Briefly Noted

Trying to guess what direction bank regulation will take over the next few years is difficult indeed. Under the Trump administration and a Republican Congress, the industry expects some changes in regulation and laws. But for now, much is up in the air. Here is a brief list of what to keep an eye on this year.

REPORTING ON PAY

The Dodd-Frank Act mandated that public filers must report the ratio of the median employee’s total compensation to the CEO’s total compensation, starting in 2018 for calendar year reporting companies. Making sure that staff is preparing ahead of time may be a good idea. There are plenty of issues involved, including the fact that half of your staff will find out they are paid less than the median, and that media organizations may start comparing peer companies or even companies across industries, whether or not the comparisons seem fair, says Laura Hay, managing partner at compensation advisors Pearl Meyer. Each company is allowed to determine its own methodology for total compensation, so comparisons between companies might be questionable. Still, a few calculations to determine a “mock” pay ratio ahead of time might get staff and the board thinking about how to communicate with stakeholders on the issue.

“GOOD PEOPLE DON’T SMOKE MARIJUANA”

As banks wait for further clarity on whether federal law will allow financial institutions to provide banking services to marijuana businesses in the growing number of states where such commerce is legal, the nominee for attorney general may not be lending a supportive hand. At a Senate hearing last spring, Senator and Attorney General nominee Jeff Sessions said “good people don’t smoke marijuana,” emphasizing that the drug was dangerous and the federal government ought not to minimize it. The attorney general’s role is an important one, as the Justice Department guides federal enforcement of the drug laws, and for now, marijuana still is illegal at the federal level.

NEW YORK CYBERSECURITY RULES

After proposing strict new cybersecurity rules that would go into effect for New York state-chartered banks January 1, 2017, the New York State Department of Financial Services delayed implementation until March 1 to assess feedback from banks, some of it negative. The rules would require all New York banks, no matter their size, to hire a chief information security officer, create audit trails, encrypt nonpublic information or devise secure alternatives, and protect internal systems with multi-factor authentication.

EUROPEAN UNION PRIVACY PROTECTION

Put this on your list of upcoming regulations: Financial institutions have until May 2018 to comply with the European Union’s general data protection regulation (GDPR), says Alston & Bird partner Scott Samlin. A more expansive set of rules than had existed before with stiff penalties will apply to any company, anywhere on the globe, that possesses the personal data of residents of the European Union. New privacy rights include such provisions as the right to be forgotten, or have your data erased