InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
New York DFS Proposes Anti-Terrorism and Anti-Money Laundering Regulation
On December 1, the New York DFS announced a proposed anti-terrorism and anti-money laundering regulation, Transaction Monitoring and Filtering Program Requirements and Certifications. Key requirements of the proposed regulation include maintaining programs (i) to monitor transactions after they’ve been executed for potential BSA/AML violations and Suspicious Activity Reporting; and (ii) to ban certain transactions that are prohibited by applicable sanctions, politically exposed persons lists, and internal watch lists. The proposed regulation outlines the programs’ respective minimum requirements, including ensuring that they are based on the Risk Assessment of the institution. Critically, the proposal also requires a Certifying Senior Officer of the regulated financial institutions to file with the Department executed certifications ensuring compliance with the requirements by April 15 of each year.
New York DFS Requires Mortgage Originator to Surrender License for Exam Cheating Scheme
On November 19, the New York DFS announced a consent order with a nonbank mortgage originator to resolve allegations that its employees engaged in a scheme to cheat on state-required continuing education courses and exams. Specifically, the DFS alleged that at least 20 Mortgage Loan Originators (MLOs), including the Chief Executive Officer and former Chief Operating Officer, encouraged compliance staff to take required continuing education courses and exams on their behalf. Furthermore, the MLOs “shared information acquired during licensing exams with . . . senior management, despite the fundamental obligation of test-takers to preserve the confidentiality of all such information.” The DFS’s examination of the mortgage originator revealed additional state banking law violations, including (i) failing to provide mandatory disclosures on more than 100 subprime loans; (ii) misstating applicable late fees on at least three loans; (iii) failing to maintain the minimum line of credit; and (iv) underreporting its total New York revenue in its 2010 and 2011 Volume of Operations Report. The settlement requires the mortgage originator to immediately surrender its mortgage banker’s license and its status as an exempt mortgage servicer in New York, and pay a civil money penalty in the amount of $1 million.
Federal Reserve and New York DFS Take Action Against Canadian Bank for Deficiencies Relating to AML Compliance
On November 10, the Federal Reserve and the New York DFS announced an enforcement action against a Canadian bank for alleged deficiencies relating to its BSA/AML compliance program. In order to resolve the allegations, the bank agreed to prepare various written policies and procedures, including (i) a written plan that provides for a sustainable governance framework, including improving the management information systems reporting of compliance with BSA/AML requirements, OFAC regulations, and State Regulations; (ii) a revised written BSA/AML compliance program; (iii) a revised written program for conducting customer due diligence; (iv) a written program that ensures that any suspicious activity is timely reported; and (v) a written plan to improve compliance with OFAC regulations. All policies must be submitted for approval within 60 days of the agreement’s issuance date.
New York DFS Submits Letter to Federal Regulators Regarding Potential Cybersecurity Regulations
On November 9, the New York DFS sent a letter to federal regulators and other interested parties, including the CFPB, Federal Reserve Board, and the OCC, regarding potential new regulations aimed at increasing cybersecurity efforts within the financial sector. The letter references recent DFS reports that covered key findings from surveys given to regulated banking organizations on their cybersecurity programs, costs, and future plans. The reports raised the following concerns: (i) the speed of technological change and the increasingly sophisticated nature of threats; (ii) third-party service providers tend to have access to sensitive information and companies’ IT systems, providing potential hackers with a point of entry; and (iii) the “scale and breadth of the most recent breaches and incidents.” In light of these concerns, the DFS asserts that it would be beneficial to coordinate with state and federal regulators to “develop a comprehensive [cybersecurity] framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns.” According to the letter, the DFS expects to propose regulations requiring entities to set specific requirements in areas such as: (i) cybersecurity policies and procedures; (ii) third-party service provider management; (iii) cybersecurity personnel and intelligence, including implementing mandatory cybersecurity training programs; and (iv) notice of cybersecurity breaches.
Federal Reserve and New York DFS Announce $258 Million Penalty Against Global Bank
On November 4, the Federal Reserve and the New York DFS announced a combined $258 million penalty against a global bank for “violations in connection with transactions on behalf of countries and entities subject to U.S. sanctions.” According to the Fed’s cease and desist order, the bank failed to implement adequate risk management and compliance policies and procedures to “ensure that activities conducted at offices outside the United States complied with applicable OFAC Regulations and were timely reported in response to inquiries by the Federal Reserve Bank of New York.” Specifically, the Fed alleged that, from November 2001 to January 2006, foreign offices of the bank processed funds transfers with parties subject to OFAC Regulations through the bank’s New York-based subsidiary and other unaffiliated U.S. financial institutions without having the information necessary to determine that the transactions were consistent with U.S. law. The Fed’s order requires the bank to develop a compliance program that establishes (i) policies and procedures to ensure compliance with applicable OFAC regulations; (ii) an OFAC compliance reporting system; and (iii) requirements for employee training in OFAC-related issues. Under the terms of the DFS consent order, the bank agreed to hire an independent monitor to conduct a comprehensive review of its BSA/AML and OFAC sanctions compliance program, policies, and procedures.
State-Chartered Bank Settles with New York DFS for Alleged Violations of Banking Law
On October 28, the New York DFS resolved an enforcement action with a New York State-charted bank for alleged violations of state banking law. The DFS alleged that the bank hired a former New York Federal Reserve Bank examiner and permitted him to work on matters for an entity that the employee had examined while at the New York Fed, in violation of a notice of post-employment restrictions from the New York Fed. The DFS also alleged that the employee obtained confidential regulatory or supervisory information from a now former New York Fed employee and distributed the information to a Managing Director at the bank for the purpose of advising the entity. In addition to the bank’s alleged failure to screen the employee from working on matters related to the entity he had examined, the DFS’s order alleges that the bank failed to “provide training to personnel regarding what constituted confidential supervisory information and how it should be safeguarded.” Under the settlement terms, the bank will (i) pay a civil money penalty of $50 million to the DFS; (ii) reform its policies and procedures to ensure the proper handling of confidential supervisory information and the monitoring of assignments of former government employees; and (iii) not re-hire the bank employee and Managing Director, who had been terminated as result of the matter.
Multiple Agencies Take Action Against Paris-Based Investment Bank for Sanctions Violations
On October 20, the DOJ, OFAC, the NYDFS, the Manhattan District Attorney’s Office, and the Federal Reserve simultaneously announced that a Paris-based investment bank would pay a total of more than $787 million to settle multiple alleged violations of U.S. sanctions regulations. The OFAC settlement resolves allegations that the investment bank and certain predecessor banks, between August 6, 2003 and September 16, 2008, processed 4,055 transactions – for a total of approximately $337,043,846 – to or through U.S. financial institutions that involved countries and/or persons subject to the sanctions regulations administered by OFAC. The investment bank settled with OFAC for more than $329,500,000, an amount that reflects the agency’s consideration of the following aggravating factors: (i) the investment bank had indications that its actions had the potential to constitute violations of the U.S. law before the earliest date of the apparent violations; (ii) several managers of the investment bank were aware of the conduct that led to the violations; (iii) the investment bank’s conduct resulted in significant harm to various sanctions programs OFAC oversees and their associated policy objectives; (iv) the investment bank’s size and sophistication, along with its global presence; and (v) the investment bank’s failure to maintain proper controls to prevent the violations from occurring and otherwise maintain an adequate compliance program.
In addition to OFAC’s settlement, parallel actions against the bank resulted in the investment bank agreeing to pay (i) $385 million to the NYDFS; (ii) $90.3 million to the Federal Reserve; (iii) $156 million to the Manhattan District Attorney’s Office; and (iv) $156 million to the U.S. Attorney’s Office for the District of Columbia.
NYDFS Reaches Fifth Agreement Regarding Symphony Chat System; Issues Regulatory Guidance
On October 13, the NYDFS announced that it reached its fifth agreement with a bank regarding record keeping requirements and other protections to ensure that the bank is responsibly using Symphony Communication Services, LLC’s chat and messaging platform (Symphony). In September, the NYDFS reached similar agreements with four banks after expressing concern that some Symphony features, most notably its promised service of “Guaranteed Data Deletion,” had the capability to hinder regulators’ and prosecutors’ investigations of misconduct at banks. Per the agreements reached with the NYDFS, the banks must (i) require Symphony to maintain copies of all communications sent through the chat and messaging platform for at least seven years; (ii) provide an independent custodian with a copy of decryption keys for encrypted messages sent through Symphony; and (iii) inform the NYDFS of the location of the decryption keys. Acting Superintendent Anthony Albanese outlined these requirements in the October 13 guidance issued to all NYDFS-regulated institutions, stressing that “any [NY]DFS-regulated institution that is considering using the Symphony platform should ensure that the entity’s anticipated use conforms to the standards included in the Agreements.”
NYDFS Approves Virtual Currency Firm's Application: First Company to Receive BitLicense
On September 22, NYDFS Acting Superintendent Anthony Albanese announced that the New York Department of Financial Services (NYDFS) granted its first BitLicense from its current applicant pool. In June 2015, the NYDFS finalized the BitLicense framework, requiring existing virtual currency companies to apply by August 10. Via blog post, the first licensee acknowledged receiving the license. To date, the NYDFS has received 25 BitLicense applications and, according to Albanese, “will continue to move forward on evaluating and approving additional BitLicenses.”
NYDFS Reaches Agreements with Four Banks on New Symphony Chat & Messaging Platform
On September 14, the New York State Department of Financial Services (NYDFS) announced that it had reached agreements with four financial institutions on record-keeping requirements and other protections intended to help ensure the institutions’ responsible use of the new Symphony Communications LLC (Symphony) chat and messaging platform. NYDFS had recently expressed concerns that certain Symphony features, such as its promise of “Guaranteed Data Deletion,” could hinder regulatory investigations on Wall Street. Under the agreements, Symphony will retain for seven years a copy of all electronic communications sent through its platforms to or from the four banks, and the banks will store duplicate copies of the decryption keys for their messages with independent custodians.