SUPERINTENDENT HARRIS REPORTS VIA LEGISLATIVE TESTIMONY AND REGULATORY AGENDA

Superintendent Harris testified before NYS legislature and DFS issued its Regulatory Agenda. Per testimony: Looking Back: • “Since August 2021, DFS has adopted or amended 54 regulations, issued 98 pieces of regulatory guidance, and closed 117 enforcement actions resulting in more than $418 million in penalties.” •“We have addressed more than 157,000 consumer complaints and returned $$645 million to New York State consumers and health care providers, including over … Read more

NYDFS PENALIZES PAYPAL $2 MILLION FOR CYBERSECURITY VIOLATIONS

Enforcement takeaways (according to DFS allegations in the Consent Order with PayPal): •        NYDFS found customer data was exposed after PayPal implemented changes to make 1099-K forms available to more of its customers, after teams tasked with implementing these changes failed to follow proper procedures before the changes went live. •        Malicious actors leveraged compromised credentials to … Read more

NYDFS ORDERS NEW CYBER-ENFORCEMENT ACTIONS AGAINST GEICO ($5MM) AND TRAVELERS ($1.2MM)

Two new cybersecurity enforcement actions from NYDFS, against GEICO and Travelers Indemnity Co.   Enforcement takeaways are (according to DFS allegations): •        GEICO experienced three cybersecurity events in a short period of time primarily involving customer interfaces for obtaining quotes and submitting claims and the web portal for GEICO agents, allowing threat actors to obtain driver license … Read more

NYDFS SUPERINTENDENT SAYS MORE CRYPTO ENFORCEMENT COMING

Speaking to Bloomberg at DC Fintech Week, Superintendent Adrienne Harris stated about crypto enforcement: •        Superintendent Adrienne Harris said “absolutely” when asked if there are “big cases coming down the pike for crypto firms, stable coin firms or even market makers in the space.” •        Superintendent Harris elaborated, saying “I think for us we really make sure … Read more

NYDFS FINES NORDEA BANK $35 MILLION FOR BSA/AML DEFICIENCIES

Many takeaways from this 43-page Consent Order from NYDFS against Nordea Bank, including the view of DFS that: •   “[t]he combination of deficient AML controls, an unsophisticated transaction monitoring apparatus, and a decentralized global compliance program created a set of circumstances that exposed Nordea’s financial channels to a high risk of criminal abuse. Nordea’s relationships with … Read more

NYDFS FINES NATIONAL UNION INSURANCE $5.6 MILLION FOR FAILURE TO PROVIDE SUFFICIENT BENEFITS TO CERTAIN INSUREDS

NYDFS took action against another insurance firm.  According to the DFS allegations: •   The benefits of blanket accident and health insurance policies issued to groups including institutions of higher education, day camps and childcare providers were found not bear a reasonable relationship to the premiums paid by these insureds. •   The minimum loss ratios maintained by National … Read more

NYDFS PENALIZES WORLD’S LARGEST BANK BY ASSETS – ICBC– $30 MILLION FOR VIOLATING BSA/AML/OFAC AND CONFIDENTIAL SUPERVISORY INFORMATION REGULATIONS

According to the DFS allegations (and other public information): •   State-owned Industrial and Commercial Bank of China has $22 Billion in assets in the New York branch alone, and over $5 Trillion globally, and is the world’s largest bank by assets according to the WSJ and third largest by capitalization according to Forbes. •   ICBC entered into … Read more

NYDFS ENFORCEMENT ACTION AGAINST GENESIS GLOBAL TRADING — $8 MM PENALTY AND LICENSE SURRENDER

NYDFS penalized Genesis Global Trading, a licensee that served primarily as an OTC trading shop, $8MM for cybersecurity, BSA/AML, and Consumer Protection violations.  Genesis Global has now surrendered its license, apparently after having ceased trading activity some time ago.  According to DFS allegations: •   Genesis Global did not conduct an enterprise-wide risk assessment until 2022, despite … Read more

THE SHAPE OF ENFORCEMENT TO COME: AMENDMENTS TO THE NYDFS CYBERSECURITY REGULATION

My latest post on the blog for the NYU Program on Corporate Compliance and Enforcement deals with enforcement aspects of the recent amendments to the NYDFS Cybersecurity Regulation, Part 500. These recent amendments to the Cybersecurity Regulation (Part 500) of the New York State Department of Financial Services (NYDFS) are quite expansive in scope.[1]  Chief Compliance … Read more

NYDFS PENALIZES CROSS-BORDER PAYMENTS TRANSMITTER “PAYONEER” $1.25 MILLION FOR OFAC COMPLIANCE DEFICIENCES

Enforcement takeaways from the Consent Order (per DFS allegations): •   After doing a lookback, Payoneer discovered it had engaged in approximately $793,000 worth of transactions with persons or entities in sanctioned countries during the period Iran, Sudan, Syria and individuals on the SDN List between 2013 and 2018 •   Payoneer self-disclosed these violations to OFAC, which settled … Read more