ARTICLE
6 March 2017

NY Financial Services Department Adopts Final Revisions To Cybersecurity Requirements

CW
Cadwalader, Wickersham & Taft LLP

Contributor

Cadwalader, Wickersham & Taft LLP logo
Cadwalader, established in 1792, serves a diverse client base, including many of the world's leading financial institutions, funds and corporations. With offices in the United States and Europe, Cadwalader offers legal representation in antitrust, banking, corporate finance, corporate governance, executive compensation, financial restructuring, intellectual property, litigation, mergers and acquisitions, private equity, private wealth, real estate, regulation, securitization, structured finance, tax and white collar defense.
Explore Firm Details
The New York Department of Financial Services ("DFS") adopted final revisions to its new cybersecurity regulations, which apply to a wide range of insurance, banking and financial services companies...
United States Finance and Banking

The New York Department of Financial Services ("DFS") adopted final revisions to its new cybersecurity regulations, which apply to a wide range of insurance, banking and financial services companies ("Covered Entities") under its supervision (see previous coverage of the proposed revisions). The regulations will take effect on March 1, 2017 and, starting in 2018, will require a Covered Entity to prepare and submit a Certification of Compliance annually by February 15 to the DFS concerning the firm's cybersecurity compliance program.

Required elements of the program include (i) the means to prevent and detect cyber events, (ii) the development of a cybersecurity policy, (iii) the appointment of a "qualified" chief information security officer, (iv) testing programs, (v) audit trails and (vi) access controls.

New York Governor Andrew M. Cuomo praised the new regulations:

"These strong, first-in-the-nation protections will help ensure [the financial services] industry has the necessary safeguards in place in order to protect themselves and the New Yorkers they serve from the serious economic harm caused by these devastating cyber-crimes."

Commentary / Steven Lofchie

New York State has been very aggressive in regulating and sanctioning firms engaged in financial activities. In their original form, the rules proposed by New York State to regulate "money laundering" set impossible-to-meet compliance standards. (Ultimately, the rules adopted by New York State were less draconian than those that were proposed originally, but that is saying very little.) The adopted Cybersecurity regulations are open-ended, complex and burdensome and will result in creating many new ways for the government to collect fines when something goes wrong. The fact that New York State rushed to declare itself "first in the nation" to adopt such a detailed set of rules suggests that its local government is too eager to place onerous requirements on the financial sector and, as a consequence, expand opportunities to collect fines.

That said, firms must abide by the new compliance obligations and do their best not to give New York State an opportunity to collect.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More