Another Tale of Poor Cyber Practices

cybersecurity

Here’s an interesting item for all you cybersecurity auditors and GRC professionals: the state of New York just fined PayPal $2 million for “failing to use qualified personnel to manage key cybersecurity functions,” which led to an inept rollout of new accounting processes and a subsequent privacy breach. The New York Department of Financial Services…

Read More

Two Insurers Nailed on Data Breaches

cybersecurity

Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…

Read More

DFS Adopts Fitness and Character Guidance

ethics

Financial regulators in New York have introduced new guidance on the character and moral fitness they expect to see for senior executives at banks and other financial firms working in the state — a big step forward in the quest to be sure that corporate executives are, ya know, ethical and stuff. The New York…

Read More

Cyber, AML Lessons From a Crypto Flop

New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…

Read More

First American Suffers Second Cyber Flop

First American

Well this is going to hurt: First American Financial Corp., one of the largest title insurance firms in the United States, suffered a cyber attack over the Christmas break that has left legions of homebuyers and sellers unable to close their sales — and it is the second significant cyber incident First American has endured…

Read More

A Small Bank’s Big Lessons About Risk

risk

Banking regulators have given us more lessons to ponder about effective third-party risk management and compliance programs, courtesy of a $30 million sanction against a bank in New York that had neither and ended up stuck in a pandemic-era $300 million fraud scheme. The bank in question is Metropolitan Commercial Bank (MCB), a bank in…

Read More

NY DFS Strikes Again on Cyber Fails

cybersecurity

New York state regulators are at it again, serving up yet another enforcement action over poor cybersecurity practices that can serve as a quick case-study for the rest of us trying to figure out a sustainable way forward on cyber compliance issues.  The company in question this time is OneMain Financial Group, a publicly traded…

Read More

Lessons From Coinbase’s Compliance Flop

Coinbase

Another week, another scandal in the cryptocurrency world that offers lessons in corporate compliance for the rest of us. This time around the culprit is trading platform Coinbase, which just agreed to pay $50 million to New York state regulators and to spend another $50 million over the next two years to improve  its compliance…

Read More

NY-DFS Proposes Updated Cyber Rule

cybersecurity

Big news for audit and GRC professionals in the financial services world: the New York Department of Financial Services has proposed numerous updates to its Cybersecurity Rule, which would place more responsibilities on the CISO and impose more exacting standards for cybersecurity policies, procedures, and other control activities.  The Department of Financial Services (DFS) unveiled…

Read More

NY DFS Strikes Again on Cyber

A vision insurance company based in Ohio has agreed to pay a $4.5 million penalty to regulators in New York, to settle charges that the company’s poor cybersecurity practices led to a data breach in 2020. It’s a small but informative case for all you and privacy compliance enthusiasts out there.  The company in question…

Read More