And So It Begins: The First DFS Transition Period Comes to an End August 28

King & Spalding

In September 2016, the New York Department of Financial Services (“DFS”) introduced the first draft of its cybersecurity regulation, which is now in a position to lead a new trend in industry-specific cybersecurity regulation. The regulation contains detailed and demanding requirements that require increased executive and senior management participation in cybersecurity, comprehensive risk analyses, written policies and procedures, specific technical safeguards, and annual compliance certifications for companies in the financial services industry. The regulation became effective as of March 1 of this year and provides various transition periods, including 180 days to comply with core requirements, one year to implement risk vulnerability testing, eighteen months to implement application security and encryption policies, and two years to contractually require service providers to maintain adequate cybersecurity policies. On August 28, 2017, the first transition period ends and covered entities will be required to comply with several of the regulation’s exacting requirements. Here is what in-house counsel should know about the first transition period.

Does My Company Need to Comply With the Regulation? -

Generally, covered entities under the cybersecurity regulation include all individuals and entities directly supervised by DFS and may include those entities’ service providers. Certain smaller entities may qualify for a limited exemption, but in order to be exempted, those entities must submit a Notice of Exemption on or before September 27, 2017. Exempt entities, which are generally small businesses, remain subject to the regulation’s core requirements described below.

Please see full Alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.