January 25, 2018

DFS Filing “Reminder” as Deadline Looms

+ Follow Contact

Send

Embed

For the several thousand financial institutions and insurance companies covered by New York’s landmark data security regulation, the first certification of compliance must be filed with the State’s Department of Financial Services in less than a month.

Tuesday, DFS Superintendent Maria T. Vullo issued a “reminder” that the certification must be filed via the DFS cybersecurity portal on or before February 15, 2018.

“The DFS compliance certificate is a critical governance pillar for the cybersecurity program of all DFS regulated entities,” said Superintendent Vullo in a press release.

As we discussed in this blog last week, the certification must be signed by the Chairperson of an organization’s Board of Directors (on behalf of the Board) or a Senior Officer(s). The regulation defines Senior Officer as someone with responsibility for “the management, operations, security information, systems, compliance and/or risk” of the entity. We previously blogged about deciding who—the Board of Directors or a Senior Officer—should sign the compliance certification.

The press release also noted that, as of the first implementation deadline of August 28, 2017, all affected organizations “are required” to have the following in place:

Cybersecurity program in place that is designed to protect consumers’ private data;
Written policy or policies that are approved by the Board or a Senior Officer;
Chief Information Security Officer to help protect data and systems; and,
Controls and plans in place to help ensure the safety and soundness of New York’s financial services industry.

The detailed requirements for the first compliance certificate are more fully explained in the regulation.

At the same time, Superintendent Vullo announced that, going forward, DFS will include cybersecurity questions in all DFS examinations.

“DFS’s goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examination to ensure that proper cybersecurity governance is being practiced by our regulated entities,” she said.

On its web portal, DFS maintains a set of frequently asked questions, which are periodically updated.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Patterson Belknap Webb & Tyler LLP

Contact + Follow

less

Published In:

Banking Sector

+ Follow

Chief Information Security Officer (CISO)

+ Follow

Cybersecurity

+ Follow

Cybersecurity Framework

+ Follow

Data Protection

+ Follow

Financial Institutions

+ Follow

Financial Services Industry

+ Follow

Information Technology

+ Follow

Insurance Industry

+ Follow

NYDFS

+ Follow

Personally Identifiable Information

+ Follow

Policies and Procedures

+ Follow

Popular

+ Follow

Risk Management

+ Follow

General Business

+ Follow

Finance & Banking

+ Follow

Insurance

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Patterson Belknap Webb & Tyler LLP on:

DFS Filing “Reminder” as Deadline Looms

Related Posts

Latest Posts

Written by:

Published In:

Patterson Belknap Webb & Tyler LLP on:

"My best business intelligence, in one easy email…"