On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:

23 NYCRR

On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).

The Regulation, which became effective on March 1, 2017,

Following in the footsteps of the State of New York, the Colorado Department of Regulatory Agencies has proposed amendments to the Colorado Securities Act to require investment advisers and broker-dealers to implement new cybersecurity requirements to ensure security of the information in their possession. As we have predicted before, this is probably just the beginning

We have previously reported about the upcoming New York Financial Services Cybersecurity Regulations [view related posts here and here]. On February 16, 2017, Governor Andrew M. Cuomo announced that “the first-in the-nation cybersecurity regulation to protect New York’s financial services industry and consumers from the ever-growing threat of cyber-attacks will take effect on March

Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in

The New York Department of Financial Services announced last week that it will revise and delay the effective date of its proposed cybersecurity regulation. The announcement came two days after New York bankers brought up a number of criticisms of the proposed rules at a hearing before the state’s Standing Committee on Banks.

At the hearing, bankers lamented that the proposed regulation will prove too burdensome to implement, particularly for small community banks.
Continue Reading Bank Objections Play Key Role in Delay of New York Cybersecurity Regulation

The New York Department of Financial Services (NYDFS) will delay the effective date of their proposed cybersecurity regulation until March 1, 2017. A new draft of the proposed regulation will be published on December 28, 2016, with an anticipated 30 day comment period. The original proposed regulation met with significant resistance, including reportedly more than

The New York State Department of Financial Services (NYDFS) recently published the results of its cybersecurity survey of more than 150 regulated small, medium, and large banking organizations. The survey asked for information the bank’s use and management of third-party service vendors with access to sensitive information. In particular, the survey asked banks whether they

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and