Press Release

December 28, 2016

Contact: Richard Loconte, 212-709-1691


First-in-the-Nation Proposed Rule Aims to Protect Consumer Data and Financial Systems from Terrorist Organizations and Other Criminal Enterprises

Financial Services Superintendent Maria T. Vullo today announced that the New York State Department of Financial Services (DFS) has updated its proposed first-in-the-nation cybersecurity regulation to protect New York State from the ever-growing threat of cyber-attacks. The proposed regulation, which will be effective March 1, 2017, will require banks, insurance companies, and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.

“New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” said Superintendent Vullo. “This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats.”

DFS carefully considered all comments submitted regarding the proposed regulation during the 45-day comment period, which ended on November 14, 2016, and has incorporated those suggestions that DFS deemed appropriate in an updated draft that will be‎ subject to an additional final 30-day comment period.  DFS will focus its final review on any new comments that were not previously raised in the original comment process.

The updated proposed regulation, which was submitted to the New York State Register on December 15, 2016 and published today, will be finalized following a 30-day notice and public comment period.