Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

New York: NYDFS publishes draft amendments to its Cybersecurity Requirements for Financial Services Companies

The New York State Department of Financial Services ('NYDFS') released, on 29 July 2022, its proposed draft amendments to the Cybersecurity Requirements for Financial Services Companies ('23 NYCRR 500'). In particular, the draft amendments would implement several changes, including:

  • new obligations for companies which qualify as 'Class A' companies, including relating to audits and vulnerability assessments;
  • the requirements for CISO independence;
  • new requirements for business continuity and disaster recovery plans;
  • new notification obligations; and
  • changes to factors which may be evaluated when issuing penalties for violations of 23 NYCRR 500.

Comments on the proposed amendments can be submitted until 8 August 2022 at [email protected].

You can read the proposed amendments here.