As American businesses, including financial institutions, adjust their operations in the wake of the coronavirus pandemic (COVID-19), the need to work closely with state regulators has become increasingly apparent. As anticipated, under the current federal administration we have seen state regulatory agencies react in the wake of perceived reduction in federal enforcement.[1] State attorneys general and regulatory agencies are well staffed with enforcement and industry professionals. Two leaders in these efforts to fill in the regulatory gap in the banking and financial services industry have been the New York Attorney General and the New York State Department of Financial Services (DFS). Both have been active in financial institution regulatory initiatives and enforcement, and we expect them to continue these efforts notwithstanding the impact of COVID-19.

New York has regulatory agencies dedicated to supervising all major industries, from financial services and insurance to labor and consumer affairs. Further, the New York Attorney General’s office has divisions and bureaus covering, among many other sectors, financial crimes, cybersecurity, consumer frauds and investor protection. Even though state regulatory agencies and attorneys general regulate action within their jurisdiction, state actors (i) work in concert with the federal government, (ii) due to economies of scale, affect change across global organizations, rather than only a company’s New York operations, and (iii) create new best practice standards. For example, in July 2019, the federal Consumer Financial Protection Bureau (CFPB) and the New York Attorney General reached a $65 million settlement with three debt collection companies in connection with an investigation into inflating consumer debt and using illegal tactics to collect money from borrowers.[2]

New York Attorney General

New York state officials have worked with and even ahead of federal counterparts in enforcement actions against financial institutions. Federal banking laws do not preempt the ability of states to enforce unfair and deceptive practices laws and fair lending laws,[3] among others. New York Attorney General Letitia James has focused on consumer protection as a top priority. On March 2, 2020, during “National Consumer Protection Week,” The New York Attorney General’s Office released the “Top 10 Consumer Frauds of 2019” with tips for consumers.[4] The office also has pursued enforcement actions in new areas and industries, such as the cryptocurrency industry and technology sector by pursuing enforcement action against iFinex Inc. as an issuer of virtual currency, a multistate antitrust investigation into Facebook, and an investigation into Google.[5]

New York State Department of Financial Services

DFS is a product of an October 3, 2011 merger of New York’s former Banking and Insurance Departments into one regulator with a combined enforcement division across both industries. The Financial Services Law, which merged the agencies, provides a cohesive legal regime that covers both industries.[6] Similarly to the Office of the Attorney General, DFS has increased enforcement action during the Trump Administration. The Superintendent of DFS, Linda A. Lacewell, was confirmed by the New York State Senate on June 20, 2019. Superintendent Lacewell has a strong prosecutorial background, having spent nearly a decade as a federal prosecutor in Brooklyn.[7] Superintendent Lacewell’s administration has appointed individuals with strong prosecutorial backgrounds to a number of key roles, such as Richard Weber as General Counsel,[8] Leandra English as Special Policy Advisor, [9] and Justin Herring as Executive Deputy Superintendent of the Cybersecurity Division.[10]

A high-profile example of DFS enforcement occurred on April 30, 2020. The agency issued a consent order with Bank Hapoalim B.M., including its New York branches, which levied a $220,000,000 fine in connection with the provision of services that facilitated concealment of accounts and the implementation of a back-to-back loan scheme.[11]

Banking Law and Regulation

As banks and insurance companies adjust their operations in the wake of COVID-19, it is important to keep New York’s regulatory priorities in mind. We expect New York enforcement authorities, including DFS, will continue to focus on compliance with Bank Secrecy Act requirements,[12] anti-money laundering enforcement, and sanctions—areas where the federal regulatory and law enforcement agencies continue to be very active. In these matters, managing enforcement exposure both at the state and federal level is especially important, as multi-agency collaboration and action remain the norm.

As a recent example, on April 20, 2020, a six-year, coordinated investigation involving the New York Attorney General’s office, U.S. Attorney’s Office for the Southern District of New York and DFS into the Industrial Bank of Korea (IBK) concluded with a $51 million settlement and a $35 million fine against IBK for allowing more than $1 billion to be illegally transferred to the government of Iran.[13] In addition to federal law violations, the fine against IBK resulting from noncompliance with New York’s “first-in-the-nation” Transaction Monitoring and Filtering Program requirements was the first time DFS imposed penalties under this powerful enforcement tool.[14]

Consumer Protection

Consumer protection has been a top priority for the New York Attorney General, and we expect consumer-driven priorities to be a focus for DFS as well. Superintendent Lacewell announced that 2020 is the “the Year of the Consumer.”[15] On January 9, 2020, DFS created a Consumer Protection Task Force focused on expanding entities subject to DFS’s authority and creating a cohesive Unfair & Deceptive Acts & Practices consumer law claim regime.[16] In its press release, DFS specifically confirmed that this new division’s mission is to protect consumers in the wake of the federal government’s diminished enforcement of consumer protections.[17]

Cybersecurity

DFS has proved it is willing to lead the nation regulating cybersecurity. DFS adopted the first comprehensive cybersecurity regulations in March 2017.[18] The regulations became effective March 1, 2019, with the first full compliance certification due June 1, 2020.[19] On July 22, 2020, DFS issued a Statement of Charges and Notice of Hearing against First American Title Insurance Company for multiple violations of its cybersecurity regulations.[20] These charges show that enforcement will be a priority and that companies must document their thought processes supporting their cybersecurity actions carefully and be prepared to defend their rationale and governance process supporting those decisions.[21]

Federal Supervisory Coordination

When faced with inquiries or requests by state authorities, banking institutions operating in New York also need to consider when, and how, to best ensure coordination with their primary federal regulator, such as the Federal Reserve Bank of New York or the Office of the Comptroller of the Currency. These agencies maintain broad supervisory responsibility for institutions within their jurisdiction and, in our experience, expect to be kept informed about actions by state regulatory and law enforcement bodies. Especially where doing so could implicate the DFS’s regulations regarding disclosure of confidential supervisory information (“CSI”), care needs to be taken in managing these important state and federal relationships appropriately.

Conclusion

We expect New York regulators to continue to expand financial institution enforcement in response to perceived reduction in federal enforcement under the current administration, and to focus on banking and financial sector priorities including anti‑money laundering, sanctions, Bank Secrecy Act, consumer protection and cybersecurity. DFS is now comprehensively regulating the banking and insurance industries, and we expect the New York Attorney General to pursue further enforcement actions in these areas. Throughout these uncertain times, industry leaders in financial services must remain mindful of these state agencies’ enforcement priorities.

ENDNOTES

[1]    Eric Dinallo, Expect State Regulators to Get More Aggressive Under Trump, American Banker (November 23, 2016).

[2]    Consumer Financial Protection Bureau Settles Lawsuit Against Freedom Debt Relief (July 9, 2019) https://www.consumerfinance.gov/about-us/newsroom/bureau-settles-lawsuit-against-freedom-debt-relief/.

[3]    Cuomo v. Clearing House Ass’n, L.L.C., 557 U.S. 519, 129 S. Ct. 2710, 174 L. Ed. 2d 464 (2009); Clearing House is codified by the Dodd-Frank Act in Pub. L. No. 111-203, tit. X, § 1047, 124 Stat. 1376 (July 21, 2010).

[4]    New York Attorney General, Attorney General James Releases Top 10 Consumer Frauds of 2019 (March 2, 2020) https://ag.ny.gov/press-release/2020/attorney-general-james-releases-top-10-consumer-frauds-2019.

[5]    New York Attorney General, Attorney General James Announces Court Order Against “Crypto” Currency Company Under Investigation For Fraud (April 25, 2019); Lauren Feiner, New York Attorney General Is Investigating Facebook for Possible Antitrust Violations, CNBC (Sep. 6, 2019) https://www.cnbc.com/2019/09/06/new-york-attorney-general-is-investigating-facebook-for-possible-antitrust-violations.html; Press Release, Attorney General Paxton Leads 50 Attorneys General in Google Multistate Bipartisan Antitrust Investigation (Sept. 9, 2019), available at https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-leads-50-attorneys-general-google-multistate-bipartisan-antitrust.

[6]    N.Y. Fin. Serv. § 102.

[7]    New York Division of Financial Services, Linda A. Lacewell Biography https://www.dfs.ny.gov/about_the_superintendent.

[8]    Richard Weber served as the Chief of the Criminal Investigation Division at the IRS. Press Release, Financial Services Superintendent Linda A. Lacewell Announces Appointment of Richard Weber as General Counsel (April 28, 2020), https://www.dfs.ny.gov/press_releases/pr202004281.

[9]    Leandra English served as the Deputy Director of the Consumer Financial Protection Bureau. Press Release, DFS Superintendent Lacewell Announces Appointment of Former CFPB Deputy Director Leandra English to Department of Financial Services Leadership Team (January 14, 2020), https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202001141.

[10] Justin Herring served as the Chief of the U.S. Attorney’s Office of New Jersey’s first Cyber Crimes Unit. Press Release, Acting Superintendent Linda A. Lacewell Names Justin Herring Executive Deputy Superintendent of Newly Created Cybersecurity Division (May 22, 2019), https://www.dfs.ny.gov/reports_and_publications/press_releases/pr1905221.

[11] New York Division of Financial Services, In the Matter of Bank Hapoalim, B.M. and Bank Hapoalim, B.M., New York Branches, Consent Order Under New York Banking Law§§ 39 and 44, https://www.dfs.ny.gov/system/files/documents/2020/04/ea20200430__bhbm.pdf.

[12] 31 USC 5311.

[13] Press Release, New York Attorney General, Attorney General James Announces Agreement with Industrial Bank of Korea Related to Illegal Transfer of Over $1 Billion to Iran (April 20, 2020), https://ag.ny.gov/press-release/2020/attorney-general-james-announces-agreement-industrial-bank-korea-related-illegal; New York Division of Financial Services, In the Matter of Industrial Bank of Korea and Industrial Bank of Korea, New York Branch, Consent Order Under New York Banking Law§§ 39 and 44, https://www.dfs.ny.gov/system/files/documents/2020/04/ea20200419_co_ibk_ibk_ny.pdf.

[14] 3 NYCRR § 504; New York Division of Financial Services, In the Matter of Industrial Bank of Korea and Industrial Bank of Korea, New York Branch, Consent Order Under New York Banking Law§§ 39 and 44, https://www.dfs.ny.gov/system/files/documents/2020/04/ea20200419_co_ibk_ibk_ny.pdf.

[15] New York Division of Financial Services, Financial Services Superintendent Linda A. Lacewell Announces Creation of Consumer Protection Task Force, Reinforcing Department’s Commitment to Protect New Yorkers (January 9, 2020), https://www.dfs.ny.gov/reports_and_publications/press_releases/pr2001091.

[16] Id.

[17] Id.

[18] 23 NYCRR 500.1.

[19] New York Division of Financial Services, Key Dates for 2020 Filings https://www.dfs.ny.gov/industry_guidance/cybersecurity.

[20] See Luke Dembosky et al., First Enforcement Action by New York DFS Under Its Cyber Rules Shows Where Companies Face Regulatory Risk – Six Quick Takeaways (July 22, 2020) https://www.debevoisedatablog.com/2020/07/22/first-enforcement-action-by-new-york-dfs-under-its-cyber-rules-shows-where-companies-face-regulatory-risk-six-quick-takeaways/.

[21] Id.

This post comes to us from Debevoise & Plimpton LLP. It is based on the firm’s memorandum, “Expect Increased New York State Regulatory Enforcement in the Banking and Financial Services Industry,” dated August 31, 2020.