Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 2, NYDFS announced a consent order imposing a $30 million fine against a trading platform for alleged violations of the Department’s Virtual Currency Regulation (23 NYCRR Part 200), Money Transmitter Regulation (3 NYCRR Part 417), Transaction Monitoring Regulation (23 NYCRR Part 504), Cybersecurity Regulation (23 NYCRR Part 500), and for failing to maintain adequate Bank Secrecy Act/anti-money laundering (BSA/AML) obligations. According to a Department investigation, the platform’s BSA/AML compliance program contained significant deficiencies, including an inadequate transaction monitoring system. Among other things, the platform failed to timely transition its manual system to an automated transaction monitoring system, which was unacceptable for a program of its size, customer profiles, and transaction volumes, and did not devote sufficient resources to adequately address risks. The Department also found “critical failures” in the platform’s cybersecurity program, which failed to address operational risks, and that specific policies within the program did not fully comply with several provisions of the Department’s cybersecurity and virtual currency regulations. According to the press release, pursuant to NYDFS’s Transaction Monitoring Regulation and Cybersecurity Regulation, companies should only file a Certificate of Compliance with the Department if their programs are fully compliant with the applicable regulation.
In light of the program’s deficiencies, NYDFS stated that the platform’s 2019 certifications to the Department attesting to compliance with these regulations should not have been made and thus violated the law. The platform also “failed to comply with the Supervisory Agreement by failing to promptly notify the Department of (a) actual or material potential actions, proceedings, or similar process that were or may have been instituted against [the platform] or any affiliated entity by any regulatory body or governmental agency; and (b) of the receipt by [the platform], or any affiliated entity, of any subpoena from any regulatory body or governmental agency in which [the platform], or any affiliated entity, was the target of the investigation.” NYDFS determined that in addition to the penalty, the platform will be required to retain an independent consultant that will perform a comprehensive evaluation of its compliance with the Department’s regulations and the platform’s remediation efforts with respect to the identified deficiencies and violations.
A Buckley Special Alert is forthcoming.
On July 15, New York’s governor signed S9348, directing the superintendent of NYDFS to conduct a study of overdraft fees in the state. (See also NYDFS press release here.) The study will examine, among other things: (i) the total amount of overdraft fees paid in the state; (ii) the geographical distribution of these fees; (iii) whether certain communities have higher rates of overdraft fees than others and the possible reason for such high rates; (iv) “the percentage of overdraft fees reduced through direct or indirect negotiation”; and (v) the enumeration of consumer rights related to overdraft fee negotiations. The results of the study are to be delivered within one year to the governor, the temporary president of the senate, and the speaker of the assembly. The act is effective immediately.
On July 13, NYDFS called on all federal student loan servicers to increase awareness of and enroll borrowers in public service loan forgiveness programs before a temporary waiver expires on October 31. NYDFS’s letter reminded servicers that under the Public Service Loan Forgiveness (PSLF) program, full-time government and certain non-profit employees may be eligible to have federal direct loans forgiven after making 120 qualifying monthly payments. Last October, the Department of Education announced temporary PSLF changes due to the Covid-19 pandemic. These changes provided qualifying borrowers a time-limited PSLF waiver, which allows all payments to count towards PSLF regardless of loan program or payment plan (covered by InfoBytes here). Expressing concerns that many borrowers may not learn of this opportunity before it expires in October, NYDFS encouraged servicers to adopt eight best practices to promote awareness of the PSLF Program and the waiver. These include “enhanced trainings for customer service staff, proactive communications with borrowers, and increased promotion of the PSLF program on servicer websites and on borrower account pages,” NYDFS said in its announcement.
The letter follows a December 2021 NYDFS request sent to federal student loan servicers asking for updates on steps taken to address the waived rules. NYDFS also reminded servicers that it “will diligently enforce all servicer legal requirements concerning the PSLF program and will consider the extent to which servicers engaged in proactive measures to promote the PSLF Waiver in future supervisory examinations.”
On July 12, NYDFS issued guidance in an industry letter to regulated banking institutions, calling into question bank practices that can cause consumers to receive multiple overdraft and non-sufficient funds (NSF) fees from a single transaction. The industry letter identifies three specific types of fee practices as unfair or deceptive:
- Charging overdraft fees for “authorize positive, settle negative” transactions, where consumers are charged an overdraft fee even if they have sufficient money in their account when a bank approves a transaction, but the balance is negative when the payment is settled. Per NYDFS, imposing an overdraft fee in this situation is unfair because, among other things, consumers “have no control over or involvement in” when or how their debit transactions get settled.
- Charging “double fees” to consumers for a failed overdraft protection plan transfer, which occurs when a bank goes to transfer money from one deposit account to another deposit account to cover an overdraft transaction, but the first account lacks sufficient funds to cover the overdraft. Per NYDFS, double fees injure consumers “by imposing fees for a transfer that provides no value to the consumer and is not reasonably avoidable by consumers, who have no reason to expect that they will be charged a fee for an overdraft protection transfer that does not in fact protect them against an overdraft.”
- Charging NSF representment fees when a merchant tries several times to process a transaction that is deemed an overdraft and the bank charges a fee for each blocked representment without adequate disclosure. Banks that currently charge multiple NSF fees should “make clear, conspicuous, and regular disclosure to consumers that they may be charged more than one NSF fee for the same attempted debit transaction,” NYDFS stated. Additionally, banks are advised to consider other steps to mitigate the risk that consumers are charged multiple NSF fees, including limiting time periods for when multiple NSF fees may be charged, performing periodic manual reviews to identify instances of multiple NSF Fees, and offering refunds to affected consumers. NYDFS “ultimately expects [i]nstitutions will not charge more than one NSF fee per transaction, regardless of how many times that transaction is presented for payment,” the industry letter said.
NYDFS informed regulated entities that it will evaluate whether they “are engaged in deceptive or unfair practices with respect to overdraft and NSF fees in future Consumer Compliance and Fair Lending examinations.”
On June 24, NYDFS announced a consent order imposing a $5 million fine against a group of Florida-based cruise lines for alleged violations of the state’s Cybersecurity Regulation (23 NYCRR Part 500). According to a Department investigation, the companies were subject to four cybersecurity incidents between 2019 and 2021 (including two ransomware attacks). The companies determined that unauthorized parties gained access to employee email accounts, and that, through a series of phishing emails, the parties were able to access email and attachments containing personal information belonging to the companies’ consumers and employees. NYDFS claimed that although the companies were aware of the first cybersecurity event in May 2019, they failed to notify the Department as required under 23 NYCRR Part 500 until April 2020. The investigation further showed that the companies allegedly failed to implement multi-factor authentication and did not provide adequate cybersecurity training for their personnel. NYDFS determined that in addition to the penalty, since the companies were licensed insurance producers in the state at the time of the cybersecurity incidents they would be required to surrender their insurance provider licenses.
The settlement follows a $1.25 million data breach settlement reached with 45 states and the District of Columbia on June 22 (covered by InfoBytes here).
On June 15, NYDFS issued a proposed check cashing regulation following an emergency regulation announced in February that halted annual increases on check-cashing fees and locked the current maximum fee set last February at 2.27 percent (covered by InfoBytes here). The proposed regulation establishes a new fee methodology which evaluates the needs of licensees and consumers who use check cashing services. Two tiers of fees for licensed check cashers are recommended: (i) the maximum fee that a check casher may charge for a public assistance check issued by a federal or state government agency (including checks for Social Security, unemployment, retirement, veteran’s benefits, emergency relief, housing assistance, or tax refunds) is set at 1.5 percent; and (ii) the maximum fee a check casher is permitted to charge for all other checks, drafts, or money orders is $1 or 2.2 percent, whichever is greater. NYDFS added that starting January 31, 2027 (and annually every five years thereafter), licensed check cashers may request an increase in the maximum fees established. Comments on the proposed regulation will be accepted for 60 days.
On June 8, NYDFS released new regulatory guidance on the issuance of U.S. dollar-backed stablecoins, establishing criteria for regulated virtual currency companies seeking to issue stablecoins in the state. The guidance outlines baseline criteria for USD-backed stablecoins, including that: (i) a “stablecoin must be fully backed by a Reserve of assets,” such that the Reserve’s market value “is at least equal to the nominal value of all outstanding units of the stablecoin as of the end of each business day”; (ii) stablecoin issuers “must adopt clear, conspicuous redemption policies, approved in advance by [NYDFS] in writing, that confer on any lawful holder of the stablecoin a right to redeem units of the stablecoin from the Issuer in a timely fashion at par for the U.S. dollar”; (iii) Reserve assets must be segregated from an issuer’s proprietary assets and “held in custody with U.S. state or federally chartered depository institutions and/or asset custodians”; (iv) a Reserve must consist of specific assets subject to NYDFS-approved overcollateralization requirements and restrictions; and (v) a Reserve must undergo an examination of its management’s assertions at least once a month by a licensed certified public accountant.
NYDFS emphasized that these criteria are not the only requirements it may impose when issuing stablecoins, and informed regulated entities that it will also consider a range of potential risks prior to granting a regulated entity authorization to issue stablecoins. This includes risk related to “cybersecurity and information technology; network design and maintenance and related technology and operational considerations; Bank Secrecy Act/anti-money-laundering  and sanctions compliance; consumer protection; safety and soundness of the issuing entity; and the stability/integrity of the payment system, as applicable.” Additional requirements may be imposed on regulated entities to address any of these risks.
NYDFS noted that the regulatory guidance is not applicable to USD-backed stablecoins listed, but not issued, by regulated entities, and stated it “does expect regulated entities that list USD-backed stablecoins to consider this guidance when submitting a request for coin issuance or seeking approval for a coin self-certification policy.”
On May 20, NYDFS Superintendent Adrienne A. Harris emphasized the role regulation plays in protecting consumers from cybercriminals in the virtual currency marketplace. According to Harris, NYDFS is committed to mitigating risks in this space by guarding against sanctions evasion and illicit activity and making sure corporate infrastructure and consumer data are well protected from bad actors. Harris stressed that NYDFS “will continue to improve upon [its] regulation and supervision; engage with key stakeholders on important trends and issues; collaborate with state, federal and international regulators; and strive to be a forward-looking, innovative regulator, including through [its] VOLT initiative,” which supports the department’s efforts to increase transparency and enhance supervision related to virtual currency.
On May 17, NYDFS announced an industry letter to establish its expectations for all institutions engaged in reverse mortgage lending in the State on cooperative apartment units (coop-reverse mortgages) once newly enacted Section 6-O*2 of the New York Banking Law takes effect May 30. The letter noted there is a comprehensive regulatory framework that addresses the marketing, origination, and servicing of reverse mortgages in New York and stated that most of the existing requirements apply equally to coop-reverse mortgages. This includes Title 3 of the New York Code of Rules and Regulations Part 79 (3 NYCRR 79), which establishes various requirements relating to the marketing, origination, servicing, and termination of reverse mortgage loans in New York, and Title 3 of the New York Code of Rules and Regulations Part 38 (3 NYCRR 38), which addresses issues involving, among other things, commitments and advertising for mortgage loans generally. Even so, the letter noted that NYDFS is considering amending its existing regulations to specifically address coop-reverse mortgages, or issuing a separate regulation governing this as a new product. Finally, the letter explained that “institutions that seek to originate, or service coop-reverse mortgages are directed to comply with the provisions of 3 NYCRR 79, and 3 NYCRR 38 in originating or servicing such mortgages” (subject to described clarifications, modifications, and exclusions). However, NYDFS stated that “in the event of any inconsistency between the provisions of Section 6-O*2 and provisions of either 3 NYCRR 79 or 3 NYCRR 38, the provisions of Section 6-O*2 will govern; and in the event of any inconsistency between the provisions of 3 NYCRR 79 and 3 NYCRR 38, provisions of 3 NYCRR 79 will govern.”
Recently, the New York governor signed legislation regarding consumer protections and student transcripts. The first piece of legislation, S.1684/A.8293 directs NYDFS to conduct a study of underbanked communities and households in the state and to make recommendations on improving access to financial services. The bill, among other things, updates the data on households that are unbanked and underbanked and analyzes the data to develop an assessment for NYDFS. Additionally, S.4894/A.1693 prohibits banking institutions from issuing unsolicited mail-loan checks, defined by NYDFS as “an unsolicited loan offer that is sent by mail and once cashed or deposited binds the recipient to the loan terms, which may include high interest rates for multiple years.”
The New York governor also signed legislation that prohibits colleges and universities from withholding transcripts from individuals who owe the schools money. This legislation, S.5924/A.6938 establishes, among other things, that no institution, under certain circumstances, can “condition the provision of a transcript on a student's payment of a debt to such institution or school.”
- Kathryn L. Ryan to host the affiliate members meeting at AARMR’s 2022 Annual Regulatory Conference & Training
- Kathryn L. Ryan and Jedd R. Bellman to discuss “Risk and compliance management: Are you covered?” at a Mortgage Bankers Association webinar
- Melissa Klimkiewicz and Daniel A. Bellovin to discuss “Things to know about flood insurance” at a NAFCU webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Max Bonici will moderate a panel on “Enforcement risk and other regulatory and compliance issues related to crypto and digital assets” at the American Bar Association’s 2022 Annual Meeting
- John R. Coleman to provide a “CFPB Update” at MBA’s 2022 Regulatory Compliance Conference
- Amanda R. Lawrence to discuss “The shifting data privacy and data protection landscape” at MBA’s 2022 Regulatory Compliance Conference
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar