The revised regulations eliminate many of the categorical requirements in the original proposal and instead adopt a more risk-based approach.
On December 28, 2016, the New York State Department of Financial Services (NYSDFS) released a revised version of its “Cybersecurity Requirements for Financial Services Companies” (the Revised Proposed Rules). A prior version of the proposal (the Original Proposed Rules) was subject to a public notice-and-comment period ending on November 14, 2016. As summarized in a previous Latham Client Alert, many of the commenters expressed strong concerns that the Original Proposed Rules imposed sweeping, unworkable mandates and urged NYSDFS to adopt a more flexible, less prescriptive approach instead.
Please see full publication below for more information.