Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
Will Resiliency Carry the Digital Asset Sector Through 2024: State-Level Developments — The Crypto Exchange Podcast
Climate Risk, the emerging risk
The NYDFS Updates Its Stringent Cybersecurity Regulations. Is This a Bellwether of Coming Industry Change? - The Consumer Finance Podcast
How the New York Department of Financial Services (DFS) Regulates Virtual Currency, a Close Look with Special Guest Kaitlin Asrow, Executive Deputy Superintendent of Research and Innovation, DFS
Compliance Into The Weeds - DFS Fines Carnival Cruise Lines for Cyber Failures
Compliance into the Weeds: DFS First Cyber Case-First American Title
Videocast: Asset management regulation in 2020 videocast series – Regulators step up pressure to implement LIBOR transition plans
Your Cyber Minute: State influences bring a new dawn of cyber regulations
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Your Cyber Minute: Harriet Pearson and Greg Lisa on the Proposed NYDFS Cyber Security Regulation
The Financial Crimes Enforcement Network (FinCEN) issued an interim final rule in March 2025 that removes requirements for US companies to report beneficial ownership information under the Corporate Transparency Act (CTA)....more
Overview - On June 23, 2025, the New York State Department of Financial Services (“NYDFS”) issued an industry letter encouraging all regulated entities to review their cybersecurity and sanctions compliance programs in light...more
On June 23, the New York State Department of Financial Services (NYDFS) issued an industry letter to all regulated entities — banks, insurers, money transmitters, virtual currency companies, and others — cautioning that...more
Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more
The New York State Department of Financial Services (the “Department”) has issued guidance (“Guidance”) to all individuals and entities regulated by the Department (“Regulated Entities”) to underscore the importance of...more
New cybersecurity requirements just kicked in for thousands of financial firms operating in New York, and companies need to make sure they have taken action to comply. As of May 1, the latest amendments to the New York...more
On May 1, 2025, additional cybersecurity requirements introduced by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) took...more
After years of regulatory uncertainty, the Trump administration has signaled a new approach to digital assets, including by establishing a working group focused on digital assets and nominating crypto-friendly chairs to the...more
On May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take...more
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
In November 2023, New York State's Department of Financial Services (NYDFS) amended its cybersecurity regulation, Part 500. This legal alert provides an update for Covered Entities and Class A Businesses on the current NYDFS...more
On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more
Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Welcome to the “Data Privacy and Cybersecurity” chapter of our annual report, Consumer Financial Services: 2024 Year in Review. Consumer financial services regulators are taking a keen interest in artificial intelligence...more
As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). As of November 1, 2024, Class A Companies and Covered Entities...more
Financial firms doing business in New York should be mindful of a recent e-blast sent by the state’s financial regulator concerning cybersecurity requirements that become effective in less than two months. The New York...more
On February 27, NYDFS reminded covered entities subject to the Cybersecurity Regulation to submit their annual compliance notifications for the 2024 calendar year. Covered entities must submit the compliance filing by April...more
The New York State Department of Financial Services recently announced that it has entered into a consent order with PayPal, Inc. for violations of the NYDFS Cybersecurity Regulation. The consent order, under which PayPal has...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
On February 14, the Governor of New York signed into law SB 804 (the “Act”), which amends the general business law concerning when and how notifications for data breaches are provided to the New York Department of Financial...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more