Cybersecurity Requirements On the Horizon for Financial Services Companies Licensed in New York?

October 12, 2016 / News

New York’s Department of Financial Services has released its proposed cybersecurity regulation, which, if it passes, will deliver significant protections to both consumers and financial institutions licensed in New York.  The proposed regulation, “Cybersecurity Requirements for Financial Services Companies” (23 NYCRR Part 500), would create mandatory cybersecurity and risk management regulations for New York-licensed companies in the insurance, banking, and financial services industries.  According to the proposal, “This regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.”  In other words, New York-licensed companies will now be required to develop and implement specific cybersecurity programs according to the requirements in the regulation.  If passed, it will take effect on January 1, 2017, and companies will have 180 days from that date to comply.

The cybersecurity programs required by the new legislation will “ensure the confidentiality, integrity and availability” of the company’s information systems.  The cybersecurity programs must perform these “core cybersecurity functions:  (1) identify internal and external cyber risks by, at a minimum, identifying the Nonpublic Information stored …; (2) use defensive infrastructure and the implementation of policies and procedures to protect the … systems …; (3) detect Cybersecurity Events; (4) respond to identified or detected Cybersecurity Events to mitigate any negative effects; (5) recover from Cybersecurity Events and restore normal operation services; and (6) fulfill all regulatory reporting obligations.”  Part of this proposed regulation also requires the designation of a “qualified individual” to serve as Chief Information Security Officer, responsible for overseeing and implementing the cybersecurity program at his or her respective company.

We will continue to monitor this proposed legislation.  If you have any questions regarding the details required by 23 NYCRR Part 500, please contact Tom Ryerson or Mindy Medley.

  • Chicago

    Illinois 60603

    10 South LaSalle Street

    Chicago, Illinois 60603

    T: 312.855.1010 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Dennis D. Fitzpatrick

  • New York

    New York 10005

    28 Liberty Street 39th Floor

    New York, New York 10005

    T: 212.805.3900 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Tyler Jay Lory

  • Irvine

    California 92614

    17901 Von Karman Avenue

    Suite 650

    Irvine, California 92614

    T: 949.260.3100 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman

  • Florham Park

    New Jersey 07932

    100 Campus Drive

    Florham Park, New Jersey 07932

    T: 973.410.4130 TF: 800.826.3505 F: 973.410.4169 Office Managing Partner: Carl M. Perri

  • Michigan City

    Indiana 46360

    200 Commerce Square

    Michigan City, Indiana 46360

    T: 219.262.6106 TF: 800.826.3505 F: 312.606.7777 Office Managing Partners: Paige M. Neel, Kimbley A. Kearney

  • Appleton

    Wisconsin 54914

    4650 W. Spencer Street

    Appleton, Wisconsin 54914

    T: 920.560.4658 TF: 800.826.3505 F: 920.968.4650 Office Managing Partner: Patrick L. Breen

  • Stamford

    Connecticut 06902

    68 Southfield Avenue

    2 Stamford Landing Suite 100

    Stamford, Connecticut 06902

    T: 203.921.0303 TF: 800.826.3505 F: 212.805.3939 Office Managing Partner: Matthew J. Van Dusen

  • Tampa

    Florida 33609

    4830 West Kennedy Boulevard

    Suite 600

    Tampa, Florida 33609

    T: 813.509.2578 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Anne E. Kevlin

  • Orlando

    Florida 32801

    618 E. South Street

    Suite 500

    Orlando, Florida 32801

    T: 813.509.2578 TF: 800.826.3505 F: 312.606.7777 Office Managing Partner: Anne E. Kevlin

  • San Francisco

    California 94111

    100 Pine Street

    Suite 1250

    San Francisco, California 94111

    T: 415.745.3598 TF: 800.826.3505 F: 949.260.3190 Office Managing Partner: Ian R. Feldman