Information about 2019 DFS Cybersecurity Filing Requirements

January 2019 – Exemption Filing Period

February 15, 2019 – Certification of Compliance due

The DFS Cybersecurity Portal has been redesigned to assist users with their filings. To ensure that filings are matched to the appropriate Covered Entity or licensed person, we encourage the use of an identifying number when filing. The identifying numbers are: NYS License number, NAIC/NY Entity number, NMLS number or Institution number. Please make sure that you have your license number available when you make your filing. A look-up feature is included in the portal for anyone who does not know which number to use.

Exemptions –Exemptions filed in 2017 and 2018 have expired. Any DFS regulated entity or licensed person that is currently entitled to an exemption must file an Initial Notice of Exempt status prior to the due date for annual Certificates of Compliance on February 15, 2019.

More information on exemptions.

Certification of Compliance – All Covered Entities and licensed persons who are not fully exempt from the Regulation are required to submit a Certification of Compliance no later than February 15, 2019 attesting to their compliance for the 2018 calendar year.

Filing Instructions to assist with the process

Receipts - You will receive an email that includes a receipt number for all filings you complete. The receipt will indicate the year the filing was made. The receipt will also indicate the type of filing made: Notices of Exemption will have a receipt number that begins with the letter “E.” Certifications of Compliance will have a receipt number that starts with the letter “C.” It is suggested that you maintain a copy of this email in your records for future reference.

Questions about filings should be directed to DFS at [email protected].