On April 29, the New York Department of Financial Services (NY DFS)—the state’s principal banking and insurance regulator—announced that it is creating a new Consumer Protection and Financial Enforcement (CPFE) division. The new division, described by commentators as a state-level version of the Consumer Financial Protection Bureau (CFPB), or “mini CFPB,” will have responsibility for consumer financial enforcement and have oversight over consumer financial services institutions within the state. The NY DFS’s announcement highlighted that the agency’s new CPFE division will be particularly focused on review and response to cybersecurity events and the development of supervisory, regulatory, and enforcement policy and direction in the area of financial crimes.
New York’s creation of the new CPFE division, which will combine prior divisions within the DFS, comes as New York’s and other states’ representatives have raised concerns about the direction of the CFPB in Washington, D.C. State-level regulatory agencies can be expected to be aggressive enforcers in light of perceived laxer enforcement at the federal level. NY DFS’s announcement that the CPFE division will focus on cybersecurity events also reflects the New York regulator’s continued focus on this space following its promulgation in 2017 of rules governing cybersecurity standards for financial institutions.