NY regulator urges firms to comply with cybersecurity regulation

Maria Nikolova

The final implementation period for the regulation ends March 1, 2019.

Financial Services Superintendent Maria T. Vullo today reminded all entities regulated by the New York State Department of Financial Services (DFS) that they have to be in full compliance with the cybersecurity regulation by March 1, 2019.

Let’s recall that New York’s cybersecurity regulation became effective March 1, 2017. DFS, however, offered a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019. The final step in the implementation timeline requires regulated entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such providers.

Superintendent Vullo today also reminded all regulated entities that the second certification of compliance covering the prior calendar year must be filed electronically via the DFS cybersecurity portal not later than February 15, 2019.

Under the cybersecurity rules, all banks, insurance companies, and other financial services institutions and licensees regulated by DFS are now required to have a cybersecurity program in place that is designed to protect consumers’ private data. The cybersecurity program has to perform a number of core cybersecurity functions, such as identification and assessment of cybersecurity risks regarding the Nonpublic Information stored on the Covered Entity’s Information Systems. The program also has to detect cybersecurity events, and respond to such events.

The entities also have to have a written policy or policies that are approved by the board or a senior officer. This policy has to address matters like data governance and classification, risk assessment, and incident response.

The firms affected by the new rules must have a Chief Information Security Officer to help protect data and systems. They also must secure protections of data at third-party providers. Furthermore, they need to have in place controls and plans to help ensure the safety and soundness of New York’s financial services industry.

Finally, covered entities and licensees must also report cybersecurity events to DFS through the Department’s online cybersecurity portal.

Cyber security is high on the agenda of the United States National Futures Association (NFA) too. Early in January this year, NFA clarified the amendments to its Information Systems Security Programs Interpretive Notice. The Association plans a raft of changes, including a requirement for members to inform it about certain cybersecurity-related incidents. Members (other than futures commission merchants for which NFA is not the DSRO) will have notify NFA of cybersecurity incidents related to their commodity interest business that:

  • result in a loss of customer or counterparty funds or loss of a Member firm’s capital; or
  • if a Member notifies its customers or counterparties of an incident pursuant to state or federal law.

Read this next

Digital Assets

Talos introduces decentralized liquidity and onchain settlement with Uniswap and Fireblocks

“At the cornerstone of the DeFi ecosystem, Uniswap has the breadth of assets and depth of liquidity that institutional traders need. And to have this partnership powered by Fireblocks, a digital assets infrastructure provider trusted by some of the most renowned institutions, is very fitting.”

Digital Assets

FINMA-regulated crypto bank SEBA Bank rebrands to AMINA

“As we look forward to 2024, our ambition is to accelerate the growth of our strategic hubs in Switzerland, Hong Kong, and Abu Dhabi, and to continue our global expansion, building on all the successes we have laid down over the past years.”

Retail FX

Good For New Traders: Free Crypto Sign Up Bonus No Deposit Required

In cryptocurrency trading, where innovation knows no bounds and the stakes are as dynamic as the digital assets themselves, the concept of no-deposit bonuses comes off as an enticement both for old and new traders. 

Digital Assets

Binance announces banking triparty agreement

“We’ve developed a solution that ensures our institutional clients can optimize their collateral and cryptocurrency investments, modeled after the traditional markets’ trading conduct. We are in close discussions with an array of banking partners and institutional investors who have also expressed strong interest in participating.”

Digital Assets

CoinEx fined $2 million in Québec, Canada

“This new decision follows the important decision obtained in XT.com earlier this year and is part of the AMF’s offensive against crypto asset trading platforms operating illegally in Québec that have not entered into pre-registration undertakings.”

Industry News

FINRA fines BofA Securities $24 million for spoofing in US Treasuries

BofA Securities failed to detect spoofing due to inadequate supervisory systems. These systems were not equipped to identify manual spoofing by traders.

Retail FX

Belgium regulator blacklists FXP360, Appex Finance, and Wise-Markets

Belgium’s financial watchdog, the Financial Services and Markets Authority ‎‎(FSMA), has issued a warning against the unauthorized activities of multiple ‎ platforms that are offering investments in the country without ‎complying with Belgian financial legislation.‎

Digital Assets

MicroStrategy piles on Bitcoin, acquiring 0.90% of circulating supply

MicroStrategy, the world’s largest Bitcoin corporate holder, has further increased its holdings of the primary cryptocurrency. According to a recent filing, the company acquired an additional 16,130 bitcoins between November 1 and November 29, spending $593.3 million at an average price of $36,785 per bitcoin.

Digital Assets

Paxos gets nod to issue dollar-backed stablecoins in UAE

Stablecoin issuer Paxos has received preliminary approval from Abu Dhabi’s Financial Services Regulatory Authority to issue U.S. dollar-backed virtual currencies and provide crypto-brokerage and custody services.

Display only crypto