Compare with different regulatory event:
On 9 January 2023, the public consultation on the Amendment to the cybersecurity obligations of financial services companies (23 NYCRR 500) closed. The Amendment includes an update to the definition of cybersecurity risk assessment, outlines the role and obligation of information security officers, obligations regarding vulnerability management, authentication, asset management and data retention, incident response and reporting obligations. The Amendment lists additional obligations for entities with at least USD 20 million in annual revenue, and over 2000 employees or over USD 1 billion in gross annual revenue, over the last two fiscal years. In addition, the Amendment proposes changes to the requirements for the application of limited exemptions, which would concern entities with fewer than 20 employees and less than USD 15 million in annual turnover.
Original source