Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 31, NYDFS issued Supplement No. 2 to Insurance Circular Letter No. 1 (2003), which provides guidance to the title insurance industry following a January 15 unanimous decision by the Appellate Division of the New York State Supreme Court to uphold Insurance Regulation 208. The Appellate Division’s decision vacated the majority of a trial court order annulling Regulation 208, which limits title insurers’ ability to offer inducements to obtain business. (See previous InfoBytes coverage here.)
The NYDFS supplement highlighted three critical holdings from the Appellate Division’s decision. First, the court upheld Regulation 208’s ban on inducements for future title insurance business, recognizing that NYDFS had found that lavish gifts were routinely offered to intermediaries such as lawyers in anticipation of receiving business. Second, the appellate court held that Insurance Law § 6409(d), which prohibits a commission, rebate, fee, or “other consideration or valuable thing,” is not limited to a prohibition on quid pro quo exchanges for specific business. Third, the court annulled Regulation 208’s ban on certain closer fees and fees for ancillary searches.
NYDFS’ cybersecurity FAQs provide process for covered entities that no longer qualify for exemptions
On February 2, NYDFS updated its answers to FAQs regarding 23 NYCRR Part 500, which established cybersecurity requirements for banks, insurance companies, and other financial services institutions. (See here for previous InfoBytes coverage on updates to the FAQs.) Among other things, the update outlines the procedures covered entities must follow if the entity ceases to qualify for exemptions under Section 500.19. Covered entities who no longer qualify for an exemption will have 180 days from the end of their most recent fiscal year to comply with all applicable requirements of 23 NYCRR Part 500. NYDFS further notes that covered entities may be required to periodically refile their exemptions to ensure qualification.
Linda Lacewell, New York Governor Andrew Cuomo’s nominee to replace outgoing Superintendent Maria Vullo as superintendent of NYDFS, is now listed on the department’s website as the acting superintendent. Ms. Lacewell—who previously served as chief of staff and counselor to the governor and served as both a state and federal prosecutor—built and implemented the state’s first system for ethics, risk and compliance in agencies and authorities, and has a history in ethics and law enforcement matters. According to published reports, Acting Superintendent Lacewell assumed her role on February 4.
On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services institutions regulated by NYDFS are required to implement a cybersecurity program to protect consumer data. The last step in the implementation timeline requires covered entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such third parties. NYDFS also reminded regulated entities that the deadline to file their second certification of compliance via NYDFS’ cybersecurity portal is February 15.
Previously InfoBytes coverage on NYDFS’ cybersecurity regulation are available here.
On January 29, NYDFS announced a $40 million settlement with a London-based financial services company to resolve allegations the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the company did not implement and maintain sufficient controls to identify illegal tactics used by traders to maximize profits or minimize losses at the expense of the company’s customers, competitors, and the market as a whole. Among other things, the order states that between 2007 and 2013 the company’s FX traders (i) improperly coordinated trading through a chat room; (ii) improperly shared confidential consumer information; and (iii) engaged in “deliberate underfills” of consumer accounts. In addition to the fine, the company is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program. NYDFS acknowledged the company’s full cooperation with the investigation, in addition to taking disciplinary action against those identified as engaging in the misconduct.
On January 16, NYDFS announced a $100,000 settlement with a New York state-registered mortgage loan servicer for allegedly failing to register and maintain two properties as required by the state’s Abandoned Property Relief Act. Under the Act, NYDFS can hold banks and mortgage servicers accountable should they fail to fulfill certain maintenance obligations at vacant and abandoned residential properties (“zombie” properties) securing mortgage loans in their portfolios. NYDFS rejected claims that the servicer was unable to maintain the “zombie” properties due to not receiving authorization from the mortgagee and that the properties were not subject to the requirements of the Act because backdated lien releases extinguished its maintenance obligation. Under the terms of the consent order, the servicer has also agreed to provide confirmation within 30 days to NYDFS that all properties subject to New York’s Vacant and Abandoned Property Law have been sufficiently registered with NYDFS’ registry of vacant and abandoned properties, are maintained properly, and that all quarterly filings for each property have been submitted.
On January 4, NYDFS and the New York Attorney General announced a joint $9 million settlement with a national student loan servicer to resolve allegations that the servicer, among other things, deceived student loan borrowers about their repayment options and steered them into higher-cost repayment plans. According to a press release issued by the Attorney General’s office, the servicer “steered distressed borrowers away from available income-based repayment plans towards other, more expensive options, thus costing them money and increasing their risk of default.” Additionally, the consent order alleges that the servicer misinformed borrowers—including servicemembers—about their repayment options, such as telling borrowers they were not eligible for Public Service Loan Forgiveness plans when they may have qualified after consolidating their loans. Furthermore, the servicer allegedly (i) improperly processed applications for income-based repayment; (ii) allocated underpayment for certain borrowers to maximize late fees; (iii) improperly processed payments; (iv) failed to accurately report information to credit reporting agencies; (v) failed to “properly recalculate monthly payments for servicemembers when adjusting their interest rates under the Servicemembers’ Civil Relief Act”; (vi) charged improper late fees; and (vii) did not provide borrowers notification of their eligibility for a co-signer release.
The servicer, while neither admitting nor denying the findings alleged by NYDFS and the Attorney General, has agreed to pay $8 million in restitution to New York borrowers and a $1 million fine. Moreover, the servicer has agreed to stop servicing private and federal loans—with the exception of Perkins Loans—over the next five years.
On December 18, NYDFS announced a $15 million settlement with an international bank and its New York branch resolving allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program. According to the announcement, NYDFS’ investigation determined that several members of senior management failed to follow or apply the bank’s whistleblower policies and procedures, which allegedly allowed the bank’s CEO to attempt to identify the author(s) of two whistleblowing letters criticizing his and bank’s management’s roles in recruiting and employing a recently hired senior executive. Additionally, the investigation found that, in alleged violation of New York Banking Law, the bank (i) failed to devise and implement effective governance and controls with respect to the whistleblower program; and (ii) failed to submit a report to NYDFS immediately upon discovering misconduct.
NYDFS acknowledged the bank’s substantial cooperation in the investigation, including engaging an outside consultant to perform an independent review of the whistleblowing policies, processes, and controls. Additionally NYDFS stated the bank has already addressed certain deficiencies noted in the Consent Order, including implementing (i) procedures which recognize that concerns raised outside whistleblowing channels may nevertheless constitute whistleblows; (ii) procedures which would avoid escalating a whistleblow to the subject of the concern; and (c) procedures to preserve whistleblower anonymity. In addition to the $15 million penalty, the bank must create a written plan to improve compliance and oversight of the whistleblower program and submit a report to NYDFS that contains all instances of whistleblower complaints since January 2017, attempts to identify whistleblowers, and any reported or sustained instances of whistleblower retaliation.
NYDFS and international bank enter into second supplemental consent order over BSA/AML compliance deficiencies
On November 21, NYDFS and an international bank entered into a second supplemental consent order covering its settlement over alleged deficiencies in the bank’s Bank Secrecy Act/anti-money laundering and Office of Foreign Assets Control (OFAC) compliance program controls. As previously covered by Infobytes, in 2012, the bank agreed to engage an independent on-site monitor for 24 months to evaluate the New York branch’s BSA/AML and OFAC compliance programs and operations and was issued a $340 million civil money penalty. In 2014 NYDFS issued a subsequent consent order outlining the monitor’s findings, including reports of significant failures in the bank’s transaction monitoring. The 2014 order extended the engagement of the monitor for another two years, outlined remedial measures to address continued deficiencies, and required the bank to pay an additional $300 million civil money penalty. In April 2017, NYDFS and the bank entered into the first supplemental consent order to modify the 2012 and 2014 orders, acknowledging the bank made significant improvements in its BSA/AML compliance program but extended the monitor through December 2018 with all the other terms and conditions of the 2012 and 2014 consent orders remaining in full effect.
Now, beginning January 1, 2019, the second supplemental order issued by NYDFS requires the bank to engage an independent consultant, selected by the regulator, for a period of up to one year, with a possible extension of one additional year, to provide guidance for completing remediation called for in the 2012 and 2014 consent orders. In response to the second supplemental order, the bank stated it remained “committed to completing the remaining tasks necessary for that remediation.”
On November 19, the Federal Reserve Board, Office of Foreign Assets Control (OFAC), DOJ, Manhattan District Attorney’s Office, and NYDFS announced that a French bank agreed to pay approximately $1.34 billion in total penalties to resolve federal and state investigations into the bank’s allegedly intentional violation of U.S. sanctions laws and other federal and New York state laws from approximately 2003 to 2013.
The bank entered into a deferred prosecution agreement (DPA) with the U.S. Attorney’s Office for the Southern District of New York to settle charges of conspiring to violate U.S. sanctions against Cuba by “structuring, conducting, and concealing U.S. dollar transactions using the U.S. financial system.” The DPA requires the bank to forfeit more than $717 million. The bank also agreed to “accept responsibility for its conduct by stipulating to the accuracy of an extensive Statement of Facts, pay penalties totaling [$1.34 billion] to federal and state prosecutors and regulators, refrain from all future criminal conduct, and implement remedial measures as required by its regulators.” According to the DOJ, the bank “admitted its willful violations of U.S. sanctions laws—and longtime concealment of those violations—which resulted in billions of dollars of illicit funds flowing through the U.S. financial system.” As factors mitigating the penalty, the DPA acknowledges the bank’s efforts to collect and produce “voluminous evidence located in other countries to the full extent permitted under applicable laws and regulations, and its enhancement of its compliance program and sanctions-related internal controls both before and after it became the subject of a U.S. law enforcement investigation.” Among other factors, the bank’s willingness to enter into the terms of the DPA, outweighed its “failure to self-report all of its violations of [U.S.] sanctions laws in a timely manner.”
The bank also entered into agreements to pay almost $163 million to the New York County District Attorney’s Office, nearly $54 million to OFAC, approximately $81 million to the Federal Reserve Board, and $325 million to NYDFS. Among other things, NYDFS noted that branch employees “responsible for originating USD transactions outside of the U.S. had a minimal understanding of U.S. sanctions laws and regulations as they related to Sudan, Iran, Cuba, North Korea, or other U.S. sanctions targets.”
Separate from the resolution of alleged sanctions violations, NYDFS imposed an additional $95 million penalty to resolve findings that the bank’s New York branch allegedly failed to “implement and maintain an effective Bank Secrecy Act/Anti-Money Laundering Law compliance program and transaction monitoring system.”
According to a bank statement issued the same day, the bank acknowledges and regrets the identified shortcomings, and “has already taken a number of significant steps in recent years and dedicated substantial resources to enhance its sanctions and AML compliance programs.”
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Michelle L. Rogers to discuss "Preparing for servicing exams in the current regulatory environment" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jon David D. Langlois to discuss "Regulatory risks of convenience fees" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- APPROVED Webcast: NMLS Annual Conference & Ombudsman Meeting: Review and recap
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Jessica L. Pollet to discuss "Law & compliance speedsmarts" at the American Financial Services Association Law & Compliance Symposium
- Daniel P. Stipano to discuss "Lessons learned from recent high profile enforcement actions" at the Florida International Bankers Association AML Compliance Conference
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Sasha Leonhardt and John B. Williams to discuss "Privacy" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Aaron C. Mahler to discuss "Regulation B/fair lending" at the National Association of Federally-Insured Credit Unions Spring Regulatory Compliance School
- Heidi M. Bauer to discuss "'So you want to form a joint venture' — Licensing strategies for successful JVs" at RESPRO26
- Jonice Gray Tucker to to discuss "DC policy: Everything but the kitchen sink" at CBA Live
- Jonice Gray Tucker to discuss "Small business & regulation: How fair lending has evolved & where are we heading?" at CBA Live
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program