Norton Rose Fulbright - Data Protection Report blog

On March 3, 2021, the New York Department of Financial Services (NYDFS) announced a Consent Order with a NYDFS-licensed Maine-based mortgage banker and loan servicer settling alleged violations of the NYDFS cybersecurity regulations. (In the matter of Residential Mortgage Services, Inc., March 3, 2021).

The Consent Order required RMS to pay $1.5 million, and within 90 days, submit to NYDFS all of the following: a comprehensive written Cybersecurity Incident Response Plan; a comprehensive cyber risk assessment; RMS’ risked-based policies, procedures and controls; and documentation on its more recent cyber training.

The full post appears on the firm’s Financial Services:  Regulation Tomorrow blog.