Financial Compliance

Bay-Valley Mortgage Group Ordered to Cease and Desist Business

The Washington Department of Financial Institutions has issued a Final Order requiring Bay-Valley Mortgage Group, Inc. to permanently cease and desist from conducting business in the state. The order also mandates the company to cease all new business and foreclosure actions in Washington and provide requested records.

Metropolitan Capital Bank & Trust - FDIC Appointed Receiver

The Illinois Department of Financial and Professional Regulation has found Metropolitan Capital Bank & Trust to be operating in an unsafe and unsound manner. The agency has taken possession of the bank and appointed the FDIC as receiver, effective January 30, 2026.

Cybersecurity Alert: Cisco Zero-Day Vulnerabilities

The New York State Department of Financial Services issued a cybersecurity alert regarding active exploitation of Cisco zero-day vulnerabilities. Regulated entities are required to immediately identify affected Cisco devices and follow remediation steps outlined by CISA, including potential disconnection of end-of-support hardware.

NY DFS Guidance on Virtual Currency Custody and Customer Protection

The New York State Department of Financial Services has issued updated guidance on virtual currency custody and customer protection, replacing its 2023 guidance. The updated guidance provides further direction on sub-custody arrangements and emphasizes sound custody and disclosure practices to protect customers in the event of insolvency.

Guidance on Managing Third-Party Cybersecurity Risks

The New York State Department of Financial Services issued guidance on managing cybersecurity risks associated with third-party service providers. The guidance clarifies existing requirements and recommends best practices for covered entities to strengthen their oversight of these providers.

DFS Alert: Phishing Scam Targeting Regulated Entities

The New York Department of Financial Services (DFS) issued an alert regarding a phishing scam targeting regulated entities. The notice advises entities to exercise caution with unexpected communications and verify legitimacy before taking action.

Cybersecurity Advisory on Targeted Vishing Attacks

The New York State Department of Financial Services (DFS) issued a cybersecurity advisory highlighting an increase in targeted vishing attacks. Regulated entities are urged to review their cybersecurity programs and implement enhanced measures to protect against credential theft and unauthorized access.

California DFPI Enforcement Actions - September 2025

The California Department of Financial Protection and Innovation (DFPI) issued 14 enforcement actions in September 2025. These actions targeted individuals and firms for violations including unlawful broker-dealer activity, investment adviser misconduct, and illegal digital financial asset activities.

California DFPI Enforcement Actions - August 2025

The California Department of Financial Protection and Innovation issued enforcement actions against 14 entities in August 2025 for violations including unlawful debt collection, investment adviser activity, and franchise investment law. Actions range from settlement agreements to desist and refrain orders.

DFPI Enforcement Actions and Orders - December 2025

The California Department of Financial Protection and Innovation (DFPI) issued a summary of enforcement actions and orders for December 2025. These actions include desist and refrain orders, accusations, and license revocations against individuals and entities for violations of securities, debt collection, escrow, and financing laws.