NYDFS Seeks Assurances from Regulated Entities in the Wake of COVID-19

McGuireWoods LLP

The New York Department of Financial Services (“NYDFS”) has issued a series of Industry Letters requiring regulated institutions to submit information regarding plans to manage risks associated with the novel coronavirus (“COVID-19”).  The Letters request descriptions of the entities’ planned responses to a variety of threats posed by COVID-19, including heightened cybersecurity risks.

The four Industry Letters issued by the NYDFS are directed to various regulated entities and require responses regarding the entities’ prospective responses to COVID-19.  Among the required responses are those regarding the regulated entities’ strategies to address specific cybersecurity-related risks, including:

  1. The security of personnel working off-site, including the effectiveness and security of remote access;
  2. Potential increased risk of cyber-attacks and fraud due to the COVID-19 outbreak; and
  3. Preparedness of critical third-party service providers and suppliers.

In particular, the NYDFS’ Letter to virtual currency businesses emphasized the possibility that COVID-19 will result in “increased instances of hacking, cybersecurity threats, and similar events, as bad actors attempt to take advantage of a COVID-19 outbreak, and the possible resulting need for heightened security measures, such as enhanced triggers for fraudulent trading or withdrawal behavior.”

Each of the requested responses must be submitted to the DFS “as soon as possible and in no event later than thirty (30) days” from the date the Letters were published on March 10, 2020.

When responding to the NYDFS, affected entities should consult their existing incident response plans, cybersecurity policies and programs, and any other relevant documentation developed in compliance with the NYDFS’ Cybersecurity Requirements for Financial Services Companies.  Lessons learned from this COVID-19 response should certainly be used by NYDFS-regulated entities to bolster their plans, policies, and safeguards in the future.

Even entities not within the jurisdiction of the NYDFS may wish to consult the Industry Letters and consider their level of preparedness for COVID-19, both generally and with regard to cybersecurity in particular.

To read the NYDFS’ COVID-19 Industry Letters, see below:

The NYDFS has also issued COVID-19-related guidance for insurers, available here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.