New York State Department of Financial Services Issues Final Cybersecurity Regulation

The New York State Department of Financial Services (“DFS”) has issued a final regulation requiring banks, insurance companies, financial services institutions, and other persons and entities under DFS authority to establish and maintain a cybersecurity program and policy to protect against and address cybersecurity risks. 

The final regulation, which may be accessed here, takes effect on March 1, 2017.  Please note that there is a 180 day transition period before compliance is required (and a longer transition period for certain specific requirements of the regulation).

Although the final regulation has some changes from the most recent proposed regulation, particularly with respect to the exemption for certain insurance-related entities, the key components of the proposed regulation have not been substantially changed.

Cullen and Dykman will be issuing an advisory that will fully summarize the final regulation. In the meantime, if you questions regarding the regulation or cybersecurity procedures in general, please feel free to contact Joseph D. Simon at 516-357-3710 or via email at jsimon@cullenanddykman.com, Kevin Patterson at 516-296-9196 or via email at kpatterson@cullenanddykman.com, or Jeffrey Fowler at 516-296-9134 or via email at jfowler@cullenanddykman.com.