23 NYCRR 500 And Potential Penalties for Failure to Meet the Regulation
The NYS DFS (New York State Department of Financial Services) announced 23 New York Code Rules and Regulations 500 (23 NYCRR 500), a cybersecurity parameter for all financial establishments conducting business in New York City.
Regulated entities must have a cybersecurity program, cybersecurity policies, a CISO, access privileges, cybersecurity staff, incident response plan, and notification procedures.
23 NYCRR 500 is applicable to all organizations and individuals that are regulated by New York State Department of Financial Services, impacting any organization or individual that “operate under a license, charter, registration, permit, certificate, accreditation or identical consent under the New York insurance law, banking law, or the financial service law.”
The rule is also applicable to state-chartered and oversea banks licensed to work in NY . Furthermore, the regulation extends to third-party suppliers who process, store, and convey non-public info related with these entities and individuals. There are some exemptions for entities and individuals that have less than ten personnel, less than $5 million in annual revenue, or $10 million in total assets at the end of the financial year.
Comments
Post a Comment