New York State Department of Financial Services

Financial Institutions Going First? New York Proposes Mandatory Minimum Cybersecurity Compliance Standards

Cybersecurity Standards Financial Services Institutions

Just as it promised a year ago, New York State proposed new proscriptive, minimum cybersecurity requirements for regulated financial services institutions.  The regulations go final after a 45-day notice and public comment period.  At that point, entities regulated by the NYDFS will be subject to the nation’s first proscriptive set of cybersecurity requirements in contrast to the usual risk-based cybersecurity programs mandated by other financial regulators to date.  Thus, unlike previous guidance and reports issued by financial regulators such as FINRA and the SEC, New York’s rules are specific requirements that all regulated financial institutions must adopt..  In this Part I, we review the proposed requirements, and offer some specific steps that regulated financial services institutions should begin to consider for compliance readiness.

READ MORE