X

NY Mortgage Company Settles NYDFS Charges for Cybersecurity Violations

A lender and mortgage loan servicer parent company (the "Company") settled charges with the New York Department of Financial Services ("NYDFS") for purported cybersecurity-related deficiencies by two of its subsidiaries related to compliance, internal controls, management and technology systems.

In a Consent Order, the NYDFS stated that the Company violated the NYDFS Cybersecurity Requirements for Financial Services Companies by (i) having insufficient business continuity and disaster recovery planning and resources, (ii) introducing "high risk of human error" by manually conducting privilege access reviews, (iii) lacking a formalized methodology for all phases of its software development life cycle, which increased the Company’s vulnerability to cybersecurity risks and (iv) failing to provide secure coding training for developers. In addition, the NYDFS found that the Company did not conduct timely due diligence of its third-party vendors and in some instances, allowed the vendors to begin working with the Company prior to completing their onboarding security questionnaire.

To settle the charges, the Company agreed to pay a civil monetary penalty of $4,250,000, and to submit to a remediation plan.

Primary Sources

  1. NYDFS Consent Order: OneMain Financial Group, LLC
  2. NYDFS Press Release: DFS Superintendent Harris Announces $4.25 Million Cybersecurity Settlement with Onemain Financial Group LLC

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
Data Protection / Cybersecurity
Regulated Entities
Banking Entities
Body of Law
Securities Law Banking Law
Jurisdiction
States
Organization
States
Sub-Author
NYDFS