Posts Tagged ‘New York DFS’
That New York Action Against Block
Last week New York state regulators sanctioned online payments giant Block for persistent shortcomings in the anti-money laundering compliance program for Cash App, the popular digital wallet owned by Block. Even for folks not in financial services or subject to New York state regulation, this case offers important lessons about modern compliance risks that any…
Read MoreAnother Tale of Poor Cyber Practices
Here’s an interesting item for all you cybersecurity auditors and GRC professionals: the state of New York just fined PayPal $2 million for “failing to use qualified personnel to manage key cybersecurity functions,” which led to an inept rollout of new accounting processes and a subsequent privacy breach. The New York Department of Financial Services…
Read MoreTwo Insurers Nailed on Data Breaches
Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…
Read MoreDFS Adopts Fitness and Character Guidance
Financial regulators in New York have introduced new guidance on the character and moral fitness they expect to see for senior executives at banks and other financial firms working in the state — a big step forward in the quest to be sure that corporate executives are, ya know, ethical and stuff. The New York…
Read MoreCyber, AML Lessons From a Crypto Flop
New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…
Read MoreFirst American Suffers Second Cyber Flop
Well this is going to hurt: First American Financial Corp., one of the largest title insurance firms in the United States, suffered a cyber attack over the Christmas break that has left legions of homebuyers and sellers unable to close their sales — and it is the second significant cyber incident First American has endured…
Read MoreA Small Bank’s Big Lessons About Risk
Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…
Read MoreNY DFS Strikes Again on Cyber Fails
New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues. The company in question this time is OneMain Financial Group, a publicly traded…
Read MoreLessons From Coinbase’s Compliance Flop
Another week, another scandal in the cryptocurrency world that offers lessons in corporate compliance for the rest of us. This time around the culprit is trading platform Coinbase, which just agreed to pay $50 million to New York state regulators and to spend another $50 million over the next two years to improve its compliance…
Read MoreNY-DFS Proposes Updated Cyber Rule
Big news for audit and GRC professionals in the financial services world: the New York Department of Financial Services has proposed numerous updates to its Cybersecurity Rule, which would place more responsibilities on the CISO and impose more exacting standards for cybersecurity policies, procedures, and other control activities. The Department of Financial Services (DFS) unveiled…
Read More