New York Department of Financial Services Issues Updated Proposed Cybersecurity Regulation

Orrick - Finance 20/20
Contact

On December 28, 2016, the New York State Department of Financial Services (“DFS“) announced that it has updated its proposed first‑in‑the‑nation cybersecurity regulation. The proposed regulation, which will be effective March 1, 2017, will require banks, insurance companies and other financial services institutions regulated by DFS to adopt a cybersecurity program by assessing its specific risk profile and designing a program to address these risks accordingly.

According to the DFS, “This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats.”

Among the changes made, the definition of “Exemptions” has been expanded to provide:

  • that “Covered Entities” that have less than the specified number of employees, gross annual revenue or year‑end total assets shall be exempt from the requirements of enumerated sections;
  • an exemption for an employee, agent, representative or designee of a Covered Entity, who is itself a Covered Entity;
  • an exemption from enumerated sections for a Covered Entity that does not directly or indirectly operate, maintain, utilize or control any “Information Systems” and that does not, and is not required to, directly or indirectly control, own, access, generate, receive or possess “Nonpublic Information“;
  • a requirement that Covered Entities that qualify for an exemption file a “Notice of Exemption”; and that a Covered Entity that ceases to qualify for an exemption must comply with all applicable requirements of the proposed rule.

The updated proposed regulation will be finalized following a 30-day notice and public comment period. Press Release. DFS Assessment of Public Comments. DFS Summary. Proposed Regulation (As Revised).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick - Finance 20/20 | Attorney Advertising

Written by:

Orrick - Finance 20/20
Contact
more
less

Orrick - Finance 20/20 on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.