Is your Credit Union in the know about the recent cybersecurity requirements mandated by the New York State Department of Financial Services (DFS) that may affect operations? DFS has made significant amendments to its Cybersecurity Regulation, 23 NYCRR Part 500. The rule is final and effective as of November 1, 2023, introducing new requirements and clarifications. One area that has raised questions and concerns among credit unions and other financial institutions is the revised definition of “covered entity” and its implications for affiliates and subsidiaries.
It’s imperative for credit unions operating in New York State, especially those with subsidiaries or affiliates, to thoroughly review the updated regulations to determine their compliance obligations. Even if your Credit Union is exempt from DFS regulation, if your subsidiary or affiliate is considered a covered entity, a written information security program must be in place. While the regulations aim to enhance cybersecurity measures across the financial sector, understanding how they apply to your specific organizational structure is crucial for ensuring compliance and avoiding potential penalties.
We strongly encourage you to:
- Review the updated DFS cybersecurity regulations in detail to understand the changes and their implications for your credit union and any affiliated entities. https://www.dfs.ny.gov/system/files/documents/2023/12/rf23_nycrr_part_500_amend02_20231101.pdf
- Assess whether your credit union and its subsidiaries or affiliates fall under the definition of a “covered entity” as per the revised regulations. DFS has a portal where you can search for covered entities. Find out here. https://myportal.dfs.ny.gov/web/guest-applications/who-we-supervise
- Take necessary steps to ensure compliance with the cybersecurity requirements outlined by the DFS, including implementing appropriate measures to safeguard sensitive data and protect against cyber threats.
- Seek guidance from legal and cybersecurity experts specializing in financial regulations to ensure comprehensive compliance and to mitigate any potential risks.
Our experts are available to assist your Credit Union in providing clarification regarding the DFS cybersecurity requirements and the impact to your organization and affiliates, as well as answer your questions, and have a conversation regarding your compliance or information security program.
Please reach out to Christopher Salone Consulting Manager at FoxPointe Solutions, a Division of The Bonadio Group or Jeffrey Paille, Partner at The Bonadio Group for any assistance with this.