Enforcement

Update re the NYDFS charges against First American Title concerning alleged violations of the Cybersecurity Regulation: the insurer previewed its defense in an earnings call on July 23, 2020: “In March, the Nebraska Department of Insurance, the primary regulator of our Title Insurance Company, led an examination of our information security program as of June 30, 2019, and our response to the information security incident. The resulting report concluded that our IT general control environment is suitably designed and is operating effectively and that we adequately and appropriately detected, analyzed, contained, eradicated and recovered from the security incident and that we are in compliance with New York’s cybersecurity requirements for financial services companies….The New York Department of Financial Services, notwithstanding the compliance finding in the examination report…has alleged violations of New York’s cybersecurity requirements….We intend to conduct a vigorous defense, which will focus on, among other matters, the examination report and at the conclusion regarding our compliance with New York’s cybersecurity requirements.”

The transcript of the call published by The Motley Fool can be found here:   https://www.fool.com/earnings/call-transcripts/2020/07/23/first-american-financial-corp-faf-q2-2020-earnings.aspx

On October 22, 2020 NYDFS sanctioned Goldman Sachs $150 million as part of a Consent Order. It is part of global resolution with DOJ, Federal Reserve & others concerning highly-publicized FCPA scheme involving proceeds of bonds sold by its international arm. Some takeaways from the DFS findings:
– NYDFS continues focus on the impact of enterprise-wide compliance failures on its NY regulated entity, particularly with shared-service models.
– Banking regulators have for decades treated the “safety and soundness” definition broadly. This also continues.
– “GS Group is primarily responsible for the design, implementation, and execution of an enterprise-wide compliance program for GS Group as well as its subsidiaries,” including NYDFS licensee Goldman Sachs Bank USA.
– “The seamless transfer of information between the central compliance function and subsidiaries is particularly crucial where a subsidiary has its own separate regulatory obligations to report certain compliance concerns to regulators.”
– DFS says Goldman’s failure to investigate, address and report a number of red flags resulted in unsafe and unsound conduct at GSBUSA and the inability by NYDFS to share information that would have been of interest to other NYDFS licensees, including bond purchasers.

The Consent Order may be found here: https://www.dfs.ny.gov/system/files/documents/2020/10/ea20201021_goldman_sachs.pdf

On November 18, 2020 NYDFS entered into a consent order with the National Rifle Association today settling charges related to the unauthorized marketing of so-called “self-defense” insurance that (according to the agency) also failed to comply with NY law:
– NYDFS filed administrative charges against the NRA this February and the hearing was set for January 2021.
– Settlement requires the NRA to pay a $2.5 million fine and bars it from marketing insurance or receiving compensation for newly issued NY insurance policies for 5 years.
– NYDFS appears to be nearing conclusion of this 3-year investigation. Previously it settled with insurance broker Lockton Affinity, as well as insurance carriers Chubb and Lloyds in connection this matter.
– Total fines imposed in this matter now approximate $16 million.
– Unlike some federal counterparts, NYDFS remains very active in the enforcement realm. Many of us waiting to see whether things change at the federal level under the Biden administration.

The Consent Order may be found here: https://www.dfs.ny.gov/system/files/documents/2020/11/ea20201118_co_nra.pdf

NYDFS yesterday announced a settlement with an AIG subsidiary for engaging in the pension risk transfer business in New York without being licensed. The AIG subsidiary will pay a $12 million penalty – substantial for insurance penalties in NY– and transfer the business line to an AIG subsidiary licensed by NYDFS. Hot takes:
– This is the second settlement in an industry-wide investigation. The first was with Athene Holding Ltd. last year, which involved a $45 million penalty.
– The Consent Order notes the agency’s position that each instance of unlicensed solicitation, negotiation, or sale of insurance by an unauthorized insurer or of an improper policy is a separate violation of the Insurance Law. So sending and receiving hundreds or thousands of emails in an unlicensed business can quickly run up the penalty number.
– NYDFS maintains its long-term focus on penalizing financial companies that conduct business in New York without the necessary license; this is construed as an unfair competitive advantage by the regulator. 

The Consent Order may be found here: https://www.dfs.ny.gov/system/files/documents/2021/01/ea20210201_aig.pdf

Part I of a two part article I co-authored with with Tony Alexis and Kyle Tayman of Goodwin, Procter & Hoar, LLP concerning how Federal agencies, including the CFPB, are expected to ramp up enforcement under the new administration. I am fortunate to have the opportunity to co-author this article  concerning navigation of CFPB investigations and how they relate to NYDFS investigations. Stay tuned for Part II of the article — NYDFS investigations, coming soon.

Part One of the two part series can be found here:  Alexis_Levine_Tayman_RBFS_Final — Part One

Here is the NYDFS part — Part II of the article I co-authored with Tony Alexis and Kyle Tayman of Goodwin that discusses the navigation of a NYDFS investigation, especially where there is a parallel CFPB investigation.

The article may be found here:  Levine_RBFS_Final — Part Two