New York Department of Financial Services Cybersecurity Regulations Take Effect | Publications

McCarter & English, LLP
Contact

McCarter & English, LLP

New cybersecurity-related regulations issued by New York state regulators took effect March 1, 2017. The rules, which directly impact all entities regulated by the New York Department of Financial Services (such as insurers, mortgage lenders, some investment companies and many banks, among others) will inevitably affect compliance programs at financial institutions nationwide.

Broadly speaking, the regulation can be parsed into three categories of compliance requirements: 

  • Management/Policy Requirements – e.g., hiring or appointing a chief information security officer, training staff in data security and privacy procedures, and maintaining policies that cover the institution and its third-party service vendors;
  • Operational/Technical Requirements – e.g., performing periodic penetration testing, implementing multifactor authentication systems and the like; and
  • Reporting Requirements – e.g., reporting certain security incidents to the NYDFS

The rule also has a complex (though helpful) feature that allows larger institutions to leverage their affiliates’ cybersecurity work to create efficiencies in their compliance programs.

Although effective March 1, 2017, the first real compliance deadline does not occur until August, with remaining deadlines arising on a rolling basis through 2019.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McCarter & English, LLP | Attorney Advertising

Written by:

McCarter & English, LLP
Contact
more
less

McCarter & English, LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide