Recent developments about the New York State Department of Financial Services
(Not affiliated with NYDFS; just a blog.)
According to a CFPB Circular, the CFPB seeks to further muscle into the cybersecurity enforcement space, and it encourages State AG’s to do so as well, saying: “Specifically, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.” State AG’s … Read more
NYDFS has issued its first enforcement action against one of its regulated cryptocurrency entities. Enforcement takeaways: $30 million penalty is significant. Alleged violations include BSA/AML; Cybersecurity; Reporting; and Consumer Protection. The Department alleged adequate resources were not devoted to RHC’s compliance programs, particularly as it grew, which exacerbated compliance issues. Robinhood improperly certified compliance with … Read more
NYDFS continues its actions against insurance companies for allegations of unlicensed activity occurring in New York. NYDFS leveled a $3.5 million penalty against Banner Life Insurance Company for unlicensed conduct relating to the pension risk transfer (PRT) business, where companies that carry pension obligations sell them to insurance companies to meet into the future. According … Read more
THE FDIC has joined the party, commencing investigations and issuing cease and desist letters for what it deems are misrepresentations concerning the applicability of FDIC insurance to the accounts of crypto customers. Other regulatory investigations of recent crypto firm failures include some state banking regulators/AGs. More on this from Coindesk: https://www.coindesk.com/policy/2022/07/07/fdic-probing-voyager-claims-it-was-insured-by-regulator-report/ https://www.coindesk.com/policy/2022/07/28/crypto-lender-voyager-ordered-by-us-regulators-to-stop-misleading-customers/
According to reporting from Coindesk, OFAC appears to be ramping up enforcement in the crypto space — mentions of Kraken and Binance. See article here: https://www.coindesk.com/policy/2022/07/26/kraken-under-investigation-for-alleged-sanctions-violations-report/?utm_source=Sailthru&utm_medium=email&utm_campaign=FIRST%20MOVER%20JULY%2027%202022&utm_term=First%20Mover
More cybersecurity enforcement from NYDFS, this time against Carnival Cruise Lines. Enforcement takeaways: Carnival Cruise Lines paid $5 million and surrendered its license to be an insurance broker in New York. It had sold life, accident and health insurance to cruise customers. NYDFS alleged “significant” violations, including: Failure to implement multi-factor authentication; Failure to timely … Read more
NYDFS entered into a consent order with Nationwide Life Insurance Company for $5.6 million in penalties and restitution arising from violations alleged to have occurred in connection with the annuity replacement business. According to NYDFS, “DFS’s investigation found that Nationwide failed to properly disclose to consumers income comparisons and suitability information, causing consumers to exchange … Read more
Matthew Levine published his most recent article on NYDFS titled “NYDFS Roundup: Crypto, Cybersecurity, and Insurance Companies.” The article begins: “Change has been a constant at the New York State Department of Financial Services. Since its first Superintendent departed the agency in June 2015, there have been six confirmed and acting Superintendents for DFS. With … Read more
NYDFS held the first of three webinars marking the 5th anniversary of adoption of its Cybersecurity Regulation, known as “Part 500.” The webinar featured from NYDFS Justin Herring, Executive Deputy Superintendent for Cybersecurity, William Petersen, Assistant Deputy Superintendent for Cybersecurity Supervision, and Robert Francis, its CIO. Some takeaways: The Cybersecurity Division has now grown to … Read more
Matthew Levine spoke on a panel at the ABA’s Business Law Section’s Hybrid Spring Meeting on enforcement risks for banks, fintechs and their vendors. As the regulatory perimeter continues to develop, the enforcement risk for regulated financial institutions, fintechs, and third-party service providers, including notably the technology companies that work with them, remains a key … Read more