Skip to main content

Clifford Chance

Briefings

Third Transitional Period Under NY DFS Cybersecurity Rules Ends September 4, 2018

17 August 2018

As New York State Department of Financial Services Superintendent Maria T. Vullo reminded regulated entities last week, the third transitional period of DFS's Cybersecurity Rules, 23 NYCRR Part 500, ends on September 4, 2018, meaning that banks, insurance companies, and other financial services providers covered by the Cybersecurity Rules will be required to comply with rules regarding annual reporting to the board, audit trails, application security, limitations on data retention, encryption, and certain training and monitoring requirements.  Although no reporting or certification requirement accompanies the September 4, 2018 deadline, covered entities would be well advised to comply with these requirements so that compliance can be demonstrated if DFS examiners come calling or when the compliance certifications are next due in February 2019.

Download PDF