Tag Archives: Matthew L. Levine

Reading the Fine Print: The NYDFS Assessment of Comments on its Proposed Cybersecurity Amendments

by Matthew L. Levine

Photo of Matthew L. Levine

Matthew L. Levine (Photo courtesy of the author)

The New York State Department of Financial Services (“DFS”) has issued its long-awaited proposed revision to “Part 500,” the agency’s groundbreaking Cybersecurity Regulation.[1]  This revision may be the basis for the final rule that will go into effect in stages after the Notice of Adoption is published in the State Register.

A catalog of analysis by law and consulting firms has already popped up online concerning the specific changes proposed, and not proposed, in this latest revision.  There is no question that, when implemented, the regulation’s final changes are likely to have a material impact on financial institutions regulated by DFS.

Yet another document that accompanied the proposed revision should not be overlooked:  the DFS “Assessment of Public Comments” (the “Assessment”).  The rough equivalent of the “fine print” accompanying the proposal, the Assessment responds to an extensive body of commentary received by DFS from financial institutions, trade groups, law firms and others after DFS issued a previous iteration of the proposed amendments in November 2022.[2]

Continue reading

NYDFS Monitorships: Is There an Emerging Trend?

by Matthew L. Levine

Photo of the author(s)

Matthew L. Levine

In 2012, the New York State Department of Financial Services (DFS) made a regulatory splash when it imposed a two-year monitorship on Standard Chartered Bank as part of an enforcement action.[1]  One commentator noted that the DFS settlement with Standard Chartered had “upended the regulatory dynamics of the international banking world” with this “staggering” resolution.[2]

Following the Standard Chartered matter, between 2012 and 2018, the agency imposed more than a dozen monitorships on large regulated entities.[3]  One by one these monitorships were wound down, and most concluded by 2019 or 2020, having achieved remedial or investigative purposes.   (One exception was an expiring monitorship imposed on Deutsche Bank for anti-money laundering compliance failures, which was extended twice, once in 2017 and again in 2019.)[4]

Notably, over the last year, DFS has imposed or threatened to institute a monitor in several enforcement actions, as a result of the agency’s view that the subject entities had permitted development of serious compliance deficiencies.  This occurrence has led to speculation that monitorships are once again becoming a regular feature of DFS settlements.  A closer look at these enforcement actions suggests that conclusion is, for now, tentative.

Continue reading