Posts Tagged ‘New York DFS’
Good Guidance on Third-Party Cyber Risk
Good news if you’re still smarting from that Amazon Web Services failure earlier this week that paralyzed large swaths of the business world! Regulators in New York just released fresh guidance about how to manage the cybersecurity risks of third-party technology providers. Apparently we all need a refresher course, so let’s take a look. The…
Read MoreNY DFS Nails Insurance Firms on Cyber Fails
Regulators in New York have fined eight auto insurance businesses for poor cybersecurity practices that led to widespread privacy breaches in 2021. It’s our latest example of what cybersecurity risk looks like in the modern era, with numerous points that IT auditors and privacy compliance professionals can ponder. The New York Department of Financial Services…
Read MoreNew York Whacks Crypto Firm on Compliance
Financial regulators in New York have fined cryptocurrency services firm Paxos $26.5 million for years of weak anti-money laundering compliance, and also ordered the firm to spend at least $22 million over the next three years on compliance program operations. The New York Department of Financial Services (DFS) announced the enforcement action Thursday, faulting Paxos…
Read MoreThat New York Action Against Block
Last week New York state regulators sanctioned online payments giant Block for persistent shortcomings in the anti-money laundering compliance program for Cash App, the popular digital wallet owned by Block. Even for folks not in financial services or subject to New York state regulation, this case offers important lessons about modern compliance risks that any…
Read MoreAnother Tale of Poor Cyber Practices
Here’s an interesting item for all you cybersecurity auditors and GRC professionals: the state of New York just fined PayPal $2 million for “failing to use qualified personnel to manage key cybersecurity functions,” which led to an inept rollout of new accounting processes and a subsequent privacy breach. The New York Department of Financial Services…
Read MoreTwo Insurers Nailed on Data Breaches
Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…
Read MoreDFS Adopts Fitness and Character Guidance
Financial regulators in New York have introduced new guidance on the character and moral fitness they expect to see for senior executives at banks and other financial firms working in the state — a big step forward in the quest to be sure that corporate executives are, ya know, ethical and stuff. The New York…
Read MoreCyber, AML Lessons From a Crypto Flop
New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…
Read MoreFirst American Suffers Second Cyber Flop
Well this is going to hurt: First American Financial Corp., one of the largest title insurance firms in the United States, suffered a cyber attack over the Christmas break that has left legions of homebuyers and sellers unable to close their sales — and it is the second significant cyber incident First American has endured…
Read MoreNY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read More