NYS DFS Is Coming for YOU

New York State DFS is Coming After Your Brokerage License

The First NYS Depart. of Financial Services (DFS) Transition Period Comes to an End August 28, 2017

On February 16, 2017, the New York State Department of Financial Services (“DFS”) published final cybersecurity regulations establishing a rigorous, first-in-the-nation cybersecurity regulation for financial institutions, and others that do business in the state, regardless where they are domiciled. The requirements from DFS go beyond what we’ve historically seen from regulators.

Given the significant amount of non-public information held or processed by financial institutions and increasing cybersecurity threats, these Rules were designed to ensure the protection of customer information and the information technology systems on which they persist. There are similarities to federal cyber protection regulations and guidelines; however, these Rules go further in some respects and codify certain industry practices.

Banks, insurance companies, and companies that do business in New York, regardless where they are domiciled, must now assess their cyber risks, implement a comprehensive, written cybersecurity program, as well as manage the cyber risks of their third-party vendors. The groundbreaking regulation holds company board members personally liable for annual compliance certification.

For a limited exemption, you must file with New York State by August t 28,2017

The regulation requires that all covered entities:

  • Conduct a documented risk assessment
  • Establish a risk-based cybersecurity program
  • Adopt a written cybersecurity policy
  • Designate a qualified CISO
  • Implement written third-party cyber risk policies
  • Establish a written incident response plan
  • Notify the superintendent of DFS of any cybersecurity events
  • Submit an annual certification of compliance

Is Your Business Prepared to Meet These Requirements?

The SMLR cybersecurity team is well-versed in the DFS regulation. We are ready to help companies – both mitigate risk and ensure compliance with all aspects of the DFS regulation.

CLICK HERE and register for a no charge one hour consultation.

Posted in Compliance, Cybersecurity, Governance, Government Surveilance, Legal
Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *


Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Google Plus

Keep Current with What’s New in Cybersecurity

Email Address:


Cybersecurity News Daily

Provides a daily summary of what's news in Cybersecurity


Recent Tweets



Get every new post delivered to your Inbox

Join other followers: