Avi Gesser

Mr. Gesser is a partner in Davis Polk’s Litigation Department. [Full Bio]

Latest Articles

On April 1, 2019, new cybersecurity requirements outlined in the NFA’s Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 will come into effect.  These new requirements apply to NFA Members, including registered futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, and swap dealers.  Perhaps the most significant new obligation is the imposition of onerous breach notification requirements. The full blog post is available at our Cyber…
For the first time, the CFTC has fined a company for poor cybersecurity practices that resulted in a third-party breach of the company’s information systems.  This development is consistent with an increasing trend of regulators holding companies responsible for the cybersecurity failures of third-party service providers. AMP Global Clearing LLC (“AMP”) was fined $100,000 by the CFTC on February 12, 2018 for failing to diligently supervise its information technology provider’s implementation of certain provisions of…
Cyber threats remain a key operational concern for banks, which are otherwise experiencing “near-historic” capital and liquidity highs and improved returns on equity, according to the Office of the Comptroller of the Currency (the “OCC”).  The regulator published its Fall 2017 Semiannual Risk Perspective on January 18th, stating that “operational risk remains elevated as banks adopt business models, transform technology and operating processes, and respond to increasing cybersecurity threats.”  This conclusion is not new—since its…
Plaintiffs in data breach cases have tried many theories of recovery, with mixed results. However, plaintiffs and regulators are increasingly having success with allegations of unfair business practices. Davis Polk has published a blog post describing the rise of breach-related Consumer Protection Act actions. The full blog post is available at our Cyber Breach Center, here. To subscribe to our cybersecurity blog, click here.…
Background On November 5, 2017 the International Consortium of Investigative Journalists (“ICIJ”) released the “Paradise Papers,” a collection of 13.4 million files that appear to have been hacked from offshore service providers and company registries in 19 tax haven jurisdictions.  Of these 13.4 million files, approximately seven million were obtained from Appleby, a prominent offshore law firm, and include information regarding at least 31,000 U.S. citizens, residents and companies.  The ICIJ is the same organization…
The Davis Polk Cybersecurity Team recently blogged about the breach of the SEC’s EDGAR database: “…The SEC does not believe that personally identifiable information was exposed, but the investigation is still ongoing and raises questions regarding government agencies’ obligations to protect sensitive information, and the potential litigation challenges facing individuals who are impacted by hacks of government agencies. … [W]hile federal agencies have a duty to safeguard personal information, this duty has thus far appeared…
Wednesday, October 11, 2017 12:00 pm – 1:00 pm ET Register for Webcast Please join us for a discussion on the evolving law and practice on the document management aspects of cyber security, including: Regulators’ expectation for companies regarding deleting old non-public data to reduce cyber risk. The interactions between the Federal Rules of Civil Procedure on electronic document spoliation and responsible cyber security data management. Using predictive coding and data analytics to identify large…
In October 2016, the U.S. federal banking agencies jointly issued an advance notice of proposed rulemaking regarding enhanced cyber risk management standards (the “Enhanced Standards”).  The Enhanced Standards would apply on an enterprise-wide basis to large financial institutions and their service providers, as detailed in this memorandum.  The U.S. federal banking agencies proposed the Enhanced Standards in an era of increased cybersecurity attacks and dangers, where heightened cybersecurity standards and compliance are inevitable. Other regulators…
In September 2016, the New York State Department of Financial Services (the “NYDFS”) proposed new cybersecurity regulations (the “Proposed Rules”) for banks, insurance companies and other financial institutions regulated by the NYDFS (“Covered Entities”).[1]  The Proposed Rules reflect an ongoing interest in cybersecurity by the NYDFS and other regulators as a result of recent high-profile cyberattacks on banks and other institutions, such as the attack on the Bangladesh Central Bank earlier this year.[2]  The NYDFS’s…