December 20, 2016

YELLOW ALERT: Reports Indicate that Proposed NY Cyber Rule Effective Date Delayed

 According to widely circulating reports, next week the New York Department of Financial Services intends to issue a re-proposed rule for its proposed cyber regulation, “Cybersecurity Requirements for Financial Services Companies” (Proposed 23 NYCRR 500) and to allow a 30-day comment period on the re-proposed rule.

Importantly, that means the rule will not go into effect January 1, 2017, as had been anticipated based on the initial draft rule, which was released for comment in September. The Council joined hundreds of other interested parties in submitting comments to the initial draft and raised numerous concerns about the proposal, which apparently struck a chord with the DFS and the state Assembly, where a hearing was held yesterday, December 19.

The reports indicated that sources in Governor Cuomo’s office said the revised proposed regulation will be published in the State Register on December 28, 2016, triggering a new 30-day comment period that will expire January 27, 2017. Neither the content of the revised proposed rule nor its effective date is available yet.

The Council will review the new draft and seek your input prior to submitting comments to the DFS.

Please contact John Fielding at john.fielding@ciab.com or Joel Wood at joel.wood@ciab.com with any questions.