What The 23 NYCRR 500 Regulation Is All About
Because of the increasing sophistication of cyber attacks over recent years, the NY Department of Financial Services (NYDFS) propagated 23 NYCRR 500, a law establishing cybersecurity requirements for financial service firms. Though most of the rules this regulation is asking for is already considered best-practice, some firms haven’t executed these processes. Violating these regulations can invite hefty non-compliance penalties. Do I need to comply with 23 NYCRR 500? The regulation is applicable to all covered entities meaning “any person operating under or need to operate under a registration, license, permit, charter certificate, accreditation or identical consent under the insurance law, the banking law or the financial service law.” The organizations that need to comply include but not limited to private bankers, licensed lenders, mortgage companies, state-charted banks, insurance companies, and oversea banks licensed to operate in NY. There’re limited exclusions to the r...