Recent developments about the New York State Department of Financial Services
(Not affiliated with NYDFS; just a blog.)
Two new cybersecurity enforcement actions from NYDFS, against GEICO and Travelers Indemnity Co. Enforcement takeaways are (according to DFS allegations): • GEICO experienced three cybersecurity events in a short period of time primarily involving customer interfaces for obtaining quotes and submitting claims and the web portal for GEICO agents, allowing threat actors to obtain driver license … Read more
Speaking to Bloomberg at DC Fintech Week, Superintendent Adrienne Harris stated about crypto enforcement: • Superintendent Adrienne Harris said “absolutely” when asked if there are “big cases coming down the pike for crypto firms, stable coin firms or even market makers in the space.” • Superintendent Harris elaborated, saying “I think for us we really make sure … Read more
Many takeaways from this 43-page Consent Order from NYDFS against Nordea Bank, including the view of DFS that: • “[t]he combination of deficient AML controls, an unsophisticated transaction monitoring apparatus, and a decentralized global compliance program created a set of circumstances that exposed Nordea’s financial channels to a high risk of criminal abuse. Nordea’s relationships with … Read more
NYDFS took action against another insurance firm. According to the DFS allegations: • The benefits of blanket accident and health insurance policies issued to groups including institutions of higher education, day camps and childcare providers were found not bear a reasonable relationship to the premiums paid by these insureds. • The minimum loss ratios maintained by National … Read more
According to the DFS allegations (and other public information): • State-owned Industrial and Commercial Bank of China has $22 Billion in assets in the New York branch alone, and over $5 Trillion globally, and is the world’s largest bank by assets according to the WSJ and third largest by capitalization according to Forbes. • ICBC entered into … Read more
NYDFS penalized Genesis Global Trading, a licensee that served primarily as an OTC trading shop, $8MM for cybersecurity, BSA/AML, and Consumer Protection violations. Genesis Global has now surrendered its license, apparently after having ceased trading activity some time ago. According to DFS allegations: • Genesis Global did not conduct an enterprise-wide risk assessment until 2022, despite … Read more
My latest post on the blog for the NYU Program on Corporate Compliance and Enforcement deals with enforcement aspects of the recent amendments to the NYDFS Cybersecurity Regulation, Part 500. These recent amendments to the Cybersecurity Regulation (Part 500) of the New York State Department of Financial Services (NYDFS) are quite expansive in scope.[1] Chief Compliance … Read more
Enforcement takeaways from the Consent Order (per DFS allegations): • After doing a lookback, Payoneer discovered it had engaged in approximately $793,000 worth of transactions with persons or entities in sanctioned countries during the period Iran, Sudan, Syria and individuals on the SDN List between 2013 and 2018 • Payoneer self-disclosed these violations to OFAC, which settled … Read more
According to the DFS allegations in the Four Consent Orders (found here): • Following a market conduct investigation in 2018, DFS has continued to penalize insurance companies for failing to timely report certain insured vehicle information to the NY DMV • DFS fined Allstate Insurance group $796,000; Farmers Insurance Group $764,000; Tokio Marine Insurance Group $720,000; and … Read more
NYDFS entered into a Consent Order for alleged cybersecurity violations against wealth management firm SA Stone, which sells insurance products to customers. According to DFS allegations: • SA Stone is an independent broker/dealer focusing on wealth management, holding licenses to sell insurance to its customers in New York. • SA Stone experienced several reportable cybersecurity breaches arising … Read more