The New York State Department of Financial Services (NYDFS)
recently promulgated cyber regulations for financial institutions
that are likely to increase the risks to directors & officers
(D&Os), resulting in an increase in claims.
The NYDFS regulations create new obligations for financial
institutions, including adopting written policies and procedures,
designating a chief information security officer (CISO) and
conducting routine risk assessments of security. D&Os will be
responsible for overseeing compliance with these rules. Failure to
comply could result in fines and penalties, as well as
It is imperative that D&Os take reasonable steps to ensure
that their financial institutions are in compliance with the NYDFS
regulations, including active assessment of security policies and
procedures. Exercises such as tabletops should be conducted to
identify vulnerabilities so that corrective actions may be taken to
Plaintiffs' law firms have aggressively pursued businesses
by filing class action lawsuits arising out of data breaches. To
date, plaintiffs have not obtained widespread support for such
claims. However, the new NYDFS regulations may provide a
potentially viable foundation for plaintiffs to have standing
against D&Os for failing to have their financial institution in
Insurers should be aware of the additional risk to D&Os
created by the NYDFS regulations and the impact they could have on
losses. In an effort to mitigate the risk, insurers should update
D&O applications to confirm that the financial institutions and
other industries they are underwriting are in compliance with the
regulations so that the risk may be rated accordingly.
Further, it is generally thought that regulations such as those
instituted by the NYDFS may be the first of many steps taken by
states to ensure that data is properly managed and secured by
financial institutions. Unlike New York, other states may enforce
more stringent regulations that impose stricter requirements on
financial institutions, further increasing the possibility of a
violation and litigation. Financial institutions and insurers
should continue to keep abreast of such regulations to ensure that
the appropriate measures have been implemented to mitigate such
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
With corporate data security breaches on the rise, the NYDFS has adopted rules requiring financial institutions to take certain measures to safeguard their data and inform state regulators about cybersecurity incidents.
The United States District Court for the Southern District of Florida granted preliminary approval of a nearly $31 million FACTA class action settlement against Doctor's Associates, Inc., doing business as...
One of the regulatory pillars of the EMIR is the requirement for parties to collateralize the marked-to-market exposure in over-the-counter derivatives transactions that are not cleared by a central clearing system.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).