Financial services companies in New York state are now subject to enhanced cybersecurity regulations.
The New York Department of Financial Services (NYDFS) announced that, effective March 1, covered entities including banks, insurance companies and other financial services institutions must comply with the first-in-the-nation regulations. Created in response to a series of high-profile hacking incidents and the increased role of technology in the industry, the regulations are designed to protect both the stability of the state's financial services industry and customers' private data.
Generally, the regulations require firms to perform periodic risk assessments to assist them as they devise and implement a cybersecurity program particular to their business. Covered entities must also evaluate the security of any third-party service providers to ensure they maintain similar standards. The regulations include a host of other oversight and reporting requirements. A more detailed summary of the requirements can be found in this previous Funds Talk article.
NYDFS had been devising the regulations since 2014, and a previous version was initially due to come into effect on Jan. 1, 2017. However, after the industry expressed concerns regarding some of the requirements, NYDFS delayed implementation and issued a revised set of regulations on Dec. 28, 2016. Given New York's central role in the U.S. market, the regulations are expected to establish best practices within the financial services industry and may inform other state and federal regulators as they draft their own rules.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
