Effective November 1, 2023, the New York Department of Financial Services issued its second amended Cybersecurity Regulation (the “Regulation,” 23 NYCRR Part 500). The amendment follows extensive public comments, some of...more
Licensees of the New York Department of Financial Services (“DFS”) should be tracking the proposed amendments to the DFS Cybersecurity Regulation. All covered entities under the Regulation will need to revisit their...more
Already considered among the most rigorous cybersecurity requirements for financial services companies, the existing New York Department of Financial Services (“NY DFS”) Cybersecurity Regulation (the “Regulation”) set the...more
The New York Department of Financial Services (the “NY DFS”) has published three new FAQs that interpret certain requirements under its Cybersecurity Regulation (23 NYCRR 500, the “NY DFS Cyber Reg”) related to breaches by...more
On December 7, 2021, the New York Department of Financial Services (“NY DFS”) released an industry letter providing guidance on Multi-Factor Authentication (“MFA”). MFA, which requires users of information systems to...more
The New York Department of Financial Services (NYDFS) has now released a pair of alerts on the increase in cyberattacks on public facing insurance websites that provide instant quoting services to customers. If you provide...more
Reminding NY DFS regulated entities that its Cybersecurity Regulation (23 NYCRR Part 500) requires assessment of cybersecurity risk, and the reporting of certain cybersecurity events within 72 hours, the DFS issued guidance...more
On March 1, 2017 the cybersecurity regulation of the New York Department of Financial Services (the DFS Regulation) took effect, requiring subject financial institutions (Covered Entities), including insurance companies, to,...more
On March 1, 2017 the cybersecurity regulation of the New York Department of Financial Services (the “DFS Regulation”) took effect, requiring subject financial institutions, including insurance companies, (“Covered Entities”)...more
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are...more
Locke Lord’s Insurance & Reinsurance Newsletter provides topical snapshots of recent developments in the fast-changing world of insurance. For further information on any of the subjects covered in the newsletter, please...more
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
Several of the new requirements of the New York State Department of Financial Services (DFS) Cybersecurity Regulation are now operative for firms and individuals engaged in financial services (including insurance companies...more
Following New York’s lead after the Department of Financial Services (the NYDFS) promulgated its Cybersecurity Regulation, in October 2017 the NAIC adopted its Insurance Data Security Model Law (the NAIC Model) to establish...more
As we reported here, March 1, 2018 brings a new transition date, with a new set of compliance obligations for Covered Entities subject to the Cybersecurity Regulation of the New York Department of Financial Services. By...more
As previously warned, February 15, 2018 is the first annual deadline for individuals and companies licensed or otherwise authorized under the New York Insurance, Banking and Financial Services laws (defined as Covered...more
A press release issued by the New York Department of Financial Services on January 22, 2018 reminds Covered Entities (including banks, insurers and producers, and others regulated by DFS) of their obligation to file a...more
On February 15, many insurance companies, producers and others with New York DFS licenses and other authorizations (except for certain entities and employees who have filed for an exemption) will need to file a compliance...more
Insurers and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation, but for...more
The financial services industry has been dealing with requirements for cybersecurity since 1999, but 2017 brought new, significant, and proliferating obligations. The bar for the whole industry was clearly raised by the...more
New York’s cybersecurity regulation that went into effect in March has far reaching implications. The first transition date for implementation of several requirements of the state’s Department of Financial Services regulation...more
Based largely on the NY DFS Cybersecurity Regulation that became effective March 1, 2017, the NAIC has adopted a Model Cybersecurity Law that would, once adopted by the various states, establish significant requirements for...more
10/26/2017
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Risk Management
October 30, 2017 is the extended deadline for most Covered Entities claiming an exemption to file the Notice of Exemption required by the NY DFS Cybersecurity Regulation (23 NYCRR 500.19(e)). The filing deadline is 30 days...more
Insurance companies and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation,...more
With the compliance date only a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action immediately to comply with the coming cybersecurity requirements, which will be more...more