Blogs| Contact Us| Log In| Search Here

Skip Navigation LinksFSOkx Home > News > Detail

Search News

Date From To

News Archive

Year 2017 (49)
Year 2016 (87)
Year 2013 (3)
Year 2012 (35)


Bookmark and Share

Cyber Security Regulation Implemented by New York Department of Financial Servic

The New York Department of Financial Services has implemented a cyber security regulation whose first compliance deadline is August 28, 2017.  In comparison with Colorado and Vermont rules, the New York rule is quite a bit more detailed, requiring firms to appoint a Chief Information Security Officer (CISO) and conduct at least biannual vulnerability assessments. The rule is exempted for companies with fewer than 10 employees. In addition, broker-dealers or investment advisers are only obligated to comply with the law if they or an affiliated company are required to register under the New York banking or insurance laws.

The core of the cyber security rule consists of three requirements: firms must have a cyber security program, must maintain cyber security policies, and must conduct periodic risk assessments. The cyber security policies must be approved by the senior executive who looks after firm’s information security or the company’s board. Also in the rule, other specific requirements are designed, to ensure that the cyber security programs are much more than a just a written set of policies. It also requires certain notices to the New York Superintendent of Financial Services, including notification of certain cyber security events within 72 hours.

The rule initially became effective March 1, but there is a transitional period of between 180 days and two years before firms are required to be in compliance with the various parts of the rule. The main transitional period ends Aug. 28, although the transitional period related to risk assessments and penetration testing ends March 1, 2018.

News Characteristics

Date : Jul 22, 2017
Region : North America
Industry : Banks
Function : Regulation and Compliance
Sub-Function : Regulatory changes