What is the NYDFS Cybersecurity Regulation?
The cybersecurity regulation designed by the New York Department of Financial Services applies to all organizations operating within its jurisdiction. This includes entities with a license, registration, or charter, and others that fall within New York DFS regulations. It also applies to unregulated third-party service providers for regulated organizations.
Since it went into effect in 2019, financial institutions covered by the New York DFS are required to have a designated chief information security officer (CISO). Additionally, they must maintain comprehensive cybersecurity policies and an incident response plan. Polices are required to cover issues like data breach notifications, access control, disaster recovery, network security, data privacy controls, auditing, and risk assessments.
These larger regulations are comprised of a number of smaller components and sub-regulations. Some of the more stringent requirements laid out within the NYDFS cybersecurity regulation include incident reporting, data encryption, multi-factor authentication for network access, and annual compliance certification.
What Type of Entities are Affected by the NYDFS Cybersecurity Regulation?
Examples include, but are not limited to:
- State-chartered banks,
- Licensed financial lenders,
- Private bankers,
- Foreign banks licensed to operate within New York,
- Mortgage dealers,
- Insurance brokers,
- Service providers.
There are some exemptions to NYDFS cybersecurity compliance requirements. These include companies with 10 employees or less, those which have grossed less than $5 million in annual revenue from operations in New York for the last three years, and those which have less than $10 million in total assets at the end of the year.
What is the Enforcement Deadline for The NYDFS Cybersecurity Regulation?
Businesses and organizations subject to the NYDFS cybersecurity were required to become fully compliant by March 1, 2019.
Guidance Towards Compliance with New York DFS Cybersecurity Regulations
If these new regulations apply to your organization, understanding the requirements and taking action to achieve and maintain compliance may seem like a challenge. I.S. Partners, LLC. can help design and implement specialized policies and controls to fit your structure. Plus, our team of experts works with your organization gather the documentation and resources needed for compliance.