NYSDFS Finalizes Cyber Reg; Takes Effect March 1

(From IIABNY, for more information, see below)

February 16, 2017 — The New York State Department of Financial Services has adopted a final version of its cyber security regulation. The final adoption follows a proposal published last September and a revised proposal published December 28. It contains minimal changes to the December proposal. For IIABNY members, there are three important details:

• The limited exemptions from some of the regulation’s requirements are not significantly changed. IIABNY played a major role in convincing the DFS to broaden the exemptions. Some new categories not related to New York resident insurance agencies have been added.
• The regulation’s effective date remains March 1, 2017.
• The deadlines for compliance are unchanged.

As the December proposal stated, covered entities (including insurance agencies and brokerages) must comply with some parts of the regulation by September 1, 2017. The first annual certification of compliance will be due to the DFS by next February 15. Other requirements must be met by March 1, 2018; September 1, 2018; and March 1, 2019.

IIABNY will present a webinar on the new regulation for continuing education credit shortly. Details will be available in a future issue of the weekly education newsletter.

* * * * *

For more details:

• IIABNY Advocacy Buzz, Feb. 16, 2017
• Gov. Andrew Cuomo’s Feb. 16, 2017 news release
• Text of the final adoption of the regulation
• IIABNY one-page summary of the December proposal
• IIABNY one-page table showing the deadlines for various requirements