The New York Department of Financial Institutions set into practice new cybersecurity regulations centered around protecting consumers and the financial services industry on a larger scale. The purpose of the regulation is to proactively mitigate risk associated with the growth of the Fintech industry partially by pushing covered entities to keep up with technological changes and advancements. The regulation changes call for higher quality assurance and governance, risk based minimum standards for technology, systems testing, adverse event response planning, and higher levels of accountability and transparency with regulators. The regulation took effect on March 1st, 2017 and generally requires all covered entities to comply within 180 days. Some provisions will be allowed different compliance periods depending on the degree of change required. Chief Information Officers will be required to more frequently and transparently share risk assessments of their information systems based on the Department of Financial Institutions’ standards.
The nature of changes and practices suggested by the new law is a positive sign towards much needed regulation in the financial services and financial technology industry. These changes are structurally very important for the future well being of major industries and consumer information security.
http://www.mondaq.com/unitedstates/x/573552/Financial+Services/New+York+Department+Of+Financial+Services+Promulgates+FirstInTheNation+State+Cybersecurity+Regulation