On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).
The Regulation, which became effective on March 1, 2017, is touted as being the first cybersecurity regulation in the nation, requiring significant operational, technology and reporting changes in order for entities covered by the Regulation (Covered Entities) to comply. Covered Entities are required to electronically file a certification statement through the DFS cybersecurity portal confirming the company’s cybersecurity program met the Regulation’s requirements for the prior calendar year. The deadline is today. Have you filed?
For more information on the Regulation and additional upcoming deadlines, click here.