In 2023, the Department of Financial Services (DFS) amendedits Cybersecurity Regulation. To assist entities throughout the rollout of the regulation, DFS is providing regular updates on important information and helpful resources.

CLICK HERE to see what you need to know this month.

As you know, DFS’s Cybersecurity Regulation 23 NYCRR Part 500 requires covered entities, including individual licensees and single person regulated entities, to maintain a cybersecurity program.* To assist individual licensees and single person regulated entities in creating a cybersecurity program, DFS has developed a model Cybersecurity Program Template. 

CLICK HERE to read full post 

Today, the New York State Department of Financial Services (“Department” or “DFS”) adopted amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The amended regulation incorporates current best practices to better protect businesses and consumers from emerging cyber threats and further tailors the requirements based on businesses’ risks and resources. CLICK HERE FOR FULL NOTICE

Today, the New York State Department of Financial Services (“Department” or “DFS”) adopted amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The amended regulation incorporates current best practices to better protect businesses and consumers from emerging cyber threats and further tailors the requirements based on businesses’ risks and resources. CLICK HERE FOR FULL NOTICE

Due to the rapidly evolving situation in Ukraine and Russian invasion, the New York State Department of Financial Services is issuing Guidance to all regulated individuals and entities (“regulated entities”). The Guidance can be viewed online here: https://www.dfs.ny.gov/industry_guidance/industry_letters.

Read full update click here

Reference Link: Cybersecurity Resource Center | Department of Financial Services (ny.gov)

Reference Link

Coronavirus Information for Industry and Regulated Entities | Department of Financial Services (ny.gov)

FOR IMMEDIATE RELEASE: March 31, 2021
MEDIA CONTACT: Office of Communications
Tel: (202) 435-7170

CFPB Rescinds Temporary Policy Statements to Ensure Industry Complies with Consumer Protection Laws

WASHINGTON, D.C. – The Consumer Financial Protection Bureau (CFPB) today announced it is rescinding seven policy statements issued last year that provided temporary flexibilities to financial institutions in consumer financial markets including mortgages, credit reporting, credit cards and prepaid cards. The seven rescissions, effective April 1, provide guidance to financial institutions on complying with their legal and regulatory obligations. With the rescissions, the CFPB is providing notice that it intends to exercise the full scope of the supervisory and enforcement authority provided under the Dodd-Frank Act. The CFPB is also rescinding its 2018 bulletin on supervisory communications and replacing it with a revised bulletin describing its use of matters requiring attention (MRAs) to effectively convey supervisory expectations.

Click Here for Full Release

The New York State Department of Financial Services (“DFS”) today issued the following industry letter to all of its regulated entities following the recent discovery of cybersecurity vulnerabilities in Microsoft Exchange Server. 

Read Full Industry Letter