Security & Fraud

NY FinServ Cybersecurity Bill Effective March 1

What is being billed as a “first-in-the-nation cybersecurity regulation” put forth by New York Governor Andrew Cuomo takes effect on March 1 and will apply to all entities in the state that are regulated by New York’s Department of Financial Services (DFS).

According to a report, banks, trust companies, mortgage brokers and insurance companies will be required to put in place comprehensive cybersecurity programs to make sure their systems and those of their clients are safe within 180 days. When Cuomo announced the new legislation earlier this month, he hailed it as a “landmark regulation” that showcases New York’s position as the “financial capital of the world” and a leader in combating cyberattacks, which are happening at an increased pace.

Under the new regulation, financial entities have to conduct an initial risk assessment and design written policies that address specific cybersecurity risks that are identified by the audit. The board of directors and senior members of the company must sign off on the policies. The financial firms also have to engage in periodic penetration testing and vulnerability assessments; restrict access privileges and implement multi-factor authentication; engage qualified cybersecurity personnel; include written procedures designed to ensure the security of both internally and externally developed applications used by the covered entity; contain policies designed to ensure the security of systems that are accessible by third-party service providers and require ongoing cybersecurity training and monitoring of personnel, among other things.

What’s more, companies must notify the DFS within 72 hours after a breach has happened and submit a written statement to DFS by Feb. 15 of each year certifying compliance with the new regulation. Firms who do not comply with the new requirement will be exposed to “substantial enforcement and reputational risk,” including “substantial fines.”


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption.

Click to comment


To Top