New York Department of Financial Services

On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”).    Reg 500, which took effect in March 2017, imposes wide-ranging and rigorous requirements on subject organizations and their service providers, which are summarized

The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that they:

  1. Designate a Chief Information Security Officer (“CISO”)
  2. Establish a Cybersecurity Program
  3. Develop a Written Cybersecurity Policy.

We have prepared an

We wanted to keep you informed on the progress of the DFS cybersecurity regulations, as they complete their journey through the approval process. DFS has been working on the regulations since its 2013-2014 studies on cybersecurity risks to financial institutions. As reported in our article, Getting Prepared for the New York Department of Financial Services’

The New York State Assembly Committee on Banks held a public hearing on December 19, 2016, receiving testimony about both the benefits and challenges of a recently proposed regulation to address the growing threat posed by cyber-attacks on banks, insurance companies and most other entities which are regulated by the Department of Financial Services (DFS).