The New York Department of Financial Services Issues Its Final Cybersecurity Regulation

February 21, 2017

On February 16, 2017, the New York Department of Financial Services (“DFS”) issued the final version of its cybersecurity regulation.  The regulation, which has seen several iterations since it was first proposed in September 2016, is detailed, far-reaching, and—in some respects—unprecedented.  New York Governor Andrew Cuomo has called the new rules a “first-in-the-nation regulation” designed to protect financial institutions and their consumers from cybercrime.  For the financial institutions and insurance companies affected, the regulation’s scope and requirements will require a fresh and in-depth look at their overall cybersecurity planning, preparedness, governance, and defenses.

Over the last few months, the rules have undergone multiple revisions.  The DFS, however, has settled on the final version.  And the turn-around time for covered institutions to comply with the final regulation will be quick: the regulation has an effective date of March 1, 2017.  Prompt implementation is critical, but companies need to proceed in a manner that is methodical, precise, and appropriately documents the decision-making process at each critical step of the process.

Click here to read the full alert.