The New York State Department of Financial Services delivered to its licensees an array of new technical measures to implement and painstaking governance steps to take when it amended (Amendment) its already-tough cybersecurity regulation last month. Licensees will need to invest time and effort to effectuate this hefty load of new requirements and will have to decide how much enforcement risk to undertake when their CEO and chief information security officer fulfill their compliance certification obligation. This first article in a two-part series examining the Amendment’s key provisions, focuses on the upgraded governance mandates, and includes practical insights from Kilpatrick Townsend, Freshfields, BMS, Frankfurt Kurnit, Lowenstein Sandler and Hogan Lovells. Part two
will offer an analysis of the Amendment’s technical provisions and first steps to take toward compliance. See “NYDFS Changes Its Cybersecurity Regulation Requirements Through Enforcement – Again
” (Jul. 19, 2023).