NY regulator urges firms to comply with cybersecurity regulation

Maria Nikolova

The final implementation period for the regulation ends March 1, 2019.

Financial Services Superintendent Maria T. Vullo today reminded all entities regulated by the New York State Department of Financial Services (DFS) that they have to be in full compliance with the cybersecurity regulation by March 1, 2019.

Let’s recall that New York’s cybersecurity regulation became effective March 1, 2017. DFS, however, offered a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019. The final step in the implementation timeline requires regulated entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such providers.

Superintendent Vullo today also reminded all regulated entities that the second certification of compliance covering the prior calendar year must be filed electronically via the DFS cybersecurity portal not later than February 15, 2019.

Under the cybersecurity rules, all banks, insurance companies, and other financial services institutions and licensees regulated by DFS are now required to have a cybersecurity program in place that is designed to protect consumers’ private data. The cybersecurity program has to perform a number of core cybersecurity functions, such as identification and assessment of cybersecurity risks regarding the Nonpublic Information stored on the Covered Entity’s Information Systems. The program also has to detect cybersecurity events, and respond to such events.

The entities also have to have a written policy or policies that are approved by the board or a senior officer. This policy has to address matters like data governance and classification, risk assessment, and incident response.

The firms affected by the new rules must have a Chief Information Security Officer to help protect data and systems. They also must secure protections of data at third-party providers. Furthermore, they need to have in place controls and plans to help ensure the safety and soundness of New York’s financial services industry.

Finally, covered entities and licensees must also report cybersecurity events to DFS through the Department’s online cybersecurity portal.

Cyber security is high on the agenda of the United States National Futures Association (NFA) too. Early in January this year, NFA clarified the amendments to its Information Systems Security Programs Interpretive Notice. The Association plans a raft of changes, including a requirement for members to inform it about certain cybersecurity-related incidents. Members (other than futures commission merchants for which NFA is not the DSRO) will have notify NFA of cybersecurity incidents related to their commodity interest business that:

  • result in a loss of customer or counterparty funds or loss of a Member firm’s capital; or
  • if a Member notifies its customers or counterparties of an incident pursuant to state or federal law.

Read this next

Retail FX

FF Simple and Smart Trades says Goodbye to CySEC authorization

The Cyprus Securities and Exchange Commission (CySEC) confirmed that it has wholly withdrawn the Cyprus Investment Firm (CIF) licenses of FF Simple and Smart Trades Investment Services Ltd.

Crypto Insider

Shining the Light in Crypto’s Dark Places

Something changed in regulators’ minds after the November crash of the FTX crypto exchange.

Executive Moves

Financial Commission Adds Sam Low to Dispute Resolution Committee

The Financial Commission (FinaCom PLC), a dispute resolution service that caters to the financial services industry, has appointed Sam Low as the newest member of its Dispute Resolution Committee (DRC).

Digital Assets, Uncategorized

De-facto owner of Bithumb exchange arrested in South Korea

South Korean prosecutors have arrested Kang Jong-Hyun, the anonymous chairman and owner of the country’s largest cryptocurrency exchange, Bithumb, on charges of embezzlement and stock manipulation.

Retail FX

Interactive Brokers volumes snap three-month losing streak

Electronic brokerage firm Interactive Brokers LLC (NASDAQ:IBKR) said its trading volumes rose in January, an indication that investor confidence in the financial markets is rebounding after having been fairly mixed over the past few months.

Digital Assets

VVF invests $5 million in Everscale, a potential Layer 2 solution for Venom blockchain

“For us, this is a strategic investment aimed at the technological development of projects and teams around technologies that we focus on and actively develop. In particular, we are talking about the Venom blockchain project and its ecosystem, which is planned to be launched soon and for which Everscale is a potential Layer 2 solution.”

Institutional FX

FXSpotStream volume ends string of declines on January rebound

Trading volumes on institutional FX platforms surged in January as traders increased their bets on central bankers’ policy with evidence mounting that inflation and economic growth are both losing momentum.

Industry News

DeFi firm Aurox launches SEC-compliant crowdfunding campaign on tZERO

“This is a great opportunity for us to raise capital from our community and the broader public on a leading fully regulated platform. We are confident that the tZERO Markets platform will provide us with the exposure and reach we need to attract a diverse investors to support our business growth.”

Industry News

Morgan Stanley launches ETF platform with six ESG-focused products by Calvert

“These new ETFs will resonate strongly with investors who seek competitive investment results while promoting positive change and supporting companies that are leaders in improving long-term shareholder value and societal outcomes.”