United States of America: Opened consultation on Amendment to Cybersecurity Requirements for Financial Services Companies

Compare with different regulatory event:

Description

Opened consultation on Amendment to Cybersecurity Requirements for Financial Services Companies

On 9 November 2022, the New York State Department of Financial Services (NYDFS) published and opened a second consultation on the Amendment to the cybersecurity obligations of financial services companies (23 NYCRR 500) until 9 January 2023. The Amendment includes an update to the definition of cybersecurity risk assessment, outlines the role and obligation of information security officers, obligations regarding vulnerability management, authentication, asset management and data retention, incident response and reporting obligations. The Amendment lists additional obligations for entities with at least USD 20 million in annual revenue, and over 2000 employees or over USD 1 billion in gross annual revenue, over the last two fiscal years. In addition, the Amendment proposes changes to the requirements for the application of limited exemptions, which would concern entities with fewer than 20 employees and less than USD 15 million in annual turnover.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
other service provider
Implementation Level
subnational
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2022-07-29
in consultation

On 29 July 2022, the New York State Department of Financial Services (NYDFS) published and opened a…

2022-08-18
processing consultation

On 18 August 2022, the New York State Department of Financial Services (NYDFS) closed its consultat…

2022-11-09
in consultation

On 9 November 2022, the New York State Department of Financial Services (NYDFS) published and opene…

2023-01-09
processing consultation

On 9 January 2023, the public consultation on the Amendment to the cybersecurity obligations of fin…