This story is reprinted with permission from FC&&S Legal, the industry's only comprehensive digital resource designed for insurance coverage law professionals. Visit the website to subscribe.
The deadline for insurance companies and other regulated entities and licensed persons covered by the cybersecurity regulation issued by the New York Department of Financial Services (DFS) to file the first certificate of compliance is approaching; the deadline is February 15, 2018.
Annual review
In addition, the DFS said in a statement that it now will be incorporating cybersecurity in all examinations, including adding questions related to cybersecurity to "first day letters," which are notices the DFS issues to commence its examinations of insurance companies and other financial services companies for safety and soundness and market conduct.
"The DFS compliance certification is a critical governance pillar for the cybersecurity program of all DFS regulated entities," said the DFS superintendent, Maria T. Vullo. "DFS's regulation requires each entity to have an annual review and assessment of the program's achievements, deficiencies, and overall compliance with regulatory standards and the DFS cybersecurity portal will allow the safe and secure reporting of these certifications.
DFS's goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examinations to ensure that proper cybersecurity governance is being practiced by our regulated entities. As DFS continues to implement its landmark cybersecurity regulation, we will take proactive steps to protect our financial services industry from cyber criminals."
Online cybersecurity portal
New York's cybersecurity regulation became effective March 1, 2017. As of the first implementation deadline of August 28, 2017, all insurance companies and other financial services institutions and licensees regulated by the DFS were required to have:
- a cybersecurity program in place designed to protect consumers' private data;
- a written policy or policies approved by the board or a senior officer;
- a chief information security officer to help protect data and systems; and
- controls and plans to help ensure the safety and soundness of New York's financial services industry.
Covered entities and licensees also must report cybersecurity events to the DFS on its online cybersecurity portal.
Learn more: Cybersecurity Regulation.
Steven A. Meyerowitz, Esq., (smeyerowitz@meyerowitzcommunications.com) is the director of FC&S Legal, the editor-in-chief of the Insurance Coverage Law Report, and the founder and president of Meyerowitz Communications Inc. This story is reprinted with permission from FC&S Legal, the industry's only comprehensive digital resource designed for insurance coverage law.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.