Seminar/CLE
NYDFS Enforcement and Supervision Trends
Seminar/CLE
December 10, 2024
On December 10, our New York office hosted a Financial Crimes Compliance Group panel discussion on “Enforcement and Supervision Trends: What DFS-Licensed Institutions Need to Know.” Our panelists, led by former New York Department of Financial Services (NYDFS) insiders, including Richard Weber, prior General Counsel, gathered for an engaging discussion. They provided insight on NYDFS enforcement and supervisory priorities, along with recent licensing-requirement updates. The panelists discussed best practices for responding to DFS actions, negotiating penalties, and multi-agency dynamics.
They noted key trends in cybersecurity regulations, AML/BSA updates, and crypto enforcement (e.g., Coinbase, Geico, Robinhood). After the panel, discussions with former NYDFS insiders and other participants continued at our networking reception.
Panel 1: NYDFS Enforcement Priorities
Speakers
- Cristina Calvar: Partner, Government Investigations, Enforcement & Compliance, Winston & Strawn LLP
- Elizabeth Ireland: Partner, Government Investigations, Enforcement & Compliance, Winston & Strawn LLP
- Matt Levine: Partner, Elliott Kwok Levine & Jaroslaw LLP; Former Executive Deputy Superintendent for Enforcement, NYDFS
Moderator
- Richard Weber: Co-Chair, Financial Crimes Compliance Group, Winston & Strawn LLP; Former General Counsel, NYDFS
Takeaways
DFS Overview:
- A New York state regulator under the Governor’s office, created 12 years ago by merging banking and insurance divisions. Leaders like Maria Vullo and Linda Lacewell have shaped its cyber, enforcement, and consumer protection functions.
Role Among Regulators:
- DFS fills gaps left by federal regulators, often joining investigations late. Parallel investigations can limit information sharing due to confidentiality.
Penalties and Settlements:
- DFS calculates penalties per day of noncompliance and presents a “worst-case” figure. Skipping the chain-of-command in negotiations usually backfires.
Outside Counsel:
- Counsel can exploit differing agency priorities to mitigate issues during multi-agency investigations.
Panel 2: Recent NYDFS Licensing and Supervision Requirement Updates
Speakers
- David Hunter: Former Deputy Superintendent of Virtual Trusts, NYDFS
- Monica Lopez-Rodriguez: Of Counsel, Financial Services, Winston & Strawn LLP
- Peter Marton: Director of Digital Identity, Fireblocks; Former Deputy Superintendent of Virtual Currency, Research & Innovation Division, NYDFS
- Jennifer Olivestone: Practice Counsel, Financial Services, Winston & Strawn LLP
Moderator
- Carl Fornaris: Co-Chair, Financial Services Practice; Co-Chair, Financial Crimes Compliance Group, Winston & Strawn LLP
Takeaways
Rule 504:
- Requires AML transaction monitoring, filtering programs, and annual certifications (due mid-April). Noncompliance risks enforcement actions.
Rule 500:
- Mandates cybersecurity programs, risk assessments, audits, and annual compliance certification by April 15.
Cybersecurity and AI:
- DFS regulations target AI risks (e.g., deepfakes, biometric threats). Entities should review AI usage, vendors, and risks annually.
DFS Focus:
- Recent cases regarding data breaches signal stricter enforcement on cybersecurity and AI issues.
