With the compliance date only a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action immediately to comply with the coming cybersecurity requirements, which will be more onerous and difficult than any existing requirements in the United States. The regulation became effective March 1, 2017, with transition periods that will require compliance with various provisions beginning August 28, 2017, and over the next two years. This article identifies who will be subject to the new requirements, what is required and by when, and what steps should be taken to comply.
The new requirements deserve attention from persons and companies throughout the banking, insurance, and other regulated financial industries, as it is likely that other states will look to the New York requirements as a model. The New York requirements also serve as a new and robust checklist for any business to consider for improving its cybersecurity risk profile.
Originally published in the Intellectual Property & Technology Law Journal - May 2017.
Please see full publication below for more information.