Recent developments about the New York State Department of Financial Services
(Not affiliated with NYDFS; just a blog.)
Multi-Factor Authentication (MFA) is a core tenet of cybersecurity and recent NYDFS enforcement actions have highlighted such deficiencies. NYDFS issued guidance on compliance with Part 500 regarding MFA, an important read, which may be found here: https://www.dfs.ny.gov/industry_guidance/industry_letters/il20211207_mfa_guidance
Matthew Levine and Ilene Jaroslaw teamed up to discuss how the federal regulatory and prosecutorial enforcement focus is shifting to cryptocurrency exchanges. The article in the New York Law Journal is found here: New York Law Journal – Biden Administration Increasingly Focused on Crypto Exchanges – Nov 29 2021
NYDFS created a new Climate Risk Division, with a new Executive Deputy Superintendent overseeing the Division, which will:
– integrate climate risks into its supervision of regulated entities
– support industry growth in managing climate risks
– coordinate with international, national, and state regulators
– develop internal capacity on climate-related financial risks
– support capacity-building of peer regulators on climate-related supervision
– ensure fair access to financial services for all communities, especially those most impacted by climate change.
Press release is here: https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202111032
Matthew Levine and Alicyn Cooley provide some hot takes on DOJ’s new actions and approaches to corporate criminal enforcement on the NYU Program on Corporate Compliance and Enforcement Blog. Blog post here: What’s Old Is New Again: DOJ’s New Corporate Criminal Enforcement Policies Equip Prosecutors with More Tools and Information
BIG News Out of DOJ Re: Monitorships: “To the extent that prior Justice Department guidance suggested that monitorships are disfavored or are the exception, I am rescinding that guidance. Instead, I am making clear that the department is free to require the imposition of independent monitors whenever it is appropriate to do so in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations under the DPA or NPA.” — Deputy AG Lisa Monaco.
Announcement is here: https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-gives-keynote-address-abas-36th-national-institute
NYDFS announced a new proposed regulation designed to improve transparency for small businesses seeking commercial loans. The regulation applies to companies offering commercial financing in amounts under $2.5 million, requiring them to make standardized disclosures about credit terms. The regulation implements legislation enacted by the State legislature earlier this year. It is the first proposed regulation issued by recently appointed Acting Superintendent Harris.
The proposed regulation may be found here:
https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202109211
Matthew Levine sat down with Scott Moritz to discuss monitorships, lookbacks and independent consultancies on FTI’s podcast “Fraud Eats Strategy. The podcast can be found here:
Its time to send a deficiency letter to the SEC — the agency needs to do a better job of providing transparency when issuing an enforcement action against a compliance officer. See my latest post on the NYU Program on Corporate Compliance & Enforcement Blog. Link is below: A Deficiency Letter to (Not From) The … Read more
Matthew Levine joined Trish Sullivan of Deutschebank and Chris Boehing of Paul Weiss Rifkind Wharton & Garrison to discuss the new anti-money laundering amendments to the Bank Secrecy Act for theis episode of the International Institute of Banker’s podcast “Bank Talk.” The podcast can be found here:
What is a regulator’s favorite snack? Low hanging fruit: the recent Risk Alert from the SEC’s Division of Examinations concerning Suspicious Activity Reporting (SAR) for Broker-Dealers indicates a cornucopia. Some examples found by the Division:
– Firms failing to report as suspicious large deposits of low-priced securities that were immediately followed by liquidation of those positions and wiring out of the proceeds
– Firms failing to report noticeable customer sales of shares occurring simultaneously with explicit promotional activity
– Firms failing to tailor red flags to address risks associated with trading activity commonly engaged in by customers
– For cyber-intrusions, firms failing to include in a SAR known details concerning the nature of the scheme, including theft of assets or funds
Periodic check ups on policies, procedures, governance and systems surrounding SAR reporting are a key means of avoiding the consequences of a deficiency letter or enforcement action. The alert is here:
https://www.sec.gov/files/aml-risk-alert.pdf