Recent developments about the New York State Department of Financial Services
(Not affiliated with NYDFS; just a blog.)
Speaking at the Institute of International Bankers Annual Conference in DC, Superintendent Harris discussed the following: • CHARACTER AND FITNESS FOR BANKING EXECS: Superintendent Harris responded to “the buzz” about this recent DFS guidance, saying it should be unsurprising that regulated banks would want to screen out personnel in sensitive positions with criminal records, dire financial problems, … Read more
NYDFS penalized Genesis Global Trading, a licensee that served primarily as an OTC trading shop, $8MM for cybersecurity, BSA/AML, and Consumer Protection violations. Genesis Global has now surrendered its license, apparently after having ceased trading activity some time ago. According to DFS allegations: • Genesis Global did not conduct an enterprise-wide risk assessment until 2022, despite … Read more
My latest post on the blog for the NYU Program on Corporate Compliance and Enforcement deals with enforcement aspects of the recent amendments to the NYDFS Cybersecurity Regulation, Part 500. These recent amendments to the Cybersecurity Regulation (Part 500) of the New York State Department of Financial Services (NYDFS) are quite expansive in scope.[1] Chief Compliance … Read more
According to the strategy released by New York governor Kathy Hochul: “Financial Sector[:] In 2017, the New York State Department of Financial Services (DFS) became the first banking or insurance regulator in the nation to establish a cybersecurity division to protect consumers and industries from cyber threats. DFS also created first-in-the-nation requirements for DFS-regulated banks, … Read more
Harriet Pearson has been appointed Executive Deputy Superintendent for Cybersecurity by Superintendent Adrienne A. Harris, following the departure of Justin Herring. Announcement here.
NYDFS entered into a Consent Order for alleged cybersecurity violations against wealth management firm SA Stone, which sells insurance products to customers. According to DFS allegations: • SA Stone is an independent broker/dealer focusing on wealth management, holding licenses to sell insurance to its customers in New York. • SA Stone experienced several reportable cybersecurity breaches arising … Read more
NYDFS continues to roll out enforcement actions for cybersecurity lapses. The latest is with lender OneMain. According to NYDFS allegations in its Consent Order: • This is the second cybersecurity enforcement action to arise from a routine examination, instead of a Cybersecurity Event. • Meaning, as noted before, these enforcement actions are now routine. • Third Party Risk … Read more
NYDFS issued an enforcement action against bitFlyer USA, Inc., a cryptocurrency exchange, obtaining a $1.2 million penalty. Takeaways from DFS allegations: • No specific cyber event was involved – enforcement was based on violations identified over two examination cycles • This suggests cybersecurity is now well integrated into the DFS examination process • Core violations included the lack … Read more
NYDFS penalized payment platform Bitpay for alleged violations of its regulations governing BSA/AML requirements and cybersecurity obligations. Here are some hot takes from DFS’ allegations set forth in its Consent Order: • Bitpay provides a payment platform for merchants wanting to receive Bitcoin payments; • Bitpay conducted only one cybersecurity risk assessment over a 4-year period; • Bitpay … Read more
NYDFS issued an enforcement action against Coinbase Inc., alleging a variety of compliance failures. Some details: – $50MM penalty; $50MM commitment spend on compliance; Continuation of Independent Monitor – “During much of the relevant period, Coinbase’s KYC/CDD program, both as written and as implemented, was immature and inadequate. Coinbase treated customer onboarding requirements as a … Read more