A new regulation went into effect March 1 for banks and insurers in New York state to counter the growing threat of cyber attacks. ADKtechs is here to help you make sure that you are compliant with this new regulation.
The new rule applies to all entities overseen by the New York Department of Financial Services (NYDFS) banking, insurance and financial service laws. This includes commercial banks, foreign banks with New York-licensed offices, mortgage brokers and servicers, small-loan lenders money transmitters doing business in New York, and regulated insurance agents/brokers — as well as insurance companies.
“These (companies) were either soft-regulated or fell under regulations from vendors who had their own standards,” said Jared Humiston, President and Owner of ADKtechs.
As detailed as the new regulation is, it also provides a good degree of flexibility for companies for implementation. For those entities that sat back during the rulemaking and comment period, they may be behind the eight ball at this point. While the deadline for this is September 1st, 2017, waiting to start the process is not a good idea. You never know what will be needed to ensure compliance and you may need time to make changes.
“Steps need to be taken, starting with a risk assessment,” advised Humiston. “Assess, address and maintain: Assess and address the risk and maintain the level of compliance. The risk assessment will tell them — among other things — how valuable their data is and who has access to that data.
As noted in its introduction, “this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. This regulation requires each company to assess its specific risk profile and design a program that addresses its risks in a robust fashion.”
To accomplish this goal, the NYDFS is mandating a host of action items for covered businesses. Compliance will prove a burden to many regulated businesses.
“From assessment to compliance, it will take anywhere from four to six weeks,” noted Humiston. “And for most companies, the price will range anywhere from $5,000 to $20,000.”