NYDFS Issues Cyber Fraud Alert

On March 30 2021 NYDFS issued a followup cybercrime alert: “This cybercrime campaign is a serious threat to the personal information of New Yorkers, and we urge all personal lines insurers and other financial services companies to take aggressive action to prevent the further loss of consumer information. All financial services companies should immediately check for any evidence of this cybercrime and ensure that they have implemented [] the robust access controls required by DFS’s cybersecurity regulation, 23 NYCRR 500.”

https://www.dfs.ny.gov/industry_guidance/industry_letters/il20210330_cyber_alert_followup

MATTHEW LEVINE JOINS “BANK TALK” PODCAST ON THE ANTI-MONEY LAUNDERING ACT OF 2020

Matthew Levine joined Trish Sullivan of Deutschebank and Chris Boehing of Paul Weiss Rifkind Wharton & Garrison to discuss the new anti-money laundering amendments to the Bank Secrecy Act for theis episode of the International Institute of Banker’s podcast “Bank Talk.”   The podcast can be found here:    

WHAT IS A REGULATOR’S FAVORITE SNACK? LOW HANGING FRUIT — RISK ALERT FROM SEC DIVISION OF EXAMINATIONS

What is a regulator’s favorite snack? Low hanging fruit: the recent Risk Alert from the SEC’s Division of Examinations concerning Suspicious Activity Reporting (SAR) for Broker-Dealers indicates a cornucopia. Some examples found by the Division:
– Firms failing to report as suspicious large deposits of low-priced securities that were immediately followed by liquidation of those positions and wiring out of the proceeds
– Firms failing to report noticeable customer sales of shares occurring simultaneously with explicit promotional activity
– Firms failing to tailor red flags to address risks associated with trading activity commonly engaged in by customers
– For cyber-intrusions, firms failing to include in a SAR known details concerning the nature of the scheme, including theft of assets or funds

Periodic check ups on policies, procedures, governance and systems surrounding SAR reporting are a key means of avoiding the consequences of a deficiency letter or enforcement action.  The alert is here:

https://www.sec.gov/files/aml-risk-alert.pdf

 

 

 

 

 

 

NYDFS Issues Enforcement Action Against Industrial Bank of Korea

On April 20, 2020, NYDFS issued an enforcement action against the Industrial Bank of Korea (“IBK”) for violations of New York’s anti-money laundering and recordkeeping obligations.  It is the first of either of these types of BSA/AML enforcement actions issued by the Department in some time; this is not surprising, given that NYDFS, like other regulators, has been consumed with responding to the COVID-19 pandemic. Significant elements of the Consent Order include:

  • a $35 million penalty to be paid to NYDFS;
  • findings by NYDFS that IBK repeatedly failed to improve its BSA/AML program over many examination cycles;
  • the requirement of remediation plans concerning the Bank’s BSA/AML program, suspicious activity reporting, customer due diligence and corporate governance; and
  • two years of quarterly reporting obligations.

 

More detailed analysis and the Consent Order can be found on my blog post for the NYU Program on Corporate Compliance and Enforcement Blog here:

NYDFS Issues Enforcement Action Against Industrial Bank of Korea

 

NYDFS Enforcement To Increase Focus on Consumer Protection: ‘Where CFPB Steps Down, DFS Has To Step Up’

Given DFS’ broad powers of supervision and enforcement, NYDFS Superintendent Linda Lacewell has many tools at hand to execute on her policy objective. My article in the New York Law Journal reviews some of the central mechanisms available to the Superintendent for this purpose.

 

 

 

The article can be found here:

https://www.law.com/newyorklawjournal/2019/09/03/dfs-enforcement-to-increase-focus-on-consumer-protection-where-cfpb-steps-down-dfs-has-to-step-up/