March 14, 2018

DFS Issues Compliance Certificate “Reminder”

+ Follow Contact

Send

Embed

Last week, the New York Department of Financial Services (DFS) sent notices to companies that had not yet certified their compliance with the DFS Cybersecurity Regulation. DFS not-so-gently reminds companies to submit a Notice of Exemption or a Certificate of Compliance. A copy of that notice is now available online.

Even for those companies that have already certified their compliance, the notice provides some interesting information. For example:

DFS explains that persons or companies that “hold more than one license,” must “file a separate Certification of Compliance for each license” held.
Because this is a new regulation, DFS appears to recognize that some covered entities will file a late Certificate of Compliance. For example, the notice asks that “[a]ll Covered Entities that have failed to submit the Certification and that are in compliance with the regulation should do so” as “soon as possible.”
Even companies that filed a Notice of Exemption might still need to file a Certificate of Compliance. Covered entities that qualify for Section 500.19’s “Limited Exemption” must still “confirm that they are in compliance with those provisions of the regulation that apply.”

That many covered entities received a notice for not certifying their compliance with the regulation is hardly surprising, especially if located outside of New York. The scope of the regulation is far-reaching, covering “any individual or any non-governmental entity” operating “under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” Using the insurance industry as an example, there are—by our count—more than 230,000 unique individuals or companies with a New York agent or broker license in the DFS database. And more than 130,000 of those persons or entities have a business address outside of New York.

In light of DFS’s notice, covered companies and individuals should work diligently to certify their compliance as soon as possible.

The next major compliance date under the DFS regulation is September 3, 2018, when the 18-month transition period ends. We’ll discuss those requirements in a future blog post.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Patterson Belknap Webb & Tyler LLP

Contact + Follow

less

Published In:

Banking Sector

+ Follow

Chief Information Security Officer (CISO)

+ Follow

Cybersecurity

+ Follow

Cybersecurity Framework

+ Follow

Data Protection

+ Follow

Financial Institutions

+ Follow

Financial Services Industry

+ Follow

Information Technology

+ Follow

Insurance Industry

+ Follow

NYDFS

+ Follow

Personally Identifiable Information

+ Follow

Risk Management

+ Follow

General Business

+ Follow

Finance & Banking

+ Follow

Insurance

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Patterson Belknap Webb & Tyler LLP on:

DFS Issues Compliance Certificate “Reminder”

Related Posts

Latest Posts

Written by:

Published In:

Patterson Belknap Webb & Tyler LLP on:

"My best business intelligence, in one easy email…"