In prior posts, we discussed the amendments to 23 NYCRR Part 500 (Part 500) ahead of the April 15 deadline to certify compliance with Part 500 and the increasing focus on multifactor authentication (MFA) as a key cybersecurity control. While Part 500 sets out formal cybersecurity requirements, the New York State Department of Financial Services (NYDFS) regularly uses industry letters and guidance to signal how …
CSBS Interpretive Guidance Clarifies Some Stablecoins May Be Included in Tangible Net Worth Calculations for Money Transmitters
The Conference of State Bank Supervisors (CSBS) recently issued interpretive guidance addressing the accounting treatment of stablecoins in the tangible net worth (TNW) calculation under its Model Money Transmission Modernization Act (MTMA). The guidance clarifies that CSBS intends for the definition of TNW under the MTMA to include, as “tangible financial assets,” stablecoins that meet certain criteria. The guidance is nonbinding, and it is uncertain …
Part 2: NYDFS Sharpens Its Focus on Multifactor Authentication
Financial institutions covered by 23 NYCRR Part 500 (Part 500) (covered entities) must annually certify their compliance with these cybersecurity regulations. As the April 15 date for certifying compliance approaches, the New York Department of Financial Services (NYDFS) has been reinforcing its focus on one particular element of the updated requirements – multifactor authentication (MFA). On February 26, 2026, NYDFS hosted a public cybersecurity presentation …
NYDFS Refresher Series – Part 1: What Companies Need to Know Ahead of Annual Certifications of Compliance
Upcoming compliance certification Every year by April 15, financial entities subject to the New York Department of Financial Services (NYDFS) oversight (covered entities) are required to certify their compliance with the NYDFS’ cybersecurity regulations, 23 NYCRR Part 500 (Part 500). This year’s deadline will be the first time covered entities must certify compliance with all of the amendments to Part 500 that were phased in …
New York Leads the Way on Buy Now, Pay Later Regulation
New York has taken a significant step toward comprehensive regulation of buy now, pay later (BNPL) by requiring licensure and disclosures designed for credit cards, even though BNPL transactions are closed end. The New York Department of Financial Services (NYDFS) recently published proposed rules to implement legislation that establishes a licensing and supervision framework for entities that provide BNPL services. The first-of-its-kind legislation, signed by Gov. …
California DFPI Seeks Comment on Potential Registration Requirement for Reporting Agencies
On January 12, 2026, the California Department of Financial Protection and Innovation (DFPI) issued an invitation for comments on a proposed rulemaking concerning registration and reporting for consumer-reporting providers. Background In 2024, the DFPI finalized registration and reporting requirements under the California Consumer Financial Protection Law (CCFPL) for four categories of providers of financial products and services. These regulations, effective February 15, 2025, require providers …
State Attorneys General Step Up Oversight of BNPL Programs
A coalition of seven attorneys general recently requested information from six buy now, pay later (BNPL) providers to evaluate their BNPL programs and whether they comply with consumer protection laws. The coalition is comprised of attorneys general from California, Colorado, Connecticut, Illinois, Minnesota, North Carolina and Wisconsin, with Connecticut and North Carolina leading the inquiry. Company responses are due by December 31. The inquiry follows …
10th Circuit Upholds Colorado’s DIDMCA Opt Out, Deepening States’ Power Over Bank-Fintech Partnership Lending – But Not Without Dissent
On November 10, 2025, the US Court of Appeals for the 10th Circuit issued its opinion in National Association of Industrial Bankers v. Weiser, a closely watched case testing the boundaries of state authority over interest-rate caps for loans made by state-chartered banks over the internet. The decision, which reversed a district court injunction, allows Colorado to enforce its own limits on loans to Colorado …
Attorneys General Share Updates on State Priorities
Cooley partner Kate Goodman recently attended the National Association of Attorneys General’s Fall Consumer Protection Conference in Washington, DC. The annual conference for attorneys general and staff, consumer advocates and industry stakeholders, explores hot topics in consumer protection, with the first day open to the public and the remaining days exclusive to attorneys general and their staff. One of the central themes was price transparency …
Leadership Change at NYDFS
News out of New York: Department of Financial Services (NYDFS) Superintendent Adrienne Harris is stepping down after four years in the role. Kaitlin Asrow, currently executive deputy superintendent of the Research & Innovation Division, will take over as acting superintendent effective October 18, 2025. According to the announcement, over the last four years, Asrow has overseen the regulation of virtual currency companies as well as …