As Katie Sharpless, Alan Friel and Ann LaFrance report at SPB, last month the New York State Department of Financial Services (“DFS”) entered into a consent order requiring Residential Mortgage Company to pay $1.5 million for failing to comply with Cybersecurity Regulation, Part 500 of Title 23 of the New York Code. The steep financial penalty in the consent order is a stark reminder for companies subject to Part 500 to prioritize their compliance. Companies subject to Part 500 have been awaiting the results of this case since it is a matter of first impression. Residential Mortgage must pay a civil monetary penalty of $1.5 million within ten days of executing the consent order. In addition, DFS imposed a number of remedial measures on Residential Mortgage aimed at preventing future incidents by ensuring its cybersecurity systems and customer data are secure. These measures include a cyber-security incident response plan, a cybersecurity risk assessment within 90 days of the order, and training and monitoring programs within 90 days of the order.
Correction to the original article: First American Title Insurance Company is not associated or involved with the March 3, 2021 consent decree between Residential Mortgage and New York Department of Financial Services.