New York finalizes cybersecurity regulations for financial institutions
Abstract
Purpose
To analyze the cybersecurity regulations for financial institutions issued by the New York State Department of Financial Services on February 16, 2017.
Design/methodology/approach
This article summarizes the regulations’ scope and requirements including definition of Covered Entities and substantive requirements including periodic Risk Assessments, cyber policies, dedicated and trained personnel, testing, audit trails, control over Third Party Service Providers, authentication, secure disposal, encryption, and incident reporting.
Findings
The regulations go beyond federal requirements in a number of important respects.
Originality/value
This article provides a guide for regulated entities to start preparing for compliance with the new regulations from experienced lawyers with specialties in cybersecurity, privacy and communications.
Keywords
Citation
Cedarbaum, J.G., Powell, B.A., Freeman, D.R., Schloss, L. and Abrahamson, R. (2017), "New York finalizes cybersecurity regulations for financial institutions", Journal of Investment Compliance, Vol. 18 No. 2, pp. 27-30. https://doi.org/10.1108/JOIC-04-2017-0020
Publisher
:Emerald Publishing Limited
Copyright © 2017 Wilmer Cutler Pickering Hale and Dorr LLP.