Mazars logo Mazars logo Mazars logo Mazars Financial Services blog

New York Proposes Cybersecurity Regulations for Financial Services Companies

New York Department of Financial Services (DFS) has significantly raised the bar for cybersecurity programs, releasing regulations on September 13, 2016 slated to go into effect on January 1, 2017. The regulation will affect all entities with a DFS “license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law.” The regulation requires each entity’s Board of Directors to file an annual certification of compliance with the superintendent of DFS. We recommend that covered entities begin evaluating the requirements and preparing plans, as remediation initiatives may require several months to complete.

Although the topics included in the new regulation are not new, the specific requirements are more stringent than previous regulations. An entity with fewer than 1,000 customers, less than $5,000,000 in gross annual revenue, and less than $10,000,000 in assets at the end of the year is exempt from some of the requirements. However, the grace period is only 180 days (e.g., June 2017), and the new regulations will be included in DFS examinations beginning January 1, 2018.
Based upon our research, New York is the lead state requiring cybersecurity controls to protect the financial industry. We understand that other states have similar initiatives and that the requirements in this pending regulation are being considered at a national level.

Click here to read full article.

Peter Schablik

Partner - advisory

Peter has more than 30 years of experience in bank auditing, information technology and advisory services.  He has assisted many banks remediate regulatory criticisms, meet expectations related to internal and information technology audit, and achieve high performance through process re-engineering and information technology solutions. Prior to joining Mazars USA, Peter was the leader of the New England advisory practice of CohnReznick LLP.  He also held leadership roles at Arthur Andersen LLP, Grant Thornton LLP and Accume Partners, where he was primarily focused on banking auditing, internal auditing and advisory services.  He possesses deep skills and knowledge related to information technology solutions and industry trends.  He has led dozens of information security, privacy and penetration test/vulnerability assessment engagements. Peter’s broad range of project experience includes mergers and acquisition, bank regulatory sanctions and information technology implementations. Peter has a BBA in Accounting from the University of Massachusetts at Amherst and an MBA...
Add New Comment

Leave a Reply

Your email address will not be published. Required fields are marked *