The New York Department of Financial Services has provided another update to its answers to frequently asked questions regarding its cybersecurity regulation—23 NYCRR Part 500. The regulation, establishing cybersecurity requirements for financial services companies, became effective March 1, 2017. The original FAQs were published last December. The first set of revised FAQs was published in February.
The NYDFS’s second set of revised FAQs added the following guidance:
- In the cyber portal, an Entity ID is an entity’s unique license or charter number issued by the State of New York. Further information is provided in the FAQs for insurance companies and insurance producers. Required filings may be made electronically via the DFS Web Portal.
- Individuals, with no Board of Directors, filing a Certificate of Compliance for their own individual license are acting as a Senior Officer, as defined in the Regulation, and should complete the filing process in that manner. The Senior Officer is the individual or individuals responsible for the compliance of a Covered Entity.
Here are upcoming key dates to keep in mind under New York’s cybersecurity regulation:
- Sept. 3, 2018—Eighteen-month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a), and 500.15 of 23 NYCRR Part 500.
- March 1, 2019—Two-year transitional period ends. Covered Entities are required to be in compliance with the requirements of 23 NYCRR 500.11.
