23 NYCRR 500

Compliance Platform

What is 23 NYCRR 500 ?

The NY DFS Cyber security Regulation (23 NYCRR 500) is a new set of regulations from the NY Department of Financial Services that places new cyber security requirements on all covered financial institutions. The rules were released in 2017 after two rounds of feedback from industry and the public.  

These regulations acknowledge the ever-growing threat posed to financial systems by cyber criminals and are designed to ensure businesses effectively protect their customers’ confidential information from cyber attacks. This includes conducting regular security risk assessments, keeping audit trails of asset use, providing defensive infrastructures, maintaining policies and procedures for cyber security, and creating an incident response plan. 

The individuals and entities required to comply with 23 NYCRR 500 include, but are not limited to, partnerships, corporations, branches, agencies, and associations operating under, or required to operate under, a license, registration, charter, certificate, permit, accreditation, or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law. 

This solution will provide your organisation guidance on how to gain and maintain compliance with 23 NYCRR 500.