Required by law for NYS Financial Institutions
New York State Department of Financial Services (NYDFS) legislation requires financial organizations to have comprehensive cybersecurity plans.
In February 2017, the NYDFS issued a new cybersecurity regulation for banks, insurance companies, and other financial institutions.
According to the NYDFS, the regulation covers all entities operating under or required to operate under DFS licensure, registration, or charter, or which are otherwise DFS-regulated, as well as, by extension, unregulated third-party service providers to regulated entities.
Organizations That Are Required By Law To Comply:
*Financial services firms with fewer than 10 employees, less than $5 million in gross annual revenue for three years, or less than $10 million in year-end total assets are exempt. Exemptions: (1) fewer than 10 employees, including any independent contractors, of the Covered Entity or its Affiliates located in New York or responsible for business of the Covered Entity, or (2) less than $5,000,000 in gross annual revenue in each of the last three fiscal years from New York business operations of the Covered Entity and its Affiliates, or (3) less than $10,000,000 in year-end total assets, calculated in accordance with generally accepted accounting principles, including assets of all Affiliates, shall be exempt from the requirements of sections 500.04, 500.05, 500.06, 500.08, 500.10, 500.12, 500.14, 500.15, and 500.16 of this Part.
For answers to your questions and the latest information that ensures NYDFS regulations compliance, speak with our team of experts today.Contact Us
These regulations* go beyond federal requirements in many important areas.
*For all regulations and the most current compliance details, click here: New York State Department of Financial Services 23 NYCRR 500.