Is your financial organization compliant?
New York State has passed legislation that requires financial organizations to implement specific cybersecurity assurances to their systems. This compliance law requires Financial institutions that subject to the regulation to be compliant with the current set of standards by Sept. 3, 2018.
According to NYS DFS the regulation covers all entities operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third party service providers to regulated entities.
• State-chartered banks
• Licensed lenders
• Private bankers
• Foreign banks licensed to operate in NY
• Service contract providers
• Trust companies
• Mortgage companies
• Any insurance company doing business in NY
Financial services firms with fewer than 10 employees, less than $5 million in gross annual revenue for three years, or less than $10 million in year-end total assets are exempt.*
Financial institutions subject to the regulation are expected to be compliant with the next set of requirements by Sept. 3, 2018.
• Maintain audit trails for at least five years(500.06)
• Maintain application security policies & procedures (500.08
• Adopt policies and procedures for the secure disposal of personally identifiable information (500.13)
• Monitor the activity of authorized users (500.14a)
• Provide regular cybersecurity awareness training for all personnel (500.14b)
• Use encryption or “effective alternative compensating controls” to protect nonpublic information in transit or at rest (500.15)
For answers to your questions and the latest information that ensures NYS DFS regulations compliance, CALL: 800.897.CYBER
*For reference only. All information in this document was sourced from third party entities and is subject to change. For full regulations and most current compliance details, see: New York State Department of Financial Services 23 NYCRR 500