Back to Home

Proposed Cybersecurity Regulations

Contact: Johnny Evers or Lev Ginsburg
September 14, 2016

The Department of Financial Services (DFS) has proposed regulations requiring the establishment and maintenance of a cybersecurity program for entities that operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, insurance law or the financial services law.

The breadth of the proposal raises many concerns among our members – the regulated institutions and those that serve as third party vendors to the institutions. In addition to establishing a cybersecurity policy and program, it requires the designation of a chief information security officer responsible for implementing, overseeing and enforcing its new program and policy; implementing policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third parties and a variety of other requirements to protect the confidentiality, integrity and availability of information systems.

The proposed regulation is subject to a 45 day comment period ending November 14, 2016. The Business Council intends to comment and welcomes members to contact johnny.evers@bcnys.org or lev.ginsburg@bcnys.org with their discrete issues and concerns for inclusion in the submitted comments to DFS. The proposed cybersecurity regulation is available for review here.