The New York State Department of Financial Services (“DFS”) on September 13, 2016, proposed regulations, to be effective as of January 1, 2017, that would mandate cybersecurity standards for any entity authorized by DFS to operate in New York, including certain banks and insurance companies doing business in New York. The proposed “Cybersecurity Requirements for Financial Services Companies” would expand upon the areas discussed as potential areas for regulation in DFS’s November 9, 2015, letter to key federal and state banking, insurance and securities regulatory agencies. Once published in the New York State Register, the proposed regulations will be open for a 45-day public comment period. Affected companies would have 180 days to comply with the new regulations from their effective date.

Continue reading.