Financial services firms have less than a month to comply with New York’s new cybersecurity regulations, which aim to bolster security in the investment industry by imposing new governance, reporting and encryption requirements.
The New York Department of Financial Services (DFS) announced on Wednesday that as of Sept. 4, banks, insurers and other financial services firms will have to comply with certain provisions of its new cybersecurity rules. These include annual reporting to the board, new audit trail requirements and the obligation to use encryption to protect non-public information.
“Sept. 4 marks another important milestone in further protecting the financial services industry and the consumers they serve from the threat of cyber-attacks thanks to DFS’s landmark cybersecurity regulation,” said Maria Vullo, superintendent of New York’s DFS, in a statement.
“New York stepped into the void and took decisive action to ensure appropriate minimum standards protecting financial institutions’ data systems, including consumers’ sensitive personal information,” she added. “These new protections, which include encryption, access controls and audit trails, add crucial tools to the regulation’s prior requirements in protecting the institutions and consumers.”
By March 1, 2019, firms that utilize outside service providers will also have to be assessing the risks posed by their use of third-party firms and ensure those systems and data are protected.