On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:

23 NYCRR

The Consumer Financial Protection Bureau(CFPB) recently issued principles for the access and disclosure of sensitive data in the financial services industry. The CFPB referred to the guidelines as principles instead of regulations so fintech and other firms can innovate while protecting consumers’ information, and give consumers the ability to consent to the sharing of information

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning