The New York State Department of Financial Services (NYDFS or DFS) established a set of cybersecurity requirements, effective March 2017, for financial services companies who are supervised by the NYDFS to address the heightened risk of cyberattacks by nation-states, terrorist organizations and independent criminal actors. The regulation, Part 500 of Title 23 of the New York Code, aims to protect customer information as well as the information systems by holding covered entities accountable for their cyber defense responsibilities.
Who Is Exempt from Part 500 Title 23?
- National banks or banks chartered in other states
- New York branches of non-New York chartered banks
- Federal Credit Unions
- Office of the Comptroller of the Currency (OCC) chartered branches and agencies of non-U.S. banks
- An affiliate of a Covered Entity that is not itself a Covered Entity
How Protiviti Can Help
Protiviti has vast experience in assisting our financial services clients interpret, attest to and comply with regulations. Our team includes leading industry regulation and cybersecurity experts and former regulators who regularly produce thought leadership pieces. Protiviti’s Global Financial Services Industry (FSI) practice leverages our experienced consulting team to deliver projects across multiple areas impacted by the NYDFS regulation: