New York Insurance Banking Cybersecurity Regs to Be Delayed Past Jan. 1

Print Email
December 27, 2016 by Suzanne Barlyn

New York’s financial regulator will delay an anticipated Jan. 1 deadline for banks and insurers doing business in the state to comply with controversial cybersecurity rules, a person familiar with the matter said.

The regulator, the New York State Department of Financial Services, will publish a revamped version of its cybersecurity rules in the New York State Register on Dec. 28, the person said.

The new effective date, following a public review period, will be March 1, 2017, the person said.

Once finalized, they will be the first rules of their kind in the United States by any state or federal agency, the regulator has said.

Banks and insurers have been fighting for an extension of the compliance deadline and other changes since New York Governor Andrew Cuomo issued the long-anticipated proposed cyber security regulations in September.

The New York agency regulates state-chartered and foreign banks licensed to operate in the state, including Goldman Sachs Group Inc., Barclays Plc and Deutsche Bank AG, and all insurance companies that do business in the state.

On Monday, banking and insurance industry representatives expressed their concerns about the rules in a hearing before New York state lawmakers. Among their objections: The rules did not distinguish between small and large financial institutions and would possibly conflict with future U.S. government cyber security rules.

The New York regulator received more than 150 letters from banking and insurance industry groups, among others, in response to the cyber security plan.

Other changes to be included in the revised rules are unclear.

The planned regulations, in the works since 2014, followed a series of high-profile hackings of U.S. companies and three surveys by the regulator about cyber security programs at a total of nearly 200 companies under its watch.

One report the regulator issued last year revealed that a third of 40 banks it surveyed did not require outside vendors to notify them of data breaches, which could compromise bank data.

A task force of U.S. state insurance regulators is also developing a model cyber security law, which individual state legislatures could ultimately choose to adopt.

Model laws, which cover a variety of subjects, typically lead to more uniformity among state laws. But model laws first must be finalized and approved by organizations developing them before being considered by state lawmakers. (Reporting by Suzanne Barlyn; editing by Jonathan Oatis)

Copyright 2024 Reuters. Click for restrictions.
Print Email

Was this article valuable?

Here are more articles you may enjoy.

Related Articles

Hackers Will Become More Cunning in 2017 as Cyber Risks Intensify: Report
The Next Tsunami: Cybersecurity for P/C Insurers
Next Steps for Cybersecurity Model Law
A Top Priority: Regulators Tackle Cybersecurity
Proposed Cyber Security Regs Eased in New York After Industry Complaints
Pending New York Cybersecurity Regs Risk Raising Loss Potential: Fitch Ratings
Jan. 1 Renewal Results: Some Price Stabilization, Record Capital, Demand Uptick
NY Regulator: States Should Use Its Cybersecurity Rules as Template
Europe’s Firms, Unprepared for Cyber Risks, Face Breach Disclosure Law

Our Contributors

Meghan ParrillaHow Apprenticeship Programs May Be the Best Solution to Today’s Talent Crisis
Richard CoyleMany Businesses May Not Be Protected Against Losses From Snow Melt Floods
Shannon ShallcrossViewpoint: You’re at a Competitive Disadvantage If You’re Not Innovating
James GammellViewpoint: Risks for D&O Insurers Exploring the New Frontier of Gen AI
William SteenbergenThe Insurance Data Paradox: Structure Creates Flexibility
See All Our Contributors