NYDFS INTEGRAL TO NY STATE NEW CYBERSECURITY STRATEGY

According to the strategy released by New York governor Kathy Hochul: “Financial Sector[:] In 2017, the New York State Department of Financial Services (DFS) became the first banking or insurance regulator in the nation to establish a cybersecurity division to protect consumers and industries from cyber threats. DFS also created first-in-the-nation requirements for DFS-regulated banks, … Read more

NYDFS $1.35 MILLION CYBERSECURITY ENFORCEMENT ACTION AGAINST WEALTH MANAGER SA STONE

NYDFS entered into a Consent Order for alleged cybersecurity violations against wealth management firm SA Stone, which sells insurance products to customers.  According to DFS allegations: •        SA Stone is an independent broker/dealer focusing on wealth management, holding licenses to sell insurance to its customers in New York. •        SA Stone experienced several reportable cybersecurity breaches arising … Read more

NYAG ISSUES $4.25 MILLION FINE IN CYBERSECURITY ACTION AGAINST LENDER ONEMAIN

NYDFS continues to roll out enforcement actions for cybersecurity lapses.  The latest is with lender OneMain.  According to NYDFS allegations in its Consent Order: •    This is the second cybersecurity enforcement action to arise from a routine examination, instead of a Cybersecurity Event. •    Meaning, as noted before, these enforcement actions are now routine. •    Third Party Risk … Read more

NYDFS CYBERSECURITY ENFORCEMENT ACTION AGAINST CRYPTO FIRM BITFLYER

NYDFS issued an enforcement action against bitFlyer USA, Inc., a cryptocurrency exchange, obtaining a $1.2 million penalty. Takeaways from DFS allegations: •   No specific cyber event was involved – enforcement was based on violations identified over two examination cycles •   This suggests cybersecurity is now well integrated into the DFS examination process •   Core violations included the lack … Read more

NYDFS PENALIZES BITPAY $1 MILLION FOR BSA/AML/CYBERSECURITY VIOLATIONS

NYDFS penalized payment platform Bitpay for alleged violations of its regulations governing BSA/AML requirements and cybersecurity obligations.  Here are some hot takes from DFS’ allegations set forth in its Consent Order: •    Bitpay provides a payment platform for merchants wanting to receive Bitcoin payments; •    Bitpay conducted only one cybersecurity risk assessment over a 4-year period; •    Bitpay … Read more

NYDFS PENALIZES COINBASE $50MM FOR COMPLIANCE FAILURES

NYDFS issued an enforcement action against Coinbase Inc., alleging a variety of compliance failures.  Some details: –  $50MM penalty; $50MM commitment spend on compliance; Continuation of Independent Monitor –  “During much of the relevant period, Coinbase’s KYC/CDD program, both as written and as implemented, was immature and inadequate. Coinbase treated customer onboarding requirements as a … Read more

NYDFS CYBERSECURITY ENFORCEMENT ACTION AGAINST TTEC HEALTHCARE

NYDFS entered into another cybersecurity Consent Order, this time with TTEC Healthcare Solutions, Inc. an insurance broker.  Cybersecurity actions have become one of the agency’s most common types of enforcement actions.   This one carries a $1.9 Million penalty; some takeaways from DFS allegations include: •    TTEC failed to implement adequate multi-factor authentication. •    TTEC completely failed to … Read more

NYDFS PROPOSES AMENDMENTS TO CYBERSECURITY REGULATION

NYDFS Proposed amendments to its Cybersecurity Regulation, “Part 500.”  According to DFS, the amendments include: – Creation of three tiers of companies, further tailoring the regulation to a diverse set of businesses with different defensive needs. – Enhanced governance requirements, thereby increasing accountability for cybersecurity at the Board and C-Suite levels. – Additional controls to … Read more

REVISED NYDFS CYBERSECURITY REGULATION COULD BE IMMINENT

The Wall Street Journal has reported that amendments to Part 500, the NYDFS Cybersecurity Regulation, could by issued by the agency in the near future.  From the WSJ article:  “”Last week’s consent order, one of three multimillion-dollar cybersecurity settlements NYDFS has reached in recent months, comes as the agency prepares to propose regulatory updates that … Read more