Deadline to Meet DFS Cyber Regulation Is Monday

Patterson Belknap Webb & Tyler LLP

Banks, insurance companies and other financial institutions have only a few days left to comply with the first wave of requirements under New York’s controversial new cybersecurity regulation.

On March 1, 2017, the New York State Department of Financial Services enacted the regulation, “Cybersecurity Requirements for Financial Services Companies,” which set a new standard for state data security compliance. The regulation imposes detailed requirements on financial firms including an annual attestation by the board or a senior corporate officer that their institution passes muster under the regulation.

By August 28th, financial firms are required do the following:

  • Designate a Chief Information Security Officer responsible for overseeing, implementing, and enforcing the institution’s Cybersecurity Policy;

  • Put in place a risk-based Cybersecurity Program “designed to protect the confidentiality, integrity and availability” of an institution’s information systems;

  • Implement a Cybersecurity Policy setting forth “policies and procedures” for the protection of the organization’s network and sensitive information;

  • The board of directors or a senior officer must approve the Cybersecurity Policy;

  • User privileges must be limited on information systems that provide access to nonpublic information;

  • “Qualified cybersecurity personnel” must be used to “perform or oversee” core cybersecurity functions; and

  • A “written incident response plan” must be in place to enable the institution to respond to a data security event.

This initial set of requirements are just the beginning. Over the next 18 months, firms are required to implement additional safeguards – ranging from multi-factor authentication to risk-based user policies.

Next week, we’ll take a look at the New York requirements that are on the horizon.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide