The New York Department of Financial Services ("DFS")
adopted final revisions to its new cybersecurity
regulations, which apply to a wide range of insurance, banking and
financial services companies ("Covered Entities") under
its supervision (see
previous coverage of the proposed revisions). The regulations
will take effect on March 1, 2017 and, starting in 2018, will
require a Covered Entity to prepare and submit a Certification of
Compliance annually by February 15 to the DFS concerning the
firm's cybersecurity compliance program.
Required elements of the program include (i) the means to
prevent and detect cyber events, (ii) the development of a
cybersecurity policy, (iii) the appointment of a
"qualified" chief information security officer, (iv)
testing programs, (v) audit trails and (vi) access controls.
New York Governor Andrew M. Cuomo praised the new
"These strong, first-in-the-nation protections will help
ensure [the financial services] industry has the necessary
safeguards in place in order to protect themselves and the New
Yorkers they serve from the serious economic harm caused by these
Commentary / Steven Lofchie
New York State has been very aggressive in regulating and
sanctioning firms engaged in financial activities. In their
original form, the
rules proposed by New York State to regulate "money
laundering" set impossible-to-meet compliance standards.
rules adopted by New York State were less draconian than those
that were proposed originally, but that is saying very little.) The
adopted Cybersecurity regulations are open-ended, complex and
burdensome and will result in creating many new ways for the
government to collect fines when something goes wrong. The fact
that New York State rushed to declare itself "first in the
nation" to adopt such a detailed set of rules suggests that
its local government is too eager to place onerous requirements on
the financial sector and, as a consequence, expand opportunities to
That said, firms must abide by the new compliance obligations
and do their best not to give New York State an opportunity to
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
One of the regulatory pillars of the EMIR is the requirement for parties to collateralize the marked-to-market exposure in over-the-counter derivatives transactions that are not cleared by a central clearing system.
Overseas Shipping Group ("Overseas") recently sued its former attorneys, a prominent New York-based law firm, for legal malpractice in drafting credit agreements that resulted in the company incurring an estimated $463 million in tax liability.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).