Cybersecurity Requirements for Financial Services Companies

Citation
New York Department of Financial Services, Cybersecurity Requirements for Financial Services Companies (Proposed), 23 NYCRR 500 (Sept. 13, 2016) (full-text).

Overview
This regulation requires banks, insurance companies, and other financial services institutions regulated by the State Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State's financial services industry.

It requires regulated financial institutions to establish a cybersecurity program; adopt a written cybersecurity policy; designate a Chief Information Security Officer responsible for implementing, overseeing and enforcing its new program and policy; and have policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties, along with a variety of other requirements to protect the confidentiality, integrity and availability of information systems.