On February 15, 2018, banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) will be required to file their first certification of compliance with DFS’ far reaching cybersecurity regulation (23 NYCRR Part 500) (the Regulation). The Regulation, which became effective on March 1, 2017, is touted as being the first cybersecurity regulation in the nation, requiring significant operational, technology, and reporting changes in order for entities covered by the Regulation (Covered Entities) to comply. By no later than February 15, Covered Entities will be required to electronically file a certification statement through the DFS cybersecurity portal confirming the company’s cybersecurity program met the Regulation’s requirements for the prior calendar year.
Please see full publication below for more information.