New cybersecurity requirements fast approaching for New York financial firms
Many financial firms have mere days to notify New York about whether they have complied with the state’s strict cybersecurity regulations, and to gear up for new requirements rolling out May 1 and beyond.
Annually by April 15, financial businesses must submit a Certification of Material Compliance or an Acknowledgment of Noncompliance, which specifies what still needs to be done. Companies with limited exemptions must submit the notification by April 15 but those with full exemptions do not need to contact NYDFS, the department said.
Additional requirements adopted under the 2023 amendments are rolling out this year, with the first set to hit May 1, focused on secure data access. By that date, all businesses covered by the cyber rules must have policies in place that limit user access to accounts, they must disable or make secure all protocols regarding remote control of devices, and they must take other measures to secure account access.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
More from Regulatory Policy
-
Basic PageBanks reported more than $1 B in suspicious activity–much of it fentanyl linked
Banks alerted authorities to $1.4 billion in suspicious transactions in 2024, a big assist in the nation’s fight against crime and fentanyl trafficking, according to the Financial Crimes Enforcement Network.
-
ArticleU.K. aims to streamline regulation to boost economic growth as markets fall
The U.K.’s Chancellor of the Exchequer Rachel Reeves has promised a “radical action plan” to cut the cost of regulation to businesses by a quarter and boost economic growth. Now the Cabinet Office has written to government departments requiring them to justify every quango, with the presumption that these semipublic ...
-
PremiumFCA faces criticism for email retention policy critics say risks erasing evidence
The UK’s financial regulator has come under fire for its announcement that it is going to delete emails after a year in an effort to become a more “efficient” regulator, raising concerns that it might accidentally erase evidence in the process.