Skip to main content
Enforcement Edge
March 16, 2021

NYDFS Fines Residential Mortgage Services $1.5 Million for Failures to Comply with New York's Cybersecurity Regulation

Enforcement Edge: Shining Light on Government Enforcement

On March 3, 2021, the New York Department of Financial Services (NYDFS) announced its execution of a consent order (the Order) with Residential Mortgage Services, Inc. (RMS), a NYDFS-licensed mortgage banker and mortgage loan servicer.  The Order fines RMS $1,500,000 for its violations of Cybersecurity Regulation, Part 500 of Title 23 of the New York Codes, Rules, and Regulations (Part 500). According to the Order, RMS failed to meet its Part 500 obligations by inadequately responding to a data security breach and failing to conduct a comprehensive cybersecurity risk assessment. This action is the latest demonstration of the seriousness with which NYDFS is approaching enforcement of Part 500, which became fully effective in March 2019.

The Order serves as a warning to and guide for financial institutions that may prompt them to reevaluate whether their existing cybersecurity safeguards, policies, and procedures are sufficient to meet the requirements of Part 500. Moreover, it reinforces the imperative for covered entities to fully comply with all aspects of Part 500––even where entities believe that their cybersecurity measures meet their level of risk or are consistent with industry standards.

To learn more about the Order and its implications for the financial services industry, read this Advisory.

© Arnold & Porter Kaye Scholer LLP 2021 All Rights Reserved. This blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.