Standardize BaaS; Defining Roles & Responsibilities in BaaS (alloylabs.com);